Malware Analysis Report

2025-01-18 23:47

Sample ID 241108-xyg2csxkaz
Target wwwwwwwwwwwww.msi
SHA256 793a6b5980872bc0c16c53ee550f860b90e8955fbbf2f0bd15734e05e9b4c3b8
Tags
steam discovery persistence phishing privilege_escalation
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

793a6b5980872bc0c16c53ee550f860b90e8955fbbf2f0bd15734e05e9b4c3b8

Threat Level: Shows suspicious behavior

The file wwwwwwwwwwwww.msi was found to be: Shows suspicious behavior.

Malicious Activity Summary

steam discovery persistence phishing privilege_escalation

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Enumerates connected drives

Detected potential entity reuse from brand STEAM.

Checks computer location settings

Drops file in Windows directory

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Executes dropped EXE

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Event Triggered Execution: Installer Packages

Suspicious use of SendNotifyMessage

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

Modifies registry class

Checks SCSI registry key(s)

Uses Task Scheduler COM API

Uses Volume Shadow Copy service COM API

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-08 19:15

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-08 19:15

Reported

2024-11-08 19:18

Platform

win10v2004-20241007-en

Max time kernel

136s

Max time network

137s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\wwwwwwwwwwwww.msi

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent" C:\Users\Admin\Downloads\SteamSetup.exe N/A

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Program Files\Koalageddon\Koalageddon.exe N/A

Detected potential entity reuse from brand STEAM.

phishing steam

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Common Files\Steam\steamservice.exe C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
File created C:\Program Files\Koalageddon\app\ktor-serialization-kotlinx-json-jvm-2.2.3-8e107b257e95a49984b893b18e59eb3.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.transaction.xa\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.xml\COPYRIGHT C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\vcruntime140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\instrument.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files\Koalageddon\app\skiko-awt-runtime-windows-x64-0.7.50-628a10fdba719cf72421ae7a8721fc27.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\kaverit-jvm-2.3.0-17af38bb801a1e7f9991de1afdb3b4ed.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\bcprov-jdk15on-1.66-fd57b228172782ae6a73d22a7ac9b45.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\jsound.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.base\asm.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ui-tooling-preview-desktop-1.3.0-587b31f02a71b323d3a32a2991cb4b35.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\atomicfu-jvm-0.17.2-d6b6f3a195696acf1828b1f125125ed7.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-errorhandling-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files\Koalageddon\app\ui-util-desktop-1.3.0-8493905dc83f28d88ab0bc5efc673cb.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.desktop\colorimaging.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.base\cldr.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.base\unicode.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\freetype.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\conf\sound.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\conf\security\java.security C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\javajpeg.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.logging\COPYRIGHT C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\ui-unit-desktop-1.3.0-fa0f4cc64687b48417c78a5bf14718.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-file-l1-2-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\sshj-0.30.0-58d41cd494d63c6d437a8f27b938f0.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-synch-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.base\aes.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\psfont.properties.ja C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\SwtJavaFx-1.1-7d5354a35e5b72de6f6f961a3d59a739.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-convert-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-string-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-namedpipe-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\kotlinx-coroutines-slf4j-1.6.4-ee321dc6b1536bf3c2df8b59cb84e8f.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\jna-5.6.0-56892d6f4d2719833fd53b7cc57ec86.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\kotlin-stdlib-jdk7-1.8.0-e881855ce1f9d979c8fae52accc231d.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\splashscreen.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-crt-time-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\runtime-desktop-1.3.0-54ac464446fef98e10ecdf8b20442cc7.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.sql\LICENSE C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-interlocked-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.desktop\mesa3d.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\verify.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Steam\bin\SteamService.exe C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files (x86)\Steam\uninstall.exe C:\Users\Admin\Downloads\SteamSetup.exe N/A
File created C:\Program Files\Koalageddon\runtime\conf\logging.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\material-desktop-1.3.0-805f648b10fd38a6131dee330734127.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.naming\COPYRIGHT C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\skiko-windows-x64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Common Files\Steam\steamservice.exe C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
File created C:\Program Files\Koalageddon\runtime\conf\security\java.policy C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.xml\bcel.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-timezone-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\kodein-di-framework-compose-jvm-7.18.0-d971578ee18e2e4a27be0f364679d.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\api-ms-win-core-heap-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\conf\net.properties C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\management.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\legal\java.xml\xerces.md C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\app\tinylog-impl-2.6.0-8726c27d582d10eb1d365cdeb0c5524.jar C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\bin\zip.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Koalageddon\runtime\lib\modules C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI7F00.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\JpARPPRODUCTICON C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e587a9a.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7B94.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{C71B00F0-5060-3665-A444-1BFFD31FA5F7} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\JpARPPRODUCTICON C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\icon_1862387937 C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e587a9a.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e587a9c.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\icon_1862387937 C:\Windows\system32\msiexec.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\SteamSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001397c7f967de25740000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001397c7f90000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001397c7f9000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1397c7f9000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001397c7f900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Koalageddon\Koalageddon.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Koalageddon\Koalageddon.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133755669894835954" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Version = "33554433" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\ProductIcon = "C:\\Windows\\Installer\\{C71B00F0-5060-3665-A444-1BFFD31FA5F7}\\JpARPPRODUCTICON" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\ProductName = "Koalageddon" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0F00B17C060556634A44B1FF3DF15A7F\DefaultFeature C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0F00B17C060556634A44B1FF3DF15A7F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steam\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\550FE40B7A8BE324E8F68353EA49C3E4\0F00B17C060556634A44B1FF3DF15A7F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\Shell\Open C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\PackageName = "wwwwwwwwwwwww.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\DefaultIcon C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\PackageCode = "EFEAD4423A6F1324DB76D9F43705B59D" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steamlink\ = "URL:steamlink protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\steamlink\Shell\Open\Command C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\Shell C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\ = "URL:steam protocol" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\DefaultIcon\ = "steam.exe" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\steam\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Steam\\steam.exe\" -- \"%1\"" C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\steam\URL Protocol C:\Program Files (x86)\Steam\bin\steamservice.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0F00B17C060556634A44B1FF3DF15A7F\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\550FE40B7A8BE324E8F68353EA49C3E4 C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\SteamSetup.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A
N/A N/A C:\Program Files\Koalageddon\Koalageddon.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1156 wrote to memory of 4380 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1156 wrote to memory of 4380 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1156 wrote to memory of 4380 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1156 wrote to memory of 3912 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 1156 wrote to memory of 3912 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 436 wrote to memory of 2248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2248 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2316 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 3956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 3956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 436 wrote to memory of 2620 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\wwwwwwwwwwwww.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 4B932E3C071BE7180F996693A410BE57 C

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 055CBA1B7ECFD28162FA27750B167974 C

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff80221cc40,0x7ff80221cc4c,0x7ff80221cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4580,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5032,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4992,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5320 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3712,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5496,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5540 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5740,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3304,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4536,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5392,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5928 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5900,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6068 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4036,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6112,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6196 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6344,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6224 /prefetch:8

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5916,i,13620753351763307277,694819189501234704,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5920 /prefetch:8

C:\Users\Admin\Downloads\SteamSetup.exe

"C:\Users\Admin\Downloads\SteamSetup.exe"

C:\Program Files (x86)\Steam\bin\steamservice.exe

"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 703DDE009D944F702C2ADCF7D56D6F4C

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6529ad5b-3c1f-4ba6-878f-8dc9d39746d5} 5560 "\\.\pipe\gecko-crash-server-pipe.5560" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2424 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c407c333-6016-4eb3-b6e7-4c6fe89eeb33} 5560 "\\.\pipe\gecko-crash-server-pipe.5560" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2960 -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 2988 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cc9ec5f-06af-4278-ac3b-16db97ef616c} 5560 "\\.\pipe\gecko-crash-server-pipe.5560" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3616 -childID 2 -isForBrowser -prefsHandle 3912 -prefMapHandle 2748 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1fc0153-d525-484b-a327-104ad41c1582} 5560 "\\.\pipe\gecko-crash-server-pipe.5560" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5000 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5040 -prefMapHandle 5036 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0dae846-8b1f-49dc-badd-21ab6220ae8e} 5560 "\\.\pipe\gecko-crash-server-pipe.5560" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 3 -isForBrowser -prefsHandle 5332 -prefMapHandle 5304 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f531d9b0-7ce1-4948-9b4c-3c7ad39b5ec2} 5560 "\\.\pipe\gecko-crash-server-pipe.5560" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5484 -childID 4 -isForBrowser -prefsHandle 5564 -prefMapHandle 5560 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab9fcad7-25c4-45cd-bbd5-fbe9501ee636} 5560 "\\.\pipe\gecko-crash-server-pipe.5560" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 5 -isForBrowser -prefsHandle 5680 -prefMapHandle 5688 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86fa5926-4db8-472d-bbec-07e5238fec29} 5560 "\\.\pipe\gecko-crash-server-pipe.5560" tab

C:\Program Files\Koalageddon\Koalageddon.exe

"C:\Program Files\Koalageddon\Koalageddon.exe"

C:\Program Files\Koalageddon\Koalageddon.exe

"C:\Program Files\Koalageddon\Koalageddon.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/acidicoala/SmokeAPI#readme

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8032f46f8,0x7ff8032f4708,0x7ff8032f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10056057095594615587,6674174452809267411,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10056057095594615587,6674174452809267411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10056057095594615587,6674174452809267411,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10056057095594615587,6674174452809267411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10056057095594615587,6674174452809267411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 101.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.202:443 ogads-pa.googleapis.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 142.250.187.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 216.58.213.1:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 142.250.187.202:443 ogads-pa.googleapis.com tcp
GB 142.250.187.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 store.fastly.steamstatic.com udp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 151.101.3.52:443 store.fastly.steamstatic.com tcp
US 8.8.8.8:53 52.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp
US 8.8.8.8:53 52.131.101.151.in-addr.arpa udp
US 8.8.8.8:53 133.205.23.2.in-addr.arpa udp
GB 2.23.205.133:443 store.steampowered.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp
GB 2.23.205.133:443 store.steampowered.com tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 151.101.131.52:443 shared.fastly.steamstatic.com tcp
US 8.8.8.8:53 246.197.219.23.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 help.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
N/A 127.0.0.1:63553 tcp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.97.1:443 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-settings-attachments.cdn.mozilla.net udp
US 34.117.121.53:443 firefox-settings-attachments.cdn.mozilla.net tcp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 attachments.prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 115.230.163.35.in-addr.arpa udp
N/A 127.0.0.1:63561 tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.111.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\MSIC15C.tmp

MD5 4fdd16752561cf585fed1506914d73e0
SHA1 f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424
SHA256 aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7
SHA512 3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600

C:\Users\Admin\AppData\Local\Temp\MSIC257.tmp

MD5 e76ab52d50197baddbc0d921e1d8eea5
SHA1 3789e237ad3b07ef43f4014e99099a0b43b1392d
SHA256 6e3dae02524f00ee37f33123f7fac943ed2a8617988ec4a667fcddb7764c634c
SHA512 f21b9b45a3b8b079c26568962559d56377fe0cbefde287f4fb763c8fd85df72220858bca598dcbaaa47c0fa23ea9c4ed90375a40d6a55ca062dc373cfbe80c6e

\??\pipe\crashpad_436_BWIOJQNEMHCDHOFG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Temp\scoped_dir436_1466759877\32f14297-9aa2-4182-8295-9063ed184708.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Temp\scoped_dir436_1466759877\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 8f2079340a83cf43537bdaa825531c8a
SHA1 d2cae7393b484bdcfdf63335c4eacc96af5a6772
SHA256 224a12425a35314bb11085dafe42c39c4dc4c8a9f137e05428b1f9d385982c10
SHA512 1b2564130d301b380530603656b588bf54654eb6826a906e3e3593b1ea7591e905f44db718cf705849a8e74db020f6b93e197487a7eac880e9e0e92e92266fa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 41ac7a0ffcd9aa68d99f91b741f265b8
SHA1 9a7417da2f344834f812492b6297aa55235b27cd
SHA256 b269c819e2fd506e715395a6ca69a77452c3225f1863bc510e961430b8578f05
SHA512 11edc12a6879a888f428c6f8fc52b65ba8e18fa099cc2f50089d11768a43ddf4e35650c1c754205a9ecffdf6e064b145886df916777184c50b7f0500daf1c6c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 807bc4229690947869083212e2097d44
SHA1 735cf2856ea55b8a3d1b58b1741feac4257ebc45
SHA256 f945732f3f8147fd5c8a8c556fee5dd6782df74ee28b138f58b67a1bebf4f3af
SHA512 05cc1a34f298809ea354135a29ceeeca46b19942b62bfa438721654f1031f69ab1156eff2b810c66824bd98cf26ecab08f9508a28e228564c28ffd8b0297a96d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 82f1f1e7cbe19333f706cd42817fcfe0
SHA1 9a9796c8774f5956b50570d426003f109e05a439
SHA256 94d0f77677c0d8a520c6a590d2db2e990faae25bc905a8a12c0ae23947a254fb
SHA512 0445e5d8b7014728b40ffba128241a62e7ca883578b025841c7f70543ad4220a07f4867ee94be4840d10800d0bb53a379232e338b929319468481b8829b807c8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 409447ff7e1870b500d313ca2735c88a
SHA1 1b419b1b0b3a58e22b46e16cc50bbbbc6b6c2920
SHA256 532682bdae663c87800dc69381d2d33546ed6e5c78db17e0a1d77e19208bac22
SHA512 98f1f91df76890fab9f45f625846cd331270f5e0efd90eba2524d5bf1fb64482d57275eceb72aee1d81407ecab67b274d1ae1ec341faef8864d22cdfa62aba22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e7d0a9ec4db83fa3c7c4042915ccb6b6
SHA1 46d5c6aa0655a77e4f8d4821a93e8645c5544f0c
SHA256 0755766ed14bb8b6c36eaa9423eb7c0ae576e46d0dc5af1a4f64047a888fb645
SHA512 1000dbe3a2e0d471eb2f815ea61ca759c07ad8b1159ee876c2cf75f832370d8fc5116eaf2ee2ec8222cedf5e8822c9c263a8f42a7f3c30f8019abfdcb1755a9d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aa690e327e839c08e7e8953b4cd4bdf0
SHA1 edc137ffaf3afaf4697a8584d14df5ab3f80c9cf
SHA256 2bff18a4b75101725f0f0cf3808a457b6df976743c7c0140c8c8694c81455786
SHA512 da93556d68b5333ebb4a46316201b789c802dd735e025070cbfd1aa88f4638c571d33cf0a26c98a490d973cfe0dffc7133f69e0e49c254927cdd4c27617c3dd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 64ac3319998b45cc7b66a91e5c2dfaf4
SHA1 d0cab9cbec2bd7d31b3a56eda71031d6f984da88
SHA256 96ffcba8e81253110ed744030cef10035c804e07c0480cf6faeefcc3c8ae1e27
SHA512 f61d1a40f09a93895ff6dc2e6070119141d81da1095748473a31ffa7389dc7385c9e23abb3386c63a5de6a3bb8ecca786cc8708d621723684a232910f8f12bdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006a

MD5 1b54b70beef8eb240db31718e8f7eb5d
SHA1 da5995070737ec655824c92622333c489eb6bce4
SHA256 7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512 fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d4a5e747f01ceadc9f6e996c8d9b50ed
SHA1 ac2aee4a59b363cfd34e41bb78981b2e4c831f7b
SHA256 9df0a27021b2ef4709e58f7956ce9f1aff5cb63bf53e012da482d8a131f2b6b5
SHA512 59e4a73dcf6b32bc98aa1554cc0b45ab3b1cc2df44823a6e4a4b3331f9d53c9c0b9af8d6d8884908f94c030b097ddbd632149794f549ad218ebd8d5d7641f29b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2b368a5ad2ab97cff7d9653137bf429c
SHA1 0ccfefc1b19328b689ed0977156e5e0cb4ccb880
SHA256 53a5b9fab60e24e53539afc85f59073e7f1bf383d0d2b513ad05a14bc0a8d7e4
SHA512 79e4abf013d17978f4c0e46f80deb5d1c01a9017f534257913d209477a2fbc877afa4eea27eb099ea0133dfe50e00261f9809cba5e249c2d88218b6f163810c6

C:\Users\Admin\AppData\Local\Temp\nsf51B7.tmp\System.dll

MD5 a36fbe922ffac9cd85a845d7a813f391
SHA1 f656a613a723cc1b449034d73551b4fcdf0dcf1a
SHA256 fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
SHA512 1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

C:\Users\Admin\AppData\Local\Temp\nsf51B7.tmp\nsDialogs.dll

MD5 4e5bc4458afa770636f2806ee0a1e999
SHA1 76dcc64af867526f776ab9225e7f4fe076487765
SHA256 91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
SHA512 b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

C:\Users\Admin\AppData\Local\Temp\nsf51B7.tmp\nsProcess.dll

MD5 08072dc900ca0626e8c079b2c5bcfcf3
SHA1 35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
SHA256 bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
SHA512 8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

C:\Program Files (x86)\Steam\Steam.exe

MD5 33bcb1c8975a4063a134a72803e0ca16
SHA1 ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
SHA256 12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
SHA512 13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

C:\Users\Admin\AppData\Local\Temp\nsf51B7.tmp\nsExec.dll

MD5 2095af18c696968208315d4328a2b7fe
SHA1 b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256 3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512 60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

C:\Program Files (x86)\Steam\bin\SteamService.exe

MD5 ba0ea9249da4ab8f62432617489ae5a6
SHA1 d8873c5dcb6e128c39cf0c423b502821343659a7
SHA256 ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
SHA512 52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

C:\Program Files (x86)\Steam\public\steambootstrapper_swedish.txt

MD5 b2248784049e1af0c690be2af13a4ef3
SHA1 aec7461fa46b7f6d00ff308aa9d19c39b934c595
SHA256 4bf6b25bf5b18e13b04db6ed2e5ed635eb844fc52baa892f530194d9471f5690
SHA512 f5cee6bba20a4d05473971f7f87a36990e88a44b2855c7655b77f48f223219978d91bcd02d320c7e6c2ec368234e1d0201be85b5626ef4909e047e416e1a066c

C:\Program Files (x86)\Steam\public\steambootstrapper_spanish.txt

MD5 66456d2b1085446a9f2dbd9e4632754b
SHA1 8da6248b57e5c2970d853b8d21373772a34b1c28
SHA256 c4f821a4903c4e7faea2931c7fb1cf261eba06a9840c78fdca689f5c784c06c4
SHA512 196c2282ba13715709ece706c9219fe70c05dd295840082e7d901b9e5592e74b1bb556782181cdbe35bd1ab0d6197fef67258b09491fabc6f27606dbed667d49

C:\Program Files (x86)\Steam\public\steambootstrapper_schinese.txt

MD5 56dcf7b68f70826262a6ffaffe6b1c49
SHA1 12e4272ba0e4eabc610670cdc6941f942da1eb6a
SHA256 948cad1bb27109e008f2457248880c759d3fa98b92c5b4033b94f455cb8ac43f
SHA512 c3fd9caf0bd4c303a7cc300faada9cfe6dd752e82d67625b31f4c0c2c091596508bb477fe19f758fdf79b25b8ac3f5320a8785d2b6705b9bcc28a054a59454e2

C:\Program Files (x86)\Steam\public\steambootstrapper_russian.txt

MD5 e04ad6c236b6c61fc53e2cb57ced87e8
SHA1 e9d4846b7e6cc755ee14a5d3fa45ee7d3bf425a4
SHA256 08c775efa77c2a92d369f794882e467b6e2526e61bc7aa7724f48e174524502e
SHA512 0dfb7e6d811d649103499018f3d115c542fcaba420ceb69124a4d837fe162ce514e7be2040860c5ef5f9c01c961fa6eea8730606b73ec107d87597989b6fd331

C:\Program Files (x86)\Steam\public\steambootstrapper_romanian.txt

MD5 6367f43ea3780c4ee166454f5936b1a8
SHA1 027a2c24c8320458c49cd78053f586cb4d94ee6f
SHA256 f8d1972e75a320344e3c834ba0a3a6a86edb39e20ef706bda9b7965d440d1998
SHA512 31aab33e0d272cb43a8c160b3d37256716a683e5052192fd0e4d3cdaf30a10a9afa9d26d5d14ad216ee455627c32892a711d2bc137ee7a7df9a297f001a19e32

C:\Program Files (x86)\Steam\public\steambootstrapper_portuguese.txt

MD5 eb8926608c5933f05a3f0090e551b15d
SHA1 a1012904d440c0e74dad336eac8793ac110f78f8
SHA256 2ed2b0d654d60e0a82b0968a91d568b775144e9d92f2b077b6da75f85ad12d04
SHA512 9113c42c38836f71ff0cc7019aff8c873845f47fbf1ab97e981cb038f4d8495b6df784402b1ee9666e8e567ae866b0284c81e6a16efb47131d5ef88569c4843a

C:\Program Files (x86)\Steam\public\steambootstrapper_polish.txt

MD5 9b0b0e82f753cc115d87c7199885ad1b
SHA1 5743a4ab58684c1f154f84895d87f000b4e98021
SHA256 0bdeee9fa28d54d384e06ea646fbcfe3f06698a31dfdc1a50703ffe83ad78d32
SHA512 b7780b82fbe705bc8e5a527c011eb685c99ef0b2eb810617b9f82b891341af95ef1c2f46dce9e458c0c4dcc3e7a0d21db6c77f03419cd1c4b521a9b72f9017df

C:\Program Files (x86)\Steam\public\steambootstrapper_norwegian.txt

MD5 58e0fcbee3cca4ef61b97928cfe89535
SHA1 1297e3af3ca9e4fe3cc5db78ebbfa642e8a2c57b
SHA256 c084a68b65d507eb831831aa2ab9afb9536cb99a840d248cc155ff87fad18425
SHA512 99aff0c481e34cd0e4fcbb2af471afb56d91aa11be664462b08e17ae169ca03ef77e7063b4ecd0f38ca7b2f6dc0bf2e316c7b31dffbbcfc763cd8fae27dc78d2

C:\Program Files (x86)\Steam\public\steambootstrapper_latam.txt

MD5 7913f3f33839e3af9e10455df69866c2
SHA1 15fa957d0a6a2717027f5b35f4dbe5e0ab8ece25
SHA256 05bc1f4973c6d36002ac1b37ce46b1f941fcb4338282e0ec1ec83fb558d1a88c
SHA512 534e541757d19ee157a268bf7ea358b48015f400542fcfa49cdb547cd652926160f015fe2cf026d9c4996e56ab90ca3899dfd457997d915bf6bc9d7bb00ba804

C:\Program Files (x86)\Steam\public\steambootstrapper_koreana.txt

MD5 202b825d0ef72096b82db255c4e747fa
SHA1 3a3265e5bbaa1d1b774195a3858f29cea75c9e75
SHA256 3d1399f5323a3ece1b1a8b3b31f8fd7f50c3bd319ab3f1c38c6e347452c95314
SHA512 e8fc7cc09f431301d22a07b238179ee053505090e3c4db30ead061513fe7159f1fe8b80efc93f4597fe00f01087bbe0bb2231e13693d72c8def138657cb91566

C:\Program Files (x86)\Steam\public\steambootstrapper_japanese.txt

MD5 7e1d15fc9ba66a868c5c6cb1c2822f83
SHA1 bfe9a25fdc8721d7b76cecb9527a9ba7823dc3d7
SHA256 fc74e26a8baabbe4851109512d85173b75dbf7293d41eb3b92a1957a773c8265
SHA512 0892be14a858cc860766afb1c996b2c355108a7e50971ea3ec00d15069e919a6eb05a61fa839bea3938492c391e274144c5e248f4c204a602bf36adf27e5b406

C:\Program Files (x86)\Steam\public\steambootstrapper_italian.txt

MD5 8958371646901eac40807eeb2f346382
SHA1 55fb07b48a3e354f7556d7edb75144635a850903
SHA256 b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585
SHA512 14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554

C:\Program Files (x86)\Steam\public\steambootstrapper_indonesian.txt

MD5 1514d082b672b372cdfb8dd85c3437f1
SHA1 336a01192edb76ae6501d6974b3b6f0c05ea223a
SHA256 3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4
SHA512 4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55

C:\Program Files (x86)\Steam\public\steambootstrapper_hungarian.txt

MD5 18aaaf5ffcdd21b1b34291e812d83063
SHA1 aa9c7ae8d51e947582db493f0fd1d9941880429f
SHA256 1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5
SHA512 4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154

C:\Program Files (x86)\Steam\public\steambootstrapper_greek.txt

MD5 189ba063d1481528cbd6e0c4afc3abaa
SHA1 40bdd169fcc59928c69eea74fd7e057096b33092
SHA256 c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695
SHA512 ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903

C:\Program Files (x86)\Steam\public\steambootstrapper_german.txt

MD5 5c026fd6072a7c5cf31c75818cddedec
SHA1 341aa1df1d034e6f0a7dff88d37c9f11a716cae6
SHA256 0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382
SHA512 f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12

C:\Program Files (x86)\Steam\public\steambootstrapper_french.txt

MD5 10c429eb58b4274af6b6ef08f376d46c
SHA1 af1e049ddb9f875c609b0f9a38651fc1867b50d3
SHA256 a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13
SHA512 d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46

C:\Program Files (x86)\Steam\public\steambootstrapper_finnish.txt

MD5 9e62fc923c65bfc3f40aaf6ec4fd1010
SHA1 8f76faff18bd64696683c2a7a04d16aac1ef7e61
SHA256 8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7
SHA512 c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035

C:\Program Files (x86)\Steam\public\steambootstrapper_english.txt

MD5 da6cd2483ad8a21e8356e63d036df55b
SHA1 0e808a400facec559e6fbab960a7bdfaab4c6b04
SHA256 ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
SHA512 06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925

C:\Program Files (x86)\Steam\public\steambootstrapper_dutch.txt

MD5 31a29061e51e245f74bb26d103c666ad
SHA1 271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
SHA256 56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
SHA512 f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8

C:\Program Files (x86)\Steam\public\steambootstrapper_danish.txt

MD5 03b664bd98485425c21cdf83bc358703
SHA1 0a31dcfeb1957e0b00b87c2305400d004a9a5bdb
SHA256 fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
SHA512 4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d

C:\Program Files (x86)\Steam\public\steambootstrapper_czech.txt

MD5 2158881817b9163bf0fd4724d549aed4
SHA1 c500f2e8f47a11129114ee4f19524aee8fecc502
SHA256 650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7
SHA512 f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28

C:\Program Files (x86)\Steam\public\steambootstrapper_bulgarian.txt

MD5 4c81277a127e3d65fb5065f518ffe9c2
SHA1 253264b9b56e5bac0714d5be6cade09ae74c2a3a
SHA256 76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9
SHA512 be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a

C:\Program Files (x86)\Steam\public\steambootstrapper_brazilian.txt

MD5 0340d1a0bbdb8f3017d2326f4e351e0a
SHA1 90d078e9f732794db5b0ffeb781a1f2ed2966139
SHA256 0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544
SHA512 9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2619cd03794f8be4d5909eae9bd9d6c4
SHA1 b5223e25b4340a758af6c8acd66b09d8f83904bc
SHA256 5c619a979339083190e9778e08f8cc0c54ff4e39c5caf83dee7933c434445f6c
SHA512 581c6b8e638a3b5c90e15204008ac871835b53913c22a24fd390caf812f08c7813b8e9e6a33c765b78ffbb07c04f4b381bc1b98c69e190476e45998a51ab873d

C:\Users\Admin\AppData\Local\Temp\nsf51B7.tmp\modern-wizard.bmp

MD5 3614a4be6b610f1daf6c801574f161fe
SHA1 6edee98c0084a94caa1fe0124b4c19f42b4e7de6
SHA256 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
SHA512 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 96c6929ccf1a0f96c92a1e7aca3bca17
SHA1 d7a76da41354dbb6a2b38df12f5bcdb7addaa321
SHA256 0e648e356e6bf9d03030ffab6dfda22b119149871f4045ccc8f458ddc3734623
SHA512 70f539406b3512c700ca304f671154a93ac76add41b4d46ebd49363451810e76feafb8bc75ae4e3f48bc096e31c2a3cdfaaf7656f5efd95f92c536c4bc481969

C:\Program Files\Koalageddon\runtime\legal\java.prefs\LICENSE

MD5 16989bab922811e28b64ac30449a5d05
SHA1 51ab20e8c19ee570bf6c496ec7346b7cf17bd04a
SHA256 86e0516b888276a492b19f9a84f5a866ed36925fae1510b3a94a0b6213e69192
SHA512 86571f127a6755a7339a9ed06e458c8dc5898e528de89e369a13c183711831af0646474986bae6573bc5155058d5f38348d6bfdeb3fd9318e98e0bf7916e6608

C:\Program Files\Koalageddon\runtime\legal\jdk.unsupported\COPYRIGHT

MD5 4586c3797f538d41b7b2e30e8afebbc9
SHA1 3419ebac878fa53a9f0ff1617045ddaafb43dce0
SHA256 7afb3a2dc57cb16223dddc970e0b464311e5311484c793abf9327a19ef629018
SHA512 f2c722ae80d2c0dcdb30a6993864eb90b85be5311261012d4585c6595579582d1b37323613f5417d189adcd096fa948e0378c1e6c59761bf94d65c0a5c2f2fd3

C:\Program Files\Koalageddon\Koalageddon.exe

MD5 f3fee249c9335225e3af98f11d805f34
SHA1 1d5065a559c156c11caf81ebfa9f3366caba76b2
SHA256 edfc0e68e302b33410c0bcddca6bd2112f0816861cc9360e22b80c0004852e24
SHA512 f0652631f55e2530ff6e4b5462a48df7109a1969f14af8c9778b413fea84a0113e30c9281ff772921a981d45e8dcb9150d141cbc9b33d0fb98d3fec7a62e4896

C:\Config.Msi\e587a9b.rbs

MD5 dc00a114aaeb0503b8cae30db0d1d34b
SHA1 db9945c43c53752970f4e863226b938ffb8ef3c5
SHA256 83b105bbe2da338544ef32630804c609b520a0917b58355cd769f425a0497893
SHA512 4792890fbcff268d3a249924c984798070d36b1b7b589b1e0262f6dc59262fea59ad661e7b5fbf9aac942418481f2d7fb173d43b29f1d0765176165d91a31b71

C:\Windows\Installer\e587a9a.msi

MD5 155295f8dbaae190dd34adadecfb302e
SHA1 c720229eb480dadd40649a2447b3e618a83d568c
SHA256 793a6b5980872bc0c16c53ee550f860b90e8955fbbf2f0bd15734e05e9b4c3b8
SHA512 cd6d4405bf387faa538426a2cfefdecd4c7f3a649f4cfce1eab85cea22a345f304525d222a48785528b7e19f83b76a536a1895e3f32ea8153d93ddae29850dd7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e3bb1b2851ca5bbd907cd21fa543c1d
SHA1 1139c46cd791be0e34a5e2bb46253000583e8e42
SHA256 87dea1f9b54259f001200974a99f49b388333144e2fab2afb1cea9bd692544d0
SHA512 73cef8bce5a159ffc407ab964be45cd68aa706964bf2e0ddcd25521ed1157e0a99d16878e774f6de2aa5670ddfb46c04bb67cc1ffea954e5fd94609b1ea7cf54

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fd248c6be4d9c2f82f1411e126a2b508
SHA1 8d3dd13ab7509baa8bdca1a3ade8c87d10da4780
SHA256 495a1b80e3bfe498b00b2ac22b8fa55b9047ba1c4c6118fd3a6e4f7deac1b014
SHA512 c19b34d45c5777d5956453ba62fc31c39399aa4a88951d9cd6f84262f9b684e279105068cb7676f740354cd7d0dba43eac98e2b3ee2933a52bb0e026965d46f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 622df1cfbc0183f963dd4511dad7fcb3
SHA1 1d6718f2a219171b205dedfbc6e49d41c053a06b
SHA256 628b00246a15f05d2c9a0b4c2e16bf56dc851ebfec3161969485e1d738179dc7
SHA512 9cc9e7c2adbea030a71e906b28a6592695918248ebe83a2b575de7083c99a091d80cea37072d3ddf26df3be0ca6c28486ebe2d415bab0d3a10469dcb3de1167e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5bf580009b617ea866527fd2172568fb
SHA1 6fe05d0e8fd9c7efe29c28c7e71d41f2cfeadea5
SHA256 e74068cf9402d6e876855425270beb737514c2a4743d080d820e2eb045c0a90e
SHA512 c9e72cff9ef0f88cf578fc1bf957520e8a9baccf853b2aaa289c7c82f61b6cfad00aea44c8672b7e23e9e030942e0f0472cd8baf8835d4817c8c063c584d1276

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ba909746b8a5e60fc85037d8ddc24d12
SHA1 a33243b260ed0dd6e1cf7dfb380a8c7bc69f0d23
SHA256 94bb2fb97eb738700d49ecf0804b40297a109bc411a195a8f1e8a175a6eaf6b7
SHA512 1df152c16f0e7577f8f28993c31e61f371c799734db3b3f07f3128d7b172c095cb4caeec13d2317771ce2c21b81f48c7015eb6acde3d428647e3ede46e20c944

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 e1c1ccd9d45f4e6e93d1b179fd34f0bf
SHA1 ad3ee33dbc52d32b70f98db7d05f7f2b11171bf1
SHA256 7e12005105be1363b0ce56888f951740f706c00ebbf6aab9e8f57f8d1e234681
SHA512 2af9a3624593bef7422af02a4c76cc0374088476fbff6a34658f81a64650723050336f2b85044ce77b021144dc7acc4339501b901c4ef25d62b7282c008261d4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\8e1cb4de-5f43-49cc-87ad-bf0491950480

MD5 f3ab06523bae4fe73c21e87acd833d2a
SHA1 94262eb003ca8d1eb7e58b0dba28dc443d8e43e2
SHA256 c120ea8ebc68383485ab235bcee8cbf8d29dc2704e6dbfdb64f193bbfadbc580
SHA512 604780d086c2135da4b6c859044c0ec89708a7089b6e2b6a0d62724dbc1818d72f0edd4aed1b46271223a8558d99dd7e879300342579f33bd82fba338f17748e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

MD5 49764a4d005477f8023b9565da1203a7
SHA1 2104626698f914316bec576af9fe1ce6f50dc867
SHA256 b683df5d5fcabbfbcb4c8336bcccf06d6eda021e8766ff9a2c72d13a1bae3d45
SHA512 2ca5b20e2e269dd8696a3b6fa682b1143d6844dfdd488ecfd562622e8f3f73b217ad25e1114939dcfd21bfd5ee1709301a226deff35b72b33fdea35d4b734119

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\83f11f5f-3c2d-4acb-9415-a1303613ec03

MD5 bbd4b9867859efb5b5527e5e54c4bb6a
SHA1 6a4871256efa45c13a56b1b1f6cf6cf5955c34f1
SHA256 13cd7fa0ca3adb0195369b7693f7ae824ad7c9b27c0062da95c186887b3a5dc7
SHA512 c72d28de54e585f43eb2362885746adf03e408392a84a93c8a1baeefefe01e1827dd36057236dfc79b0ac5afd068909cbfa52a123634fb026b3cefdd167cc35f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\f3f1788c-de94-4000-8f70-1dbf91c2bd6d

MD5 77586c233e916d3861b17cec1c01b04d
SHA1 58a6390cf9f7b45a7907ee5cdc238750f56a88c7
SHA256 dd4dd0052f922dcdb4386a144eed65805d328364b1de503bf26f7985799991f7
SHA512 5f2e3019b5c4208862fd244dcde5e7fa005abf894d34e997a9f3910733b83f103d0ab2acdd63b644bbf7020921f69c449f7a7ac13b74870b4108b64d64a8cff0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp

MD5 d4c1b896da2cfeefb575e5c85754cde5
SHA1 0cc67a4ad97dc02ab7362f6704769207892f6096
SHA256 512d7972d4f6d18cbf7d7cc4b6d4182b68aaa92093c09200a053a11609684b8f
SHA512 0d5e5d83b69c426166c010f8bf49404d0b64ac0bd69372fab3c89dc149e2d3dde7efa8840c5ca2b5317da04259905dfcb2abd759f76578c3627138ff2cb83900

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json

MD5 e6966e60749a12800eee727ec3fa4536
SHA1 61eefa99a8e1ee8d740bfd05f6975040ea969044
SHA256 7d4c0efc7d4ce87aa64bfd16d330823dcca48d5ae28fcd9f145d3e038df5c595
SHA512 9d757ed32aef8140985f1f16951bd0ae0b130019b61dd8fb5b9ce005fd161f6578333f4d46b0555f16a8986492e7c7018ae2f5d7fc95c45fefe85b9d75b1ffd4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin

MD5 f666d9f4d2f196dc0e7e6c30a39e5e20
SHA1 079cf92b518283a5e46ad87d79da093abb20ebde
SHA256 d774206b30f7d9e1d0b60d833f8cfc9501dfe7657340551142fce10dc57efc0c
SHA512 0a1875852848c66b160778371222cde3774d4f54c21f94c55ced83c649d861cf31b06ebf26537cb8a0a50d50d3e9f2046f52d79a75dfc01f2e439023ed8c406b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js

MD5 876a25ae7ef55edd3236e139d22f4e25
SHA1 de90219e1cd8eb5da9501343c7efcfee172962be
SHA256 2607ab011a3ce4df9dac0d54e2dffd8f253f9384de731daa7012dbd81ea84995
SHA512 68a7eefcba783f965e9bf097096083e868ea42e632f7aa2dbc082f2ad9a1056471d73d9282f07c97f7d456708fc8b9ec75aee954db24ee18a1fdcfe1eafe75c9

memory/868-1722-0x00000269582E0000-0x00000269582E1000-memory.dmp

memory/868-1723-0x00000269582E0000-0x00000269582E1000-memory.dmp

memory/868-1724-0x00000269582E0000-0x00000269582E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna13193101685526568966.dll

MD5 e02979ecd43bcc9061eb2b494ab5af50
SHA1 3122ac0e751660f646c73b10c4f79685aa65c545
SHA256 a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a
SHA512 1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372

memory/868-1744-0x000002695D760000-0x000002695D770000-memory.dmp

C:\Users\Admin\AppData\Local\acidicoala\koalageddon\unlockers\SmokeAPI\SmokeAPI.dll

MD5 4a1a823e5cf4fb861dd6ba94539d29c4
SHA1 8e2f160783e159fdd33e806acbc5afb37f84ec4d
SHA256 f874fa379dc8557f5d640a17753900a7c1a1d5f93a13aeeef176316b8ccf0764
SHA512 018768c3dbee58ce5c42d00577160ab9766284200c37a173c0fb711c82db6ea6d8e7a80a66e0be5afe853dd8ab07a378db25dea0de0b6adc43b1fe9b7cf46e52

C:\Users\Admin\AppData\Local\acidicoala\koalageddon\unlockers\SmokeAPI\SmokeAPI.config.json

MD5 2b043bb451ccc3c9368724621f4c92e5
SHA1 db4b9806a17b839e95899c12c5614d5529774896
SHA256 bb24da5f140dc6fef8f5da80b5a35484f0620002ac357a084137392c4d95a034
SHA512 715732922634d53b9277e5307581059bccf7177c7cb0c17bb24cd1b05a98936d79602a6d865956dd822dc20cc010aff658e326e3837d3b0b9693bda63a976881

C:\Program Files (x86)\Steam\Koaloader.config.json

MD5 3216bf75d8748e0632462d5b29d2b3b8
SHA1 827575a7afc62c988fc0ec81521bea07b65b4715
SHA256 485549f36767167fae934f7c82701ef3c42d4aed2a6debaf3c89288c346c6859
SHA512 afd2f776c167df7e78c15ec5e52de542ead31fa8ef637283bb604a9494f08dbac69c0ded4c2007d7fc01b9a1cba73877663be5d6bfce6d121e0015fad2fee364

C:\Program Files (x86)\Steam\version.dll

MD5 7e92b09ee4fe34c50415140a0c1130ab
SHA1 638669c749cd493c4407e8c674ecff60a317da80
SHA256 2665a951793eac577c89d9115aff15b3c69f87af4da15a93a81200c890a4cd00
SHA512 26d7b8039c579fb1f83102afbf2ad82c95a4d957fef45a134428d6df55c9df576541627e061f0bd6cb280075be8d7c0c1aab2945ab42fe76590f41f59e5cd367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2ef47a49-4738-44e9-ab24-492b5e687f2d.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 546f49af995a89424fb80ab07d3e7c27
SHA1 4e7d69506ec2e029da22d3c7c0c17114d5a538f3
SHA256 4d5f398857071453aa7d590083636e37a44831b9364235b1caef686b9e4772a2
SHA512 71e39c4a5f4fecae08b265295d574977736f9c0c70798ee7e18cbd51ca211e2358cb7eb1b430aaaff0578312d3974d9e2b00a515463bbc6601f77ef9729f0459

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2a81beb5784ecedfebcb3d42ea20ab6d
SHA1 5595f65cf4d4e4bdd163f345860927cdd96eaf23
SHA256 6bdb09ecd9347744980cbc28bb9d8eaf54fd983b1ef73acf2ba2b0025bf6c376
SHA512 6d4c3b3c795bdb57275617b61f2f22144d42e1ae748646406a5878da0899d6abead5203bf18e956143398cc9baef0367120686f0c08e9725acec212c6c0a49ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cbd7500b22a7d78fd52627c2cc987d60
SHA1 0ea93e5995b549b54ce251e99cd722427d52414f
SHA256 8155ac960039decae6dffa44ad5813c56a9bcc7c64539418f524e076e19a4028
SHA512 ad2f44924fdc5e99f4cae5ef38062b48bf6e8e2de6d0e663a082a5804982066492077e1a7099b26f65257759cd99b15445c95a5eadfbbf72c38a417a34e6e1e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 71a2b39d5d036dceb945713f8957788b
SHA1 52d8ca19bf9893fb1785678e7a258c2371d75b99
SHA256 40df573f62da03369db4077d5f6d74664b6745b9f22853f10e99d56f58da6baf
SHA512 e023a199ce0901364f0d847062d2d497bc4c3f80475a0bc6a5ee02f1c9e1b6e0295316531ee86d538a7d27e91585780e12130de8fad2489cdd9d25770f427acf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cb80fea83a019ad51c730485340f160f
SHA1 aa157047529ee242f1d942ee6dbf5baa6c163108
SHA256 74e2ddf780a1713c2925a6f45d8e589867da31cfa26bdbd72e5df32a540f4f34
SHA512 97a032126f8d2e646895c4d8bb8f01242974984cbc87bad22bae6eda774c0375ca267d0d4c5e09aa5f121601c7a880f106e94c8ad0ce7b7b8f1c47f0c5d136e3