Malware Analysis Report

2024-12-07 11:29

Sample ID 241113-wrtadazndm
Target Cloudflare_WARP_2024.9.346.0.msi
SHA256 36c5f6e3db3d6f1872e5441df73f05c8ab468f25ea4df7edee8773941ccd0859
Tags
discovery persistence phishing privilege_escalation
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

36c5f6e3db3d6f1872e5441df73f05c8ab468f25ea4df7edee8773941ccd0859

Threat Level: Shows suspicious behavior

The file Cloudflare_WARP_2024.9.346.0.msi was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence phishing privilege_escalation

A potential corporate email address has been identified in the URL: tweet-@x64dbg-1DA1F2

Enumerates connected drives

Blocklisted process makes network request

Browser Information Discovery

Event Triggered Execution: Installer Packages

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy WMI provider

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 18:09

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-13 18:09

Reported

2024-11-13 18:13

Platform

debian9-mipsbe-20240729-en

Max time kernel

0s

Command Line

[/tmp/Cloudflare_WARP_2024.9.346.0.msi]

Signatures

N/A

Processes

/tmp/Cloudflare_WARP_2024.9.346.0.msi

[/tmp/Cloudflare_WARP_2024.9.346.0.msi]

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-13 18:09

Reported

2024-11-13 18:13

Platform

debian9-mipsel-20240226-en

Max time kernel

0s

Command Line

[/tmp/Cloudflare_WARP_2024.9.346.0.msi]

Signatures

N/A

Processes

/tmp/Cloudflare_WARP_2024.9.346.0.msi

[/tmp/Cloudflare_WARP_2024.9.346.0.msi]

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 18:09

Reported

2024-11-13 18:25

Platform

win7-20240903-en

Max time kernel

227s

Max time network

711s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Cloudflare_WARP_2024.9.346.0.msi

Signatures

A potential corporate email address has been identified in the URL: tweet-@x64dbg-1DA1F2

phishing

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\helppane.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\helppane.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\helppane.exe N/A
N/A N/A C:\Windows\helppane.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3064 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 1656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2920 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2940 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3064 wrote to memory of 2020 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Cloudflare_WARP_2024.9.346.0.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6949758,0x7fef6949768,0x7fef6949778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2256 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1412 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3828 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2552 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2544 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=724 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3020 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2804 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4056 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3776 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3816 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4240 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3832 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4240 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4116 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4288 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4176 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4124 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4744 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4564 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4188 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4252 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4284 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4780 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=2804 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3656 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4000 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4820 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4864 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4976 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4996 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x56c

C:\Windows\helppane.exe

C:\Windows\helppane.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4816 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=3268 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=3944 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4440 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5064 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:1

C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe

"C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe"

C:\Windows\system32\findstr.exe

"C:\Windows\system32\findstr.exe" main

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 --field-trial-handle=1384,i,15999678373709974497,13102080646360525199,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2d0

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe"

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe" ::install

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe"

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\x64dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\x64dbg.exe"

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\x64dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\x64dbg.exe"

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\x64dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\x64dbg.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\commithash.txt

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe" "C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe"

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x32\x32dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x32\x32dbg.exe" "C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe" "" "C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release"

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe"

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x32\x32dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x32\x32dbg.exe"

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe" "C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\dbghelp.dll"

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\x64dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\x64dbg.exe" "C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\dbghelp.dll" "" "C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64"

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.exe" "C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\dbghelp.dll"

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\x64dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\x64dbg.exe" "C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\dbghelp.dll" "" "C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64"

C:\Windows\system32\rundll32.exe

"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\dbghelp.dll

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\dbghelp.dll"

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\x64dbg.exe

"C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x64\x64dbg.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.132:80 crl.microsoft.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 172.217.169.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.200.46:443 consent.google.com tcp
GB 142.250.200.46:443 consent.google.com tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 x64dbg.com udp
US 185.199.108.153:443 x64dbg.com tcp
US 185.199.108.153:443 x64dbg.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.187.234:443 ajax.googleapis.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 img.shields.io udp
US 172.67.173.89:443 img.shields.io tcp
US 172.67.173.89:443 img.shields.io tcp
US 172.67.173.89:443 img.shields.io tcp
US 172.67.173.89:443 img.shields.io tcp
US 172.67.173.89:443 img.shields.io tcp
US 172.67.173.89:443 img.shields.io tcp
US 172.67.173.89:443 img.shields.io udp
US 8.8.8.8:53 id.google.com udp
GB 216.58.212.227:443 id.google.com tcp
US 8.8.8.8:53 snapshots.x64dbg.com udp
US 172.67.132.116:443 snapshots.x64dbg.com tcp
US 172.67.132.116:443 snapshots.x64dbg.com tcp
US 8.8.8.8:53 sourceforge.net udp
US 172.64.150.145:80 sourceforge.net tcp
US 172.64.150.145:80 sourceforge.net tcp
US 8.8.8.8:53 www.cloudflare.com udp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 104.18.94.41:443 challenges.cloudflare.com tcp
US 172.64.150.145:80 sourceforge.net tcp
US 172.64.150.145:443 sourceforge.net tcp
US 104.18.94.41:443 challenges.cloudflare.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 172.64.150.145:443 sourceforge.net udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 crackmes.one udp
FR 163.172.133.144:443 crackmes.one tcp
FR 163.172.133.144:443 crackmes.one tcp
US 172.64.150.145:443 sourceforge.net udp
US 104.18.94.41:443 challenges.cloudflare.com udp
FR 163.172.133.144:443 crackmes.one tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
FR 163.172.133.144:443 crackmes.one tcp
GB 216.58.201.100:443 www.google.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com tcp
FR 163.172.133.144:443 crackmes.one tcp
US 8.8.8.8:53 www.google.com udp
FR 163.172.133.144:443 crackmes.one tcp
FR 163.172.133.144:443 crackmes.one tcp
US 104.18.94.41:443 challenges.cloudflare.com udp
US 172.64.150.145:443 sourceforge.net udp
US 8.8.8.8:53 a.fsdn.com udp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com tcp
US 104.18.40.209:443 a.fsdn.com udp
US 8.8.8.8:53 d.delivery.consentmanager.net udp
US 8.8.8.8:53 cdn.consentmanager.net udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
GB 89.187.167.39:443 cdn.consentmanager.net tcp
US 8.8.8.8:53 c.sf-syn.com udp
US 104.18.33.97:443 c.sf-syn.com tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
GB 142.250.200.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 html-load.com udp
US 8.8.8.8:53 analytics.slashdotmedia.com udp
US 8.8.8.8:53 j.6sc.co udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 104.22.74.216:443 btloader.com tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 34.117.77.79:443 ml314.com tcp
GB 92.123.26.163:443 j.6sc.co tcp
US 104.18.20.31:443 html-load.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 104.18.20.31:443 html-load.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 34.117.77.79:443 ml314.com udp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 c.6sc.co udp
US 8.8.8.8:53 ipv6.6sc.co udp
US 8.8.8.8:53 b.6sc.co udp
GB 92.123.26.233:443 b.6sc.co tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 ps.eyeota.net udp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
IE 54.154.143.167:443 dpm.demdex.net tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
DE 3.122.214.165:443 ps.eyeota.net tcp
US 35.71.131.137:443 match.adsrvr.org tcp
DE 37.252.171.85:443 ib.adnxs.com tcp
US 8.8.8.8:53 8533b58e07400b434cf44c6108b61080.safeframe.googlesyndication.com udp
GB 142.250.200.1:443 8533b58e07400b434cf44c6108b61080.safeframe.googlesyndication.com tcp
GB 142.250.200.1:443 8533b58e07400b434cf44c6108b61080.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
US 8.8.8.8:53 static.criteo.net udp
GB 142.250.180.2:443 ep1.adtrafficquality.google tcp
NL 178.250.1.3:443 static.criteo.net tcp
GB 142.250.180.2:443 ep1.adtrafficquality.google tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
GB 142.250.187.193:443 ep2.adtrafficquality.google tcp
GB 142.250.200.1:443 8533b58e07400b434cf44c6108b61080.safeframe.googlesyndication.com udp
GB 142.250.187.193:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.179.225:443 cdn.ampproject.org tcp
GB 142.250.179.225:443 cdn.ampproject.org tcp
GB 142.250.179.225:443 cdn.ampproject.org tcp
GB 142.250.179.225:443 cdn.ampproject.org tcp
GB 142.250.179.225:443 cdn.ampproject.org tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.179.225:443 cdn.ampproject.org tcp
GB 142.250.178.1:443 tpc.googlesyndication.com tcp
GB 142.250.178.1:443 tpc.googlesyndication.com udp
GB 172.217.169.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 0.html-load.com udp
US 8.8.8.8:53 1.html-load.com udp
US 8.8.8.8:53 2.html-load.com udp
US 104.18.21.31:443 2.html-load.com tcp
US 104.18.20.31:443 2.html-load.com tcp
US 8.8.8.8:53 8.html-load.com udp
US 104.18.21.31:443 8.html-load.com tcp
US 8.8.8.8:53 7.html-load.com udp
US 104.18.21.31:443 7.html-load.com tcp
US 8.8.8.8:53 6.html-load.com udp
US 104.18.21.31:443 6.html-load.com tcp
US 8.8.8.8:53 5.html-load.com udp
US 104.18.20.31:443 5.html-load.com tcp
US 8.8.8.8:53 4.html-load.com udp
US 104.18.20.31:443 4.html-load.com tcp
US 104.18.21.31:443 4.html-load.com tcp
US 8.8.8.8:53 3.html-load.com udp
US 104.18.20.31:443 3.html-load.com tcp
GB 142.250.180.2:443 ep1.adtrafficquality.google udp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.33.97:443 c.sf-syn.com udp
NL 178.250.1.3:443 static.criteo.net tcp
US 130.211.23.194:443 api.btloader.com udp
US 104.18.21.31:443 3.html-load.com tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 104.18.20.31:443 3.html-load.com tcp
US 8.8.8.8:53 5113f38fe53e9f080616fd3387623985.safeframe.googlesyndication.com udp
US 104.18.21.31:443 3.html-load.com tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 us-u.openx.net udp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 8.8.8.8:53 trc.taboola.com udp
GB 92.123.26.233:443 b.6sc.co tcp
IE 52.30.238.153:443 sync.crwdcntrl.net tcp
GB 142.250.200.1:443 5113f38fe53e9f080616fd3387623985.safeframe.googlesyndication.com tcp
US 35.244.159.8:443 us-u.openx.net tcp
IE 52.30.238.153:443 sync.crwdcntrl.net tcp
US 35.244.159.8:443 us-u.openx.net tcp
US 151.101.129.44:443 trc.taboola.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
DE 18.66.147.28:80 crt.rootg2.amazontrust.com tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
US 104.18.21.31:443 3.html-load.com tcp
GB 142.250.179.225:443 cdn.ampproject.org udp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 ap.lijit.com udp
IE 54.229.40.24:443 ap.lijit.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
GB 142.250.180.2:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 google.partners.tremorhub.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 23.20.69.65:443 google.partners.tremorhub.com tcp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 104.18.21.31:443 3.html-load.com tcp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
GB 92.123.26.233:443 b.6sc.co tcp
US 104.18.21.31:443 3.html-load.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 92.123.26.233:443 b.6sc.co tcp
US 8.8.8.8:53 downloads.sourceforge.net udp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 204.68.111.105:443 downloads.sourceforge.net tcp
US 8.8.8.8:53 deac-fra.dl.sourceforge.net udp
DE 37.203.33.33:443 deac-fra.dl.sourceforge.net tcp
GB 92.123.26.233:443 b.6sc.co tcp
GB 92.123.26.233:443 b.6sc.co tcp
GB 92.123.26.233:443 b.6sc.co tcp
US 104.18.20.31:443 3.html-load.com tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 104.22.74.216:443 btloader.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 loadus.exelator.com udp
GB 92.123.26.233:443 b.6sc.co tcp
IE 34.254.143.3:443 loadus.exelator.com tcp
GB 92.123.26.233:443 b.6sc.co tcp
US 104.18.20.31:443 3.html-load.com tcp
GB 92.123.26.233:443 b.6sc.co tcp
GB 92.123.26.233:443 b.6sc.co tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.33.97:443 c.sf-syn.com udp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 104.22.74.216:443 btloader.com tcp
US 104.18.20.31:443 3.html-load.com tcp
DE 87.230.98.76:443 d.delivery.consentmanager.net tcp
US 216.105.38.9:443 analytics.slashdotmedia.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
US 104.18.20.31:443 3.html-load.com tcp
US 104.18.21.31:443 3.html-load.com tcp
GB 172.217.169.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 8e5f62b47dcc7438cbc1cb9884f2c27a.safeframe.googlesyndication.com udp
GB 142.250.200.1:443 8e5f62b47dcc7438cbc1cb9884f2c27a.safeframe.googlesyndication.com tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
GB 92.123.26.233:443 b.6sc.co tcp
GB 92.123.26.233:443 b.6sc.co tcp
GB 92.123.26.163:443 b.6sc.co tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 e2c80.gcp.gvt2.com udp
US 34.51.10.38:443 e2c80.gcp.gvt2.com tcp
US 34.51.10.38:443 e2c80.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
DE 37.203.33.33:443 deac-fra.dl.sourceforge.net tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com udp
GB 172.217.169.3:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com udp

Files

C:\Users\Admin\AppData\Local\Temp\CabC61F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarC631.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

\??\pipe\crashpad_3064_UILZUEOVXQJSMSPY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 455d9b73ec3781a91b4e64c477544c51
SHA1 182f59d42553643c801e78d1f67a925bbea514f8
SHA256 47085577c644a34722850e888841bd3f4b00b7f9d10ee6cbf744fddae7a3178d
SHA512 dfe4644e04778c75ffba5bd8004313fe8d4308b813d6c6649baf9af76623e9afec81190b4df8364f8f7dfa34e7625cb998a5736d348afc75fc9593740ef97a53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 910680edaf348946c8253ba46b240368
SHA1 20d514340b8450da89ba3d4905af572082b64c4d
SHA256 036f24f8b98a2752c60cbf97a7b8ec857ae83415291c6c5c65efe2b1789c4a88
SHA512 ed6af521745b9bda3604ecbd19d98296e7ceb04a57aeffe83a88136c8a7628f757035d59ffc0d8156f29eb5fd511540169a3769fa73b89001ad44aedea37ae31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8a4fc201333b13cc6d931177dc58d3f
SHA1 477475b43d2e4dcbcba52fb77200af3e8605f4af
SHA256 39faed3b3a530230d3846bddb195b837fcb7b92e6a822ec5fee183fe3962c719
SHA512 7ac2da5e9d7a1387eb387e8e9833de586c91b944da3ed8453bcd431ff66d831fa35a179944069ec2f35c40ae3dc25a5fc3efa69539687c70a56aadaf65b04cc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf779b94.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8756cd74030a9c205be05bf05aecb96a
SHA1 e3c8a211e2f8d7e73fa48e05fb250c5a085eb400
SHA256 59926c2cce9aff87ba485d2efb7daf26e6f365030752b34027948d10d96b213d
SHA512 e1df311c397fb21fd572a1192372df6a13d4bb068400a73bccfd9dfce7904fb282ef33925d62ebee89a858037def583bf3f8fba2f56090257ed1c235a6e3c246

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 47a4820b3d2da51550dd90d44b416e15
SHA1 3d352f715d7e805360278723d228420be7de60d8
SHA256 498fcd1062a3cbedba550ad815175ebb54439f3f82f9a0f58c3c084cef89dab4
SHA512 cb6c38ea44891319b633b04f69d59c3b8270c62e1b01efb4d066de356d570f1c622e954e57adc5ae93b7c538433f5e71e289720bf320191f9bc622ebbbf2e999

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea49ac04964759c0c150631e9b13bbb3
SHA1 87281dbe3b9ba61214238f67f2d87466e825e5f1
SHA256 477105469a3cd5fb7c0853405c2846d9f31b59f0ccea1d7d117d7d05fc6e2495
SHA512 46802c6ac6ec8deb93be99f800f7903aa022061f58a6d66abb773ba3feff01192373b0cf42659edec5b9660336dc2080caf1bee774c3d80fc7abae1f7f0d8a6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e83f2ba7-5bc6-45c5-bc61-1d6d833fd2f3.tmp

MD5 b0247db87be7f448763804081b3747d2
SHA1 488e3f89bd08034f65da64da2f4473722e12e5d8
SHA256 df26fef499713c67b4a8ddc38a1d6a32e45952eaad538fb72f672c567a76a0ad
SHA512 5e54609390f14fcee7243192a3eaa101ab8529fbb71704ac10afd7ecef5caf4eba8895fd3d7667ac9959a20acc73486ed4a93cdfbc4bb53fd5152efacd9dc3ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1603e2f11f45c7a7768c4295eb6eab99
SHA1 47a912588d95d4f312808f9e23bc41aac28ef3a6
SHA256 61b70070df82bbaaa2a1142c72794dc0b507e78870bca41252a80d3c37ecfbdd
SHA512 01b9343a2ae9033c4bf69029f656ec3ab430a69745ba5d405994eb9de099e1488e6706686b54d88c3e6139ccd49689c910bdd76ac20d4326dcf611534e730aec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 078a8c9dd25430735f6c61e7cdad2022
SHA1 766541f1dd45c261e9f1362bc283bd41561b3f8d
SHA256 14219a1373140ff70f2c5b88f35040b45e67063b2f38c69ddfdc2d950063bf04
SHA512 8880867bd182554344e29d6084f18d4664d0d1478285234e88c72d11819360a25cb992aed4d935868774913f79418296a714a9cb0cecc23ba4ea1574d0198a91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b15d691a392e0481d65b8a1cc399ad85
SHA1 ed0c849dd26c6d6fa203b0c1a508f46ee653219a
SHA256 e8c1f85e63c5e643a9da75e2fe72b8ed24d348e2e7932fd4a449a2047523c12d
SHA512 1b6a2fb4b5bedc6f8fcc9b87ad8ac97f0953a92e671c78508fe54155a3d3e50bc1a568c6861f87cc714f711cdc51150cf5dbb4b60a028ce202ba4612bc946778

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 503766d5e5838b4fcadf8c3f72e43605
SHA1 6c8b2fa17150d77929b7dc183d8363f12ff81f59
SHA256 c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9
SHA512 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

C:\Users\Admin\Downloads\67117e109b533b4c22bd1629.zip

MD5 0d6448cb409dddc826dcbd629f72156c
SHA1 d79db0b0a6738c796ed07a9717bfc29d50bd5331
SHA256 bccca638760f3d60dc135201f501094d8db524a8750c1527c0c593aa6ce0d974
SHA512 ee665dd5307380a40d36eac0be4ad33535c91b80689a061784a37c8de02db6a2c43423a506258a50d7b19dc26b7df59b6a99d4928756179712eb2ada3c9bd2a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de6fede29dab874269dfab26df4b7e4b
SHA1 c448d87e2724d5bf66e0c7e7bd989a74387da09d
SHA256 c51a6d0adc4e25ec149c70118760a11afae049806e2c06c2f732cbcc27faa823
SHA512 83239e01a67fe378b34c3aea7c3bf92e79279b87cbfcfafacafcb1fc7397d370def35fb45fbea1621814728066d0cb07fef966ca15dc02eb079c7ae99a250973

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 314c6cc6d78d40c635bb84be76cfe1fb
SHA1 a5ed89c3efffbc67019154881fcc98ced45daa36
SHA256 9ceabfbbaab4e48ac289858effe8d6ca2b135902b3962042530f3e1709ca1207
SHA512 827bd4d6997b8ac4cb20c77e379de05c29fe7344a2e868e92af37dd501ae7239515988c49e4766cf7546c810f3015a164c0a19d04d7a2b6896177b65c47d3850

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 beb3fa2083415d14b19c5aa0ee173518
SHA1 5522e468e6e050ea040a32e8074289d1392e2adb
SHA256 aa7392d9586cb78366eed2f1ff95cf19326037d94c563fecbf9b4e92299dca20
SHA512 88b408e288469acbb3b1e391db51e45cd21a4fff666f58f94c1c3414af8ea81b657142bb0673c28ba6242964b56ef293461fdcd8cd24b07cbe0f55fbf1208f3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ce63083babd33fc3172d7bfdc5a27d69
SHA1 aaf275a7ef93676cfe7ca4bd3f3c42bd50b1fa04
SHA256 420bec22ed4cd385c8445b5be11f9beb60e2424dec9c1cbc3e309939ccfa083f
SHA512 f819a0275e8333f114eb4a606285f28aa66a71dd4b5abe9b065a72e2d5e6342236651b721dc59ddae06d14cef9f9b7bda462f72865b00847bb0acdadef2f94a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ae9810e3-925f-4b9f-a9e0-835ed02541c0.tmp

MD5 4bb0e58e1e38e17c8cee8ee8f49bea14
SHA1 87f672b83c81d319715f5729d6c040f99cc94ef8
SHA256 0223e41ccca7619e5a87290bc281146546b49fa7e821569bb3956478ae76e940
SHA512 bfa8e2bdd82ac606a41f9a5f0f6cb287b623a37d893c3f1907af9f814da2ff878dd6a5222bfcb2e31bb8530f4b8bcc50da798278d33f7a96910233d6daf1fd32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 51181e2c8ef4e771a9aefb0eff43e775
SHA1 a3bb52695021f85c4281c4c4ae3bf5056106cb90
SHA256 74e080a2cc23ccabc7fe509390260e758c5e11b5fc32d6f945df5d3a3f00ab35
SHA512 355489f013c53c7279666502ac60200c89eca7b02c74e77e70e2c1c877a6ef1af74ecf03981087914fe7b8abf8675eedc5d95b95bf6e09c32d15359ae7ece410

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0bc13af564e61827_0

MD5 69b3197b65784ddd733342984de44804
SHA1 eebb4db20beaec41c16bc7d2f4ce99551d093386
SHA256 697c3033e6cfec8b26403c63f03715e59b889300a35e560411daf5e1a90b86d4
SHA512 1ed61e7f785971094e434d9b61273cb4c05f257cadd453b5532dba0700bf75de7731cbf87d7776a8f72a15dff63b07fa3025b807980603d9a0c889b57c35ffcb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ff359e3364287e73_0

MD5 fa1178da56ef1273558d31db952a24c1
SHA1 f39c948eab9e0c802dad104a9252cd36c9995db4
SHA256 a1f1e4d2de897463220cec0773f1aa357f253ca2189ae963572e86d679182a5f
SHA512 1cc9f3784720ab405e7d2772dff2e6e645c04f662653a023ead85434842a64ea80d0e9a7f951e04e3e7b732293fa4f2c2d10b83aae8f7f390522d501905b80e1

C:\Users\Admin\Downloads\66fc12909b533b4c22bd0aed.zip

MD5 bfa445f872dacb93c89345b15a0c170a
SHA1 848fb699023b7f65db2e749e3bdf5e55312c6665
SHA256 24f38b0361de00d26087210afc7112fc884f0a45357619556bb8ecd9c3581e20
SHA512 43b8358c5c87d6ddcb59ff67a52354e9bc7ee5c6f33d8dc5ff5e469ca40e4da8afbe017b4344ba26fddd8bb8e5d69b3b30f094b7ba39e2fc814ddd3f68c803d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bb7637042ac33f08aaddf316a6f346e4
SHA1 34eb82beefccb9c8c6e44a05173d70dfec91d20f
SHA256 5d96abbff096a756400fc0bf77efcbdb723ca7c5ad11bcc3959197e142ace48f
SHA512 31cebd2e2b35b7f01c7b64b20a4611e19255522779eb35a3a490184f7a41e84b5260c27989f180734522a92136c7a550d1e57f2904072a5469049c16654de054

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8cd1377d8d9345dc7db767d98f0d50d0
SHA1 9b496b8a24605564e1657c682aad612182c1c1a9
SHA256 f54e14bb0b901fd71a33f55db7c3d6680d949161bbdf7137453e934755972790
SHA512 1b35c090cf8331f11a2f40153f74f75c814aaa5440aa0d885e47c829c090e08cd50e6d87bab9128f87d2ff93fba74c08d48890596b8344d0abc241c964848e46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 40a85792dc8cf79a42e2ca82ba536578
SHA1 3fa4b554ff415dc92136d361686b9bb81284882c
SHA256 0302539044417bbb782aad946ffde836f09b8d63d672863bb57e73cb478cbf56
SHA512 f0614f06694b13a815ce647446ea8f44541877a4af8f209e92a94e04e4c9872404732a949f53f21eda65a7e9e13c93bc3d83e870e2bbdfa1042bd0c6d71631eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80ade839d1d22babdb0fb54e89af0aec
SHA1 51edfc023750503dd653d9e9100be12b57acbd77
SHA256 a3070583ad2e97a23b054a96cfa05bde469d5c7cc45fe7b31cc2fcfe85e09a6c
SHA512 1c8b3aebdb9832cdd7e37d0c5d81ee64451fd3df97fc9093e06c96025dd816a4ff53cf70234e51381a9fa9c014c6881ec26fd265139b5ed4f414ed92beb2bd97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ab64d2049f4563f4114b1a6d63cdd07
SHA1 cf5bad859482e898ea1cf2aba32507d5d1c216e5
SHA256 893df2dbe9c4541b7339cf1fc29c30e06ae12687e63e6a6395ec5f08e150a372
SHA512 93742f06cf591282172031fd46dd19ce171c69d9f94f307967c18530f8e746fd152171bdc92830557012cfd85d3a8cdc8f60930ad036f65351b96b7dad1e3435

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fcfd14b1734d4b964086011372bb63f
SHA1 36d96d8c476963a9d87298dfea24b766734e04bd
SHA256 24d3e43bd570140755c1601681dd2991ba996b28c207aa6da46bc732db27b74a
SHA512 91519ccda70d5b4b77409596019eb4b29d52a3a539ecee2a8e9bce3fe9ba1236cacf0ba38bd91309e1954fd642906ec7cc668076d2d9e9556458390f4182d836

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96eea0d73ed0867700995f58d3d5a3a3
SHA1 776d817b5b1532c96b33db67848a8ecda7dc3722
SHA256 013448e912e7df4a4b9a51672ec00002856807f4a7461b6984cb1f9737c6d103
SHA512 a9b25f7e1f34fadd1a0ad9f520579d2b3c713f640ce3c6e84ad5eecff3d31a44011a273a2ab25792166a442e42db101b092bfbb9c007859e0a9cb65854bb5bc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30d575c43ee3cb1cfe19a2d21e258d22
SHA1 31ffabcdf1aa787dec36bf55ad2f37abf1e7968e
SHA256 6d81716317a9178cf3a19e415ba7d20bb2f53cdf4d024676576eb64f01393da6
SHA512 bbe17bf1287397ef634b9bf88e2c5630121c4a3064b3e591fcf82c8b00b19ba3f9c7174fd0e77005b0f0008f378924be9b45b7af38b746b6df7f93796ca9d3a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\177a9a8a-8ba2-4ac2-8ba7-f961c83d5136.tmp

MD5 c4f19b926f215b8d0122949b46ce5093
SHA1 cf4bfd14a2a0c9c6e626c54e0722de4a54d8a363
SHA256 23f35a2331a34197f5a86106502354d269ef4b4bf585105045f747177ed93b3f
SHA512 f7c8f8a5ae95605b93fb71edecb5bf91a5bdb2f4e0be92f7a728995b8290287a340a2870209692aa79bda8d237aafc19484be91b809f30133f3bf569face3d38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84347304921ac0d21d4d623c2c4720c7
SHA1 662a4897e311f712b4ff76e83094f45ff3a5a893
SHA256 7343dc68ae5165576c0e7ce45249b4ddfc42419b5e65250f87bd99d140a68a7c
SHA512 b5adb3c108b6ac876609ad5dc4faab63d5a7f2bc7d5d20cab3d4e3e56b95beef3f922c082a08013b50e0565159943a0f56abc75f756a7e5f025b30c77778276d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8394dae585ecfb4abc25f6171f33233
SHA1 53e18ae3668023b2ad1ba2197b5dcfd050d89eb5
SHA256 879f46b0fb6a1ec4c5e7644bc83199a5cdc7d810778a67bff718bbb2b66fd8ec
SHA512 42b475e1a441bca9079eb3d6fae6388fbc33fa6bbd6ad731f2327fbeff479b4b7377c6de634a1c3e671fc3710add0d59f0febc2099fe78bd18c3effb97345c8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

MD5 5366c57b20a86f1956780da5e26aac90
SHA1 927dca34817d3c42d9647a846854dad3cbcdb533
SHA256 f254eb93b015455a3c89aaf970631bc989fe2bd387f79e871b514992359651aa
SHA512 15d7127970436f2510344600f3acecc19c39a05f8e82c8a7950095386382b2e2da55883a5a9faa97b84452e67315b9ac1693b6592274c8c1c35c813dfeb543a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

MD5 344ee6eaad74df6b72dec90b1b888aab
SHA1 490e2d92c7f8f3934c14e6c467d8409194bb2c9a
SHA256 a3cf4861c7d0c966f0ed6564f6aad6b28cbd3421a9ca4f60e2246848d249f196
SHA512 2a9a9162d610376512a8fae2cf9eb7e5146cc44c8ebde7a12e9a3985da1718c62ae517c25b00de7c0269efab61b4850a0becfbf04382a25730dbe9cf59825a62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

MD5 2495e19793b24bf0cd9acd2efc9ee73f
SHA1 2d00044fc72bcf6379bb4375544f468358863e53
SHA256 d0173c9c68deb136bf20444c8894e9d6c44130f54c1a7b05636bbcec795dbe11
SHA512 de578f6b9933afadeefc59f6723477ea56b8a5c524bbc573850827f3cd5270c32246b8991ca72e4da1e3e802bb70422d0ff8c70e8c5ff52b532196a5fbe59d23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

MD5 93f9b195b201687218ac5bbb410b03f7
SHA1 b90cd3180d7a718257d846c3580c9ec8eff3894c
SHA256 742a583c9766f648af2280ebd1a0c7da2193585dffe607a13b865c537178a9cb
SHA512 139fe72b3e3bf70463846fd834091a2b27487ce8872faa6c1891c9ab218b95fed6b9c17f47f7f771ef071b624283096ae34f0c0a2030ce25a21c4b25e3a38814

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6259868e76daee4c78f555df615680a6
SHA1 d7407569bc331ba207119325e1da79e7bd8e8235
SHA256 13f65a8d6555848e6ec7611036ebe9b2bb7fbe00e2fe9dd428664051035566ed
SHA512 2d484508f40e02141f6099d5f6e16b1b56bff75baf0c959649a06bd724c44660a7ae31dc0e9d9e355ffec707906e5ed2c529baee67028c1b70b6617851ed72ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\69eb13754ce2d45b_0

MD5 63219eed79ff254a9836d1bbd8cea724
SHA1 027d0b2a6a1b7a9e565614984f5abf8373884277
SHA256 98d29fab59055c7e9cf859dc6889c6daaffff6bb384035da5ff722b8077e1c42
SHA512 4bac1695da7a5335a6fa3ace6c840bbef7f2149351824a2f24d80a3225d7a1096542b43fb3d9de4c92cb4bc8adfb0554005bccd91c2462ee96d5fef187080005

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 065765f7786f990d456baf7f82059414
SHA1 2d6c70f2eec2ca04d6feb278e97998f8dabf051b
SHA256 973657a189659c2cdd838c8e34fd06700e5fc744ec947ffed549a83b734ed3d6
SHA512 d221dd06bd1b21c9797aa927caef159951233ab11590597f6933c95a79568b98b35d8a22c83202f22f92435351362db72e29006d6b094b3e0703af0d053c7da6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5066cb8b0d55230bcf3cadd1dce6b3cd
SHA1 9d9274f8550193e15276dec8445cf83ec361f2f3
SHA256 02dd1a8eccd2f37ebe50db8edc1ac5e0ff6a8c577aa1e82b423d413c0fc4a380
SHA512 844d21020423d0254d472d9d5709a2c739b4c53fc1ab7689e6072a01c91ef21c0ead86258271c6123937955110a91e6651aa3c00d046db45f8b49eabb1605e6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb869aab932659e365956d072e0a7af9
SHA1 0fe04930db2bf1733fb608a26327b1bd50ccff44
SHA256 87b02ef0b5dbbf8501fa64b292c09aaa9cca80befb4f2c8d6f71d55431bad7cc
SHA512 ff310fe621fce2a64f9037c548421732f19c188cd3c3de909c9fdcebcda8d29e94380e4d4d4a92b96f9f3efe280035a9532e319d29ed13e975658f23e19c0512

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

MD5 dd71b41116c82725754eff452857f3e1
SHA1 6cf6bb863dba12ed793e4189d40f4ab2a924f3eb
SHA256 101649c2063e9a81f5fc54ba157ea1bff007a3010d178d9ec5b5aba231a37535
SHA512 697c1a2712e1f573d74f7a3a5715f3162ddbd7a8c5ca60aad1dd05f46ff1ca51f151fe8f14aeeafc11c4ed8e2a2f7c7d49f90ecf6bb0fd69d929392ab00c6b52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b504a13d91684b79937c4b11508c9782
SHA1 7b13ddc6776e92ea7109a3147bb207642441d11b
SHA256 abd622707631c3c375bf0e2a705f9171871ba512ffb7343b965e95d59d10f10c
SHA512 8a143350d0c32012b73e6353d23742563ba5f304a5579ac99073e015987232ce7820685974a4258c93005a00fb60e1b807c36e94b172d7bc94f4a49c0ef28b90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7afcb38954103d723833b28530051190
SHA1 0048acafa0984397c5bc09dd963585efef47c700
SHA256 efb1bc84855702d44fa89dae48e60f7de7c1467f4063175958bf10c1a8fb9917
SHA512 ee8d1575ea9fbea279e1efa788b8b453df03bb2d986bfdf58798ccb500634f4499e7a85a1331af01260addd6081f0ec535e27c53fe54fa52eac13c35a5f4fb3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

MD5 5d1eb08100d42291f922a26726ff7513
SHA1 ae037cfe7f7cd5812a77ec84d6eadcdf8fc2e576
SHA256 21efa0b32cabc482de271408f4b94af3202fa80fbfb028cfca284140529b7652
SHA512 e295bfb715cb5943b3c1933dc10dbbdc21f6513367d65edb30e882155fd119452eb4779549601ca10c6128499d8d868ae9dd4f1008406c7e8709c954d2413232

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 958f9d43f3c6820a7d2647b822962991
SHA1 0c4520a03a7db7d86c9de5a9ae252a0ac9568af0
SHA256 0226a18a8b88f19f55c4875dad213bb46735f42862df883719a4b27f9d8a8416
SHA512 e6598870a59bdf248d291c513650e1d417807df80501f469f36570df22dbb0ab17b7634d78547bd7f201508caa6e9d87780db131c379f8f15d5a501a3cb8093f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ff4588a4185c1c8dc8daf53eee3870b6
SHA1 f201c65bf9127217cc64e5594fb75069c3678ac8
SHA256 8f7c56dccb117e08099f3b0b2f31e3c72e4821920cf46d8d7d7cba374c8a1e3f
SHA512 6cfcb01d10925695a6a7072ada620f1e46ce3f61a8e4722ff8c78797ebdce40cf4965d61b52752745105830ca87ecbb3e66a14008560d84068ea0b5a7983652e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

MD5 4fff2e0d9f1114e76e5d0c4a31030f23
SHA1 ac70490816c5abef453a7ecf4eb8442114d812f9
SHA256 f2080472eacf53a5271e4bdc4be9ecf04eaeaf623c7a2729a1fe9d55bb00c81a
SHA512 f0c1173f2c1d47cccffa939d3d8bdfc9eee291e4ecc2a59a6ad69e8a95bcf1b3aad1ea38e9df799bb2acd8009e0ac3567779543dce54b46e8b62ec02c93fa51d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

MD5 93d7a4fb8dfb2fe6bcfc3b8f30a34ea5
SHA1 248e2d3198d54740564bdda9ad6184e65cc7faa8
SHA256 5628cc6aded2fcc6da1740d9525e32e62fe11e51de731e328be78e5f5b9aef44
SHA512 055e4567d181d997936706274cfd4d2d93b7049ad72b820c66961bb57bbedd01c45f5173e5303998a3bfe460256ec1b39ecb8cd68460c85a5952d9bf9eaf8c72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

MD5 0bd145baf17733cdcc79c20a006b4fbf
SHA1 1161e35462cfe3a157103753565979e0a5ed7cd3
SHA256 e043cb74fdf4e90843d011bb0469c7c2ca43941e614f6028daf98fc326b344ce
SHA512 30356f5da0c3b18faafb677509120a39fd2f6e6b8e0c5cdd9583c890304249cac5f03fc062699d01a97a2b388bcdabdd655366493e569b0770df2c7ac2c0acbe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

MD5 3967932ea684149534e7995a886710e9
SHA1 1b2e894ba53d8c627c3922adc8f9654623c513d7
SHA256 6f363c52f34b34fc84e92f986af4da42145bfe1af913c6cf907d9b7514f937c6
SHA512 e1f4b74838b11b2cd96596e88d77e1e50f489aa7402949b750fa03460c748141a6c04a403055b993650879cc9ef4364571cad8facd9004f46a44070a379d37f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

MD5 34d5015941e4901485c7974667b85162
SHA1 cf032e42cf197dcc3022001a0bde9d74eb11ac15
SHA256 5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632
SHA512 42cef1d6847f535a6e8afc0469b9f5ef79ce4ab21512ac7eeda8ef9667d5f24bb33b30aba9a29824b3d853d41d4addf6bdee2042cf4fbd0a033b61657c671f0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

MD5 672b8f90572a9d1947036d29d1b839a5
SHA1 39195568b2b8511b7ce2021b128132b873e31a97
SHA256 ddd3ddda289baad91066572a93e16560c1400be7a215edbcdb73b696d52a1cce
SHA512 348f8b409050f3e5f5601e36e07459fc28749ace53c1a56b1ad86fe6499c0bba538491232509cead3249df9cbde356bdee6cf262a6f4b521435d6e38065c488f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

MD5 99c8b710d08b6c60b4e48011dcdcc0b2
SHA1 12c9a597ebec7b3f9b9276b1a0833077b8fc7a67
SHA256 c7e8d1754570401376f49a4486f428ae9202d08639e7547e5881ef76bc766a82
SHA512 0d286c0521367618a7041e0167c1ff3c974603e9eb836890b90c0bc4974ddc2b08bf21305c5d9535f56d77dcb5fb9e6b067e6f3e8cd8fa734d94ef2fb1dea404

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

MD5 632616ff15825f030aab3391a58ef042
SHA1 a9435e095b8a17b6058c9d1e0c8ea53805e20d39
SHA256 d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50
SHA512 ffcb6cb7713af0499229f6316f762fe119c313e2a3810d8eccda8c005ad664adfc640915970e8d479558e627c875e4fe9e9ccef1a9e2ef3788947657916d1c2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

MD5 9b0a2c84f3a4242f30ca6d3ce9d803d4
SHA1 1e591479ace4d216f1830e8d64815c35119599e6
SHA256 b5f716b1dd72f21fb854611aeea65e41700b41f8dfc0c6bcc61801168c54c943
SHA512 de01ad2258dd2b4d53a0df73f6af433ad1c5ccdb0d2c03bb1cc0959aa2f4dbead922dd736bd4770feb16d9c489d214c981cd3f7ad2aa856963f7f0ab126d7dcb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

MD5 7f7506069aab811b9562a47936fc59d2
SHA1 adc5def010f25a0bf60a0bb186200b3a2f677dda
SHA256 00053447614f32c0a7f381c7130ad3806f89f9141708fe5793cfb7d3fd61bca0
SHA512 1568965b659642a9fc71f909d5d84c417499d333c4e8c63a66380bef82150d5d74db10811272d3403fc82b5fbe2ba560829924fbe9b17bad70bd5e1d0b01ed15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

MD5 a63860d775256b328b19f27e1eb6d267
SHA1 6a1552cb29fee132ef766676b458c8cbe363e971
SHA256 dc47efb037a17a57c3f03bc85425c1c3958d5c25ce677ff2aef703f7c51f3178
SHA512 bdb5065e453a1a87d14d619a39e1d586ac5671c59f56225632f96c07ad1d530ba0ef26109a70b51e9935c8a679880850ddf2b9eba187e0a77b4c984d07ad26ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

MD5 2abd079be1223e68fdd6f520afe8fab7
SHA1 0f52ef825e632aa99b80724e2fc419fe1413ff39
SHA256 fc998bd9e644618ab3ece7ba644b58e43e6503e49b8ea2d19c6ee725c4676c75
SHA512 41d1bcc91961d70146f3434857c2265d2c1ec8cb81d388ddd187de5096e580bda69da20cf4ed56d72aac3d4e731f177b99daeec128e0ecd68dd37beedf4b3f70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e7c859cdef88a62304241fe943086ad6
SHA1 9a86adc850a6ef466bc7562ae961aa0ed74a1e7f
SHA256 a33d55b27e0658b972e72dc2a9aca892fe5f6a192b6a743f36b4f8cbad2d9399
SHA512 29258ac2ace5ddb3c2347446430cbdb1470898f04bde9ede646aa1e7ae21223aca4c7b7587343fd5f9510270b0e63f43de20eee8ceae5b1cb3963ec03f387e86

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 08a0fd958c7104fe5dd16a6b893d0579
SHA1 491420463f164becc2beb92118a73007b0d963e7
SHA256 3f57a2daabec4bfc9fb870c5d58e47084eb5d157faeb51277cdbe1c23e3460d2
SHA512 5f97cb4825232989633f3ac29ab6aff0463592bc511f804e2b3f426ebbdba9fedfa85958f5b53517af87febd7ff8a9b938abe99a596abef7ccd8f1d4f851d54a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

MD5 acfe3c6b62e856db398703022e59580e
SHA1 9d231cf6c365eff4187e5df25f81c6f89725de8f
SHA256 4f5db6cd246fb0076dbabbf39fa42e1af0c62d30a2d891fb99354b4b07dab859
SHA512 bb23784ba149b995751d2bee6094b37321d472c977758c93a849b2b50b7a5350ea04f339d38eeb1020f0864032e72862c59bf36aecc466b4502be73166da6e25

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1205c14d39b3831c5d1b0622a93244da
SHA1 71300cdd45e93f780c8155fc3e3e0fe42eca2054
SHA256 27550fe701a5fec49a8f8da572d4cd26db07af6f3510fa90bd7d4407946643d7
SHA512 e37b5137fcfe060021144da20f856f78b6247bd459d62686af0e09d32cc67bf9767acd98b8a507e4c4731ae55d08cf819c8493ef8a0b2fd03b28060308365a15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 616c1923185cd635f847115c0132e9a5
SHA1 80aa5d5f84db07628b68d2b2ab51332ee8974814
SHA256 b3feff9c61b10112d55f2fa2d3f3d59e61693e82116af62388e7ef1b70646a1f
SHA512 49b02f24ce5a84f1e83544d06411353a50fb5a0cc8a61db6b0f93efb77882bc11a64db4e2e72d27fe2eeed29eef96e2dc59b57720e0c81d77cc9a8a38ab8ea37

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c133d896484cf63bc916ce8304b36272
SHA1 fa4cc12e9da9f56f6a8dc18b913f7d7801c16326
SHA256 96ceecdc5aa6a084244bad0e79975fe4ed0023bbcd7c65a229e481a1b0deba75
SHA512 dc6f9e1062622e219b73d4c6aece93b21dcbdea3d8c4b8dc7c15ccb4484dd2b25195470e61153561f1f61a725965d91707a035534b47ec703cc7646586169e33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0ca4a390498392ad16e526b0bea362ec
SHA1 c91d51a9c3103c064b4b4df3f03f9d905466d0d5
SHA256 8bae7fd15de18ecac9345e7ef1389bcd3adbf85422c84d21e5a0c6373c406092
SHA512 56a74903e930ba4d242c6e173e1706c12ca4801624fd300bd3a3f27a986162cad3fcf68e43443dfbc8c88fdbfc5844146eaa4faec2cb3e68e41a55439079dd6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 21bc755d809cb5231e237c6e795a1082
SHA1 c2a071fb7ecc54531475f9d1963c7f5fc8282f2e
SHA256 bcdb09059440ee2f0801dd1e1900c3c371a4302e8e0b8890f39c2e5905ec231f
SHA512 4a78d00539c9d941e878f7c2863ab7637098da823e289240a4154daa4cc9e6e74cac1640c3e16a87c69eedf935fd80560179b3de536c5a3cee9aba2c07524945

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e8592830-1933-4d07-b278-f5a544d831f4.tmp

MD5 58107879cb4c463809f303ec434332f6
SHA1 0605741f2ed28b014e7a5019a876009d73cb126e
SHA256 2efd8a70bbf796c3cea042dee373a269686b756982523253c2467fcd99dc3508
SHA512 fdb026b0186300da908576cf63a725ce7f31de40989034400a76120a9ba43dd4f9eb2fb80ae432ce7dde3250e6f87748a36b3e147c36bb9be7f0abc1ba00dae4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\814b3a4f-3a39-4e1f-9f69-eef1d14fedc5.tmp

MD5 3d03e826578c3760bc72dc49b2577ff8
SHA1 e601cbf6c6a936c5681c9aa4b502bb8cefc0840d
SHA256 b47bf076e24e4573dfe1b5d84844d84c64ece38516d587afafd274625d3e664b
SHA512 51bd35e11f45df185457edfd8b9be730498f20c4b9f7543f94331f8520c7649b0de8cd6c14d143d20a5f75f7e7deec03dc0eafe46ef05e99b4fc0d9203c26604

memory/1528-2251-0x0000000001F30000-0x0000000001F38000-memory.dmp

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00.zip.crdownload

MD5 b4126cb87270221ce3406448b6320134
SHA1 e46f2087ba59aa6180ab39c7867cb107cf8bf87e
SHA256 ac21ef223556834dfc9cde4e320e80b8b7927ec9be9a45c5c09c123b77abb403
SHA512 4dfcb28e34e0c6ee4923fe5d95881a46f0551fc05c33eb528db189811756bdd52ecf01403b39053ac4a55523d6eaeda35fff9c4eace5957516b5efa437879dbc

C:\Users\Admin\Downloads\snapshot_2024-07-28_17-00\release\x96dbg.ini

MD5 45c1e010baaeb6b086b93c73cbfa1433
SHA1 6570b66b77103aac30dc7cccfacde1e42413890a
SHA256 672875a23347e407ff4a54c6baa35090c7041fa45568437f12b86b50bc2fbebc
SHA512 6b00d4050ad80dc575b056e40b3fdae831e57d1b035fc7500c1523c70c7f03f344e8b53b070ec3c8482fcb7c300d401260502ba4c04076ee23db66c236d3ad50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ace7589b5ff913bf157de9820780ee2
SHA1 db75cda65d291769a2287b16445ad9aff07628d1
SHA256 d10a42419c2fc96b5b2f0aae63a6df42b9cd75e78f4d0162faab97c3880debd0
SHA512 a56a0dd978734b64980af3d91a7123b0793d0941476c7bf2125941ae4c41799fe90d73472c6a0280de3f2b38e3f5153c3855d800c7b68f590d070214b8841f93

memory/2052-2405-0x0000000003CB0000-0x0000000003CC0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9fc15663cc3ce659d6535a3afc4f45a7
SHA1 c8eb2313bea2cf1da35ee438d7b41b8b21381bed
SHA256 24941c6666fd532269918bc67af669499b87a65c6fa39d841c8f4235969a8643
SHA512 4831d45a8b2314093ee10ead4b52bce44b77cef3f170abc18acb2162abe3e42373c71cb7f2b1110e6e5d0936d64961c4929314867d67fc98c62a16037d12268f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a6da7738-f196-48c2-8129-ad742df089ca.tmp

MD5 fb769d8e37bbd5ccab2dc53a6ef17b3c
SHA1 e3568f3f053b1faf6b9b0d047cbaa0a1e96e7140
SHA256 5d28888801f9bacfd4a1e2fe3a852f1c87b8a48a279b649922108b4b62cd801b
SHA512 a29651aad64f6abfa36664581f87d8cb01f60e2b83a605356b1bb7cc950d62622ca38fb74a1bdbc016a4bec290f5d5945db86bf2227bd1e226471f3a31f6e414

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88f14948d9468da16b7aa26bb60e542a
SHA1 ec3d5d909c670f439ac6697382537883c83b6754
SHA256 8b74a6843607c0b1d09c945a07aaeeff118bf2d8570bac8ab6c747f5630c5559
SHA512 dd6631e8212b5a09f02c7d3d28d603a5e43d30580891ff2a1025f37b5486f79355b943cc0ea06680ee4a23511f9f7a6d7f028044ad4d0dd7e26c9ce1e6cf8a4c

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 18:09

Reported

2024-11-13 18:13

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

1s

Command Line

[/tmp/Cloudflare_WARP_2024.9.346.0.msi]

Signatures

N/A

Processes

/tmp/Cloudflare_WARP_2024.9.346.0.msi

[/tmp/Cloudflare_WARP_2024.9.346.0.msi]

Network

Country Destination Domain Proto
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.129.91:443 tcp
US 1.1.1.1:53 ocp-ingress.fastly.gnome.org udp
US 151.101.1.91:443 ocp-ingress.fastly.gnome.org tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-13 18:09

Reported

2024-11-13 18:14

Platform

debian9-armhf-20240611-en

Max time kernel

0s

Command Line

[/tmp/Cloudflare_WARP_2024.9.346.0.msi]

Signatures

N/A

Processes

/tmp/Cloudflare_WARP_2024.9.346.0.msi

[/tmp/Cloudflare_WARP_2024.9.346.0.msi]

Network

N/A

Files

N/A