Malware Analysis Report

2024-11-30 14:37

Sample ID 241118-vpylms1grq
Target OIP.jfif
SHA256 10ae7bc76a6d12d1a278156b9e949850262c2fd516e54a55a1e5c2264f2bc835
Tags
discovery execution danabot banker botnet defense_evasion evasion impact persistence privilege_escalation ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

10ae7bc76a6d12d1a278156b9e949850262c2fd516e54a55a1e5c2264f2bc835

Threat Level: Known bad

The file OIP.jfif was found to be: Known bad.

Malicious Activity Summary

discovery execution danabot banker botnet defense_evasion evasion impact persistence privilege_escalation ransomware trojan

Modifies Windows Defender Real-time Protection settings

Danabot

Danabot family

Danabot x86 payload

UAC bypass

Deletes shadow copies

Event Triggered Execution: Image File Execution Options Injection

Blocklisted process makes network request

Disables use of System Restore points

Command and Scripting Interpreter: PowerShell

Modifies Windows Firewall

Disables Task Manager via registry modification

Disables RegEdit via registry modification

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Drops autorun.inf file

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

Sets desktop wallpaper using registry

Drops file in Windows directory

Program crash

Event Triggered Execution: Netsh Helper DLL

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Modifies Internet Explorer settings

Interacts with shadow copies

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Suspicious use of SendNotifyMessage

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Internet Explorer start page

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: AddClipboardFormatListener

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2024-11-18 17:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-18 17:10

Reported

2024-11-18 17:58

Platform

win7-20241010-en

Max time kernel

222s

Max time network

895s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\OIP.jpg

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000b95f16c9496a95fc2ff82a900202a479ec3c526613f380283e6d8386f6b6415c000000000e8000000002000020000000e6f00c97e0f9a01f34cc0a5b47a4335d1cf13142466ed551632114566fa1100520000000d79a28217f25bb53deb1d904b8c1fd37fd044cdcda8bc8381c762b9d8750b85e40000000c0d7578ed3a5358787f3c3e71419d633427191612d238ed55cabc51c2f263dfae0ee8d911069996067463341fd4c8bbc7b870a9fc93587fab07075a99e6d315d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438113841" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40654fdbe139db01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000fb16c97ca74876a3697dd7400f009753a3a91eb30ade6518b5da07ba268f5ac6000000000e800000000200002000000022404d2173797bb12080c5f698db602e954134c39612d3487526cddcde66bfd190000000e613730f7cf09b770b90c99537bcf5e41ae4c4a2ab96c221986b9fc0e96eb4ec116e40ae9ccd96eefbc73f9699c44a35975a3aa92d6f93b74f45dee3cb29ca8fbc77fb5b4832ab4c8b9e07da527e3655d952ea370b3c25d77a2284505b9f28409c5e6ac63ac882b47286fb1c698eb714d3a2e98565ecdbb6c1c11ef5d13c5ba2f9f979a62d253fa9a3d4da405bf42bed40000000bf54c49cd81635a945fc8f79ab3e504abdb3b7f87ebbee131e6b05669a72160ddf37747cd836c1e2f6efd3f43420ef7ced977b0bde9cd1bf4b145e4db392c948 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD98D461-A5D4-11EF-A276-7E6174361434} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4561C18B-86EC-11EF-A276-7E6174361434}.dat = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2228 wrote to memory of 2876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2876 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 324 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 2552 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\OIP.jpg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb989758,0x7fefb989768,0x7fefb989778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1212,i,15473936487342456533,9393547666027974866,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1212,i,15473936487342456533,9393547666027974866,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1212,i,15473936487342456533,9393547666027974866,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1212,i,15473936487342456533,9393547666027974866,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1212,i,15473936487342456533,9393547666027974866,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1408 --field-trial-handle=1212,i,15473936487342456533,9393547666027974866,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3380 --field-trial-handle=1212,i,15473936487342456533,9393547666027974866,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1212,i,15473936487342456533,9393547666027974866,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f697688,0x13f697698,0x13f6976a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3900 --field-trial-handle=1212,i,15473936487342456533,9393547666027974866,131072 /prefetch:1

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1680 CREDAT:209930 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb989758,0x7fefb989768,0x7fefb989778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb989758,0x7fefb989768,0x7fefb989778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1380,i,7091427660093987542,9993942559283950340,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1380,i,7091427660093987542,9993942559283950340,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1380,i,7091427660093987542,9993942559283950340,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2064 --field-trial-handle=1380,i,7091427660093987542,9993942559283950340,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb989758,0x7fefb989768,0x7fefb989778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2164 --field-trial-handle=1380,i,7091427660093987542,9993942559283950340,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1308,i,10225956395912210967,11116882076449994203,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1308,i,10225956395912210967,11116882076449994203,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3260 --field-trial-handle=1380,i,7091427660093987542,9993942559283950340,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1444 --field-trial-handle=1380,i,7091427660093987542,9993942559283950340,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1380,i,7091427660093987542,9993942559283950340,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb989758,0x7fefb989768,0x7fefb989778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1588 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2200 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2220 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1528 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1340 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb989758,0x7fefb989768,0x7fefb989778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3788 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3852 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2672 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3772 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4176 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4144 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1324 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2092 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4152 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Users\Admin\Downloads\20-Minutes-Till-Dawn_com.Flanne.MinutesTillDawn.roguelike.shooting.fr.gp_gameslolc_28462559.exe

"C:\Users\Admin\Downloads\20-Minutes-Till-Dawn_com.Flanne.MinutesTillDawn.roguelike.shooting.fr.gp_gameslolc_28462559.exe"

C:\Users\Admin\AppData\Local\Temp\pcgame_9A9452AC\20-Minutes-Till-Dawn_com.Flanne.MinutesTillDawn.roguelike.shooting.fr.gp_gameslolc_28462559.exe

"C:\Users\Admin\AppData\Local\Temp\pcgame_9A9452AC\20-Minutes-Till-Dawn_com.Flanne.MinutesTillDawn.roguelike.shooting.fr.gp_gameslolc_28462559.exe" /app "C:\Users\Admin\AppData\Local\MobiGame\\"

C:\Windows\system32\cmd.exe

"cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\pcgame_9A9452AC\utils\sysinfo-app.exe"

C:\Users\Admin\AppData\Local\Temp\pcgame_9A9452AC\utils\sysinfo-app.exe

C:\Users\Admin\AppData\Local\Temp\pcgame_9A9452AC\utils\sysinfo-app.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" (Get-CimInstance Win32_OptionalFeature | Where-Object {('HypervisorPlatform','VirtualMachinePlatform','Microsoft-Hyper-V-All','Microsoft-Hyper-V-Hypervisor','Microsoft-Hyper-V-Services') -like $_.Name}).InstallState

C:\Users\Admin\AppData\Local\Temp\pcgame_9A9452AC\MobiHelper.exe

"MobiHelper.exe" --install-path="C:\Program Files\MobiGame" --desktop-path="C:\Users\Admin\Desktop" --local-app-data-path="C:\Users\Admin\AppData\Local\MobiGame" --parent="C:\Users\Admin\AppData\Local\Temp\pcgame_9A9452AC\20-Minutes-Till-Dawn_com.Flanne.MinutesTillDawn.roguelike.shooting.fr.gp_gameslolc_28462559.exe" --playstore-json-file-path="C:\Users\Admin\AppData\Local\MobiGame\playstore.json" --google-analytics-id="28462559" --create-playstore-shortcut --api-url="https://gamestore30.emu.codes" --source="gameslolc"

C:\Windows\system32\ie4uinit.exe

"C:\Windows\system32\ie4uinit.exe" -ClearIconCache

C:\Windows\system32\ie4uinit.exe

"C:\Windows\system32\ie4uinit.exe" -ClearIconCache

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2252 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3448 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3360 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3340 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3472 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4172 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4452 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2092 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3916 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4408 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4328 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3768 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3368 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\JJSploit_8.10.14_x64_en-US.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 312E89A086A722590F4EDCA8F8A449B1 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=4124 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005E8" "0000000000000570"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -NoProfile -windowstyle hidden try { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 } catch {}; Invoke-WebRequest -Uri "https://go.microsoft.com/fwlink/p/?LinkId=2124703" -OutFile "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" ; Start-Process -FilePath "$env:TEMP\MicrosoftEdgeWebview2Setup.exe" -ArgumentList ('/silent', '/install') -Wait

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4004 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1080,i,16526009585839009392,4301911400497443768,131072 /prefetch:8

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding 24D09F17DB85CE71C7A5D0DF5E7617FC

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSIAF8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_260116940 1 WixSharp!WixSharp.ManagedProjectActions.WixSharp_InitRuntime_Action

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI23E6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_260122026 10 WixSharp!WixSharp.ManagedProjectActions.WixSharp_Load_Action

C:\Windows\system32\cmd.exe

"cmd.exe" /c set

C:\Windows\system32\rundll32.exe

rundll32.exe "C:\Windows\Installer\MSI4414.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_260130263 31 VirtualBoxSetup!VirtualBoxSetup.CustomActions.SetSessionPropertiesFromConfig

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding AD8646E129DEA9518551CC8E63C1FC53

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x214

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
GB 95.101.143.219:80 www.bing.com tcp
GB 95.101.143.219:80 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 88.221.135.35:443 r.bing.com tcp
GB 88.221.135.35:443 r.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.69:443 login.microsoftonline.com tcp
IE 40.126.31.69:443 login.microsoftonline.com tcp
US 8.8.8.8:53 a4.bing.com udp
GB 184.28.198.195:80 a4.bing.com tcp
GB 184.28.198.195:80 a4.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:443 th.bing.com tcp
GB 88.221.135.35:443 r.bing.com tcp
GB 88.221.135.35:443 r.bing.com tcp
GB 95.101.143.219:443 th.bing.com tcp
GB 88.221.135.35:443 r.bing.com tcp
GB 88.221.135.35:443 r.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 23.46.73.244:80 www.microsoft.com tcp
GB 88.221.135.35:443 r.bing.com tcp
US 8.8.8.8:53 games.lol udp
DE 108.138.7.127:443 games.lol tcp
DE 108.138.7.127:443 games.lol tcp
DE 108.138.7.127:443 games.lol tcp
DE 108.138.7.127:443 games.lol tcp
DE 108.138.7.127:443 games.lol tcp
DE 108.138.7.127:443 games.lol tcp
DE 108.138.7.127:443 games.lol tcp
DE 108.138.7.127:443 games.lol tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.228:443 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
US 8.8.8.8:53 games.lol udp
DE 108.138.7.60:443 games.lol tcp
DE 108.138.7.60:443 games.lol tcp
DE 108.138.7.60:443 games.lol tcp
US 8.8.8.8:53 udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
DE 18.66.147.28:80 crt.rootg2.amazontrust.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 d1z0mfyqx7ypd2.cloudfront.net udp
US 8.8.8.8:53 static.hotjar.com udp
DE 108.138.7.126:443 d1z0mfyqx7ypd2.cloudfront.net tcp
DE 108.138.7.126:443 d1z0mfyqx7ypd2.cloudfront.net tcp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 connect.facebook.net udp
DE 157.240.210.14:443 connect.facebook.net tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
DE 157.240.210.14:443 connect.facebook.net tcp
GB 172.217.169.35:443 www.google.co.uk tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.184.156:443 stats.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 64.233.184.156:443 stats.g.doubleclick.net tcp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 172.217.169.35:443 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.187.228:443 www.google.com udp
DE 108.138.7.126:443 d1z0mfyqx7ypd2.cloudfront.net tcp
US 8.8.8.8:53 save-files.com udp
DE 108.138.7.126:443 d1z0mfyqx7ypd2.cloudfront.net tcp
DE 3.160.150.51:443 save-files.com tcp
DE 3.160.150.51:443 save-files.com tcp
US 8.8.8.8:53 d3ce8h3h5q39ah.cloudfront.net udp
US 8.8.8.8:53 d3dwbsfzh4yjt6.cloudfront.net udp
DE 108.138.2.107:443 d3ce8h3h5q39ah.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 157.240.210.14:443 connect.facebook.net udp
US 8.8.8.8:53 www.facebook.com udp
GB 157.240.221.35:443 www.facebook.com tcp
DE 108.138.7.60:443 games.lol tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 108.138.7.60:443 games.lol tcp
US 8.8.8.8:53 api.mbdl219.com udp
DE 18.245.60.104:443 api.mbdl219.com tcp
DE 108.138.7.60:443 games.lol tcp
DE 108.138.7.60:443 games.lol tcp
DE 108.138.7.60:443 games.lol tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 108.138.7.60:443 games.lol tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.loggly.com udp
GB 184.28.198.225:443 www.loggly.com tcp
GB 95.100.244.204:443 www.apple.com tcp
US 8.8.8.8:53 gamestore30.emu.codes udp
US 3.230.60.21:443 gamestore30.emu.codes tcp
US 8.8.8.8:53 games.lol udp
DE 108.138.7.60:443 games.lol tcp
US 8.8.8.8:53 mbdl219.com udp
DE 13.224.189.20:443 mbdl219.com tcp
DE 13.35.58.27:443 dbwcbwrm3upzo.cloudfront.net tcp
US 8.8.8.8:53 play-lh.googleusercontent.com udp
GB 216.58.201.118:443 play-lh.googleusercontent.com tcp
US 3.230.60.21:443 gamestore30.emu.codes tcp
DE 13.224.189.20:443 mbdl219.com tcp
DE 13.224.189.20:443 mbdl219.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 88.221.135.35:443 th.bing.com tcp
GB 88.221.135.35:443 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
IE 40.126.31.69:443 login.microsoftonline.com tcp
IE 40.126.31.69:443 login.microsoftonline.com tcp
GB 184.28.198.195:80 a4.bing.com tcp
GB 184.28.198.195:80 a4.bing.com tcp
US 8.8.8.8:53 wearedevs.net udp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
US 172.67.71.2:443 wearedevs.net tcp
US 172.67.71.2:443 wearedevs.net tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
GB 95.101.143.219:80 th.bing.com tcp
US 172.67.71.2:443 wearedevs.net tcp
US 172.67.71.2:443 wearedevs.net tcp
US 172.67.71.2:443 wearedevs.net tcp
US 172.67.71.2:443 wearedevs.net tcp
US 8.8.8.8:53 cdn.wearedevs.net udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 104.26.6.147:443 cdn.wearedevs.net tcp
US 104.26.6.147:443 cdn.wearedevs.net tcp
US 162.159.134.233:443 cdn.discordapp.com tcp
US 104.26.6.147:443 cdn.wearedevs.net tcp
US 104.26.6.147:443 cdn.wearedevs.net tcp
US 104.26.6.147:443 cdn.wearedevs.net tcp
US 104.26.6.147:443 cdn.wearedevs.net tcp
US 104.26.6.147:443 cdn.wearedevs.net tcp
US 104.26.6.147:443 cdn.wearedevs.net tcp
US 172.67.71.2:443 cdn.wearedevs.net tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.1:443 lh3.googleusercontent.com tcp
GB 142.250.200.1:443 lh3.googleusercontent.com tcp
GB 88.221.135.2:80 th.bing.com tcp
GB 88.221.135.2:80 th.bing.com tcp
US 8.8.8.8:53 d3dwbsfzh4yjt6.cloudfront.net udp
US 8.8.8.8:53 d3dwbsfzh4yjt6.cloudfront.net udp
DE 65.9.7.132:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 13.224.189.20:443 mbdl219.com tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 api.bing.com udp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 wearedevs.com udp
US 198.49.23.144:443 wearedevs.com tcp
US 198.49.23.144:443 wearedevs.com tcp
US 198.49.23.144:443 wearedevs.com tcp
US 8.8.8.8:53 wearedevs.net udp
US 104.26.7.147:443 wearedevs.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 104.26.7.147:443 wearedevs.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 172.217.169.35:443 www.google.co.uk udp
GB 172.217.169.35:443 www.google.co.uk tcp
US 8.8.8.8:53 cdn.wearedevs.net udp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.135.233:443 cdn.discordapp.com tcp
BE 64.233.184.156:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.200.46:443 fundingchoicesmessages.google.com tcp
GB 142.250.200.46:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 142.250.200.46:443 fundingchoicesmessages.google.com udp
GB 142.250.200.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 d3dwbsfzh4yjt6.cloudfront.net udp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.187.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 216.58.204.65:443 ep2.adtrafficquality.google tcp
GB 216.58.204.65:443 ep2.adtrafficquality.google udp
GB 142.250.187.228:443 www.google.com udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 216.58.212.198:443 s0.2mdn.net tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.212.198:443 s0.2mdn.net tcp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
GB 142.250.187.193:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
NL 185.89.210.212:443 ib.adnxs.com tcp
US 104.18.26.193:443 dsum-sec.casalemedia.com tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
GB 142.250.200.34:443 cm.g.doubleclick.net tcp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 pm.w55c.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 match.prod.bidr.io udp
NL 46.228.164.11:443 ad.turn.com tcp
GB 142.250.200.34:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 sync.teads.tv udp
DE 91.228.74.159:443 cms.quantserve.com tcp
US 35.71.131.137:443 match.adsrvr.org tcp
IE 52.17.238.95:443 match.prod.bidr.io tcp
IE 34.240.204.163:443 pm.w55c.net tcp
DE 51.89.9.251:443 onetag-sys.com tcp
GB 2.18.109.35:443 sync.teads.tv tcp
GB 216.58.212.198:443 s0.2mdn.net udp
NL 46.228.164.11:443 ad.turn.com tcp
GB 142.250.187.193:443 tpc.googlesyndication.com udp
DE 91.228.74.159:443 cms.quantserve.com tcp
IE 34.240.204.163:443 pm.w55c.net tcp
US 35.71.131.137:443 match.adsrvr.org tcp
IE 52.17.238.95:443 match.prod.bidr.io tcp
DE 51.89.9.251:443 onetag-sys.com tcp
GB 2.18.109.35:443 sync.teads.tv tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
GB 172.217.169.66:443 googleads4.g.doubleclick.net tcp
US 104.18.26.193:443 dsum-sec.casalemedia.com udp
US 35.71.131.137:443 match.adsrvr.org tcp
US 8.8.8.8:53 r.turn.com udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 8.8.8.8:53 ads.travelaudience.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 dis.criteo.com udp
US 151.101.194.49:443 sync-tm.everesttech.net tcp
US 35.190.0.66:443 ads.travelaudience.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
NL 35.214.136.108:443 x.bidswitch.net tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
NL 46.228.164.11:443 r.turn.com tcp
GB 172.217.169.66:443 googleads4.g.doubleclick.net udp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 216.58.201.98:443 ade.googlesyndication.com tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
GB 172.217.16.227:80 www.gstatic.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
US 8.8.8.8:53 um.simpli.fi udp
NL 35.204.201.36:443 um.simpli.fi tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
IE 18.200.4.109:443 pr-bh.ybp.yahoo.com tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 c1.adform.net udp
DK 37.157.6.232:443 c1.adform.net tcp
NL 35.204.201.36:443 um.simpli.fi tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
DK 37.157.6.232:443 c1.adform.net tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
GB 142.250.187.226:443 ep1.adtrafficquality.google udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 d3dwbsfzh4yjt6.cloudfront.net udp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.35:443 www.google.co.uk udp
GB 172.217.169.35:443 www.google.co.uk tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 e2c3.gcp.gvt2.com udp
JP 34.84.111.50:443 e2c3.gcp.gvt2.com tcp
JP 34.84.111.50:443 e2c3.gcp.gvt2.com tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 beacons.gvt2.com udp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.228:443 www.google.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 64.233.168.120:443 csi.gstatic.com tcp
GB 172.217.169.35:443 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 172.217.169.35:443 www.google.co.uk tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 mbdl219.com udp
DE 13.224.189.21:443 mbdl219.com tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.148:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 d3dwbsfzh4yjt6.cloudfront.net udp
US 8.8.8.8:53 d3ce8h3h5q39ah.cloudfront.net udp
DE 65.9.7.132:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 108.138.2.49:443 d3ce8h3h5q39ah.cloudfront.net tcp
DE 65.9.7.132:443 d3dwbsfzh4yjt6.cloudfront.net tcp
GB 142.250.187.228:443 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 172.217.169.35:443 www.google.co.uk udp
GB 172.217.169.35:443 www.google.co.uk tcp
DE 65.9.7.132:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 108.138.2.49:443 d3ce8h3h5q39ah.cloudfront.net tcp
DE 65.9.7.132:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 api.bing.com udp
DE 65.9.7.132:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
US 13.107.5.80:80 api.bing.com tcp
GB 95.101.143.185:80 www.bing.com tcp
GB 95.101.143.185:80 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.185:80 r.bing.com tcp
GB 95.101.143.202:443 r.bing.com tcp
GB 95.101.143.202:443 r.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.68:443 login.microsoftonline.com tcp
NL 40.126.32.68:443 login.microsoftonline.com tcp
US 8.8.8.8:53 a4.bing.com udp
GB 184.28.198.195:80 a4.bing.com tcp
GB 184.28.198.195:80 a4.bing.com tcp
GB 95.101.143.185:443 r.bing.com tcp
GB 95.101.143.202:443 r.bing.com tcp
GB 95.101.143.202:443 r.bing.com tcp
GB 95.101.143.202:443 r.bing.com tcp
GB 95.101.143.185:443 r.bing.com tcp
GB 95.101.143.202:443 r.bing.com tcp
US 8.8.8.8:53 archive.org udp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 athena.archive.org udp
US 207.241.225.195:443 athena.archive.org tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 d3ce8h3h5q39ah.cloudfront.net udp
DE 108.138.2.107:443 d3ce8h3h5q39ah.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 ia803405.us.archive.org udp
US 207.241.232.195:443 ia803405.us.archive.org tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 analytics.archive.org udp
US 207.241.225.195:443 analytics.archive.org tcp
US 8.8.8.8:53 sentry.archive.org udp
US 207.241.239.241:443 sentry.archive.org tcp
US 207.241.239.241:443 sentry.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.239.241:443 sentry.archive.org tcp
US 207.241.239.241:443 sentry.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.239.241:443 sentry.archive.org tcp
US 207.241.239.241:443 sentry.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.239.241:443 sentry.archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 8.8.8.8:53 d3dwbsfzh4yjt6.cloudfront.net udp
DE 65.9.7.187:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.239.241:443 sentry.archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.224.2:443 archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
US 207.241.225.195:443 analytics.archive.org tcp
DE 65.9.7.187:443 d3dwbsfzh4yjt6.cloudfront.net tcp
US 8.8.8.8:53 sentry.archive.org udp
US 207.241.239.241:443 sentry.archive.org tcp
US 207.241.239.241:443 sentry.archive.org tcp
DE 65.9.7.187:443 d3dwbsfzh4yjt6.cloudfront.net tcp
DE 108.138.2.107:443 d3ce8h3h5q39ah.cloudfront.net tcp
DE 65.9.7.18:443 d3dwbsfzh4yjt6.cloudfront.net tcp

Files

memory/2132-0-0x0000000001B40000-0x0000000001B41000-memory.dmp

memory/2132-1-0x0000000001B40000-0x0000000001B41000-memory.dmp

\??\pipe\crashpad_2228_OZUEUYDKVYENUXIC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6cfd98af7b2f21a71d93a509e9daa07a
SHA1 8197da01cea9a6b0faab08a3068fde984a905922
SHA256 4c8f6c1760f01ea1c58c8da1c94651c56650b3019beb8e29ff11c6d4f3ca81f0
SHA512 5d51ff22b087be47dcb70c289c5a35f6fa93101b82bd18830828307ae277162344f37ab1e118b52761ab194f7994e2f072a92b22ea602bbacb1fd5065461fc6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1942d65580b10be77e9c8568b45c2f7d
SHA1 dc3d5ce9f657c0205d27ca617c2356bdcfab29ad
SHA256 4f510c2f16ab319c47f0f81ed33ba25d4372edc6a652e928292c2d5f8c1b2997
SHA512 85d33904ecf2a9b10eca39086cb33362a0500e06ecff62325d0c37f90379f5a6c07e78bc247a7e951071432c9aca2d95f175c39784863362a04fc6666f924c60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 493777f631b3a0fa053e22e85248f230
SHA1 e678f023bece0e060f9d22892c32ba4a07604324
SHA256 c835eb377170c3fc6e987f4f0cdadad991a0927d36a5561e642aa44c364de3c1
SHA512 4fb72d57a4dbbfb74b9ec881ec3acef76daf11b478e38c876ee39e03d6c44a166947e2f06f6576a42e07449063cdd7a0796ea3f205f000d2a52e77eb91aef6c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 503766d5e5838b4fcadf8c3f72e43605
SHA1 6c8b2fa17150d77929b7dc183d8363f12ff81f59
SHA256 c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9
SHA512 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 16d1fe6aa08781fb5032929760fb53cb
SHA1 6bc62810c1db692f732328b486ca6c662df23316
SHA256 42647e0fe1588746981eba46a08e330a350e3c1b0b9982227cb8c48ffba6f3c5
SHA512 8db407403487c0011882eb1c7bca3a87d2cf5dec8d2355dbae867306e6598bb177522a0acbdf771a037994fd117b0f3bf238b03083f7c144f8bff52b52538c7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3fab4ba001a1e4704c76ffcc98c3426f
SHA1 201d04ad7d637fe7a1fbddf55d6c713abaedf6e5
SHA256 e499d9b299616f9038c6cd3bf0b172eff7f02dbb301a2a104fec8fc794b9b457
SHA512 2cd612194c56296a55f0777ce9c58cd01827686c5def25c33b461dceaa9b515debf2d713666450f4c315ca6f15cd6fa00d9a03c22297a9577ce63b716a77aee8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 554f84883c5dd64ea2478e7d2cc703b0
SHA1 4a5e361c783d082fa252c276c7c21b8e719f3e9c
SHA256 5a49ffe72c5776e1c5643539a42ba57539b9c0920638900dd6fe5d6dff37e323
SHA512 bd6f28dde369a43b9c06eeb66b266cf9e0126ba39ae6fff0f78038cd2e94ea5aced6abcfd6a0897a89a86207b41a8abdbd9d220bbfb71885875ae2ac20e20ade

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e941d0e0-3db3-43e9-99b1-0a53c50013b9.tmp

MD5 d4738554978cf59a7ae5cc656d1c55cd
SHA1 cb23488574c34bd1520e2696f10110d74bba38be
SHA256 5fd7ec443080bc6f747082c3607bb8b702ada2acb57fe3f4dd75e4861fe834fd
SHA512 1c2181a264c13ede57ead9a14f570597a1e298fb65543de47a16f1db097332b83730b3f576b09e7d3ecd2068220aa3483b435116bbc69e518513eb14cc7fb514

C:\Users\Admin\AppData\Local\Temp\CabBADA.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarBB98.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b81b99ab053ee9d96292a5f2630762aa
SHA1 a1eb5443ef301dc13de95d31074a9d1a55cdabf3
SHA256 340ceb6909073b78c3b8c490310e38b8b014f573c5292bdc89726c4e0e0e5182
SHA512 35f30f7e9f5e92dea770ae2d6beb47b190c10888ebcadd1570f7fea3bdc70c3fd103cdaa0481c631acfcef217e8c6cfebb88e5405bad19d5f04e3e29d2e7b897

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df0ff6f3db589147ef1550d529efc8a4
SHA1 1949bbb85733c6f30addac11a55f37a07f397fe2
SHA256 d3f929f1d8e5c3f648205aa229c1ac1457995e08b65592a26a2cb3aba04eeb02
SHA512 2cd3c1c83239e6211f27d7e72414d2c7389f71ae56f94d68d8d257dbe7a6b0ad6290d5eac4c1974642d572d114d3a406fb8050a44a204e0e5b731c9a27838ec3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a5fbb1aaed6fd85c1e788bf70d642c1
SHA1 8e3b1666f0d6f283ab2bc4ecb919abb27fa8dafd
SHA256 a36be41c8ec541edb4d38a6b72dfff2bd6471fb62371e61a1c576e767eaac507
SHA512 2e2b1281ecd7d36f133b0b27f753e4ae40eb488601a903791045ab0c697139d1520fa36e796163dd0abf8b1a74f5e2c2dc6601c53822300b905675ab1ccf05e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b907a01ad4a6ae6b96ddeaa07d8c2ae
SHA1 896df282963eb30b2df3f19f80bc028eebb7bedf
SHA256 41b8ab67b97fd1c4c718a6696500c350918e9894679a05f002215c2fe08322c0
SHA512 279d8dd1762c3ee1d2a0a6d7446b97d27afff82e92a8e2416746c3a9e3b3b678856981243afcc038db0ac73e4c3cca25a104bf1c9323be6675887efd37b7e5e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ae1970c85f43a2ad472e33cd1746c1b
SHA1 558a96842be3042fd58efcf81adb3b4c563a14d2
SHA256 e1797ce436e3837b1e719edf1dc0b1bd04e201b22c5b661ef884dcbd2484b441
SHA512 37aeca473f427f4428bf6bbd1155defe6e9ea3d073e601b2f0dfc565051a0214a6b0edb78ba5809a824ee5ac7805a5d2b975c77d17a024b7c132bbdacb4115c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efe87e5d587f274b77f961426feb0e68
SHA1 b5428bf7a5b9ecf726540e271e7fff2d933e041b
SHA256 ac2b4b6ca6a4c5ec9db0f62efb123e95ca91112141326e020eef18171e7ca78e
SHA512 fabe4e8884eebfa7fe0b1584c2a2e3196dac65210aa63db9ae934e26325adfb0eb741f59fb367dd8b92c2df6bb0d86bdb17ff872478f316dce8762b19f5ee142

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e84cfc9db878bb9c8063f14332f487e6
SHA1 efc7e31d6ebbacb3c9518eb7d7d5e58d6a408f4b
SHA256 7b919360e44b53da0751bcd919e9dc48f2f5e50d21d4aac889fd1741659760fc
SHA512 76726ed7cc8ba36ce9cb6f63fc103bfa77e660e997fd08b7fd86872e518103bc0870ffac959137d8b431eb7b351c9b431a2cd3db951947253286e95f04efe2a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05d0112be64eed25b185767e5d9af33f
SHA1 f0973aab2119980446e23ad524e883d8603228c9
SHA256 1feac1046fc224bb14da4e0e5d1faece13b391075c90ae1bc9f2684243287417
SHA512 9ba9e15f07b6abd889fe1457e1505c670248ffd76822ad44da4da9d53afc9189a8aca45597aedbcd6ae5a05e629f8fa8c774feaf65974ccd2bfb215427100296

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e01910c3f2fc7727e3b1b2b400275c9b
SHA1 3cda6b743551d17e08f8b3f96fc2e6079ff4663b
SHA256 11781f6e27e6064b28c5308c4c01ab8048f0d67edf4772a5d4a4626e4d217c02
SHA512 7af05757742089d92588f9847b2777fe44f6cb0f6ea48ef3fceb2473796b5f2cecae741a87012c8dc29c40cab1b15c8b785b983a13c08130984c50f67b3b4e06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5657673f383a4a825ad7af6835e60be
SHA1 53790cc62ab735388859238304153a9d51d40365
SHA256 6d547ab7dab932c337a8bcd38c289d5cbfca4c146fe4ab99d76020c42536f5e1
SHA512 0734f639de27ea17578b47e2efd422b670a2a609a931b150b6ac7e8df1b552e1561e3ec12eb9c494b3ae9bcfbe4140ffce08033553733ff7f3c8e58158a428b1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\melo7gx\imagestore.dat

MD5 1d094006ca82c6d2c225d5bcc5271ba1
SHA1 38a3b131b20515cb3f6aa22f65dbe8835d3dbc82
SHA256 a019b3ef6e692a16b025d70d497b3bec9b53fdb12f77d83584314164e9de5909
SHA512 f357178b8c5bfe6797bc36e7f8b0503f044904b6c2243d84d639c4be52e5895571aec858ec998cb1e8a765bc0c767370c7ee124add1321ada8658c4e7542ea94

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\recaptcha__en[1].js

MD5 88a5fed5c87b1d3704ab225cfbe7a130
SHA1 d64243c18fbaa356e4abae8414ccc4772d64060b
SHA256 f8e5f5ce9ff44073cff24bcd3d2b8aa4e67b67891b14ff929fe4743880fdf82e
SHA512 8b8d1c9f4c36fd2383c96d0d484a6692f70422934bccd3db1f0787e1b753f7d5a8f0c91934805c4d865aed3d4673ff478f0ae23746d0c0e005e60848543b3d33

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\AG9M01RW\www.google[1].xml

MD5 ac24aef8286c41a65945e749fecb23c6
SHA1 907d70baacfd3988757ad3e2a6b96ac5c2894e72
SHA256 b449b692557e12886d39a81be370bcfd3c418c5ae13e780034d0f6cea57bb877
SHA512 c985a9e7cdf10fcc5e4478f4c02f666e6bc96ec42d89a86abb3d1dc3b80c4376047fc339cb42902823b925651cd152603560654b3008d2be56c382396c1e9f1c

C:\Users\Admin\AppData\Local\Temp\~DF8317007A1A19B87D.TMP

MD5 3819e5c0463ab8f3656c28d126b7908f
SHA1 85c9bd613981754713d273866f867a76e1e663a5
SHA256 b9adbf8d7cadb1256ff3b53f7dc91c887aaf2abcfb6272c5749205604497f6bc
SHA512 66bb9d83445ac2139cd7240e964cc9f912d3a1c750dd80c75b3525544b12386b0db7b9e2b9110e37f3eceabfa7fe263a55388df3c1365e22648a5ff863c0078d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD98D461-A5D4-11EF-A276-7E6174361434}.dat

MD5 dce2bfaa843a62ce491c960434137d39
SHA1 70f4b8942a9630bf3751781b122c420fcb2fe36f
SHA256 59c3cb78f965d2ed33d42561d07122db83d910fc63c5eea17ddb78244df0195b
SHA512 fb625c697eacf2cbf5ac7070669296980ad971aed74706f16043205a039f1d689d636728b72cfd6d5b1fcd3d2fc7ccf40511b3ae534996e44d1710a33cbad023

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bffcc7506c2f48793794c61e9e907c3
SHA1 ef16131cae4dfe7188cba3a5a00805e630f6793c
SHA256 2f4c4af66962dbdfd9ebf955a284003208adc4ab0c67ddf0c0537134041bf2c4
SHA512 c90dc4a55045fb4e5f1e02ddea5e7b3ba0efca25eb4fb64cff8174d1b559d7dfaca73594fbb871726d92fd6f48968787ba5b6dc6b7c212ea6f6131018963afbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 907aa54d571c766a57e886d914ed741d
SHA1 27c38824d59f667c5cb81fb5977836a3f599952a
SHA256 61f668abca37c4578ff540917b8c16d215bdff777c2d62583eebaa294805e549
SHA512 1d9b8ae3bd34daf3b9618e61fc5f941d2fba371e4ee24eb5151819f72a56ead0f98444d27dec8477c8e5fdf89f7f63e9c636730b918f1fb17e2c9b77692d4949

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e8aeff91afc6e392d2b0c6a46ae31b9
SHA1 a6355278b65864781e4786ab0938189971a9db23
SHA256 6e78064f610bf9d5451b2fa091f0ae85ca830555ffb0e1bf727c5676f8ccd02f
SHA512 9e8de384e63ebeab56bbf2671993b3bdf2578f02f8bf63e856cbce02d5c774f961e993c4aee8d086f845a8c67a67930e9824d4da80f7f7350b0ae15b43f97c80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b95dc33700f7af9a8761051952f1726
SHA1 00e5719f2a43ea9c179678b4394038fffd72ba9f
SHA256 403a92849d1e90997d6da2c74e8d7af28d078bdf8b9826a9b373c6c2fdaf763a
SHA512 064b64398b54f44ef63492db13abf60e08da843b92a20dcf3370dc590b6e0b9f5450353f676942bc6c299ca6316e4a2083dc81774a4690bf71e85c9ed32e4593

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02ae728b82bee04ce334d9e3e0358db6
SHA1 90fdda68a1376d528f15906a679a11cd431b7c4c
SHA256 0bb8f95afe62ec6a1b4a30fb048853b188879fde013ecb373ebe85620924d259
SHA512 560a62f3968411bfb60b22b9a1c26d36f3552e3b77b9da4dc37fc6f08b926001d06ac1e596ca497e93c6dfb874d4e15ee1c11d8d0b4f324654234553578b188e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e57005cf5ba759476a1662c8b60bfb17
SHA1 48967c5b148dfc565213ef9440fb4eaad0d49193
SHA256 a9d1c862eb343abda7ba7aa6a410114337cfe2006da1de5f2d0a2368cf6faa20
SHA512 41e82059931fff05b5d7bf768c9802b38089a50343ff39dad79246d4818f964158cb4bbe1e3ef4868b0eb473a822a6f3bb63f965772bb8180cbe25237fb02fe2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5ebb8a735fba742a44f65483dbfed13
SHA1 ff259db802e8cbaa13de255ef05a3f0dbc1c0148
SHA256 f4dec519134bc1320e67c8cb0144f66ea83efc5ee561b343c45827180dda6648
SHA512 05ba0e079c63dd04c7c84bad162ff88c3df025b2fbfa85d9c7a051730a57c12fe22a7223ded8c1d8473d534a69f7417241215b6f92f21491ee59150ce03ae6d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fedc96a06d65960e7097aea947ab41a
SHA1 93d968685530840c1de610062d2f651a19b884eb
SHA256 1ad1c7184a481b926dcaac56ae61f709f57d73c8ea7d25b0886f0b8aa2700297
SHA512 5d1688f48a2cb4ecc141ee35c7d323422536342c46284242d1deb4dd39825ff02f161d3661874c871984cd4464c5bf04c03310b6e030b64a789e33acb96fab6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48f6ea1ff1076e8aab381fae86563c11
SHA1 03169537dd2389f4cd867c6cb6d5c6f11d9bf9cf
SHA256 9838af725a27b7722608c1022960ae4c055dead040b8692325115348c619a4c2
SHA512 8e76b2feea2e9056798a2433ffe24dcb84899ee99cb7d43fcd097b690082172905ed457b228ab429bc4891fa6f7fd5f2d2e047bafc25dd105754d95b584e5e8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6010390a8c3286100ced9072bc7ff477
SHA1 b9e951e3b2ac46a8fb9692c505a60fb1382d7aa4
SHA256 f9903c6d4d7a15f59cea7f28122db2761b6d3fcd991c697146e61e704d67ce9c
SHA512 a09d2639f1cd968e52e5351cc6261ecbe040033370019b449d0e3c1277e3077f01aa8c0ad12bca8cd81ac39abc5df0c1b2774b6c0e807a630728def9e70a40a2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsml[1].xml

MD5 b4b714944bee5eb8c5472d21d8e565d8
SHA1 36abfb8440c771724eec9dae4b61b953ee1d6f60
SHA256 b9cb39693663e381de45f97ec674b3be4844e30eb181647a42c00a2dd8cb75ea
SHA512 a4f9cf314b1b2277ecabae46385e67e3de47bef61dfdf1bbb7277142540132f17c5975ce847eca8acd0ce397b0ae73ff044b4e8321db4935c39bc59f78687495

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsml[2].xml

MD5 a1580526cfa58ed9318bac8a76b95091
SHA1 52ba15629fc59b04acad8e99969025485348b5fb
SHA256 c1825d5d52f4e6bfbf834ad9b47fc0f6867628e0d7b729e81fadc26c27b84d2e
SHA512 2a1406a08087ae6d5df10d60d51758588b80e66a9e51d4501ed5da9c27356e0bab97be45e6b0ad2171606b22530e2043b93f648284cb0d4be25aa83b9c20acbf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsml[3].xml

MD5 c54fadc5613f4765cd577c8d768696dc
SHA1 5db19c14797dc7c20042f57cb6e04f64de540f1b
SHA256 6773507860b4fef09c7be158b262883761f30f810df05ef528d39e5c87279a46
SHA512 75dbcf288aab47475e8cd27878b41aa2160d07e7cf31edf54e183b2b4a301c97eee8515479cff566771fb42391ca78134e8a5ab98908765af6aff9f03fc56c00

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsml[4].xml

MD5 778012522b13e999e3f75d3069afb3e8
SHA1 43ab953cb15d67ed533006484bb332bda1ed0b32
SHA256 aa61e50617066824733ea833ecfecde1b7a25550c80886dfa1731f06a6e7f6c2
SHA512 54f8ab13958401e0f44de0f93fea56cf97a31a2abe7060880a758260d9ecbf8127902f94ef9dbb67cd112a5dbfd70d61bfd8030e67fe84adae30ba757e46ebe8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsml[5].xml

MD5 4cfcb39ad7bfa52f9e12e7425c1b510e
SHA1 00679d5e0ce54b69a067273e826f624e4126265f
SHA256 c6ab4671dcb481b82d5c28a0b6801f1c0a9776c09696d4fe9d1bd6bcbbd71fb0
SHA512 ac622835e6435e08af1b6ca740466710d92e85f3cb44c4e012d03cc91a78a2b6452bfc06f2eb095589352ad831cf03034fc7ddbaeae27155126e1ed132df3f51

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsml[7].xml

MD5 97086bd536b92fb702079ddcecd307b2
SHA1 077ac82ea548d50a1f4ad8baa81260de647728f4
SHA256 3907b0b446832f3b0e19a5432b0cbd3afb3c5e7ae51801b31d697868644b4f04
SHA512 fd490f853c21f877f82914024bb2d2e8ba187dc2e73447e4bcfb02c7fc1d19e3adcc6a6d3bae936c283e539238265ef31f15d91bb0faf7d93c33ab36ce9e8b42

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsml[8].xml

MD5 86c610463cdab1a37d1bba93ef9e75b7
SHA1 0747248b8f8df394d9e0275394b0b382ea47c3aa
SHA256 6867d36cfea62ce9e729e4115ab996c30afd0785b1e2fd2432d0fd821c6341fb
SHA512 68c75dd6fb0032f10e0879af1fb28e2562f44fcc1fd624e883aacc0903f47e5fd717a7180f5fabf65f26b3d172f1d231440e9ff2dfb9a5577e57cb46379ea5a7

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsml[9].xml

MD5 d803e1f30f5bdfdfc549db3d3afba44e
SHA1 c806cd10e0b554b6200a903d811d8ad6acbe7a13
SHA256 22af17e23f0f2a7882b5a55247c1b863eb21fe11dd60f0d28b49f0fef8c37575
SHA512 016cabae5fafc29ab16dd454c44dbc051dc82405257e793a12d2df94fd5440775c7ed25ca15b5404b12885b71ea22286afde83546313ae6394c335f563b1d821

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsml[10].xml

MD5 65f1f9b7e7104adc0ad47ee6ab56d32c
SHA1 607a358c1d4fe278304803da3ecc1d0ca2c6c722
SHA256 3e056082ec9a42c6db934a26d4486767a730902d63b7fae70dae0f84cd6c8239
SHA512 ffaeb80162eeaa187658b5ae29283fd29effaa36f3b246a00620fdc05b6a6e9e452b2f8a557dfbbc4666302e9c0a07148b0e285d11ffb9d361239f6b7c694e8f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsml[1].htm

MD5 37fb78a6013a07eba760aef92ea36220
SHA1 a5dd8d4484017c4654942de1be58df8eedc791ac
SHA256 fc2b93f1c0c705d157a3c7fc5c3fe055deaedc3001374e3273f9167e1145b3bd
SHA512 c5dcd97f6d609d454c25b2821d4e816e72dbde6f993c0ac5077de54006721f6e945af6079f4a0a099bd0c6de46c10652abbc72c7a3aa522a42e8fd154267d1fb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsmlZ4YCMC75.xml

MD5 fef8a4c7115102eabf0bbe910b436c9c
SHA1 b2195dd83618bcb85e30ecc844c15e936f7ad130
SHA256 2728e237c209517ddcbf9445868d11eae9231bcd106a1738e4a3f062a0f15d68
SHA512 895a7227df618fa70fd1b5ead623b831fa1789d7247d09cd804556bd7a609e720089a89117f7429a7494262de4cf599e66933b59453bca87896e85a940ad0cf8

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsmlAF282RTJ.xml

MD5 c8c864ed9ffcf64fb0c0fed2bf1b6614
SHA1 0bd60facf38828ef86c6c2dc06a78b2aaca94ea6
SHA256 93ecc72aabc0a97a64a419b2620c9ba61d4d933e539caa7dbaa2ebde63199fc0
SHA512 5e1c4a0ae363ee9432fd24bfeeef4e34cad37b47ae7dfdaa2365d5c3647ba008b9ace7ccbfe7abbfcfb2a5f27ac3d32613d391dd7e6b3e48ffd718a7d5f1b8ee

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsmlYC74IL38.xml

MD5 f437e48cbd047ab23eb5b83898f99def
SHA1 3eb4a5abf1c92fd17889261692e8a2f30ca7f9df
SHA256 9dcc57e763da49b3d1511f71799284415ccf12c6d72b446a4211fd89e6522e4d
SHA512 b6f16c3b541370321decbcc44d7e57d2e6a09184cf01c3593cbbbfa6f8c9034282fe64c111cb81ba18f7b54ea9c4a2e5318b9179d04e189f2315480f3434dcff

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsml57TESJ5G.xml

MD5 33a24e6ce24101a55546d61667802212
SHA1 2aa549c3b2d45ebb22171ac13429289db5c09e7e
SHA256 6cfd7a8ec69baa04b1ebb126206b9197e51cd2fda37965cf938d8fe643cdb86c
SHA512 523a3a0632f21e32affa8e64b5cc889bc1a8b4fcaa335bb4ce959d142ffdffc9737e7874a84d79e3bad5467ce1c362ebe5a3dfe9f7ad4b1ef16b06f841a00c3c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\qsmlLVX56ILQ.xml

MD5 6d542a0a2e117f02dce07d62ce21edec
SHA1 b1f27fad1a02918d39ef4977d2a9d5f58fb40927
SHA256 ac2cca55244b1bbc6b3d59fe375998ca2164f902675be8272f3bd8c5915a177c
SHA512 f396b8ebdb42ca98b93fc6719e2b702c0447723ef61605537bfa018ab00d34a9298cf1c4678ee1294459d5f6f4573f8fad926ed79c90ad8bfec28a3a787ecf83

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\favicon-trans-bg-444-mg[1].ico

MD5 13caf3227254f379f898b6e6e61027d3
SHA1 450717390f9dc753bea909c3fa716e7dcd5cc05c
SHA256 1e8014a08904c253fffb5ce408982b731fdb0dbb6a2401192ef2ad7141c2aa9b
SHA512 9c0c2079c9b013a092105c05b4b94c9012dbecbd90236532dbbccf8aa26d86c4d7c87c44cc06ac1c2f025ac084aaddc5dd1e916319cdfd911d939019c5b8570c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\melo7gx\imagestore.dat

MD5 1cc1511dc40a7074fa4f2501d706463f
SHA1 f7663f97a0282e6d98a40380b5397d16b3d60385
SHA256 b3059cd7e300a88b21fc677a0efd817feb2446202ecc3fa855bee9f3277092b2
SHA512 b5093a991abebaf781baded1f4ad0994505d8717ddac1af32435bdd7d7c1512944688b74f047b6aa8f99f973965aea606bb3dce450667b4c20e0410045b41176

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a6a735d75bb6ce4b1048e5193a20a92
SHA1 3a9b6ec94eb0686e607259dcc292226118a23faa
SHA256 eccefaa7007b6b57fb1df9203ddaa15d78b750344c135d3e64423b41f5a4a91b
SHA512 2ff4a8a61c098ad45f7d991f1c2dd071487c2ea8406e291116993032a323d249eec683941840b5b0a37901e534ca2fa64800388f16ba7f7b0cbb32523f8f8ecb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4107d6b0f80b8abf85842e51318b106b
SHA1 b3d51d4abdbb80706502f2abd8519e1ceb1c6ea1
SHA256 b64a3ea9e795be42527c3c7daef4db090c347f5b066aba32c2c35e2fb820f011
SHA512 9e4b13a66bd85a502ca326fd871f0de7d263dc229fab011a760b9d0bf302fca5bcc3da8e22af785d09fdb7cd9795f362a68ec952ef0de821654f3fc0a0a88da5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bca2d359649f88a17b2dcf8c67e00db9
SHA1 379ac09b05791bc7737dde2bf5be075b18658539
SHA256 f8b077d748ab3129a4d8a2f2c4cf6440568744e58ea2cfca13cca48b5569da66
SHA512 1c53f57d240d5ade9fdaa00eeb9ccbcbcac5b8f8b86fdb87cbcd5c93c557fe046f1971128df7c1479610139bb6b72c43e818e3da2e0f425b48f1eb8f4e516635

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dc5b734f0874e50c85e51082fc4d08b
SHA1 bb45d8083eeb7110fe5b68055287b09dcba9b720
SHA256 1cf7dd00426890b8bbeaa24e7b6e2aa2c4fb4da22e96ef77471e25be696cc105
SHA512 f5d95a9c1efc651848bbb525800f3bdb0e3d666df7d9bfb6041a347646e4cadb18f91a54130aca00773fa6ffb14b69b4c27d9566b182eb0065ae2d902d438bc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 58de1bbcf7cffb16e789a0df0948d192
SHA1 296633564800db9a644a790296f89b4ddbb416a6
SHA256 ce76fcad279602f88bc40314f32bcdd45bab1d1a4aa7c23d7cf1a1964d8c4231
SHA512 2d5d1847992b96497ca8518ad7689712f86b74c81c09339abe489d454c7e6dab1cb0ce93149c4e0fdd140efc4675b41274c6b2362943578e92084f0339a79a3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2d5149fd53d22feb6af524578d2608f
SHA1 843a9ee8e57c33b391cb1047f228ce07d67d905f
SHA256 4b7b39d4a38d2524244f95a3b6e5fb1b75bdefa1a934593484bd828e1e57ffc0
SHA512 4f344876cfea77324b957a49005ed4ccaf54e3de2b6217547fd8f8791c28bad7c33b7390b98cae9f03201d4f6d4087273e2bfce862583f18993e73c2c4363f89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef8108e70edec4fd8ac13115e056a195
SHA1 bbb6f899500ec1d44112fca4a253b90255a2374d
SHA256 2bfd592ecc15e58270acef8b3f921cf53ac2809e38ddcc59cd94d0612d5aac22
SHA512 969c46083321595ccee8092940bb23f18f18f04fcc49eb77236ddf4bcbe58c5bde276faa1fb85f88e2308430f08754bee9ec4e5c98766c79e5f28a28df3f7280

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bcc85bb2dc476e4995f2647afed0409
SHA1 56fe5f4d334bf832d608e1b4c376fcae8db5bad6
SHA256 7dd4703f012b0529dbcd8a24b129e0746696cc2a418296361446201a10762786
SHA512 b90b288e7f1d56f88a20c7952ac99665de59e8ebf03e3049c7f1c7a8b4a2250c9b91adc5afd95fe7a6cdce3f167be1b90f81bfd49ffe42350ed492b690954ef4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c913cb84a79b69ffea02856a42ecf059
SHA1 a5213acaa199cf568deae535c3962caddfe480a4
SHA256 d4a4d15cefff4f3ff4164de16ef1c58cd4d0b078ce5fda21ca042ff1c5837732
SHA512 254bcf0fa1e21aa33d9bb2ed6590dbb6efb6a79374fa3ba7e067d77765c64797b3d0a72cc84eba2b52cf4ba4e0aea03638c6fdbc6ce49a990118ca196dfd80d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ce7667b0962755045d25d3586ea2dda
SHA1 52e17fdd407fca22b67ce06a1d0db248c318499a
SHA256 be9ffde3f29fd9785b7fda070b380754ec60692a60d630f2c32b1dd7d5b313e9
SHA512 4f0f22687007691b525a6f82909eba44f9ab20c19cb22e329b232afa56986995348ae8fa33bb44b011d0f07e6abddb39be2b087eac12834d0b9d7fed7b8ae658

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc0c14bdef4b9dfab3a9291feaaa618b
SHA1 f59cda02d20ec5a8200d82d1c2dc752ee8770d1b
SHA256 ce33e5ae89a198a0db862627823d744136a63d9911c0db8d46e2ebdea358b393
SHA512 55c43de12d4898eea5bebd33adc329d205a8479ece55d6209667ed6246a544dfb3400d9e0024d73ccbf7aa05c59fd807e3938fc02668262357c478d2354bf1c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 404446c3e634010183c87446005adfb8
SHA1 324277d9f7af13ccd159acbdbf7bdea92a300ca5
SHA256 69a67e6b15efb4947a8a5a6d1acda1f621aac1d0904631561cc4b9c8a93a3583
SHA512 19d5f396e992dfe377bf5e1a2458bd507002892fc0806b1ac16671dd223c8004296ecf28da0449df9cc709b123068dfcab0dfadbf2731c7026b39920bf0ef00e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b07cb076c1f4d20af6b8b15ebfa5608
SHA1 65b1a8dcd57351c2b95602a4b28c3f0da886ecfb
SHA256 cc8fe97fe6c4f667dc612a6556d3dfa10f190659b6abcb52fb0bb8ef186ad547
SHA512 2e9fbaacf1d7f00d66ac3f5f57214fec4519ca222762d4cf6167afcd06a8a8860c8aeb25707e882a625d65aa725262bb363152b6e06589f12c0f4bf6b360fd79

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e81acb76ab8a5fb07774ec89374931e
SHA1 b265a0f3937f02678b55645239517190a7ddd916
SHA256 3cdba04a10f4cfe31bf40d719ba4c8a8aa2e68573085bcbd1944adcb2b0aeb38
SHA512 a89937bbeb681e331776049492462bdba076398ccc54f1ed79d611c4cf8e5c13d2705ffbf938b7b70072814e91331ac61ac7df54b287fe9aac7a08f7edb7b043

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4f03b33e928350d5d84988c4cc726ca
SHA1 610e5699c872ac1bb4a8db4bc57a6a98e71359d4
SHA256 50e30c04b85aefffc749ff1b92495a2152b8a35824139c7c48817dce0a22d311
SHA512 9dc77c7434779d5c8aff09ebd8c0a152bf9bf537f50b0f34c4df0a8a9b9731544bf0f47a729c513c4277b219e95ed0d140dd5db68e023acf425704d7289aa479

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 284efafa346db462d73f39800f6ddaaf
SHA1 d88a110205ccbd6b8acf140cce7be6b81b57a959
SHA256 f3320f4db15a6f65e0a25458a763304d7521eec5eb2b46bf9902c88520b00938
SHA512 f295d2b2a052a34a55d152219a1e1202ed2909cb4f92139ffd0ada7157f5b3d8be947f6d65ba207935e47e4965e927d1dd57e6688950bb4cc48d3f8eef0de8c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f80ab7a8752220becbc1829438f1e335
SHA1 beffb2234ed16a42aacd8870cc61b9ca9bbf6428
SHA256 9516bd5299f46397c9153da9edd035ddf79ff04ee9dd96e55945e824b8c35fcc
SHA512 95deed3a0a796c6ff2688dc3ea16dce25639eaa9acc03811923c77d66548eaccb378815a66d241860a3c8cc3486a7bcc650be9c9d9d7ee9824344194991c1dc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efde231a371baa3baa2107084e70fadd
SHA1 559fbcb4ba30a196b3de2598f67a4bbb533637bd
SHA256 4b2a5b4b0e0da341e48e09d442e7e87fd8bea7b45d111b72a1b2bb188234df4f
SHA512 bf23e127fbd3ba0dc8a47e0225a2f30147c19a75665178c56b71c7f1a3c95f138b0a6ceaafeee7dab4fcb0ee44796ec386aa6748afb3671f15b684b00cd99f11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76dbcbe9e138d3d551ac2f8ee692011a
SHA1 15928f02815f30d33ca9fb9ccf87e33d81258191
SHA256 5901ee2d3714c53efec79597bb389380eb8a2087d0a22a3c74f8976ddeb9d635
SHA512 8f7d4d7d594e927faf6da79f1aadbe7f57ff4d396d635a3caba69a57d5d9bd8b1f3a2265237d79a1db24412d4b3d61e138b9d09165f07a09a916ef5d9564b496

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd5817a8606a12bb6d7d090b3eb8712c
SHA1 2188dda05ecec1586695708037bd66ecd2b26632
SHA256 3401d767fe0ccc873cbd436a2e2e0afb20724fe166c43907ffaf55fb593cdad5
SHA512 cadd15a95a1d7beb7343ae20ccabef5bc368a6a71aec4171ee3749ce74fa906226763a8056c2837fa6a270bcc3d4f2edd784d2b3425f4ac6ef0d49ad2bbe97d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58563a05fe2a6ce6d5528d140c493e01
SHA1 34019440b775b844c20b8b203ad2761f881f49e8
SHA256 a45675d1673833ce879181e2d427c6ee8aedd2c148ae1ce0b66a9f2f531d5751
SHA512 0c6ba4bbd3551ad7734d132d6d2fd9e4ee14ce0abe50e39b1a4afc6943ea7a702e533eb4493d8f9750ff677931238ce389cd2e5c2fe8afb7e9acb8d5db8ed190

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d6ee06ef7d5ce1d5f5a2c01a72ed488
SHA1 ac8087d1fa9b09d60fb3b0b58a67b5c97a8b9a77
SHA256 90c9d8ef87f652d9c2de845259a2b6ceacd8b84853651b871c83396ee468fdf3
SHA512 c79ab9da704ba3644db133a88306fb357542dcad24600b698e0faf058d7c251bebc239864d679e4f37b3db2b122903278c7a5ff9c929768c1009b5eeb1ac0080

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11a6eea4fdae9948f5a841a325c44c13
SHA1 19430fcdfd008c354606ac74f51220fc58c933b6
SHA256 c143012bda9f4982992c26f6fb2f3b2503bf0f468fc91042ba5a9203b5f47d42
SHA512 69a9ba9c6bc6e44bc10ac954c0153ad2fd3b904659903206d5ced3cc77c78f16799326b2231aea8f1742e4e415e998b632940d1f0103294d6c6dfe96899f7d2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f9f8f08fcfc60c139a24baaa1f1e1fdf
SHA1 040a2606403904a11a51be463bd232e2c4f63672
SHA256 7e5f64f0c0ff945c3e2454f0bf7eb450c22de65b917da0924211092e99fd08e1
SHA512 7a2e62add06ea44f374e90631bb7b81e9917dbea25476be65fed2f75080e04929a84f8b6e2743ba241890de1a7e6a01200be207e4302030bd9c58f089ee77e91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 607a124bc8accf1b1cb2c2cf3bf50593
SHA1 33fe9123ebd56dacb51e5a7848ac36f1d93dcda2
SHA256 15d92df2620927feedb5f6b38ab066c51acbb0d4901d0840b2aaa8a05a2fe3c3
SHA512 88fe92af8377d52e8e54aad1cff3898425f278f9bd8655753a29ffcda4d5bf80750673a7fc06a0fdd24367b74e80c03cb3f370a3c131929694f2c3948a3d0aab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8bf7defb540ff175ae22f9b3f2ae5fc
SHA1 a4123b22106a340490afdbe1623b7ccf16f67927
SHA256 5e94ac229a3b9ff56c4058c9436730afbe71b4de13c1b9444341e31d6893d448
SHA512 f6ad3b6a81517fd2191db8fbadcf3b5571c09b9d120d4c10c83ed322eccc316329b69ee062671b922750a673ec6ab1881792ad69030261d6de5a2101663506fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 334d1725683883563d46d493e73f9416
SHA1 794f23c634b7839547a434bd354d02fbc31b6cca
SHA256 7025ab10b4617a36a118e220f63e1260d6b69a255ff8c6aaa6c57ebb36f04e97
SHA512 2d1466540600cb1d3cf849795ff14400b869f1ec17d19bbf6290a148d75d6fda98070f835d09cb340a95e91217ed45ee4d0636432c41c04fee95305908085e73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ff4e4f29ff85f686bdcc778be0669b2
SHA1 a15a3b064c2c8e4f23f4cac772d6caae8f86f594
SHA256 80b2461c072cfcc7d7d3dbe61e74d13288423284dfe00db62555e9773ec58efa
SHA512 3f8d6f346c5f1145772b284d1518bf2d6c80f69fcfd8ac8431ba65e420d68b3ec55722d86dd18234b387e5cde05428059bb9ca7d690b9624f5e023dfcdbe2bfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3178e7c441eec189e4841184f4cb573
SHA1 dd78d9a326e3a5ad2ca05bd5a731f5f3244e1654
SHA256 e15be33f65e82f5de280782a855322f43cf47d6914ede40709079964ca0a331f
SHA512 a936fac2fdc5a11df7c1b5a98669c0d531f40d86d2504f945431fde0a5581d2cb8ec4eb3adc38e66b415cef375e407c6d2fef291e0c6cf45382a3e00f16a8195

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1cd28accfcfa5e9eb11f681e085f4350
SHA1 45b7ec5248bb7415578121d8a0c47c6d05efb441
SHA256 a7cd01eb6ad48912c865822d48d08e82c0c57eedf263b414c6b0d76662f7e62a
SHA512 535609baea5c62cb5dcf246b6af48ca10256d4ec74109184ec52f2da180cf03570e89b7a05bbbf6a8abe8dde5d0b125336e9d8ba312b4abfe3d5d0c596a1b3f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f93d373da8a9a5517971f60d3a07d3c1
SHA1 342253ed3fa46fe935459593645ffbcd27bdf02f
SHA256 f91717cc57c2083d3d4839a4aa80c4b6ff48855751e412dcc7faa7c7342bdc95
SHA512 d6ff9d635eb9f1e2bae5f0e190bbe4f8563b41c0cc41d08113e2e81b6ef57781f61e44be435a2474be8a3f2e00051dd1ff16dfc9391a4af15d76732c0e5849e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f084d52d52af953fddcbd2dcef16785c
SHA1 ed6ead60f4ca9a7920386e30f01645564fd2dafc
SHA256 f180d068df22af2ac08bfc667724c568ef147a082e1f7208ff455fb8f466a42e
SHA512 9e2c07ba0be7a6e2312df5601a9dbe2639a4c52ec1b4f1ea2feec7dd38c8a34b87bc24f388a7e2725c27ce625be7cf20c0f9ae5b0524936cbbf6e79a2b710708

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 193ca82ad1b2ab7efb8126e13d55c506
SHA1 ed812d465cb21fcec41f861f409572be64ecfb0f
SHA256 318dd271468a0a55e664bb5c0b93e31d80ae956ad834f5579db2c2e4c00c0dcc
SHA512 5ba72cb05e20e83bf8220a953f6797a1bd5a41e096c84a593cd69e0e26a67294e1f66bf5e83249f0c0f3a04a21b3e5721ee257f0cbf7e7150288e1d78e2b4bed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87c8d5c1b3ca90bc2d7ed8cfdb77582e
SHA1 b707811ad468be264cd92dbedbf1e7e0018da758
SHA256 523a07e592a493732aa821095b6329b1f0cd1e9db7779cbb83ced24843856ea2
SHA512 1081df57eaec46206c79f712a77498d7a499816e1d66d335a8dd46241c8578f3ba8fe75ada8cbf9fe1c3859475fe6a61ca248f7a477c01061545b34298a66fc9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 9b1c99d5245940563e9e81e95c4832ec
SHA1 1bc5970a797d7160879f1ab93559a23b736a2ce7
SHA256 5e5e2d6ab15529a13c5f6fddf4908f82199df64cd0fff65ec624e324f6f20a45
SHA512 6d270d67927d391ddb39f5f2c3bbcbe36add45dc5cbf35099b0876b1b1c91f7ff23389e564bdf583fb4245984cd0a8af8f75ef87695296a8dc1d91269763b957

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1dc29b6d25efb24a2f3d87c43c9707e
SHA1 4dc31823a5dc3ef6cda3e15c0a1d2717419cec20
SHA256 d188ba239b6bf2df74269783d8ba7eb76ee2b576c32f1b72451556c70c37054d
SHA512 5ef3fd90aa4c99ff55dd52113a7b289e4424b2109c9b7fa99cbbf52a49600bfe751b979995ca42d51937051b4df371b89b1474f2e79abcd49893f361ae6eb193

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69d3e96a4a8ff3a34c272a72561748c5
SHA1 22bf8aa6f6cc24f9e1b7fd54ac6b5a5df2f70766
SHA256 0d29e6c93e5718e824dddd0855f7120daf019136edf518782a793516cdb05fb2
SHA512 fdf913c7e49d42565bbc6e76f69f6390c9f6e73502dd9867fdf5f7ce5296909906317695aa69d7e2d3fe8fa87047696f801834dbed820f1914ec23f3de724da9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a81a65f408fa11c0c3d1925f7a7632df
SHA1 44cb0211cfde277546cc9041ff48d207dd9b66a4
SHA256 c292d6545cf1cafda248c4ca85352d6f86ff182d8af0753e2dbe6c975059f806
SHA512 1c365f358dca467f91745c14450729e1b22593efd83def319e8d68f2dd00fe21ba941cf8482c40d8da40e25b58e46160fe7ff43254ccfcde6cc7d6b5728a4f53

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 9f1db8ef76ebb07b4a0e1492358c6e63
SHA1 dc3e524de2ed2da7eae430be6914924cd83e6fe6
SHA256 212bfa6f518f749f7504c746324e61f955735039bb31710187f603c42ff4e7ee
SHA512 4c7183bd5226cab186c6030241f01545dc184119bfcfb189dc91824eb0722770f2df3105f645392e4764c04587af26a43b5f834d99e865273c91c3a14f725be2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 c967e21ffa09fad396ebcd73fbe79d35
SHA1 cfb5ef5d1202fef430ceca3c6aff29b409e17fd4
SHA256 9916ea2eca1ef9fef4ab3bcfe6dd55ce381fe88c1bfd3538393958a3b9407bf5
SHA512 c215e465460bcc3c44193f1cd1f507554a2f28a1e4bd924d6612e17916a890775c92944202923b2ceff8548d9118949faf5102f5aeb0b63dd7f773b77d10c50e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 f9e323cf7c2396b098f3931765d2119e
SHA1 1dcb689e995d277cf1d461dc6f616ef078b22434
SHA256 d6f7354a43e9f51cb55def7c9ee99218c84391b3007ee8a070a50ed6267d31b8
SHA512 57ec4549c305172e5a164cafcf932d284362d835d8cfda6c85e3f86deca86d11b7d563474132b0259f9b6bf1688215494bef62fb998d094eec5054e7a9060faa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

MD5 a899eff620713bfb586871cf1126f3cb
SHA1 f04215381c9aef9acb8e36125126039e32a9d3c7
SHA256 1c04c636e12fda70d0c412040b5f520df1a1206c14ffa863cd78f2ed065a04a2
SHA512 7a133a4228817f2b2f33114b5970089f52ce41667948da2933232d5b9317e5ac72c9727bb62aa68ac1bd6cd6ea59e9bc826ab6530d865385bfe365137b239c15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

MD5 4d3c8839a71e57de6aaa7678d8163554
SHA1 96fb5986cfd7be37133aee44784b54a4593c1f45
SHA256 5a288438081f861fc235588bb8909108805a37e56e2e8fcd4c9371628b7f373c
SHA512 20b6e7df04826c535244bf383c0447ca5cf503a4a84548d2ae0c5823a6f25d2016daf30a15ca1756f4b6cfbcae7e8104b397aba4eaea6ede4c78fd453f19b3cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

MD5 22b937965712bdbc90f3c4e5cd2a8950
SHA1 25a5df32156e12134996410c5f7d9e59b1d6c155
SHA256 cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb
SHA512 931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7b3d7f80e12c9a83e97d82fd2306bc34
SHA1 85968c75e74a05c3ba8df952d2b177c25d94c87b
SHA256 02c892c20b6fdd0ca5aea6788c81935fb095a8fbd4da4a7e88fb569f9be88e64
SHA512 e7adc27c60b55f295a567058c5eea1f8e700624ab201af69a6c62f1b4df472c20c815c8b78d1574bf73b9fe70adab23eec2f431a93c7c35d1ae5f671d391bc6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 42042d14cacb86949d2c3404223b9092
SHA1 877fc1fd486a750004f14db117b4b4a3c3bfda8f
SHA256 48c56e8b6cb48caa3780916a5e5792cd96d6bf32ff625f220d32d53280b8562a
SHA512 634176d85e90c424af53347ab6a1400984aa102131277dbc15577dd230ed5db0ac0e79856b972c91897797c49c99ad2b11824f8e6fdfb0293e1603e74e853e84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 adf46b75e50741e0c598d67be0190297
SHA1 86060d907f34386932fb0e59ea5cd75338e32169
SHA256 493ca791461636ca94cc1ade84b3ab84cfe832c7543b0f8b3966e23de97afc93
SHA512 80a7dbee98dda883ca9b981948696d3cd5b5094ee4b9db352bc88defa3e7592bd004d1c4e392e637bfde805a9a7439a419d21fec4a47c9ea6210909e832f5587

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e7f399734c5407542a5dfebb727109fd
SHA1 bc021fa602516d4687ac435676aa992a43456c96
SHA256 57ed324362e23b369a1fb3f2e7e33e9750860c74e3d8a9cc7d4c6fbd0c8a6763
SHA512 8f0d0970464191df4820a6483479071c75fa51c862e5b198b0a5d884d6ffa108a9f5e6e528ed678dd564010451294075fb379d3dc4917737bb1a3c005e7603af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13376425561473000

MD5 f145045374d89138bb2016bfc06c0dc8
SHA1 e88493aa13176c9b225c6555da7fc724b9aaceac
SHA256 95a38ddf8566d25618016bd878d5536d7e23b3f6c6fcdc2b4ba7bc4f7c875b9a
SHA512 ceb81a037544eab0fb09b0f95146ec6c61012402c6248fa2ceede8aa95ec4d35cd0addfc51b5115798eb992f6b34bf6412047841cd457dc48d32873e32500dcd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 485c9d570350407d9b248c502ca514d7
SHA1 0f0e2b542852111b330003f664a6f88fda6effa2
SHA256 d2da8123533495f6bbcfa6023a9639a2202ddb0428fd630ebed2cdb906cbe374
SHA512 8b8585546f9f6fa8500702d068aacec4bfac68bfd05cbb8ea3ff4277f0cb77b1bcf1747e8dbc5472eea7138b45dcba2805a50fa8481733d09f803e2820ca5d17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 765b373d0a67a9e3ec2216891588b9f8
SHA1 c2a3ea3b123b3f9448b899a170ec9ed769b54ebe
SHA256 84b7f9f320f5ec7d6230228e55a367921276feb88229bf2621f6b80cbb061d16
SHA512 b2aef10dcbc221f3b12fbe87dd33f401578aab63a202089d9f880a5f77928d28b04d957aefd6e2c42bef132a3b2363fe62dde3b9fe539e495612fa9fd12b05cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 df519a6ffac9543f9d5cbafb217af73f
SHA1 4cfed44f3cab3855750f7668111cc4952e97ac02
SHA256 19d254762afcc8baf1e1fd4c3beacc512f08c3c8aeaa0876d5bbe57476aa6200
SHA512 07af308ecd9d014de3deb3b7f630989ce0c35eeb491db07f6353cca706ef6f6cb8b64925b30d9e5ef3f2334c8f6938e29843c7447a7cdb39814766fe0e57c4f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 552798dc0e777a4eaf3ae90a5eecf3c6
SHA1 b0e1ea9f6541b1834d3d8898fb95eedda36ba5e0
SHA256 5e6f30765e2917fc214c3c2b7f26516e6f07f65ce1e6cb578685e174b789b2b6
SHA512 a0f974920443dc257e4b3eea218ea70e761e3b947a8fb86c6a21d7db6735b177117d4820bdad5921cb5a6da6f086dea1a9790ef2798bc6dead0e24d12d4d59cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 226fdd5fcc787013f0102f3eaf9eee4d
SHA1 78d01046931355afcbea103bcc4492e8cd2ada3c
SHA256 2c628c0d7abb8e294d7b8d36441df6d5f6c413b68293dbd0f8f7c0243845d446
SHA512 8937166dda3c179513fb21243e669df351c66f4490dcf51287d09f12ee1f65d2a77f1d2106d35b11b56508bfa5fe468428648d0e01f49935b97c1da9497816e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 9c605cc608c01bbc250e760169403cd3
SHA1 d2b9ed50e6978dfff6f5c09a6e950cca04c9d7fc
SHA256 8a95651f57e93b49b8f7760c638105c720edd9564d6bcac3c171847a7f28cfb4
SHA512 aed8b99bf5ad0276360dc8daa9bcfb7c672cf2652ac9a0e948e1d83ab5b0e3e9279bfbc4a48e6a45a49b3e9c61889d14ae880f7066d52514e52d2fd097564208

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 456850aba2c12d98cb1c81a570737913
SHA1 24b2f4d0dc462b2602346b08819e2bdf491615b5
SHA256 16aad3cb5e1a43c6fc3752f88a95a647d12c4ad294d1b14c9971dcc06a9e69dd
SHA512 7f485f79486963584c80cb37ab3b885e23fd9cdf8415761cad484574b1b294cd24d85793ed08243eedbbdf172f8678defb2f7369b620959577847db5c776d31c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 f0d5b2312da1ac2e4613d687f90df234
SHA1 2d723d2f0a5393dfeb645eeca3de1d6cb062e38b
SHA256 af0125bad2d7c57369a745a4d8dbca1b505082e4efd3b70815014bbc77b41e5f
SHA512 93e8c3ad1ceebeeafd7653479660bdf8b39d4e7cd6aefcdfe9c550056a1cdd18c6b305018a8219a12844ac3aaa737d421a472265972f679a59a28f88ae34bb70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 39b4a5437163f6a9e4412951b42b4dab
SHA1 8e36023113ee93cc81171134f33a67924a57fb9e
SHA256 12780defd076fea32ca711971ebeaeb461978042207d406c9f5e0924f07736ba
SHA512 d98618ef65abf55fe08eb5bee85aca5e62398b8fb9db2c4edb03aef898356e17289b16f163f64783f0d2a42d8cdf4391033da58d50742cc38d4496dc9d8de2a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 5b3b3a5cf61c55d5bed5379b8825d834
SHA1 337209bcdbdf91432fbd0fe9a6ea0efe74e99710
SHA256 37d6ec533a775dc56352c3afcd3f9295df709b7773b9d65461de2efe1d4baa18
SHA512 a60f8f3e5c454f5dd04bdab197e23c7c56d9c024e2485e2a2670a21be3d1aff34da4c85399b9eaf77cd2a706497f04fc5d96fcc81fde9c39831dd6b9d171c563

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 e2c83cd8f2d485bb84788f1617320145
SHA1 904cd5201b8c2e6d921260dfe17eba5e879de8db
SHA256 e2fbfc95d93ea39f162db6328407f2a582aed650c58e3aa728eade924f1de35b
SHA512 f7e50cb3de14d845be2a656c442d85acf9ebd57a747183b98343081a001823d7f14afb44eb1145f040a49862709b10f189a6126577644034cc039e651e418c47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 89f97d2f5155f7adcfe04e50643fe870
SHA1 6f1ebbc1724733f571f14d684129e8981de342ce
SHA256 ddbeb158234562de96bac40a55fb50ce37eca81e91de17fff9ebedef8f32ce05
SHA512 cfba48542d56f699ad32abeedfa95850a559fd8a6bb578fe772e7a6d5e4e71f924f6436a6d375a17b715d57b2cd0dd3d6a6ad602077e5d48cff6cbe07771b3a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 53010472476529d1aa9942a79e0d0c97
SHA1 faa951d989074557c9151d3ac6b08b8be6c25ea3
SHA256 ca458d009a88c71e13e09fa5011dd501d26e164705dec0c8f0e4eadc559d0534
SHA512 0ba9f6abc35850519a9caab2a6e534a6451f9068c459bb5f4f619f865521360f63d145b2f78d047933f8d72b170f5d8cd87507881a00fbd3f2ba6a06b6377622

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

MD5 78c55e45e9d1dc2e44283cf45c66728a
SHA1 88e234d9f7a513c4806845ce5c07e0016cf13352
SHA256 7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec
SHA512 f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3ce2f8b1-fb2b-4a13-b47c-614d6de1a786.tmp

MD5 b8483465840aef4c55d905ea4a52cace
SHA1 2d3d3f35d0c7cf06a24ba619f13c879bb46ffbc2
SHA256 b022b2e694d68a042f98bc4cdb62a1247ca9597a9449ef56d932faa4abbfb680
SHA512 5a01f936edf8db9c66620dc3c894f290273e03825e205e515c7db6e3726330b418e52043d384ca2e0495d0912873ba2b4483e737fe158d64da087257909d4794

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

MD5 979c29c2917bed63ccf520ece1d18cda
SHA1 65cd81cdce0be04c74222b54d0881d3fdfe4736c
SHA256 b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53
SHA512 e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 d9090e6665eda1d5c6e67a15e0e59ff0
SHA1 f595f7dc05c1648d07e48735b891ee7e946e4578
SHA256 48b41327c05e44ad0f367c52004e19bec63553dfdb64c75fc06a7c042f773a48
SHA512 e78d17ac4a60c10f8f668c463b7c6e1839b0ffd526f13aafd83ddc113434a363ed91b20e8e8baafa00631b46aa1b3835f2cc49b9ad040429789618f034e08a73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

MD5 60e3f691077715586b918375dd23c6b0
SHA1 476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256 e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512 d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea729f661df8267fa8392064fedbcd08
SHA1 1a20b173c963dc4e74d5c38ab0f5e39f78ea9903
SHA256 fd1a41438edd21b9f73fe75447c22cd901f982255dc7049c909048c01396b493
SHA512 ec900b1b32cf47b5d65abd0dd12a66b2e1306dea8c3e5861b1440b6c26633e73797797f5cc820edc20e095e5a0f58050ec5dd6b4590577ce6bdfd3bceb4c4114

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 628cc6c236dadbb701784b0785edd4bd
SHA1 444ff1b281ca8ebf5db780a2be9a2401285960bb
SHA256 de13d4edbae94701c09421f2ebf63edfda9c5cecd542a7deab537bf8cba34486
SHA512 249971538720b4d0342f6ae099f3c3bee692b3af1c02e42c68b05d1efdac69ba42b79474384012dbc340cd22983943c06d80ba186362f4cfb337d5a22ff04334

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 108fe6bb3ec2db81a1c37d563c8ed7ee
SHA1 678ebe7f44256970a4203cc893f09f3f8bf4d13a
SHA256 5d6b84e17d96d51cafee4a42ff432c56b86b5555cddc0fee1ded7b808854bd50
SHA512 9925b722c0be184f8b319274930589790bb3cd5325ded3d1aa400a8f559c6927e4a9f6f1de5faaf3434d730bee818e8aa3869c1a901eb3546ba74abc6ce6a320

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3dfc942d03072d9990342fc5fd96359b
SHA1 240cf6c064c27788f756d5279c9a83963a45c995
SHA256 426b2fbe820250e3fedd7f1459c484cca9bb348ed309abf2eaaa60c0d5973266
SHA512 174994d1e845489a24b1dd1aac3efbb8e0bc4e9f66d9f87863c0c6f28e2230b5f191e04be86d61a7bac02a63111ef31e9d901899ec4a3349b68ddd0584837832

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf1d6e62350aed45bc60ca4863c1c7fe
SHA1 d169950960c5bf544526ef72264e5d9ece0376ac
SHA256 ed2723397e5f1119769cf7d0fadd4634553cdd6267d8ffc4fa8693b459c8bdf6
SHA512 eb4762be3e651748084ff70befa8539e233621851e56a75a414780f7c571a9f1875ce5b63a39c8fe3de6eae6149edf4f21a3eb198420713bb7099c5c1ba28904

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6c041ebfa2ac5517fb5f7772e6953941
SHA1 f98ee67b58c5370bf6fc36e28c77a5bb406fc9ab
SHA256 987a2aa1f5bcf58bb24862968847ce860e54b37714cf9c54213a1b3d5ae80f3f
SHA512 b5368388cd1fa46133ccae71ca3d2bf521d6f8bdd2c642cf45fb882e73e78de843202dea0dc79a999a0d3216b1dfd2fba1bfe0ed03cd08c590e2c12f594487e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a064967e-9786-442a-85b0-59050dbd3b11.tmp

MD5 5491ebb1bc931d59296495a5811309e4
SHA1 ea03d38f20ac92d2a94750dbd1055175c61cef99
SHA256 afc325949715dc47f7da5f5ef77fea57a5d12d7da3c69aa34cca5a4609276a30
SHA512 a1fea610e90b74a164cba982588d912fed8c9ca3de2807a0346180aef791904abcbb0fda5440fe7bfbb98fa62c1d0b60e2cda38d0b9b1463989785e7637f7f41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\48802306-2827-454d-b6f7-156053169ec5.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000011.dbtmp

MD5 6de46ed1e4e3a2ca9cf0c6d2c5bb98ca
SHA1 e45e85d3d91d58698f749c321a822bcccd2e5df7
SHA256 a197cc479c3bc03ef7b8d2b228f02a9bfc8c7cc6343719c5e26bebc0ca4ecf06
SHA512 710620a671c13935820ed0f3f78269f6975c05cf5f00542ebc855498ae9f12278da85feef14774206753771a4c876ae11946f341bb6c4d72ebcd99d7cff20dcd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000013.dbtmp

MD5 a6813b63372959d9440379e29a2b2575
SHA1 394c17d11669e9cb7e2071422a2fd0c80e4cab76
SHA256 e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312
SHA512 3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdc4b604b5322fa84b596989b910cc67
SHA1 2252f1b399ecb0924bf71cd2fb40f723e79bad07
SHA256 095a43d0e32c74c24613d64b7eeaea4891dc1c529b5a13c319eff0bc8724c694
SHA512 5f49e370ed456ae9d06e98ac77cab129e6057a5b0006acbeaeaf364b87d9a4cda37c1638785a84563a07610c6c80788f72ea474d046403e1e81d97b781b82dc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a09830d574201998fba6e9e1d07b4e47
SHA1 2a34b84c2596dca5034c89445bfceb850324dbc1
SHA256 be60d6a2c6347eeb3a745e1a0abadd4bb5f61cc1a064a217639af5afe9abe8af
SHA512 748f328ea5ba81d87ea258c123b33662004abbc7c5abd832d7879689f7ddcdd85a2870e6a08e2dd5e017cdc1076fa2f9c27ccba26ba40b9fe1933aa23ca5f721

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c8dd341f24a511014c794f85cd173e0
SHA1 658fd266539ab5dbe91738ec72f0fa694390d875
SHA256 f6668f47833f3fdad03239b76901bd13be1a73885b34abaae62f85912c1c00ae
SHA512 ef6b4cce2e630292f555930cd07c5c843fb16a87d6d8b3212f65d9bf2749754573100ba103ff2948d900288e27e9d0212a92cd0acc1656c7ca396a8369003ca4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c656157118124469f5cb0a9879b2dcf
SHA1 29787fd0695f3494aa845fe316444d8a5c620c93
SHA256 560319fa6f33e2b5cdd703ff219290ea722479045aed23d83622bf8d18352c7e
SHA512 93e9d3e1ba0d4b05218a5eb1f1daeabd3bd84df58897996d3ca4c2f1a8c700f9d8f7efa82fe76c23659b9b691861dce03ae36c130ff029a8025f3ff7981e95e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9c4e8f537395d294131be37ae6dc839
SHA1 71f462027a40c6503825fde444cbac4df5e9448e
SHA256 6b38669126c25757cef0491203d30244e7a0eeb7143b0eb20bf8c18a3af04c05
SHA512 551233772dbaee96265c4aefb4f0f5a2fad5ed96ca4c7a0093ba3035b5f393accc1a0f97e92a08269c240c87a40dde77b646473ef859d98cdbc092018eeacd0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51e7a2fb4061b92c930da5775722d7ff
SHA1 f57b00f77e602d83f7199c7fc0f8b540e05c8229
SHA256 a4c0c19e956575f580aa8c0799b452b512203e11972a997414811854291f8a4f
SHA512 67502460a19ae08c82b4451093cc61125c3d545757d6b0fb9a5cc80be489716e6d7403bea5fdb2fbe16c62ec11a927c37dcb80cffd7db35ca3d99633af73c8b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c53bc37c649210b13f41f659ef880d57
SHA1 1d6beba18bf77f18c21d25c94b88393f69be3bf8
SHA256 5cdee8f4c513c32f481e7caba20e012bd66b696322f8ce39c4a0f780332a385a
SHA512 098cc7be316cf6a3d74079bf0d53d2aef98cab98e60fdcc36426d2caf08fc170e449235fc61f3907a0837c92e9057c6bb7161fe7b0e1e6fefe99a6b5994d3285

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11bee067dc54ede9bc0d91fa4534d248
SHA1 f799a97781368b3afc216f0577d4e73f597fbcc8
SHA256 ef3a2c45e567d245a5fdc9fb4884c4e40aa1f73638d14a9e77eccf66b341241f
SHA512 01b04c9bf8612da2a35b65d529826276950fde15da45cd98b1e08b045b97ca4273a4eb128f14ebd4c40e9bbe53f9159b532bd3287d1639ad712681c136346a0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23e1895ebd455103d12be9de918f3f54
SHA1 879fae99499c3696c0bb933683611e18f747b781
SHA256 d833c0678b135eaea44291966bb7a70f390b7c9dc95ab6dbf2478fe52788e3a8
SHA512 aade6acc4670690a075c46e5e8ed96b4a38d653ad8aea4c82705cd787b90be385434701eaf37a4ce7cf58851f64bf44cde4b9b862c4c35415f0af893b6e2a439

memory/4000-4189-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4000-4202-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4000-4249-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4000-4252-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d3542e35cdf61fb23a7e164a97cf5a73
SHA1 8518f23d652cfc1da2846afea1b419334b20019a
SHA256 894ff2a3df133629a10cef1e6a42d5c253a92d95b6b823dde1fb07e8fa02727c
SHA512 cdcdd43df8843892377caa782e87bc588a962ec6d4287529819ad0526349be7c0b50a6506641c803fa50ca3b9e7960025e8c0bcfaa708347a5f2b16b92eca8c6

memory/4000-4293-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4000-4294-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4000-4326-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4000-4325-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf7b35b1.TMP

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/4000-4331-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4000-4330-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4000-4349-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4000-4350-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4000-4352-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4000-4351-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b12e2253185023232525d652f61a450a
SHA1 5a18fcead3c9a6c71dd7c93ad960ad3a406e6c5f
SHA256 2f69314a7f3213f96370873a2c71f9ad1bd0b8c4e28f96a9cec8958be11882c4
SHA512 ed27f3ddc29c848c0c59b6905f49e3f9198a322b797d1e4959ef5be92e0ddca437a0cf56d651f1209e61a1dadd509cabeba06e7b5dd152fc486555d8647e1757

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0733578e7cc98d1cd1e42688dbecf727
SHA1 16c582e8a2b808b6f341e69635ff2d6b6e885818
SHA256 2471ff371e54dcccf720b99c42c8419d9504d304475ab298b6a2996af5bd045a
SHA512 21954713abd8bff1346f60c085301223d8219ada43bf7a087e25f6e63561c33f594462d5c95e3a7191b1c18421bf48af46f45fba03025caa98b6d23747af9d7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b261e9e669a28ff004a5fbfadc973bbf
SHA1 647ed71298e315ff7a2ba12d06f9967e89914c9d
SHA256 3b310ad2088304221388d59f36131cb286a100b0554bb99d569f30da47a4071e
SHA512 e55e6aec5c19a673edf3479f2c38dfc7a51300741e8d939fb672e2e77f92b416428aa2c4f2b4ee01d0cdca08fc9abf574e7babf3c2aef135295607d95b53de3e

C:\Users\Admin\Downloads\Unconfirmed 45652.crdownload

MD5 e23d97827ea3c90cd85f2d11402e8940
SHA1 67c01979b3516f9c3082cc05367142a74e413be8
SHA256 16f7d9d609c24c5af75c0141059d49008eb9b1f016d198e224bdb486668cc7b5
SHA512 e9dfd9ebf77aa615b17c05f99a5efed0c5dc993b7ca59800aa7ffa45d0d7fe4e207d0e4386c4fd9b11ceb49b5a4d28b4014ab9d6327ed86a8321cd9f3e90f646

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8631c255af760c326ebc2e953b7d2b44
SHA1 030c5cea3d82306e1908b050d986b9864a22449c
SHA256 7a4d168dfea03849c634fc91ee76fcc67f1075c4ca2ee9c50f393b85815abea3
SHA512 500af7419ef6c8350a820e92da74bec389098eb0529f1b8ce6c540cf1317beea7f83a3be4fd35e4490c8877cd6eae7f08a9f472d45dcb65d633b7049f6091751

C:\Users\Admin\AppData\Local\Temp\pcgame_9A9452AC\20-Minutes-Till-Dawn_com.Flanne.MinutesTillDawn.roguelike.shooting.fr.gp_gameslolc_28462559.exe

MD5 8afdf50f0097e7fc7254c83b2b2bf097
SHA1 771f30d91517ce306e93b548f31bd595139255a8
SHA256 1c96bab3b22b9e52736982b58ff5d75eb22293aa184024ad29c4f722bf1420f3
SHA512 51e70ae50cc46be7670ce73c559ffa11f6cc324a0256b44f394c789b5e7fd78089b934f7a91b06d5ceba55caede217a87296bbdb0ba17e48e59dad8ca33a5e2b

memory/3804-4507-0x0000000001360000-0x0000000001466000-memory.dmp

memory/3804-4508-0x00000000002F0000-0x000000000033A000-memory.dmp

memory/3804-4509-0x0000000000B10000-0x0000000000B9E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 2055b886150095713f5166ef8bfeee2b
SHA1 933f4ee6506d5e66c145072e1fc2bdf4266701ce
SHA256 3fb65d2097efcc56ae69b17f2fbf44621f77c73340a9dac86e6d4a97f8fb5cd5
SHA512 1688b0990f7ad314dab6dc5af4b15bf00e3a284bf5529280a996affd4d98acb626a95c56187e33a7c3c35b59ac4c1e8c6556eedc9673fd9e3c97ebbf9ccb2706

memory/3804-4517-0x00000000001E0000-0x00000000001EC000-memory.dmp

memory/3804-4519-0x000000001ADA0000-0x000000001AE1A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b407de69ba75ab93de1760fc9fa2aeb8
SHA1 75017a119fccef928fd58523f538d97bbfb9d4e8
SHA256 c3010fe52c62a5873f050eceae319ffb88130cb3d118b4db981046dda6a87a18
SHA512 de14cc45341f21362cd464307ba92e685a98195342d6735805a669ca8f6def271c0cab9044fbf404cea98531ab18d4555c208052f30b7f39428c021790f224af

C:\Users\Admin\AppData\Local\MobiGame\logs\downloader.log

MD5 65f4abc6c399ba04d3f148f288d1b24b
SHA1 21c2ca15bdba8541f7927f98330b640d56135fd7
SHA256 53b7f53c87a1ee64476889a87335f1e92768c86c32c88f200e355b4edba147bc
SHA512 319dad994c019c3738a7838d5ce71e7454c33ab431443f9279dd128c12e9e4a0a8ea8472572b9d7198cb863667cdd01a2764baec133f4c533b6304a8805e1e80

C:\Users\Admin\AppData\Local\MobiGame\logs\downloader.log

MD5 29b1c9e0426ec73ee96d1a1a4c374aaa
SHA1 8c857bf3d9925af3810bac8750ce9ae0b7c1297c
SHA256 10c8ad44d9b1256e99c6ef7daa4198bec932c6ad6524e6a57fb4c3d447a9e2b8
SHA512 d7c76470f7b2c2eee8bb38bccba403b27e8654c9f2d0cfd5a81cb0f58b22a69c4d2365d015f486b1fa3c7553f3a84e5fa13a6310c587d1b7a2bfad71024e9279

memory/3804-4583-0x00000000004A0000-0x00000000004E2000-memory.dmp

memory/3804-4585-0x0000000000BA0000-0x0000000000BD0000-memory.dmp

memory/3804-4587-0x0000000001310000-0x0000000001336000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2e89684b04a7eadba9e6d7460884ac53
SHA1 06f682dbc3dfebc6194122feaf6bc2d2c418bd1a
SHA256 41467639d6f647fa115d391bdaad184bf377bb1a27044aebd18918e35064d50f
SHA512 ec2be681a2051e5bd32fe3894885ce3aa8c310e5d64e781d85f221bb4fcd0999d9c1ab094857b94c56b1daf419271c61c57b2700879ee8050c95e56d05175b45

memory/3804-4636-0x0000000001340000-0x000000000134A000-memory.dmp

memory/3804-4637-0x0000000001350000-0x0000000001358000-memory.dmp

memory/3804-4638-0x000000001A880000-0x000000001A888000-memory.dmp

memory/3804-4639-0x000000001A870000-0x000000001A878000-memory.dmp

memory/3804-4640-0x000000001A890000-0x000000001A898000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 063e9a2693d2a9824ea8daa9ae28d4d2
SHA1 d62bd581e42a2f540c9956b7b93c9f1acab10873
SHA256 c38fd6f929a9c25c54022c65167cace52dcac0a5606510e87492d47f29b229f7
SHA512 42d149bee89404f7727a33aac9aaaba084aaccefe9888ba786f7398344013b88c9a760284d05974df39f1cd6828cae651ca17b3407460b5cebe9baae926d2765

memory/3060-4762-0x000000001B320000-0x000000001B602000-memory.dmp

memory/3060-4763-0x0000000002460000-0x0000000002468000-memory.dmp

memory/2424-4789-0x0000000000A90000-0x0000000000B26000-memory.dmp

C:\Users\Admin\AppData\Local\MobiGame\logs\mobihelper.log

MD5 c783517e3b1ab79d19d1880884dbf0b2
SHA1 4417ce65689aceef432248e1397e0a0e0f45093f
SHA256 065377db930b254f948a5f934db1b75155cd9e6e538d6db7d2adb6431abc8e2a
SHA512 d220c246ae956c36920c8047f83630e1e14ccd6dc17afc13f17f5b1fa870d9731bfd6e3297ac9572a172f893f0468e9afd1d238bb0e8934bb3a807f3334801bf

C:\Users\Admin\AppData\Local\MobiGame\logs\mobihelper.log

MD5 a30af476e2036c1e7c6f4821d0dabd6e
SHA1 490ce58ef63ea2bf36c1d69b95ab3108df2d9648
SHA256 20d82f528b9fe7a4214bcb0f4f6f3153409a588d0c2a420da9988526e5c73516
SHA512 a9a9b51b4507d535d2dcb6b1dd2ca2a5f4c11272655aa5466f58a4503f87fddfa5604f7eaf3f932dd3e603d41cc5785328048ee68b24db3e0eabb1c95eb12219

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 68b46abbc4eb4c8f5925e7ead3f93862
SHA1 f576c174f9281d84882760d9f3aa96d837f1dad2
SHA256 9abad1acac34ec97eb355273e016e97b4ac25d4f7edf34afcf4facc3e22326b5
SHA512 eb1a0d2b05a7fd3fd607d5588b28cec53ae26b1391a879a0ff3b3936f28c0b5f3638f51222c91c55a7dc93be25df9e4336cdc7f244a5a44f93e4dcdb7cd3a95a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\cHthqheC43lw630hUPme7zehC1I.gz[1].js

MD5 65dd913c7e2fb8f1f2b7f6fab23a8b45
SHA1 4634146f171d699cf168fd8a1657bec982be913b
SHA256 8557479314028be87e39247df3b3548563a60ae10835a40d6c24d83b5d5fbeb5
SHA512 9ba05caf3a50615a059d60d45ef510ecebf753bb854592898423389092f5598f6cc3c75741effdfa0f2cdb081915814307a0d8ef436acbeda0d455b1155bf4a6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\hjhfd1k8QFxRGOj4kh67VzVClLA.gz[1].js

MD5 dc221228e109f89b8b10c48f2678fb46
SHA1 1bfc85cba5c424136941ac1dfd779a563b5beed4
SHA256 f4fb7234959f48c2b2ca73fd6c35d36eaf65d8c431d982a1ba208f5cdc766419
SHA512 46f49e5ac18436251778d1f50c027729a2442ed6541c3162d878720703e37797b6028d96eb1568c23ec5006fb022c8e05855e250d6a1a590f41e890866529cd2

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\YE0zdCVEXmngId3Qg4LQkqvjyLE.gz[1].js

MD5 51775361fd842e7e41af84a01c8ab92c
SHA1 21d108490f70991727a3b044983342517336b53f
SHA256 8b549eef372338fc3f5632b9bd47ad2c2876229e573095ccbc6b7867a47153f9
SHA512 96fd8d92ba98b65b4bd34ff57f351123ea907c3dc91a4814f8de3e6985b6bc9ca0972f8e6cbee072f50742ca5f19d03f623c32eb5061c9ca1d6a3cfb47344dce

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\LI6CzlNYU7PeZ9WzomWpS4lm-BI.gz[1].js

MD5 56afa9b2c4ead188d1dd95650816419b
SHA1 c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6
SHA256 e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b
SHA512 d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\Y806JrL6RagU8tqNI_iN1M1S1mA.gz[1].js

MD5 02b0b245d09dc56bbe4f1a9f1425ac35
SHA1 868259c7dc5175a9cc1e2ec835f3d9b4bd3f5673
SHA256 62991181637343332d7b105a605ab69d70d1256092355cfc4359bee7bdbfb9c6
SHA512 cbb43000a142807ff1bb3bfac715cef1240233117c728f357c824ce65b06be493df2306c7b03598817f09b02e9e36ec52314f88467679c5bef3ee1504a10c7e6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\yjXVFOxf6UdoTA2BOwEH6n4ClfI.gz[1].js

MD5 a969230a51dba5ab5adf5877bcc28cfa
SHA1 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265
SHA256 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f
SHA512 f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\pXVzgohStRjQefcwyp3z6bhIArA.gz[1].js

MD5 47442e8d5838baaa640a856f98e40dc6
SHA1 54c60cad77926723975b92d09fe79d7beff58d99
SHA256 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e
SHA512 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\fDgf7Oh5R8mPygWLQcaNRoJGj5Q.gz[1].js

MD5 3104955279e1bbbdb4ae5a0e077c5a74
SHA1 ba10a722fff1877c3379dee7b5f028d467ffd6cf
SHA256 a0a1cee602080757fbadb2d23ead2bbb8b0726b82fdb2ed654da4403f1e78ef1
SHA512 6937ed6194e4842ff5b4878b0d680e02caf3185baf65edc131260b56a87968b5d6c80f236c1de1a059d8158bc93b80b831fe679f38fc06dfb7c3413d1d5355aa

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\PgVOrYqTvqK49IEnVEVlZVYfA1U.gz[1].js

MD5 f5712e664873fde8ee9044f693cd2db7
SHA1 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4
SHA256 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2
SHA512 ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\cJksCHwhB_Z32I0ytWPMUDsybak.gz[1].js

MD5 a5363c37b617d36dfd6d25bfb89ca56b
SHA1 31682afce628850b8cb31faa8e9c4c5ec9ebb957
SHA256 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
SHA512 e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\ihC7RhTVhw2ULO_1rMUWydIu_rA.gz[1].js

MD5 cb027ba6eb6dd3f033c02183b9423995
SHA1 368e7121931587d29d988e1b8cb0fda785e5d18b
SHA256 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f
SHA512 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\jk2F-rpLS_Gysk7hn3CVhA9oQhY.gz[1].js

MD5 3ff8eecb7a6996c1056bbe9d4dde50b4
SHA1 fdc4d52301d187042d0a2f136ceef2c005dcbb8b
SHA256 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163
SHA512 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\5g-N9K-X1ykUl3QHEadPjpOM0Tc.gz[1].js

MD5 f4da106e481b3e221792289864c2d02a
SHA1 d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994
SHA256 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9
SHA512 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\GK9SuRKiu0QbKYnVgoAlgmuWrNU.gz[1].js

MD5 17cdab99027114dbcbd9d573c5b7a8a9
SHA1 42d65caae34eba7a051342b24972665e61fa6ae2
SHA256 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de
SHA512 1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\kzHfYwAwahpHm-ZU7kDOHkFbADU.gz[1].js

MD5 fabb77c7ae3fd2271f5909155fb490e5
SHA1 cde0b1304b558b6de7503d559c92014644736f88
SHA256 e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c
SHA512 cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e05691d5ae88241ac7ec1c80513d3d6f
SHA1 1ab1c6591bb208afaef5783823433539fd0eec14
SHA256 b986233947ddc02f77ea0c2880ae29c5aeaecc801d38c0468fc8b33a053eb7b4
SHA512 3d604e3b5ccf8e8b3a3253e5ac837d1f33a7d826597767c762521621cfdf4b9827c72a76af980ff9f43bbadd6d828954b3922735fe48ab51a4070d5705119f48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bbbed06e49b847e878f72887b3edaf38
SHA1 b1381ad70b1664691b9eba1fbfc8cb6b0d3c0122
SHA256 f148da965234ce5d0e4775379c584c43ec2ddd4c6ae0c4adfcc653405672945b
SHA512 fd19481836157c72a6e781d252f4be346e33d151e28eb5c6b178f47a3010eeccbf5bbdf21e6d9ef6e2c3528c515afac7132a64ac45aa4e3def774152bc2ea025

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a996456cf8c90eb415d9e18c72f2f1a
SHA1 853495dcd9c6ddc83d63865e41d00c0459d4bfc5
SHA256 3ba96411abed5944c1492cc7a7884a4346c3e7481f534e0d60a786ffbf3fe0da
SHA512 75c855055aa2224b12fc7dbcea71a2895e87389d02a740666b72d4aeec78ccb683b3e492076d2e39f570230955697b94fcacc2bdd44c90ddcf69ac28bed3a5ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c29a5c103a55242f1c3aa06f2cde6b9e
SHA1 18ea9bad8e9f3f5fecb5cbd748eee6c0d7364cd2
SHA256 cd4db1b1a3d3a17af9f014718e5a574e2a7b9d41b8f8a995d6ceb4cef96833c3
SHA512 3f96696ed1e2a178d64953a828d615c28c4df8ce6834b270cdccf7e1dc34d6f08028b540ddc2d9dda1b45a05098128c41b925a8a35a7f91793d32334fcb0642c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8108e291bea062ef1119c5268ee5f4dc
SHA1 4a93f2ff244acfd85ae154d3354b7751fcffb604
SHA256 b56e5b51dee04a20f987435701c920d6a627213d73f1c74cbd29e29cbbc3c1b1
SHA512 260c6a1f44c7ec70dc6faa32155b9f471fa8c9a3a88e415a0c3290da1fb5ca60427eb75c38e1e62d683a3909764e696b9a88aa9fead4c418f32290814aa5dc8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b3b9b1f56af3a94c0d9f7725904ac4a
SHA1 3b00f76f8225a7261a621858d905cc89fd60ce88
SHA256 1e1d1626f998fc0c622a12a98d65a27187135b0399263118d38bcfb7c4a90813
SHA512 39c67ac46c9eac5b0f7737703829b918ab67ac27469e99fa3c0f3517ee585b9fcdcac9f705a689342a5f6da1cdaec27944254389ce8fb16a7860cdf4e12f969d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\f[1].txt

MD5 5f6b7a2f5c6855dde0d94c34d4680163
SHA1 40ddefd95ecc428fdf36a3ab33d0dc4ac380d2d2
SHA256 48eb17f741e8ee3b84dfc1d0a51f467dd5270dd5aca890ed6a7216b6a4801c60
SHA512 964529184223a2dc9ff852c1d5d7b6dd1c3705a5fcf99450006afc59d85079488b7ce1e00e87c093be51900565d22cf7a339393c124a6bf1eb85037f4aa9eabf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\favicon[1].ico

MD5 956787f2d145f885e515ce8f245044b9
SHA1 c945546e8d2b215740d415f652b0c58e9b6a0f08
SHA256 9ed4cab9621bb7cff3773bbf599f14cb0f19326b8bb72a3deac9237a908b74f4
SHA512 be3521684410ee082f52e4bc7a97b9880e21fa22c0c8493faf873ddad16aa42a3e33efe8a17993d2cdd15340560b671900be92e90a128cf4057e22c8fd6e990e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 81ee9e4afca0d9b424b0df989adb65ee
SHA1 3b52ae42f1ce99292ef78122a1144307046a9491
SHA256 724735792324eb7f3650d34ba2a3b53d50bf07e990820affeb2c2ce7847bb873
SHA512 f57b0f50cb4429d11aec6dd83946c59c4712276a299a1d4489d8eef0fe5fcbb1ffd53e5bcdfb279fae954d294d2555a95b6bfcc5c6d4a136a35a33fc234b374d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9791f8abaf6814ab6f772c923bbd3716
SHA1 65d669bfe46ba3d217015324606c2e71c3b599f8
SHA256 3565c2f4ca804b76ab133b0fa13c1ad4544df068e04c86420ae367b3a3d256fc
SHA512 a6173465eac095f709508855c4336ea59374216f4d162f15ec77c878074d9528a91bbb52f7385cd9de329996bb030f4284b4edf357e9c9563075a705c39366bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdeea4f93b381005409baccd5197eff6
SHA1 a9d22634d09f60c33b9bb120d3f8f02123e7f1e0
SHA256 fb21bc17e3966c5c6f3deb8f8ed390014deb71a68604f60f571f2c5b0b69eb2e
SHA512 96b252716301dfd1462ebd7d4df84c6957085bc2b019b39279141039618d462cbda3bc646a5dfa0a06036e55c8420cd28a5f8b8648d2dfffaa218ed35e5e1980

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6d950acad3358110064aadb1abf70c0
SHA1 79539845dad1dfc8dc97f2d44be86141615277b3
SHA256 5c709e5524d3f275d9e467c6b973c75fe876670f005c1d2675405c7e09f02c74
SHA512 536ca55604850b928c5ad64bbf90c2a9a96b8cf9a8bd2eedac8d3e8ed309c816140b36677a82441812dc9d2ac1f5cfdfb27d90f685229e924ceaf4a221696e56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a040620fcb41e66b339402909a61e6d2
SHA1 851a37e51d144dd03016c291b33d1217b199ebe5
SHA256 0dbd568dfab6a69a72e2a8b6982d2bf38ba4cc44af23ac944364e71d0723a1a7
SHA512 cd0e3c6d25ae2acdadbb600ce475987cb9ac43c22df00df1cfa530a069401f01a885c77b9b57b9b0faf8d6698d257f689492d7bb636abfa17606efb688011e50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec7604774338c513b8095748331bd612
SHA1 4d6d0686bf972b2027a8cd6cafdc53caef00a830
SHA256 35c114e20544adb6fa2f82353d22db730b10c6ba3642b581fa3b0a9783b74bcb
SHA512 55bfc27fb4f1e2126b664ec3cb7043b8c96c441a942deb158053fb544022d3c659552e996acbabaf9837dcc84a40e7b0ed5fa14aff2da1f0b3583e6bc052a4bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10601dbbe043c4152f2a2373e706eb33
SHA1 5c15c6add4f53050c980b2a8f9c85961d371d81e
SHA256 196662b0a9a1342ec064bc0ce1d00ffe02de622440f24ffef7f9cab26653ad86
SHA512 7581359f4d63fb43a8b506f8e47711f9563e20efc035e2164f277d59e768c5e50a5ae9550f9db7805c051416f18080001f5624cd5b1ed91a92904b9f368927c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7564de8f6c8bd92f204c4fa6352bb7c1
SHA1 ebb7be2568f437183ffb872dcbe80fde0fadcf8f
SHA256 bcc438ab61565ede5f41258db2169ebef1be46a069492053660358160dfc0ccc
SHA512 3833769c7e5e0dbf58d8ce161ebefc81289564eaafbf955d04a380f59d838145633d5df2b44864f127a1d76d523c2d048bfc9b4a76be1fb9d8a113596b6e591a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2363c2b66df0493e7889b1f359283fa0
SHA1 cd68ca452f4b9e688ad986455cdfd1fd7e0fee89
SHA256 0c0197792ecc41b91706dd15beaf0949fa7671293a13867d3996b3da2cb40d70
SHA512 0c4b136b35e9a01316c0ad2c3ac0e77bed1cad4b4caf1b19cbc043108b3af21566501fe63cecb74e16487babc1a973f05fdcc4e0d2a99381462031be4088feb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b707d9284d46dfb5386db8e2374160e3
SHA1 5b506c3ffe30b80178f71d40e712037ba24c0d4a
SHA256 8aa84c8f670f031c6123d78a30562e0ce5fdd54a3c5a24c7d53b9dc35a9a3a07
SHA512 6b98a2acbf2039e1d714c1af84c1acd3c8d803c0d06c01e0c619ecb24e744841b74d9c2f11640330a808b11de0d2d0ced8eade45534810a19c8495e8e2d519d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e87fc264c88d420042171b19e2d5dfa8
SHA1 58573595647adc6aab5f416cecfe6e55ba04b298
SHA256 95ac37084df6c6c86655f39552f29ef95ae5bf8c22f1759dd860e0c41a9ac249
SHA512 a264c278f5f93cca6a7fea1c4ed381263f98f9e8b80df311769098e35ae82ff8bda18068de4db73ae86839c5b1d5e9877a7c57584c42d7d715617af07b9f59c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e423c7d97008b7bdcba541ae6b2454fd
SHA1 9fdf697b01860bb599d07432b342c7816ef8f653
SHA256 d6a0fe1817b2f6f499b5d2a279422e99cc774ab302997144f92ac1138e414893
SHA512 bb3b13d48876aa16a1b1e0dc0438faa7888bdfe6ad52939239db25d16a7cad76419532a4ac1b7b5ad04a6afd8e34d2676ae5e9c70edda33c36da68a0fc96ef60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 970b177a365d155344c0cc50169771e8
SHA1 f1016faac93b17858db5558b9c733f617992e51b
SHA256 6bc5a3a9341b1c5a90012ab6d660ae7556b6b463f347fe5fe44dcadbf55fa20f
SHA512 a679a8cad6357c1ba9c648ded35f09e917a0c3e8341b99161544f13541d97b8a54297d92c88b308eb46b746f940da17badd2219379a5bebb0fc9253c1caba0bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e5bffa14ed403954242200259656049e
SHA1 1db96171fe832052b395b27b1e45b64cda35fec5
SHA256 e0699f79a337e11831efd9a05c404c68c6e7658b0e99063c26e41990aeed84f1
SHA512 55f4d2306c004169f412a4da62afc324fb5378ce01b41596f09fe7d3ec14fa20da6c84a5a383e0341ec901321dd31e9de32ac18df8817dff64c7ca4bf95d4056

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

MD5 ea35549990f54b349e6508f4f4cac0e0
SHA1 8efdec385374e1a3b51bfd29c3cc9315e7dc2df7
SHA256 4a1c17a1326271540f84968f43e9f55f936ae9085e99a6d06592a53f98aeff2f
SHA512 67c956058c45810b4d06f4c3f2974c3b264289be435a06ca219df51cd51f9e25bbdf1db42c20d9f435f1689431b5106c21dff8a400ed6263a6b102dfb51ba7ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 490b89c95dd4ff126045cbaf190926f2
SHA1 edb82a734dcbae8ef3767efeef91557273ff680b
SHA256 7f12a1193f040c4a33b6361330a6e02d3fd2b7634b634ce6aa6172317a2c9f76
SHA512 a075daa08c2f543798a1cee74d49d05910f300750fe9768c237b3b988f70e820312efe00f628f8ece1922ddf5c3869278f2df464305895f060aecc19975aa9a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 97087da244167c9ea3648dc83f892ae9
SHA1 68a579d1ecfb26f9d990d4fc50830fffb5cfb7c4
SHA256 1a611ecc2e65d4e86e33190b74c43fccfc0f4e1426acc11a150f3252f36dd83b
SHA512 83c1956d9a74ecdb779701015cd713a992a44203f8ec9be4a0d93723a99bf7e1d9521793b5e3c163be99932d4b66e93c3ad99bc44563242d8e87e4151c483728

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 6936d09328e9dbe0f47fe0a9a4921142
SHA1 c81d987e2c64b1187fce7818065a690db7d3d4ec
SHA256 6801b3ea6277256355822b797cabc6aae29e50045e20adf741e18e11dcd29645
SHA512 f3178546140183c48fa1e9b2c4a126f979816d1d9409249303587c9037924d83d07e1bf1d7dc200fe43ab98dc5543bcd3ef9a538c3a2dceb760d522f068e6e1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dbf072d18138b06c316c9bada4204d69
SHA1 d5edb0196ba713f0cacb9c730953fb5e88b1936b
SHA256 041df7706454b2898147cd998261e9db3dbaee809fa829e53eb557a55d14531f
SHA512 51ca4881f37f650f3b9a4783b01c754725a9962b14bfc616a02867a69c528a034aaa01111d1a913cdb71f896278ab977e37b857b5ab14dafa4e1abfa05025753

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a2273796d754c8c9eba39202e730d767
SHA1 73cf97bfebf4487df9afa0d79408b93137727782
SHA256 bc851aaeda3819a9acd970b50f18931d48d3df5111ca0096185f69456b824481
SHA512 bd221494957b3f911d99ecb3ab78b4486ca6274bd4122d10dae19bbd38c7b5bca2d44a6cf673c0ab360b0c9ee7f62ae7c5cddf3a9bc01cd7bc79e59b37397cf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2a7c2b3b-2eeb-47f9-a787-8c392bb8a51e.tmp

MD5 49cafd02a3dbb38822f4b8e69d57ff6c
SHA1 786d817d0d7488ead08d49e0d469f1c1978404d4
SHA256 a65b94198d2646ab46a55e30edae125e1a755058b95b886f8c0b04ce4a47f331
SHA512 c874e3e109aa68c3ce8b51ac7bbc7da4a73ca211aafeecba5a1f57b7cb6d1203e5cdddd57d2ed9e820ff91e153a3c63e45c57a7881bde3b8073547255db19f18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 56f1b0fb25e5c75e165b7b8ee737d780
SHA1 4beedcb2417e87439892f3a906d10734a75b46a7
SHA256 5f5a1e184e392633b6e79dcde3eabb229d62c4ba848cb270975f49f514a15de4
SHA512 f79085ee1631537f20fd563719c20cd44d4284aedbfbad8677e8c3d575aed0f8cb21797374c21b147ac2def4df1a1ce50553f2b12993c14c77dbbd6d336b5222

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e5234fb9cb881a3f0d8f6d16b478b19a
SHA1 829942d47cc90a70c4b28e3a5f889c8cf329970e
SHA256 06d9463aa5758406a9dce8473ae5a132981b4343e1cd22963f586aaabef3aa22
SHA512 8724bf2f6098818419cff9f648853f0fd2614c01f1390b654a7251f6e5db66e8846709120ae3bb02a76a8d7054e97453ec8b2efa8c464375e45400360a32b342

C:\Users\Admin\Downloads\JJSploit_8.10.14_x64_en-US.msi

MD5 9a5e4420fd429b7444e7f02b2b52d0bc
SHA1 056e5ac7ef1334698f4337435985a2d6a52ae059
SHA256 44ef9c095fdc078cad8648bc9ec75f744d2c72229ee427eac65fbc1859e57172
SHA512 7728f89d67bf145106d7c86dd7a1ad27aac74898210bd86d944d7a9111c41fb3df1ab2acab5a4d5bd9cf1a6dd66d9b460368c7994bfbe8807e4c21ae142f8f5e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 438ec7be8301c66d8b45d3a9a7484d54
SHA1 8f38b94de39ca12ff7c243427c1a9ae03eb47130
SHA256 4b73a23b92a5a37009435ced4b32382ef11c5770689cc42865e0ed2b3009ee58
SHA512 e591f17c3a0cec3f25be0763145f00f5c7779a4a47f01c72a4474828b037cacd00a4138eb730431dba1bbda57fd0249e953548fc2b1e131878fd75bd608146e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2b35f862-e0ca-4119-8fd2-51593ee3add1.tmp

MD5 e81cfedbfe02bfeec2dcde6ef599310b
SHA1 3d14407c1b91aee0437402275827c188f19dd539
SHA256 85aa3e6a18ca9329ae66565563104b480b958155068ae66081781f538cbff283
SHA512 9130650dfa69fed108cfc1fbb6544169d6772d5c1de72f946027486e58a6b829feb67da341e7c30fc15d8314f4630bf83d3d70ec11d12431fb5573639f2ad2ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b2e48d1fecfd58b98213aedde8d8efcc
SHA1 8540521e181e15255bb06b81b57777af42ed7b17
SHA256 c8a2000521caf40918e374c9302151b3566f12d84712fc3f09ae59f05e305295
SHA512 40e27f508f79fd104d67825a4a03db39d06ef4e203608ba7a253945a73706af4ffc4597b43506601735c67f6c96554149f1ac7d34115b301f5b31dd6e19c4fb3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4db0db57e23a1eafa4bd0a796a0fa40c
SHA1 21a446a5bf52eeaf4355f135efd5feb4575bdab8
SHA256 d52772752b4fff3352bc2e786d65b561adcc4f3337530dab48aef45ce236208a
SHA512 4d88045a2dd2573c66745eb487941e88a7689b33873160921c1930261ae0fddfe8714636e0723eada009cb27b03282292939c3e468984b06dc4048fdc21ee509

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JJSploit\JJSploit.lnk

MD5 03871a1d213311e9cb3524623df88382
SHA1 aa57efd61a7f6577656278abbf4c5114eba7059d
SHA256 47a192303c694b75ef58c7dcb86903a1e54c7557fcff09255ca96824fbd6381f
SHA512 f422775ccb4ba9648538944b52da854641a2fd0fa6bd14430a868b61e5b850cfbf5586d0aed031a03e5730872a1aa379e4f716ece18508223a365cc2ac43b963

C:\Program Files\JJSploit\JJSploit.exe

MD5 281a79abb33f10b3f9c6c40c0e165cc3
SHA1 ea7bd361ca528f02f0f95c376d844af98105e218
SHA256 30f840be1b9249d22c6bdc943d6901ee8723284770be1b7e18ea12a844d91f77
SHA512 2f6deba4a2cdba68820dc8a47f20253107a3420a18cf3f0995fa12b434afe41fa6213d392cab2826517b4cf8cf59fceb2083f855531daf9310128754dab7ea1b

memory/2144-7003-0x000000001B230000-0x000000001B512000-memory.dmp

memory/2144-7006-0x0000000002490000-0x0000000002498000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 32b43e775a34ae97777a86ab59d36974
SHA1 449b9e1a61b8d5a56e48363fe63745cebc1799ba
SHA256 0d5851c3a7a3629b26271d42e025771949a055e27fb02747fdc79566bed90e28
SHA512 7507dae9f2f7f78f750317045a0e65a463791d25e881244e9f10b73b679d46e67d8294197ad85b6314c85623edb21c9e463ca3ef5d1550e7788063fd18179ac1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6c918a84-3fcf-48a7-aee5-9eecbe4042b0.tmp

MD5 5e456bf9342ab384ae79c8c9ea6c108c
SHA1 0e91ae00449373b305c07b3f73ff47106a540a5d
SHA256 d77507da66b88efe96d8c4cf1ddc39112813e8d5cc4fed8e3bf48a11c2e11057
SHA512 ddc26905e25f7bf006090a726251745e362825c78c3cc492ecf4e2b009d1c42e3577d3721affa61a53bf1b9adcce7abe86513f158635118a3f3d7bd629692ec0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7a160b3134d471a6aeb4ca12e964686a
SHA1 b97ff16075b85ab157ba0bbe58d1ebe837f63b3e
SHA256 c6c3aece09c938561665fc3eaa65d83b50ce4f49ee9944a1884969fffab5b931
SHA512 387a37826e036641e83339e3dd476481ae03ebc59961ed8287c3c202356b0141bad3199779d6f1fa8da5753b1840907ea01d7a3ee420a16a591e4dcbccff9fc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\000004.dbtmp

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/3804-7122-0x0000000000EE0000-0x0000000000F0E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\qsml[1].xml

MD5 d76f63dff24f61aaa4864c8baba02aa2
SHA1 107777dfd3a2dd7e980bebd3a6d516b95829a00b
SHA256 d29e66106c1b0c489575e458716ea7292f42472a518f27994e8ff92b43c7164b
SHA512 c2e334572f7358910ac8c5d96fa6d2dadfe624e36e6226d87bde966932450c7fde6230024783f6fbcb5c73505a7c65237a78a5ebf4d2ee62f1f6372f85698bdb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\qsml[2].xml

MD5 001b129e7495b21498dd9cf5cfddd7ab
SHA1 9d19a5f6345366d1d41667323abef823af8c3308
SHA256 edc85e388e25623e5681aedfe539c30c949c24a320bbd30bd951a3ec006f53ae
SHA512 b4178ae09ff493ae1c7a3374fbfe024a784edd26ded85089ec27f9118fb4fd9a528ab73267419fa50e654e399803eb57683c38debf42654b30c04f49be3b93a9

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\qsml[3].xml

MD5 191345fa362158b84ab97543f8754488
SHA1 abebd57c6f2231cb168c5a17b5819abd8c2f3888
SHA256 77d53213cb69a5a11a693773f9749b6a452fc4b174f8afcbb0885e56e711e1bf
SHA512 29fd43e5d57b20800eee9b39565bf342222e7bc9194b97c3b1d1aaae9c8553a53d342165d10e6e595fab36d62415fd855215ceefa6faac8db9b775b801d0dd22

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\qsml[4].xml

MD5 2a9433a2a3e0a7e9956d98b052014afa
SHA1 d7efd2758e2b049a73b6b2776f5373bbddce6ced
SHA256 67114697a2353c7d5f4c58c3451898203b6e4af603bb23b90670e9e988842a36
SHA512 26e3d3f4ba6d0478d048e58d6963625da30d4fb77ed1f680fb2ffa5a713377229cda28ae47cb11d12ca9d2bfcab908ab8cbf0192eeb43e1e76c9ea8a8095363a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\qsml[5].xml

MD5 7f422e3c18fb50306739120544e31166
SHA1 7a7b3fdefe0b64aa0b7a69cd78e6a97b425ce6eb
SHA256 f8f06fc4f7274598b8843c2bf0676b1ac6ac2e9d05ffdd2b85c6730887ed82d7
SHA512 8adf5ae5dae7b1f1186ea9c900ad564a370a828f0e42ac4a4d093c8b6ffe1b1b97ff9798e737c39041f5fb67e396b09f3d563d6aa25091859dfe20bea49b49c6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\qsml[6].xml

MD5 df898eb43d5652fc48a550a5f61f3465
SHA1 1f9463267edfbe8568446fdc094277d7c77cdf35
SHA256 6969081dcfd870089f77096eab78b7ca99aea1be6ad72e2b8af8e3b4aad4b94c
SHA512 bcf252e07667a9daa2c5e8bae7ff27446bc5cdb99450966cf969455014c665319b21d92df7d9ed6b838ab76789c3683b9b68ecc008d872c99cbfb152651b44c3

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\qsml[7].xml

MD5 e6345d4419770bb3ad5371fcc918c6e6
SHA1 78ada6b477044a0ef9e485560eaf78590efd4f4c
SHA256 6773410160a5970de7f6258469a2fc9243fddefb74874f2c2055eb13c3a28c2b
SHA512 9f172d287bb828344e1d08d570acbde917eccc287446c63947311427ff1f5232b835360a881b989a48b1a66bc3b33898a6c55121d908c824444f93f617a28cbe

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\qsml[9].xml

MD5 966a1741a0e7d2c683bef1b5708c62b3
SHA1 ca93038ce13a6a5dd6ac04f68e3f98310ba2e122
SHA256 543df9dfc80d1246324cf14c9ec7fea8a2ac72926b8f0f7054a01bf65e936b29
SHA512 66b76d2c0f2cb91d67ad67f46d5c263fc4fb5bf3631c4fef1af109ac325cd64dabbf1a036152bc776a912daa2d7971000d3abb3a0366a91cd090fcd209ec1912

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\qsml[10].xml

MD5 b0f232f73f5d0697a4eaaae08ef9593d
SHA1 c4a39b1ef11548c1bdebfbaf4a284ebfe5faadb6
SHA256 414fa8d176563cb4d2565011ba430ee09a432af9e146732d2bcd72ede37f4f24
SHA512 74bf6ec4f2736a908d6860b8630a5a9a3f5e0b6e4162ed9048d01d31c32846dd07334ef302ac9aa4debc7f41b0458bbb1c65869fe84f196e6977afb2e378bbea

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\qsmlB4WEL3P8.xml

MD5 62d2d1f2cda765b016a96b6f45405466
SHA1 4cfbc83066a1986c823d058102ef9dc0cb4c047c
SHA256 039a5d626698be20358b8e077470f7310665b22a4623d3de424da3a6faa2cbd0
SHA512 b741d786cbcc7de09ffb624b2ee1514f795a1b7cf347ad1f40a1a986216bf49cb744d4acbaa5d030d6c405fa8918f3b36972a106425cb30d570bf7bcb01663e0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\qsmlE784P7VO.xml

MD5 35ffbc4bed4daad002c6b74c02bcb8be
SHA1 efb5a5a1c3b1783589a42ae51d744d28dcf744b3
SHA256 36a84be753c4d24504892c8aaa19db02afbd1613164d9bbe5a89ba1f5241aeb3
SHA512 a013dfb0c735495f98ed594a683406036394ebc2601dc4f83b9d047bddc4c903f3156288e8a3fc90b1173c709f951d491fcf505462978424d64c7c70d19230da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b15b093513b66c8478fa5ffce898275f
SHA1 12f13f07857c7773d5df73b35406b9168a139013
SHA256 831c6e4f7a468f32115f1a69a66b486f55323c0ec6b7e037b64376b34da13889
SHA512 612edfc74e797d31135ae1ea4e28eae30cc47c9afc8a47aac42d03b1b4bbd50c6223b01ca9206e7ab4c261624df3285bfe55e2da4296908e5cfde778d93bb30c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9d88a9d1bf46db8374def7dc6cdc464
SHA1 f577669e971c94646a99259bd649ddf113bf938e
SHA256 01ed7130665677e0e1c28a6599e24a1f5a9243738a64af96679f8792c00323bf
SHA512 23b90b0ca752c52c200cf06281a0e9d52d664cd0a8a0a606566c8f5ada8a6e27fe7135f2459453f8a88d1c7a1ebc36c49411661fbbc98f3c93241e2f6b6aa977

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09b00f6e6313c829ea32bd4ae669aa77
SHA1 1004656ce6652d8234940f42749c5c01bc6e0183
SHA256 1bfd768d0d93a1a956dd5349631c769c11b84527ebe680a7a77d9e1a978e4df9
SHA512 7a3793a56aa2590bfa8e9f22c25e45b58787ec61b70d7f1a91aade2a98b67c81d0fe5e8d80bd0abc815cade862f0cafa5cf284c410277bb8a2c20bedec5963c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7572747f9b3bbeb7ab5ed99121e6a85c
SHA1 d456db16ba185dc3df9643e05385f6e9dd3f4b67
SHA256 c705461c3e35f3cbeaa7f6e99e10a2f29ae2b76707a1834f823edde9a5c35087
SHA512 5393fd97bd0195c0cf2e6543bf1257c49f147fc6dcd26b444af16c5de19ddbeaf3afe63dffa8e1cbe0e674621c67d32e4f777d4ee49956dac81f7fa4b41cf36e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ac37a4b5-fbdf-408f-a95c-461e2cfe18ff.tmp

MD5 c2a9f1b12f6b389d7ad657968ab3a3df
SHA1 c3327fdaa3990e1f47f3f41895ae7d5db9958cc6
SHA256 504bdd185c1a2e3de0c99cf783b3f91e461fb2be5e3f14cdaa85fb20e3f3002c
SHA512 40ec17431afa33241b0f630a3c291f9327429d0dcbd48892a13d8c9723df2de57987ba6eae941f88d3d293d2afc8b8fcafd64ee02a7433406fad56f5c9ad31f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68c5b6bb9a814d23f9501cc0f62dc4b0
SHA1 87bd3b6abf1e921187824f8fc1a91051346fe4f3
SHA256 1cd52a118bdc638f758c91dcdaac1dcda62fbb66c4fe712c08e2627a7dec8323
SHA512 9bcfc87678a3d4a0a279ecd000c67290a7b021cdefa699453df152f3f3f7a7ecb2af2a15577c72c7e65a3e333faff8b14f2ee3f112ebc2c25ccfe54ac780c6b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8da7e38bb34b7cc1bacc4783a5ce19c
SHA1 73524d6b155f89b63ac26f7b20f8fe3529c08584
SHA256 cab6e5b22bde1919bba4c10f7177aa8007ae56b708f4db6625ab5506113be493
SHA512 746e278d8729c486e4fba040d23b35035d9f58263f53dac874b7f4bf92cd70d5517f0f54b8122669f073f4110ad4b1f205298c762dd0c2e1417204ae887d0afd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 447b269d9599a926428a8eb971609bf5
SHA1 1aef45dd54d46ce8d5aeeb1b79632aa116e77e0c
SHA256 e9cacfafeebeccbf871678d455ad4f8bbafbf515f83059146213e9475ffd088b
SHA512 3f70fb540b21ddf00948f65ad2194ef4e2f08f06a26ac84101828df78042a3ea32c4348b231fcc3e6e09621e32d5fb8f8e7fc102bbda7261c08804bead37f062

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9e11c752a7dcdfa8c46ca71e777101b
SHA1 23018ed50e18f092068a342056fffbc0698eb085
SHA256 b1d52286bd512d8dff2aba0446c5865af0b8fed4c1944637ec01046675a76d78
SHA512 13aae5962fff6b8233c09eff34a128388539ab019db6560ae9be598d8632d3196e71583ea0c849e77bddd496c168d806eb9487efe9a8161275f5ea612fbe40ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1143b6149c5585ba130eed03e1096eb8
SHA1 2eb132f6a3fac95bcbb7f20a6d0b6d1be5d1e527
SHA256 cd071e30002be162639cb961dcdc24af7a9b13040fe288130e78ddcddcd85a17
SHA512 2fc4b6c4208e49c31e261f32986ddd5e15822643ce701aa7416f13ab69bd90540d61dd7f0f99cc6ae952c802571f535caadadb077c787aa2c3cd1525901ce6b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 29c4da3e79e34613b6918d4d61de2a12
SHA1 49c987ed506cf0280ad78c824015476def018a42
SHA256 142c019cd24665322cc8c2265cefd2fbe052afc82e5cb5b2df53fefc0448018e
SHA512 3d2de63fb352e10e5ef12d5838ad146a1402c192b7a40fb7bbbb4280bf6eb82a8ece04399701aa5c5c0da48ce4aed7fc53f8f812d8b04f8bca8c6181154b6d71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 439091852e517ca2aaacd0be6ff150e7
SHA1 ebebd835bb87d4f6f0bb3c6878cf66a1d1925fc3
SHA256 b9b81465d276e4f2c128bb19491cb500ce876bbc80f26e222e35f66e0249928a
SHA512 04b47553101111cd6892402ada5305b7cbf12fe575633401b28a9cb66ed32649bbc8ea98769db705601126d2ffc18ab2b30c0556688f3cb947ee55c0701f5502

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7824a356903d233bc6527723c28d0c1b
SHA1 6cfe05ad62e7e4a8184c09267134f3bd96673155
SHA256 8cc765c249e3972ec9001d8886c2bf18b97f63fedd0aab58bad6c84d9a1e5354
SHA512 7eebf5d3325fdf9b6a77e86a6c6c5c9728c82d6a69b41dd0616e750a027d1137f8f21152aef4fad720dba5b97f5843cfe0d476b4ee556bbd4dbb196ca5fe1f6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb62164968c5d6908a7da2a7f7df1f0e
SHA1 f3e30d0816bbfba3db22d117c6b70d2d6d1fa5e9
SHA256 e2582e68537893d7a89227231fca67d2a3a0b998f725d7ed7a0ac55d0c564b64
SHA512 5c1fb6baecc28f7a70f38e6fbcb4b803b9e562945828d894ad90b339130ba48e95f483ca27a1437485f1d635675de3835e853ca88052dff213083502d088cc84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fffcc9129c1b745197c24023a061f030
SHA1 32ae8cad2aabd8d8028953a81d26628bcf85cab1
SHA256 c0fcbc6504612e69eb5578359f68bbde1ae2c83daef08a6663fd3fd0bbee25c2
SHA512 c530645bdd001db56ab0b2ac2bd52c66c662c0b3fa7dd2ac08f54c4b089b1eaacbb4bd3190106b329b1b713888faaa17d6d232d12d0d473f5073b549071a7487

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8999017d8d87ad714bb7aea657ba974d
SHA1 9cc95f2b7ace56d1a3748f2a72bd9d9731c12e56
SHA256 ba2a950cf90cc279267b21de4a8c76a9571a48edf417f846caa2fb51fc4b3e0a
SHA512 c27ea9fdccaf39882ebdc3b99039791fcffc9001fe2a88c7f73d28c2662e5f7d0bbd94485feda39f82b18734044e49120e421d6de027e727e8de390cff1a95d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8399b2207d5f9a26a1eb384edb110ac6
SHA1 00a2f2530d21517d26bfe70586b1d06b4d50954c
SHA256 277ba265e1eb0e4a964340e27b46a7b62da458c525e7e4039fc05d80509ab67c
SHA512 7dcbc64022da8d2b5b317260a110c8525f1c715fc566e1ee60f7b15050b86234b6965ab4ab6000e22721037021f3a53d66b3b2833719e361a38867a083d06f9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00ec7bec32dcf51351ac817dc798760e
SHA1 3d278b4440a58edab3e12609a08662d843c3e924
SHA256 a8baf7beaada4d8144957e743e2f3099208cf1c813e0dddc429c42f294263a77
SHA512 b5f6f5416bd7cea8b13ed8f615c2a48f94704d8519c5c4a5a542fc01ac0f5c590fe075f4d9009dd30ae993506032d1839f737084c354ace1848421473635821c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe97d4f539cf81655be8d53c0b75b1d4
SHA1 1229c6898eedaf55407a67ff0eed04be3913570f
SHA256 eaa30d2177ed8abdab7f12c30682829ec5fec240e49e295cde1a9c351b65ce0c
SHA512 954b55437455b0ca7a34466614c5b059079b1b7e5938c7dc38b9daf17ba09e3840628c0447a9b749834997ad9eb03d2ca6cf17b41ae5228064046535d7c89e53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 777800df1a2de4889336b7e260e9ef08
SHA1 0301a5d15fde79a881f1221e10865c361409f88c
SHA256 973fa53407de8555ac3e766368353b5466a7a9fb9fcf28a724a2777ef35eddbe
SHA512 99542e7f34c3d9c85f76883fd3eaedd41f7580eab0070232a6bb6f0dc6f46c52439d588ccb0818d49e51560ed07988331f7cd3e3b13ecea28157577acb708f77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c665b694a0833b706c99090dae914b19
SHA1 c24130bea3539365a7cca6d02205f869c4b2e30c
SHA256 8d3e811a5268cf534740b28b3c9cde67a3df362fd71406bf5ad3b562326fa7ea
SHA512 64f6981aa12d8c39443f33fc15c2eced389643d4f78ec3cf63f047723215291d01e87061220d8cd5bc6e060b44654bf8b6fb3baf02e1b59b20522fd4450c42d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2229c044db32b30e0679daa52cc34e28
SHA1 3c536ed8d1850daaec0cce735b254b6165e6a174
SHA256 0e513b04f582cec0042aaf8e5afe1148ce9afcf21d09c1d1979d97a98b9e3975
SHA512 cd1234baf12b0ef9006b8cad9758e4896b1b6ab0da36ba9057261ee534d32fb23b2cf47153c9c5b6ec8b6881a7b52f5968a1f6a2ca04a25e8bf5ea5b4f5bf413

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd197b771b95cedb41016f1e61df48a7
SHA1 4694d31ebf7d099b748a5456004229d77323f9d3
SHA256 8003da1f5d197c0d225ecd92ad2216559f0119bd717263497cf1926a1073dc3c
SHA512 54d729a448d11214771cdcd369a24be06a71444b1c9cb5929bd1449dec4a8fd13f17113d815f0c3612529439fa988f67bf62fb7ad335ebe020bbe54d110c1c82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 276294b5c4b0b79d905543bf22f7516d
SHA1 1725cdb6b9078553003a5980beb3a6c9f2aa3fc9
SHA256 d4dea1553a3dd4b05bbc3179dd315466d130198264ec90479e783c06823ce7cc
SHA512 2ec2dc2599eea4faaca7fdba3ab1b5d4e6b679d242a81ba4a8e995ec56afa1929e86dd1a723fd4784830db8f77fbde84f2e558262ac9207cb9df20dbc351c1aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d6287bc9a7dd72aeaf28689933f719f
SHA1 627c7a338cfd5b4a42d5bb4210202505ddb1344b
SHA256 7b14758ee8e4f05852b0bd994fd795b23a9893b97c838203fefd28c8facd8013
SHA512 ba0673178de2f8a26b76f4b67d910055e0d97a72830221f7dc0a1d37a8d4b5d874480ad7a122909d9af793f09353d4f78a3d34355088063e9a297ad4a97c57de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1d30251d6d18a9ff78f83bf98aec433
SHA1 55fce5adafac6edfcc9e6c164734f825430fe095
SHA256 40d86f865405a280b7c4b38c5bf58343772c3d0fa87b3b9354c9c2cc00f0ed38
SHA512 6395597e7c9cc068420067b65770c8f7e4f538a27730a940401061daf561baa75c06d967aa5e8b98cb54450c4ebe0dd17baed91ef87b6906c91a24f11f84ab51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2320704cd9f74a500651ffa6ef0ecc3f
SHA1 13e2ead4d30cd332e3dd514591813f2b206bfa82
SHA256 1610415dcaddcf3d0ddc4f676537db956eee57eb0e14b1577214ffb11720216f
SHA512 111fa98d2976ccfc882d56d9ad36e34645d869ee7ea7dc9eabaea102b55ba4f93ec74e461a31a10f27b56c4130dcb943f6892df0e374f3f0b9b131fc4260f61c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f81b8bc71fa408632e2b363eb4070d0
SHA1 7ba0057890df3125bf9c87501865e0a044938346
SHA256 bd5417e7703bc5a86d52c26c6d659660c9614209fb7aa3a7079180115d9191c0
SHA512 226b266f5435f1c99b5ad0bbd3d5e5fc1ff4656159b3aae2a81008372ec1c62d16f04a03d60550a249294c7d0fd3c4c7cae0e962158086c76c90926216cf05ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 208ac8b240efe520f3f09c59ce5c289d
SHA1 5db63329cccadb4e66bbe205a49ae788674dbd15
SHA256 8059165aca411d2fa4d3de84a92429b8e351ef3329333b5479b49fa288d587b6
SHA512 ac10329bac686860e6a5313de0df8ff13d4e4ea0ab7980b6a78bad1229ebdadf841129ab17f05ed24130e7fac3c15cf9a06c4ee53685a76cf0b025fb3af302b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5dd6c42038101b0e8b5945b92c8a6075
SHA1 c1dfae7b3ed9b2aff364a3753faa52de9c7560fe
SHA256 b3e0320a419d323077b4cf840015d679b4569c241cde31b1c8ff155192df3a1c
SHA512 a114547bb9b31d2149b85996e2697217ecd476cce05847744165fb275b0bcfe1c1ee93db916b1dc9e26377f6994fe091f8d82a3fe3fb1d6131604fadcf98d5b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 606345a7826e943b19895f6dfde5388d
SHA1 5e5686a93521f8020e010b7ba68ce5922c89cfbb
SHA256 bfa2a56750286e56e80fe937debf721ade34a2ee289ee4f5920999a1cab5966d
SHA512 568b2a0266fd0fd421466a89da2b1a511158ca0d63702bfdd6b804a750c9c306e2beb35c45ddf5f8e39d7e3296ba114a0e9d0a5dd1327bbec5daa7d04dab5c6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99e88d69f7f7ec24646f5258d1142f54
SHA1 3dda01770400329d2ffddb0b667fc96edbe8a79a
SHA256 c7d0466968a0f7691521c77ad49bae15dfa1336efc342975cae7b88b8fd8fd12
SHA512 a7d1bc90777f5aae6dff4ad431bdea78e3a7c2527dcf9dd152967b9928839abe756431126d2c48c1574d4a46edc6ea223d55b1e0f0b44abb9cd8074853b616bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5eccf50d1cb4fe5de8371e32bcda970
SHA1 4e7045d9755a8ee2e5d1d629a3f469caaef74db0
SHA256 3311f239af80927fbf7113b9cb9804b567b1cd9997cba549f1341ac9cfba5ab4
SHA512 5d2889051efa6bf6d244521f1fa5af1ef51e4420b3786fc4bebc83685daa69b575f5c42882599427a1d2826abc75985309cd5e6ff4d8b0bab3ab98c1c246ae57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d67ff14f5ee3caac21586b1768498a14
SHA1 2a642b828785ffb6f89b3f7aafb41176a90c94cd
SHA256 fa2f42270bd49d8f9118f063c702bf37967fc155319d7e6e0f754873ff7d8a37
SHA512 b0abac399fbcbace52736cf24494b0921bfe8bac4146d50859087c34dd5d3444ec3f0cb70a4635881d82aacd6394a56d993abf9014683893a72cd3a58be2fee5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66ac36cfe1a1866722a44b2db6eeee31
SHA1 74f24ed60ff853dedf70c66015e953add59d2668
SHA256 aebe329cdcfe23ea86a672ddf466cd2d473cf364de9f585c41c186a94f6307f9
SHA512 33c053b95b37e07a1c5f5a491ca99f694e91023f9365af75f98dde5e675f728ee9d8c502f0dae19cabeeb4398f03669bb5b7886db10649fd8c757af8a1c96f87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5843b78080d4c676885dc4eb9a73c8d5
SHA1 03c844d08aee1e81bb311920401a8a26721c8e5d
SHA256 a71e1a4869df9da5657d50bf98a122ca130e77df59be0e265257782b72d9058d
SHA512 3b88f7c247797b91011c76a5062e9abee2abff27f57f659845b8d35d9623bf3ad2fc3211e7bb3814136b49f31a241200052a95f18f00b63e77562dbe8b36c791

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6f097d3aa438dcee966b54c7781c1b9
SHA1 777310b9cbe412f7aadd17c14905c74068c1eecb
SHA256 fd758152142e4df1b4a89d4e824b5afeb32132a13700dcdb609b69ee7f440f95
SHA512 14ed155c07ea0ece8a92c5fd3b614760a140d8370a13105476f8bf22d7a2b4a6c8d68ba4a210bc24e6973a9d4f80c391a984b699586e1c7cdf75c4affd4f9a3c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0018da17-bdbc-4fa8-bac8-7bbbf82a3440.tmp

MD5 73da13ed4d5dc26879c8887b357ff67a
SHA1 4e5778ff8b3441bba91155eaaa40ead3754a5ef6
SHA256 94271bb1b5d9197e282a5a313d84d03b407c09cac8f84566c7a9c991deba4cff
SHA512 fbb0c12e25e724b95ffdc3cbc6c9f20f6bc0196c27a61c3944ba45a7cef7bd1a639ff8adcf7ba3fd26a9541bd4e77963be6f78a1a14387f934f7a935e7178e19

memory/3804-8998-0x0000000000F80000-0x0000000000F8E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2d1c7893b7d79cc6561a06c8805527f0
SHA1 2a5a6a9aaf1451ddfe150d0c0121ae8e8244c243
SHA256 05243660b7555f1376a500225d47b4151836885687cd01014d2c7be64c1e2f50
SHA512 60d7e0b433d680f1cac71705f026c4ebb9815cbd7de6b089556e0f4b84b4438bc749cb8d0c046d4225e8e818bd7b038bdd92e9a95ef93c817ca3ba50add825dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a78e03a61b3255d1fab95aaaf0bc9d94
SHA1 e2e0c21e7ac06fc38001af1ff9ca7c6776c6257b
SHA256 6608022dda81d604a8354b7850211dc55d55f3461b618d10fb24c142fcb17e2b
SHA512 4c832466f7e28daeffefc752ff43735635b7ee9876279ea66cb1e933329dc1fa9d15718a7cd4faa4e36498cea6c5adcc20722a92f337f151c4d8683a22d0f281

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a23d17781706c07c6ddf46f1bca84168
SHA1 e40a66c6a0621e2f2965a162f584d19310128926
SHA256 f16c593d3869be443e414092285c5fcc48a6c5b052da2ae3379f7e4d9d8dc391
SHA512 fd2b756dc88c7b34f3e21b992e639ee55d35c820f21332e415935dcc86f5fd8035d29870b68ca53a883ad1c1238a936ef5822f0179e3e6819f304fa05e59d7be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 83f9e0a3ba5946b84ccad1d44f323ef4
SHA1 70df92f3b7c2c71f433168bf2cc6e82c07a99bef
SHA256 344b34a8cfa57a80c0cffa870dbf298114c1b411f3fa05acf749987166dd857e
SHA512 83822b514bdc21745e40237edd932040abc73dcfd857ff66005b49b9989b150e6249a9d9205e03f049422369138ad24f81dad2907499a14037e6c1786bcb0089

memory/1196-9122-0x0000000001F70000-0x0000000001F9E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 39e3fcf9b14a5d04692906a766f7a95d
SHA1 bd2aed2b740b516a6204f67a4b136f07b1768cb5
SHA256 7f5f0a015378db79df5d365472ce21ddcab960a26d443ffcea099dd332ceee6e
SHA512 d06b91cd142ec8bc9ab45ea1d63afbae69c0738aca239dcba48bfd7df67346e44e913bbe1c171ae6989070c81a4879d3ea31779546589cac126641f16bb554dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ec557685-0846-405f-9eaf-1edf845b425b.tmp

MD5 a0f75a1146b965a7cdba03e4350ddb29
SHA1 ff75d6bd46641362fc9f2925c8142c9af047947a
SHA256 50f8e5864fb6b20266aeaec93de9be5bdbbd9a4b03819b6931ac98db21070899
SHA512 98917076b8e6b5b7a7ec901412b7e082644f347e856d8f63f6ea7758cf176cf6bad92fe01886ea286f13d7aa7b82bba65b1e0783a389cde3a25161ae12deb7c2

memory/1196-9138-0x0000000002020000-0x0000000002092000-memory.dmp

C:\Windows\Installer\MSI23E6.tmp-\CustomAction.config

MD5 c9c40af1656f8531eaa647caceb1e436
SHA1 907837497508de13d5a7e60697fc9d050e327e19
SHA256 1a67f60962ca1cbf19873b62a8518efe8c701a09cd609af4c50ecc7f0b468bb8
SHA512 0f7033686befa3f4acf3ed355c1674eaa6e349fba97e906446c8a7000be6876f157bc015bf5d3011fbbdc2c771bcbaea97918b8d24c064cbbd302741cc70cbc7

C:\Windows\Installer\MSI23E6.tmp-\Microsoft.Deployment.WindowsInstaller.dll

MD5 4e04a4cb2cf220aecc23ea1884c74693
SHA1 a828c986d737f89ee1d9b50e63c540d48096957f
SHA256 cfed1841c76c9731035ebb61d5dc5656babf1beff6ed395e1c6b85bb9c74f85a
SHA512 c0b850fbc24efad8207a3fcca11217cb52f1d08b14deb16b8e813903fecd90714eb1a4b91b329cf779afff3d90963380f7cfd1555ffc27bd4ac6598c709443c4

C:\Windows\Installer\MSI23E6.tmp-\WixSharp.dll

MD5 02551708742c3e7badee72532c9484b7
SHA1 d5aa394ee2883a0f4648698fb7d1f54039f3f73e
SHA256 0fc8edc2b0bf3b92ab50c08429b03f7612fe1fe2e1216a4d9266f11058e3e95f
SHA512 0cf5c87831e4d82bc09decaba0c99ae71044a59b97ab61345a1e5e940766227adf27e34593a8642d51ea5673a37e510e8ebf81ebdbb1bcb1777d48a738520e7c

memory/3952-9160-0x0000000002070000-0x00000000020BC000-memory.dmp

memory/3952-9162-0x0000000001E10000-0x0000000001E52000-memory.dmp

C:\Windows\Installer\MSI4414.tmp-\WixSharp.UI.dll

MD5 a8d11ee5c3dcc54d8082fd2c087c7977
SHA1 8191c9e82f4e6f67a427a5f3b7b1a3bcd67cb4ae
SHA256 c29d2aeb1de17211adb98a490051d83bfd05d10af66094ef7159d0917bad35cb
SHA512 6462a7d23e571b41791af130ae0d2a0e010e30705a66e96b716028a0fe08bc4c7669b78ec4e56aedce991872336b0da7bcf1845ca5a15e621fa91d4c05d9f9ab

C:\Windows\Installer\MSI4414.tmp-\VirtualBoxSetup.exe

MD5 27640e44b220c919539bae41d28bf738
SHA1 905bf328be2083c9020159823f28af81017fe60b
SHA256 1f362754c05cdcc75e0d85c81ec8b7e70e53361ea549b3c16eb7629f78931485
SHA512 1c47d4e2424634f18d1f315f2cb81287bde3bcca0cb38c779e4a0e9dae8ca75b15d59e6968aa1f42950addd5969204fd040f7472f77cbde9f26c6b6143ff1ff5

memory/3776-9200-0x0000000001E60000-0x0000000001EAC000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 31cbb9d1fd5cb3ba4de4ab944c39f2eb
SHA1 640de67b8933bd27e65efbd760f3f5f2001bf438
SHA256 bf14fed398eabf8ddf264138be444d80c520d98fa7ef58ecc2c9ef6349b168e9
SHA512 0e407b33be6f90611087dab0c32b23877ee34d8b9ab2d37013d9eaf177e54f3659a62667ad9a5f30391ec3fdaaaa989f3e5edd3916b8b24b72328973346be458

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 104eae15dfb220e0dacdf98232eb2468
SHA1 41689c41c928e14d45e6985115bcbb6aeab8effb
SHA256 f1853480ac6a333f82f28f606c049208f8b97ef50cd78dfc3ec732a2bc942c3c
SHA512 725137c376e8910548785fe6771f00506dda70ccb4cfb0b290b85c37e3196f3ccf0ddd74a3c2ce835c318a1911e32583fb3454badcc783a7a8c14aaef70b2ef0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 98047aeb42c6e727145ef93303202bea
SHA1 3c890f0e02dee1b0f4e10dff03e109ddcb974250
SHA256 2310876b07c5113034d5ee609722bb5e2b926849346bc2fa77e7abe8f23afca1
SHA512 2147a2b81bffa3f1579601c4495811a9a854ed927527baf89b0393f804bf79b610c022aec39c72bc2b0959e90cbeac5425726232a86a49afc79694e0cd97d68e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c20d4f760032beb5e527698e74e08ebd
SHA1 e73e7ac9e6d7b2ac9310188067d8aefe707dd153
SHA256 58cdf09b1488c143cbe6fe97c611c8fbb8a5e87ce7b93eaf040e72bdeafcfd14
SHA512 783364e93fa6b4d2ed7886a416516e49d92fe61bbeea55bfb1dc741caa0c71e2924283a18158f446689a773fe5dc8dd681b6882a6ad21236e2008125f25276ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5a4933b604b6e1cc01c5735e80bf7c57
SHA1 4ca89aff46b6e04e270ac559b74cb6ea42ad581e
SHA256 9947a08d0d69554404819b5e8fbc6a1dd641a8e9f3b81cd738601da5cc88bc02
SHA512 e94a86329f2125276c7237fb6e1c1320373e62ef92d870b02d3f2b81b6c37070e4883ff459c803da2712b53387ffe657eeb3ffd5b6c1288817355066c7d37e60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000056

MD5 958e72d173944595320c1377b3015e44
SHA1 ba650126f7d4e739dd399fe8e2ab9939df2e359d
SHA256 0f26af205e088a2d95b5bf8a01905d6beca0acaedca901c6dfab31dfa114ac0b
SHA512 684a460c6f17bfc866d5d3ddd8486f068bb48ddebcc08c99a8117658a9a562fa4e982cd3ea64dcaca2336cd670d058d4be49de477cfe56b7db02014bdef00acb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0a2311b05c75452b0200117ac37e773f
SHA1 4e06a3a57ed4a3df036f4832f65e90e884a71a72
SHA256 fe22ea6e8f3ef4e56febcfb03a3230c6528fdb639e615abde13d778cbbde1a7c
SHA512 8df7ba51d86412123a5acd7b56500139abbbecf3112488d0507627eb7afe52942585c2b9cf57d6b9756550f07cfc90a0f8071c4b6959c29d3283890e4857a23e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005c

MD5 cbf10d4876c93e2756fb6d18dcc11ef8
SHA1 55254290922d47cf23194041fc4201ca569017e3
SHA256 8e120a13328f2ccdcb2127c0c4778d3dc898dfbf8a09e371ed38cb22cdd38f04
SHA512 a47762dd1ea021bac9bd64c0b447ba6ba3dc5187c7d9d28024d3077e8846b0ce902de81c440b68bb94f0f431c08b7500366389b6eb4b12e41eed842f6ca1c009

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

MD5 edc180a54f9fbe21e1d7fe7cc094ed3f
SHA1 aa129dd5686bb8c9a33146fdc063797441168ed2
SHA256 3cebb38ee135bd5cb576bb99dc89a311a86ac3345552ed350920c9a6cf0f6d6e
SHA512 50f05c20e0858971ead973eb7f955ada31defc8ec89aa21bd9577019489bc97a5e2ae827c1e3582d16387ec930a300f89a5fd4d6476d9faa5d580bb8fa0ffe95

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e143abe0fa8db3f44131a7370b9ce937
SHA1 65101c9313704586cf7162fda81d556c060cf67f
SHA256 c874bbd2c29a8f2c21efafd75b27d334978d41c7678b4aa4ba6e5644d112f16b
SHA512 2b580208cc82b7b5268a65eb770c92f83b38cba0270b4c56e98fe2a5faa7998dcc3d663ffa1d7469846c032385deead7288b2e44eb49f8d28c152971ab994716

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ba76e3cbc40f38d9e86fa54e1f5a7f13
SHA1 f0e64d8b28d995b1f0f18e7f4bd37d52cf11581d
SHA256 9e80e33c727cb56fece60bdc41613acfab99a6ade968e270bfe36ed6ab7ab23f
SHA512 a965da323258d5c6d684988dd7c6865f57766c65a1513de567d761e514c2e98e1abe78539392c1eb66287df51a549d59bac62d5c190a43a4d2c00a6d5bbb2429

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 69bde758d623eab20b30884cdf22d135
SHA1 5b13265fa2f6946036842e0591c59e74f385a0b7
SHA256 2d41043548ac76156a53b0ae06266a1eb0e0b69d2acda4cd3b0935b0df20918a
SHA512 c9caf4cf5714a26edb1e003cfcc6f881171534830cd7176c2beb810f34ebda71042adf10ad9a5153c94daaff04cce1d6a52977f2b7081c6877641ab8bc05e35b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d8d3df1f242a6d9660c8d2ca0c308906
SHA1 3a77174b0f85c8a9a96b16882a688ccd6283bb9e
SHA256 9fbd9b3b2dc614f2e3170026c0f074067e68970c7d32fbaf2daf306567e9d593
SHA512 fcee182bb14fe21fcfb8b2a84fa05a3d41a586c300b3f4f5265f58830a5135ec20b2f1531ffec3e07463708852533979736a0270752b67b3d454bb73d55c490e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c8d6076aaf2580c4125b9c342650e358
SHA1 c06b14da27857d34bd06bc7d37cf34aec3f88730
SHA256 41d442523ead7ca7cfa9fc6c8267f191281f83547db5f6e1cd385e30717a3f83
SHA512 da242ee7970f760204c5d90128cdccbff85169a563621c84861a873b8708b9c5d82a96d6f53f355cdc4cd932084c8575dfeb46533026b342c356f618d918fc9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2938fb955243b4b50ed3acbac9ca4be5
SHA1 749cec1ba196ab24dcca58bab29a5a0d84da9062
SHA256 6fdca997dc456e2cff8cfd0229edd1a6c33fb278015ddd1ce94e3eeb37bf9671
SHA512 abbc9b8b39f9da5a8d2f0b6c12e09087e6fa1cf0cafcd6cd001901293821198c498c9db3ee4b9a23abbdc06117d0a643762001710867b4f047d04e24a6d3c031

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-18 17:10

Reported

2024-11-18 18:03

Platform

win10v2004-20241007-en

Max time kernel

1146s

Max time network

1176s

Command Line

sihost.exe

Signatures

Danabot

trojan banker danabot

Danabot family

danabot

Danabot x86 payload

botnet
Description Indicator Process Target
N/A N/A N/A N/A

Modifies Windows Defender Real-time Protection settings

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A

Deletes shadow copies

ransomware defense_evasion impact execution

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A

Disables Task Manager via registry modification

evasion

Disables use of System Restore points

evasion

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ComboFix.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logoff.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rkill-unsigned.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rkill-unsigned.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZAM.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HitmanPro_x64.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rkill.scr\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HitmanPro.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RKill64.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iExplore64.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HitmanPro.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recoverydrive.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rkill64.com C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rkill64.scr C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mb3-setup-1878.1878-3.3.1.2183.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RKill64.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rkill-unsigned64.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RKill.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.msc C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logoff.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rkill64.scr\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rkill.com C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RKill.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2start.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mb3-setup-1878.1878-3.3.1.2183.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HitmanPro_x64.exe\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.msc\Debugger = "RIP" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\NetSh.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\Ysaq\hiar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ysaq\hiar.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A
N/A N/A C:\Windows\SysWOW64\rundll32.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\RedEye.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\RedEye.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\The-MALWARE-Repo-master\\Ransomware\\RedEye.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\WINDOWS\\Web\\rundll32.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\AVPCC = "C:\\WINDOWS\\Cursors\\avp.exe" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{905566CF-23D3-741B-5056-89006DF8340B} = "C:\\Users\\Admin\\AppData\\Roaming\\Ysaq\\hiar.exe" C:\Windows\Explorer.EXE N/A

Drops autorun.inf file

Description Indicator Process Target
File created C:\autorun.inf C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\Desktop\WallPaper = "C:\\redeyebmp.bmp" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\Desktop\WallPaper = "C:\\redeyebmp.bmp" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ysaq\hiar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ysaq\hiar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ysaq\hiar.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ysaq\hiar.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Ysaq\hiar.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
N/A N/A C:\Windows\SYSTEM32\NetSh.exe N/A
N/A N/A C:\Windows\SYSTEM32\NetSh.exe N/A
N/A N/A C:\Windows\SYSTEM32\NetSh.exe N/A
N/A N/A C:\Windows\SYSTEM32\NetSh.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A
N/A N/A C:\Windows\system32\DllHost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\WINDOWS\Web C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
File created C:\Windows\Nope.txt C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\regsvr32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\System32\vssadmin.exe N/A
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Window title = ":::::::::::::::::: ÌÎÉ ÕÓÉ ÏÐÎÒÓÕ À ÏÈÇÄÀ ÃÍÈÅÒ ::::::::::::::::::" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window title = ":::::::::::::::::: ÌÎÉ ÕÓÉ ÏÐÎÒÓÕ À ÏÈÇÄÀ ÃÍÈÅÒ ::::::::::::::::::" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\Explorer.EXE N/A

Modifies Internet Explorer start page

stealer
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Start Page = "http://poetry.rotten.com/lightning/" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://poetry.rotten.com/lightning/" C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133764261989167235" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:PID = "2" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\ShowCmd = "1" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0" C:\Windows\Explorer.EXE N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\REGFILE\SHELL\OPEN\COMMAND C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:FMTID = "{30C8EEF4-A832-41E2-AB32-E3C3CA28FD29}" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}\Instance\ C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\IconSize = "48" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "9" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616209" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9 C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\WasEverActivated = "1" C:\Windows\system32\sihost.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupView = "4294967295" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668} C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f80cb859f6720028040b29b5540cc05aab60000 C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\LogicalViewMode = "2" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Rev = "0" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\1 C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Sort = 0000000000000000000000000000000002000000f4eec83032a8e241ab32e3c3ca28fd29030000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByDirection = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WFlags = "0" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193" C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202 C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\FFlags = "1092616193" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ C:\Windows\Explorer.EXE N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeShutdownPrivilege N/A C:\Windows\Explorer.EXE N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Explorer.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\System32\Conhost.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2892 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 1452 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 3368 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 2740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2892 wrote to memory of 456 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc

C:\Windows\system32\taskhostw.exe

taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca

C:\Windows\System32\RuntimeBroker.exe

C:\Windows\System32\RuntimeBroker.exe -Embedding

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\System32\RuntimeBroker.exe

C:\Windows\System32\RuntimeBroker.exe -Embedding

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca

C:\Windows\System32\RuntimeBroker.exe

C:\Windows\System32\RuntimeBroker.exe -Embedding

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\OIP.jpg

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffede36cc40,0x7ffede36cc4c,0x7ffede36cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,16325847912115341347,16281973464219764751,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1876 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,16325847912115341347,16281973464219764751,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2100 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1760,i,16325847912115341347,16281973464219764751,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2452 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,16325847912115341347,16281973464219764751,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,16325847912115341347,16281973464219764751,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3144,i,16325847912115341347,16281973464219764751,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3748 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,16325847912115341347,16281973464219764751,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,16325847912115341347,16281973464219764751,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4856,i,16325847912115341347,16281973464219764751,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffedd6d46f8,0x7ffedd6d4708,0x7ffedd6d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6044 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5724 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,16204035541914040641,8765482380040795048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"

C:\Windows\SysWOW64\regsvr32.exe

C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.exe@1828

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1828 -ip 1828

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 468

C:\Windows\SysWOW64\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll,f0

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Krotten.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\satan.exe"

C:\Users\Admin\AppData\Roaming\Ysaq\hiar.exe

"C:\Users\Admin\AppData\Roaming\Ysaq\hiar.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp_30b27822.bat"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Users\Admin\AppData\Roaming\Ysaq\hiar.exe

"C:\Users\Admin\AppData\Roaming\Ysaq\hiar.exe"

C:\Windows\System32\vssadmin.exe

"C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe"

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\RedEye.exe"

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\NetSh.exe

NetSh Advfirewall set allprofiles state off

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedd6d46f8,0x7ffedd6d4708,0x7ffedd6d4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12585468367281405308,4512906320995371221,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,12585468367281405308,4512906320995371221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,12585468367281405308,4512906320995371221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12585468367281405308,4512906320995371221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12585468367281405308,4512906320995371221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\shutdown.exe

"C:\Windows\System32\shutdown.exe" -r -t 00 -f

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3866855 /state1:0x41c64e6d

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5036 -ip 5036

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 1016

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 181.129.81.91.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 clients2.google.com tcp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 142.250.200.1:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
GB 142.250.187.228:443 www.google.com udp
GB 95.101.143.178:443 www.bing.com tcp
US 8.8.8.8:53 178.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.182:443 r.bing.com tcp
GB 95.101.143.182:443 r.bing.com tcp
GB 88.221.135.19:443 th.bing.com tcp
GB 88.221.135.19:443 th.bing.com tcp
US 8.8.8.8:53 182.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 19.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
GB 95.101.143.182:443 r.bing.com tcp
GB 88.221.135.19:443 th.bing.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.69:443 login.microsoftonline.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 collector.github.com udp
GB 88.221.135.16:443 www.bing.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 16.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
FR 51.77.7.204:443 tcp
FR 51.77.7.204:443 tcp
US 149.255.35.125:443 tcp
US 38.68.50.179:443 tcp
US 8.8.8.8:53 6pi3jrqjbssfh6gu.onion.pw udp
US 144.202.70.158:80 6pi3jrqjbssfh6gu.onion.pw tcp
US 144.202.70.158:443 6pi3jrqjbssfh6gu.onion.pw tcp
US 8.8.8.8:53 r10.i.lencr.org udp
GB 95.101.143.211:80 r10.i.lencr.org tcp
US 8.8.8.8:53 158.70.202.144.in-addr.arpa udp
US 8.8.8.8:53 211.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 r10.o.lencr.org udp
GB 88.221.135.105:80 r10.o.lencr.org tcp
US 8.8.8.8:53 105.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 synlogosttloeq2pwb4w6zaibacubnedji46bmsd3mhapesyeqa4xpqd.onion udp
FR 51.77.7.204:443 tcp
US 144.202.70.158:80 6pi3jrqjbssfh6gu.onion.pw tcp
US 144.202.70.158:443 6pi3jrqjbssfh6gu.onion.pw tcp
US 8.8.8.8:53 synlogosttloeq2pwb4w6zaibacubnedji46bmsd3mhapesyeqa4xpqd.onion udp
US 144.202.70.158:80 6pi3jrqjbssfh6gu.onion.pw tcp
US 144.202.70.158:443 6pi3jrqjbssfh6gu.onion.pw tcp
US 8.8.8.8:53 synlogosttloeq2pwb4w6zaibacubnedji46bmsd3mhapesyeqa4xpqd.onion udp
FR 51.77.7.204:443 tcp
US 144.202.70.158:80 6pi3jrqjbssfh6gu.onion.pw tcp
US 144.202.70.158:443 6pi3jrqjbssfh6gu.onion.pw tcp
US 8.8.8.8:53 synlogosttloeq2pwb4w6zaibacubnedji46bmsd3mhapesyeqa4xpqd.onion udp
US 144.202.70.158:80 6pi3jrqjbssfh6gu.onion.pw tcp
US 144.202.70.158:443 6pi3jrqjbssfh6gu.onion.pw tcp
US 8.8.8.8:53 synlogosttloeq2pwb4w6zaibacubnedji46bmsd3mhapesyeqa4xpqd.onion udp
CA 51.222.39.81:443 tcp
FR 51.77.7.204:443 tcp
US 144.202.70.158:80 6pi3jrqjbssfh6gu.onion.pw tcp
US 144.202.70.158:443 6pi3jrqjbssfh6gu.onion.pw tcp
US 8.8.8.8:53 synlogosttloeq2pwb4w6zaibacubnedji46bmsd3mhapesyeqa4xpqd.onion udp
US 144.202.70.158:80 6pi3jrqjbssfh6gu.onion.pw tcp
US 144.202.70.158:443 6pi3jrqjbssfh6gu.onion.pw tcp
US 8.8.8.8:53 synlogosttloeq2pwb4w6zaibacubnedji46bmsd3mhapesyeqa4xpqd.onion udp
FR 51.77.7.204:443 tcp
US 144.202.70.158:80 6pi3jrqjbssfh6gu.onion.pw tcp
US 144.202.70.158:443 6pi3jrqjbssfh6gu.onion.pw tcp
US 8.8.8.8:53 synlogosttloeq2pwb4w6zaibacubnedji46bmsd3mhapesyeqa4xpqd.onion udp

Files

\??\pipe\crashpad_2892_HAYOHESIQSOOCJKV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 a7d0cf37cf84d15b24d2341a35297ade
SHA1 efaa48639d282afcad9ae9f0f3ee93a081d5233d
SHA256 8a76b04dd822c1bada8f37003caa28a570614fe91de5fab54ee13e8f5d955e01
SHA512 600e6570f7086e0cf34b83195b09d3328ab898fc295030a750731ce4349b459d9e5a9cc01316496115fdefd6188eb9f5a12600f6449df5f301d69322387a4b55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 0ec2db476f068d98a4fe37acc1e7ecc1
SHA1 3d559634ab5960d4befa03571825c6dd9a817fff
SHA256 96559da526828038910c6a4817e1cc1bf749a1d9a746bfdbb0041ba6d6f34c39
SHA512 2406fe19de010296f5ca948ee645c5185400eeaf75aae8da71e15f3311088c6a339222aa812321cfe5a70f81cb8cfd9c7771c7387e397e15f42667791911a951

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6096b3212634ebe48702b5bedacc9c40
SHA1 846e3efdd1b8d1518ffeba42c86950012156003e
SHA256 98661bb7c31cc8b118f7c996ea0129c305b0e13b6180965a1047c48b56dad056
SHA512 0e77de873d4b1f6566577cf959e259887c6bc890983085c0e00f4e11d019226248d627fe127679f97182ac1d5c008febb8a3f4bf5623694534fe06eafa5ffb4c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e5a0f6c90544673949b93e922fb47f62
SHA1 38aa4e2c6e531eaf555057321e4d93427a3605a6
SHA256 5a51238df6a72a2b373c8e808bed805cf4a4077ab7b0b0f2b77396328e1313e2
SHA512 7322e974a021357ee45dedeedf03ef2eddd992ebe1f3eee188f1d1a23ee08f24d6ae8affa430be5e4f0893a6815d08a798fa33000c15cb04dd160d250c88f09d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3ef30855b6defb8d6a11d39bd5c41b39
SHA1 50cf633fd7799bad3ece48c7077d8d6aedeec1a4
SHA256 06034c94c917c22001e9b7f2fda56076aefefa506d28cd6d00611ec30d775b5f
SHA512 c88efa1dd8f1929c824592d5c6077872fe585b02247f0a3a21361dc02b6eb777f832be256c098db2839d36fdf0f8e7e97e80e57d3a618001a8a8fd8d55b96917

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 d2bf6f640eb4f2ad4411167de7d6e18b
SHA1 32f138763994dd0ca32e887494ecf9bdb26ca9f2
SHA256 2da7d3e1f657cf6687b59dbb1fc5708a107733cd70471119cddd5aaebeb268d0
SHA512 4a371780619a3fdee2b62bba20970376c32bea663b7a2b470eed1e1f0210cd230d043c8d18a64bd337c0006a1aaf0cf9c2af584085000b6562b210396e97c99a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c8ff6f2613027319aba70cc09817575c
SHA1 9334e7c76fddacdd185951cd535621fa618b4120
SHA256 d831ed98ae298b21d887b3563c4176173792280e0e6d74517e005b3d968e6a3e
SHA512 ac61f563d1a7b7c596b31f52e4fdac813c86c66147635f382eca285714d1e1b24ac5fc9f0993af6e10b0cf55c26fa6ef28c305ac21ffd5a47b8b398e45708d81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 81e259dffe746632dd2fe2902ec19463
SHA1 7feedbd8f0632bf0ba3a73b4fb94d031a42f16ae
SHA256 0a88a8fab8901c9eb85d57ec160b68e9b0e5d0b8faede0fce201ce908c0a93ab
SHA512 d23022c2f933088162ed1ce113e79b5ff8f53464b8344e84d17f4b77f2e54a068770f1889555609938dcb335366ed571f0cdf6148cf8a2e8aa216cee751fde1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0cb6105f8b8df4d0b9437872025b4448
SHA1 1c9b7605bcca07f715c1a2b5791eb1d635474250
SHA256 0369c50fb191d9ea537f91bded998bd94b2615af70c414491ffb0bcf010e9b84
SHA512 8b112f220af9e949e31a34e7dc0c0a5a4fb2037beda1becb9226eb9692e7384fe4de4fe296488e1e27bc935e7e7971e3b3d40a867b62c7402e61cfb94357f31b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0aa9834ab628f3b42102c75136c8bcd7
SHA1 7a2650ac1f831854021619777f3f274259b49e40
SHA256 b03d9ad0ea1a8c7b520e06e6fd6f72c0fa8ed9d5eda34d3ce73bb1a2319bcf99
SHA512 12342dd07c130aa24dcd3bf636f4e22b3ee5d397d7de2f7225e72136259b205e7438f03a6e57fd5860fae341bd53a4a04c99392a9e0011b30ef506d9910719be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9bf7da0c628f20129961e2f1a7f46a62
SHA1 95df6345bf556dda4e5cb61038bf466d7dab3fb7
SHA256 ffc0c451965bd3c64b0eb1e5f92453a560a2b75ad5095e56941a6f5f3a88186c
SHA512 db17c379662b23f015cbd2d8199e54f412bb57ce369040eb8a3436e31d673ac521794e83f752e5eafcd150e961bbb9ca5935915871a06242ffd604e06d34f783

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bf4ee96132b4ce4a9fcbb65fdbf77655
SHA1 721d623829fe2cc610eef636393f0927feeb5042
SHA256 826a278f8aa5262af76f11d4750a1e4605693c155879c4f4b2b9fff89311665b
SHA512 9a74b02943de4546ddaa68dd717bcff20ba04f150873605cfe06effb3abf43c1720e52c3bea10fa8fb9b3a6b9570a47429f53d5903d6f9a3a4a338b9958da55f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2126ec7c1c4ab4e334ff42c128f6afdc
SHA1 9e29c8c2bfe2d31dfc8030551df707cb905fb70f
SHA256 32693744c65133f7be542d0a88410701f5876ccb34d7586fa58321defe174e1b
SHA512 3b4b79622bdbbeea904464e1a61f92ff26d25d389865d43ebca0329d9490af1161219b15e6a961e5dca9709102e256c7bdc6ff54ea76d76c49ae6735e6f4840d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a4850a53f6875c9e0e487ef5d07d1aeb
SHA1 3416e10261b33d2fcd14fcc759673eef56784a26
SHA256 590b402d2b62fded1419d0185cc062ab979138837f65c9c1104636676be4d444
SHA512 54715f925923b51cb45151a97201ae01bbd19e1553f4cbae42d130e229f1abec297690ad6ed8db5de6fa44b4262d3bb46ae0abc2739ee65571ca4c335b867df4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe6448b2.TMP

MD5 fab8c62ee8e6de14c0a15678786b6738
SHA1 31f26241bfa5b17b7de8de773cb59093d53a1514
SHA256 f09cd2aae0560242df73687443515e517e61f23016569ed86317d136f27445b0
SHA512 53c8fc656cffb29617027854e979a79351496f7936b116da156a6a5b6855cd918e60199a472ae473f94c98eef7dc94ae9c117e7fce1e8fcadf1be16054a8b633

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1287141d7ae79e6ce9b20101dc458ed2
SHA1 acc07b17e7ef25a694fe4fa9388ffa2ecf647924
SHA256 e9664ce2704664aed946b776ac981f80642d2f835a815940ab913b4067711481
SHA512 3c5c30847aa84a4360207872c67529102f520f6c372783154caed313f25b569ba982f8bbf33c31a6cbd7a8ea1af647d257afc484bc2b03f801a30e6f61b538e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1785664e9ee000f01ff7ce7953ce5465
SHA1 8ff458b5829cb9d8cb992efcf4f13c3856b94152
SHA256 9d9f0678f26283b4b118601bbebcdbae8e317483c037d88528731954089911a8
SHA512 b6a77beed1142f4269a57985b51c3a54a993d97c85edd419a82cc06ccce82f78dc40c174daa15d4e9c0f04870fc93b8f2eed2e8551d6b6acbf43077c3b737d74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 84462c9d8f9dd4cbb9c48847a0760b59
SHA1 d46b22e51d1b1d7e87044a2ed77d7185eb320a38
SHA256 c9d629b4fbe4571d4d8c4b07098c4075f42c142199b4bc1019db663a047b26d3
SHA512 3b9ca253c7d243feb4ed9c63ebd0587d8979a68362572331f507253d6479924f2355a0e22ac7c7b1f15c9b8f3925585c6f58014e8a214101a2dbba1f195de44f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dfbd7824a1fc05281f8e8d3cd900062c
SHA1 881b4ec4b5a52fa281437628c887571b0d3a614a
SHA256 2d1d1021cecf712c0941b79141a0cee30f8a16e0954ac2189e408e27eeec71d5
SHA512 ab376d8a735c901d447e3c28820e2b91b1e39850c39734dde5f038dd778309bec161df2c3aa9d736a961be1bbeacaa1870546a80fc2ebed8bf5e4885d6037cc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fd5cd64e29ab319399b029c9f9e12d73
SHA1 7e93c6052403f4c4135af6661215dd6e6227d67b
SHA256 f40a12a8937c7b8d8480cdc2d0cffbe5f6c68e0e007b50b845682554f84a8a73
SHA512 4a8b1ea6e8be0d4857cfb03c0a31c4a5807bff4f58703b269ff57f1324b0b8a164c4658ba05a1de4d94be456f5b6310cb0b8d6bf947934f4a9b80bba7a93286b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 20a772f8409c4ed40868a8c4e5a32b63
SHA1 60780d7c7d6f6a4ea8752e2e44c3111767db979e
SHA256 552d28d918cf368d85382b003eed44f83ddf20adb52fb58bfc1bc0d97db364de
SHA512 4488036cd3f9b769889bc4a74c9712aeb056e369a7337d51e4c7694b8b4fd9bbd8b963628907daba9dc7c4357e7fc38434397e1569d594dfb93e8f5fe5bca35e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fad2fb85d61c25b16bd472708049bfb7
SHA1 811c93f135e590b9ef6292213523bca97e45599c
SHA256 269d8b8bf6d01fe8bde528966aa03e8073290dc68b0ad758e516a1b0074713c6
SHA512 889fd11369f38e30b2dc0a3fe42420ec2e6ce3a997c3e90c48e2a4b4b60e39a501571911667d22075f39ea980cb131a72b096081a518205c0ad97f4fe1a06aed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f4635d197747e16ec7da4090fa7eccd7
SHA1 1ec793d9adc8b020fe8fe2b9bade1c72e8ece26a
SHA256 80ba6fbcbc38de99017e44f2f852bf8dd0aeada640ea106410575781fb4c378b
SHA512 9b8ff09505062e0de1798e4031859b5cdd3ef66570a115c00c60920bb53f4117942200b0c5c4c25445946af197421fc788e2cc60834c981d20bd4ff4f619dd7b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 07a71086c9dfa632a1859ff08b7ff061
SHA1 00833dbc68d99581c5735ef5c642935d9968e151
SHA256 4a913463431f02d448dce9783b9f338efe4d2ce2cb476e10213fb43ac01cf3bb
SHA512 0d97ea62828bd34c8e969e08b63826ee8cf37cd6c3d0ac33b2592756fbb279f68142287cefd43e26ab0f62bfa327316fcbad721c6a799d1a795941aa7ce08a58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 76fa18f5f9c53f6dac4f61821393ed8f
SHA1 ac2c49e115b255bb8bab7941230cec8db625dabf
SHA256 f6e547b2218556e4ad06a938e78c0e217f26287de3679fa3e896840090f2cac4
SHA512 4bce997c3c28cb4a7c90f939c76556563e250125bfb978f402408791e5f8ead944d53544d93fde5aa12f4ceb4740de85799dcb750c637af68a2a04f5d36f398c

C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll

MD5 7e76f7a5c55a5bc5f5e2d7a9e886782b
SHA1 fc500153dba682e53776bef53123086f00c0e041
SHA256 abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3
SHA512 0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

memory/5036-759-0x0000000002170000-0x00000000023DB000-memory.dmp

memory/1828-760-0x0000000000400000-0x0000000000AAD000-memory.dmp

memory/5036-761-0x0000000002170000-0x00000000023DB000-memory.dmp

memory/5036-763-0x0000000002170000-0x00000000023DB000-memory.dmp

memory/1300-768-0x0000000000400000-0x0000000000412000-memory.dmp

memory/1300-769-0x0000000000400000-0x0000000000412000-memory.dmp

C:\Users\Admin\AppData\Roaming\Ysaq\hiar.exe

MD5 c728fa6ce642e9b90be93e5124b9c2a2
SHA1 9da525a1ca56fbe973b71ce0becf5f56263c3759
SHA256 2d705716d7485c50915a1bf442987b1f76e58942f05008264707fc7508cf37b3
SHA512 512460efb8da1315e367faf671911cdac6043bc476f27282dc805a1b95e7c16c5da62d6ad7164d1d4d6de1b4084b31395108fcb097f4a8e0f92a36cd5434ad6c

memory/1300-775-0x0000000000400000-0x0000000000412000-memory.dmp

memory/3288-777-0x0000000000400000-0x0000000000417000-memory.dmp

memory/3288-780-0x0000000000400000-0x0000000000417000-memory.dmp

memory/3360-779-0x00000000005C0000-0x000000000067E000-memory.dmp

memory/3452-800-0x0000000007CD0000-0x0000000007CE7000-memory.dmp

memory/1204-821-0x000001A8DB2D0000-0x000001A8DB2E7000-memory.dmp

memory/3788-822-0x00000167426C0000-0x00000167426D7000-memory.dmp

memory/3360-828-0x0000000002D40000-0x0000000002D67000-memory.dmp

memory/3360-827-0x0000000002CF0000-0x0000000002D24000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmp_30b27822.bat

MD5 45dfded3fb766146823ead2b654c4898
SHA1 f88b3e6f915df97844c8adb4e1a27003892aee0b
SHA256 d23acd871cdc65bd577a208eca25403c74b9c0ac0288028f86482cf0d558b1c1
SHA512 c0c172409e5b1170743e2268ec556e656631cbe6da0033599fe2d3a71428e9984ddb75b63959800ee8af7af59ceb086688f56a93d6ebcb37f25c571c3e02a14a

memory/3360-826-0x0000000002C10000-0x0000000002C28000-memory.dmp

memory/3360-825-0x0000000002BD0000-0x0000000002C01000-memory.dmp

memory/3360-824-0x00000000014A0000-0x00000000014D0000-memory.dmp

memory/3360-823-0x00000000011A0000-0x00000000012A0000-memory.dmp

memory/3360-816-0x0000000001100000-0x000000000119D000-memory.dmp

memory/2684-820-0x0000022F6DB70000-0x0000022F6DB87000-memory.dmp

memory/1460-818-0x00000130A8580000-0x00000130A8597000-memory.dmp

memory/3360-814-0x0000000000FF0000-0x00000000010FB000-memory.dmp

memory/3936-815-0x000001E0FA7B0000-0x000001E0FA7C7000-memory.dmp

memory/3360-812-0x0000000000EC0000-0x0000000000FEA000-memory.dmp

memory/3360-811-0x0000000000E20000-0x0000000000EBB000-memory.dmp

memory/3360-810-0x0000000000D80000-0x0000000000E1E000-memory.dmp

memory/3360-809-0x0000000000480000-0x00000000004AB000-memory.dmp

memory/3360-808-0x0000000000450000-0x0000000000472000-memory.dmp

memory/3360-806-0x0000000000BD0000-0x0000000000C7C000-memory.dmp

memory/3584-807-0x0000017DE0DA0000-0x0000017DE0DB7000-memory.dmp

memory/3360-802-0x0000000000A20000-0x0000000000BC1000-memory.dmp

memory/3124-805-0x0000022E552E0000-0x0000022E552F7000-memory.dmp

memory/2528-804-0x000001FE12EF0000-0x000001FE12F07000-memory.dmp

memory/3040-803-0x0000022802AF0000-0x0000022802B07000-memory.dmp

memory/3360-781-0x0000000000680000-0x0000000000949000-memory.dmp

memory/3360-801-0x0000000000170000-0x0000000000200000-memory.dmp

memory/3452-799-0x0000000007CD0000-0x0000000007CE7000-memory.dmp

memory/3452-798-0x0000000007CD0000-0x0000000007CE7000-memory.dmp

memory/2684-796-0x0000022F6DB70000-0x0000022F6DB87000-memory.dmp

memory/3628-819-0x0000022EF32A0000-0x0000022EF32B7000-memory.dmp

memory/3628-795-0x0000022EF32A0000-0x0000022EF32B7000-memory.dmp

memory/1460-794-0x00000130A8580000-0x00000130A8597000-memory.dmp

memory/3612-817-0x000001945A960000-0x000001945A977000-memory.dmp

memory/3612-793-0x000001945A960000-0x000001945A977000-memory.dmp

memory/4020-792-0x000001D8E5C00000-0x000001D8E5C17000-memory.dmp

memory/3452-791-0x0000000007CD0000-0x0000000007CE7000-memory.dmp

memory/3872-813-0x000002139D120000-0x000002139D137000-memory.dmp

memory/3872-789-0x000002139D120000-0x000002139D137000-memory.dmp

memory/3788-787-0x00000167426C0000-0x00000167426D7000-memory.dmp

memory/3584-786-0x0000017DE0DA0000-0x0000017DE0DB7000-memory.dmp

memory/3124-784-0x0000022E552E0000-0x0000022E552F7000-memory.dmp

memory/2528-783-0x000001FE12EF0000-0x000001FE12F07000-memory.dmp

memory/1204-797-0x000001A8DB2D0000-0x000001A8DB2E7000-memory.dmp

memory/3936-790-0x000001E0FA7B0000-0x000001E0FA7C7000-memory.dmp

memory/3452-788-0x0000000007CD0000-0x0000000007CE7000-memory.dmp

memory/3452-785-0x0000000007CD0000-0x0000000007CE7000-memory.dmp

memory/3040-782-0x0000022802AF0000-0x0000022802B07000-memory.dmp

memory/1372-859-0x0000028F61E90000-0x0000028F6292C000-memory.dmp

C:\Users\Admin\Desktop\RedEye.exe - Shortcut.lnk

MD5 5e993c6341953e1a23915ce3fae7c6de
SHA1 90b5f26ef73d28b5b4bbd2600bba3540057e4a3a
SHA256 36d2230e9fb137e3e78d12b737a3b75d00b4124c02840076ece3f1851f8166c3
SHA512 051e6fafa8646140ab6b3acfbacb8cdc985cbc05ac54b423750d883f6c5f0d09c259b1fea12ee2a0815fc490eec279bcd585aed5765fe21d319656eea88d6e8c

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133764265282340521.txt

MD5 17a6e7c7bc90915a84872440a1479ad2
SHA1 33ec9010d6c5df210f1d75da34ba83c7ec8ad8d3
SHA256 d3c8f42a23a6254bad65f0516fd71e86fbf57cb0406c18b5255bd95f570329af
SHA512 12223b61e199bbbf3c914d73c08fcadd3dcb349afbb3fff3c887195475093b103e9bd3f41c1294b0296431ee6c1cec7cfc09ed1dc72d0f3d97c9a85df694e5f7

memory/1372-936-0x0000028F7CFA0000-0x0000028F7DFB6000-memory.dmp

memory/1372-957-0x0000028F62D20000-0x0000028F62D26000-memory.dmp

C:\redeyebmp.bmp

MD5 965bd010fc75b00a030778a393166f44
SHA1 2aaad5c668320896b6be56599371ac1b873bf436
SHA256 5c9892e38a598c9a69300dd500b60257726dafd0b85ca2f93e4fef06cf2d7516
SHA512 be9c79639b06e0c4b6d1c82570419a4b2bfb066051a8aeca3d4762fd47a95b0f756e443b7e62ee5893f196b5857a560b72a0005f21580906921c4120f46b00f9

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Seftad.exe - Shortcut.lnk

MD5 85de07940067b745e31de300d2a471d8
SHA1 09222ee91e4891ef934c149abacb7d2f43b50899
SHA256 67371b679ca8c1662375103ba3791e85b42cca54a912efa9a66396d5b106c239
SHA512 08dcb757ac33213651c7081acbc6da2f69b63354ec85d0a7cd5ee43b0a21f02051c39f8a801943d74010237e00662ec3bb5846a98a56cdbab72fd231d49ba331

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\ViraLock.exe - Shortcut.lnk

MD5 498e1248974b010e38fc0ca343c5f6f6
SHA1 e11e1933a741ace84fe303fffea56ba2eae4d867
SHA256 ed580ff40ced6aedf720baf4d1fc06618ca1a9cbdd35da85db609ac00556ec41
SHA512 48971bae92b0f3b6b8c8ba8912b9cd3789e57dedd6143620f67c84d85e5204b75b25518f76f6173f264e32098a349f0ddb964e609fc8a49bc932f0d2eec5d65e

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\UIWIX.exe - Shortcut.lnk

MD5 440fadbfd8a49ab38261d5349afd3ae9
SHA1 4defc6be795a22aac066fc759c2a727486be3a6e
SHA256 679d4c43f6fead1bd3a9ac970d740a2b8a824e21b55a6853973c4d1237649911
SHA512 dbcab796d8831312e8dcf0a923f926a1da283efeecdc183cd513ad414a369063553ff6df5391e6dccf971527149bb7420940ff6f0df0ea3151c82a96170217c5

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\SporaRansomware.exe - Shortcut.lnk

MD5 ecd501cfda879fe3990abdb4f8eb1bbb
SHA1 29934e84743059d38cbe1ccbe796e94f2fbd9e03
SHA256 1af354b66c01cca35e1755a5ee4d903bd4312326414d74a13ed9ddad195310cb
SHA512 4c59ed45e28fd78bd2e3db1dbe41b93a418f40ecf6517f0d91a1c8202e2bce907503ec5f26c29dc9596c8b75df5d5047e3f87e54d044ef351c4a06ffb8f27af3

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WinlockerVB6Blacksod.exe - Shortcut.lnk

MD5 5603d6e0bc635aed99ca4a9c5471e4f6
SHA1 0ade70e350af723ea4bd9b7ab4e816fa0264227b
SHA256 967d9c9e021750a2ac7b12dd7cd8a2b3b0fc93db46e8800498630ace231303a1
SHA512 0f409157b0f19615e26d51c3dc65f448fd8940d6f7ad998218dbee72f1d8424775fc794bc1fa4672cefcfe48ac620382c63f64c46a67738639d15ccea4415199

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCrypt0r.exe - Shortcut.lnk

MD5 36d3e2115cf283213363a984aa634a1a
SHA1 517e1db15d5f00f53ad55ae8ee22e540100bc55f
SHA256 62d9336e1b196e8b14af90ce54b01f726d3062b098231d62d8e2c80fea23d44b
SHA512 5393b4d18ddf26dd3cc69d8374695da596f5bfa82290eeb90f6d6cbc0f384417fc355b766397d13ac6e176cb0e0d4ad71d6824992508db32ac2b56cb906b882f

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\WannaCry.exe - Shortcut (2).lnk

MD5 cf6d14ce6e9d1dc1039928d34f4c539a
SHA1 bd77e79f1f5b0c0f9e5f815bc6e41933ce1c6d99
SHA256 30907f9a2f3e63d12434490bae9487df6b22f3325fca59e109ae734f1f6f86d6
SHA512 cdedcc504d5b787f7db81884441e89a0a5632294bea28e605ba8912ad5c31e39a2505fc9bf7f5254da3270b6f2e909602543797c7a32e5a3cf0d532fb33abbdc

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Xyeta.exe - Shortcut (2).lnk

MD5 7b3d75ff2d32fdf98ed4bae3470b4d24
SHA1 e995beb322714cf5fdffbfdb00e44d71e94b9e94
SHA256 e8b6d1893df2bfe64744945b3c6073fd191dbc0589cb4ce94d04571e7154ba17
SHA512 ffdb041158ad88faab98e559e30e1abe72d3025be2867cda6dcc9e79b9bf11c3b3bff9a1a6423329dc62b228c3174af1960fd7a8bfb1252b26973f445f873c10

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\CoronaVirus.exe.RedEye - Shortcut.lnk

MD5 57b76d2dc834eadaa0de3fa5801dd936
SHA1 2bb6e8fa4c1652e97d453239ae8859fdeb8c11fa
SHA256 673b26bd021398f0faad582512e61575a530b8cc92328cf42a298d7278322c9f
SHA512 e3d5b6130309438e32f838aa02e7a2e3e0de32dd0af74601f67eada7620371128e8bc500df58de8d8aacb5109c7ce51757834315072848961260a403e0282ca1

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\BadRabbit.exe.RedEye - Shortcut.lnk

MD5 778833386991218fdb307072f5d2b207
SHA1 c2cb58a1b5046a6ba1c51a8dda3882e66c510d52
SHA256 8c9063be00b9b64cdf0457843220324699b4898e917508988c56935c59994e89
SHA512 4d8ddacb30f08103ba962913a224e456ef172f2010f91b0937c62c38086fa53813bc49972cc6d7f91573f2f287aad73d27b9a885ad1ca6faedfdcf92cc78a46b

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Birele.exe.RedEye - Shortcut.lnk

MD5 31aa79bd7937191aed4d9c131cf56e72
SHA1 6a29bf7edfded40b83e41bf9ac041455abc8e41f
SHA256 1b317badafcad97fd31e05fd5d0edaf6ec9687f8768118aede8db3b8eb8477c2
SHA512 e43dbb856af59a6356c0df7358ed057efa1959ff182ae4cbd5a5cf086f549c3dd6ffb646804eb0aa574ea97f7c717fd6166d2962894c2905b2dc9038d7a3ffc5

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\Cerber5.exe.RedEye - Shortcut.lnk

MD5 725acee69623e3d61f1699146ceb36e5
SHA1 28c9084534cff5ef370f83c6c632761f62e6932b
SHA256 cad0e26975dd33828b8d8a3a9e442941bb4f1befb671a6c4d83480777389b9a5
SHA512 3b65083bf279832d5d04d981328a6cdcb316036bd903f04d7a21f25dd35831320b53596ab76640a222c413927467cc51d226679b49c3dbac4f90d2ca3039eaa9

C:\Users\Admin\Desktop\CryptoLocker.exe.RedEye - Shortcut.lnk

MD5 914a665572042ae742ad5ddbdd2e965d
SHA1 cfd44e18d0e065b037a9a8d976e2c7295bb6535f
SHA256 202705e7a373d9dc23a66a601cb0b6b4829f35dc4e6920f9a237067935a2b54d
SHA512 0c40e9a701f9491d3139e128aeeedd872b9f93b0999570ceedece830ad06dee5201a8666008d64f17f993baaaf6ae2f69a57a727c9cef25d13bca92e6a5ae044

C:\Users\Admin\Desktop\CryptoWall.exe.RedEye - Shortcut.lnk

MD5 7734eb044a628f31b95eba46706e08cd
SHA1 0d6f71e66277ac56874aa697efe6b359d0a22777
SHA256 0988ae8e66bb5528008fd9d01a798e3cd3d0732d0806ea38f660d02a4ec74707
SHA512 4831bb47e7812164c0e2654f72c339b81f0174a649a50427d73fd160e6183a2c989b0659f30dc795b2b7ddc032f6cf54a49b9a4b6d7904c0415b68b0076d3af2

C:\Users\Admin\Desktop\DeriaLock.exe.RedEye - Shortcut.lnk

MD5 c2183c86fc523a7520bc0f50f5fed62b
SHA1 7f479237e95c1dc175fa074c1f549dcc4b89889b
SHA256 0cc5ed5ecc1ed826aab6defecf8430b9ec524cb49c982fe6c3e87caf75ad30e3
SHA512 2df3d8763e1705acc371c0ffffdd4cbfd783cf5bdb63e4048f26169775b5bae6198d0ac2bcf589f0a8cce1c5f794a02ef8f6e3bf9a0fa08f547b3ed2f153ce23

C:\Users\Admin\Desktop\Dharma.exe.RedEye - Shortcut.lnk

MD5 d8c6f6bd8f397e3731c3d7b73e84c4cf
SHA1 b730b20cd267df4120539ee70530659e38962350
SHA256 47b26a2fd794e15260b3e6905d647196a10716f7420ef9e380760047b3550f94
SHA512 f64cdf3e339997cbc44a4e54cd1d2902c1fdd64b43db7e2a6e8331ab0cc083209c4f5db7886397dd8853fa0f2069185872198ae83195d7a51de68019421dea60

C:\Users\Admin\Desktop\Fantom.exe.RedEye - Shortcut.lnk

MD5 0e1ae7547432e093782f0f3d23c04c68
SHA1 081759ac1a585d02a1eb62de8637a3d8cb394340
SHA256 238504658d9a428628478211eae2c0116fcd02056d43c98834c05cf25337afae
SHA512 2bbdb0a0d3d90e7d62175e89d3a58de7726aa19dc7815fdc3df9093c0b488eb50e3342cecffc15bdeb9d34f3dac88a3a8adbbdbb81a86beb015820234de4ab2f

C:\Users\Admin\Desktop\Krotten.exe.RedEye - Shortcut.lnk

MD5 bd6dc5619ecb70d6a6364e377976545a
SHA1 685cbef7f957f552655ff610dec66f7679ac6eae
SHA256 7b7c8831400f2ab5ddc0bb28c97e1a5b93ab43d929cbd826273d8a2fa9006f10
SHA512 ff69646ab8fd5746cae54d8ffc616d93377f26d5547ad376e015bdb798e3452da379b268f93990b46de1424189a55641e59c8f910fdc0f4d6a6dea6ba161cfeb

C:\Users\Admin\Desktop\Locky.AZ.exe.RedEye - Shortcut.lnk

MD5 061f67459c577ac8084a2bf9fff7746f
SHA1 a0f2f0476b497d9abecd2ff31fbbe447cc23db5a
SHA256 8a5c224b18e2209651a0bdfb4fafe8f73f83ade14a4e2c43e557fcbd989e2434
SHA512 fe1421d6d1f81bfd5ba1250647803c7491e9f0e38d99b1adf20093836a14035e6f4b216a90afd31252ac6cb5854e39fcc81686a00140f657f357ce8ae8050f95

C:\Users\Admin\Desktop\InfinityCrypt.exe.RedEye - Shortcut.lnk

MD5 5d00dc2702cc4317059d3d56725b6128
SHA1 9ac72b42c8bee5ed9fc702dae768a1d860f5cd3d
SHA256 069dae8d28f77d3297883b5908e45b27a5049a09b24f675967b4fa617756d23c
SHA512 44a7394421d91c81b7100687e9327e5d1b17e999e317507425cd1aad396f9ff3ccbd7d3d175c88ff8833463954b5f83c3a45083325e5669f544256fe6d938855

C:\Users\Admin\Desktop\GandCrab.exe.RedEye - Shortcut.lnk

MD5 8171f0656b485e17b9211ad662cb8f8a
SHA1 938a98bd3ac62e63b96adc6db74c839adc62eff5
SHA256 23f80c5b9464a7c8a59fdfea1c09c393a45d143730bc4dee986b4267596739d3
SHA512 af54d52f878e86035b36a84544581695be5ffb54e512c235ac36817a78e7c1506d02da3e6856791b522b7869544613e9e5f3f9e76e31afa4a7cecf8083bea3ad

C:\Users\Admin\Desktop\NotPetya.exe.RedEye - Shortcut.lnk

MD5 ffcec071963a8b4b4a4a405fc2a16ce3
SHA1 46f00c5bf09c4465eb3570d39afb84f8a98a89c9
SHA256 43a93350146a8a5435fb6f49162ea3e6d6ca3deb1a3041289c23087f0c3e65b3
SHA512 ca82ee4960648beea16cbbbe65b3079b6d9a715d8240401a80756676c37eb2f3a3cfcbcff928a52f3e0e36dbd91b05af69b99e0d173553fc1e27301ad68c7d21

C:\Users\Admin\Desktop\PetrWrap.RedEye - Shortcut.lnk

MD5 aef663b5d814c31e0886504d6b87584f
SHA1 f9d734c9381792e4b108e20b796be1f1524ed499
SHA256 11556bfd204c40611ea5da919a68f9fc65a28d08595776c4908d50c5c51af4eb
SHA512 fcc62dd281acd597d2d5a8c277e0710859c4344db23737e689dbf222b490681998db2ed0895d40d3c52b8702c490d41690780c51e38270cc620338f8e2da1cbb

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Ransomware\NoMoreRansom.exe.RedEye - Shortcut.lnk

MD5 f2e42973307194335f0ddad705f51fbf
SHA1 1b89ecbbe7e99a01e20c702e18159dbc89c5f34b
SHA256 b59c6ebfe72878db7ad004f68854e5c5324bd83c4199dfbc86ee4c9e28303f4b
SHA512 48f28e02b60330f497269b63f7e2e1de0c6ca408d4d097f895b4bffd534b852107c3f76274f275874a82859bd46871ee0882394f04fadadd80dbe97ed167c74e

C:\Users\Admin\Desktop\PolyRansom.exe.RedEye - Shortcut.lnk

MD5 17085a7ebbc54d56a51999705c14ca78
SHA1 3cef375cce2f57e8b856f69ed617867c2183568a
SHA256 e72c81828093a9d39d412d93d566bfde11e944c0618bb9151447b3197b9a1089
SHA512 84c1d8f519735a2bd443403cfc4565d45d1874ef5fdfcf8ef4658c60dcc559367d5199f6fbe65f19880ed2d59b490b8c0b811008c0816f592dc97c4186a8cefd

C:\Users\Admin\Desktop\Petya.A.exe.RedEye - Shortcut.lnk

MD5 4aa636ea5e62c07bfb1f397b2be5fb17
SHA1 06985afde79ccedbf33e4fce4abf7cba05e45e5d
SHA256 17bbe1e6ddf66bab952190566c6a96c6a573c93ef74b865eb25d47e4b24e9f68
SHA512 fbb788e6c679b52bf51e90af6baa157aeef7c6a9077b7bea674d4f71d469f0957643ef60347e8dca769d313c1e9f4b26dc941f217e2651cedd41e38578598569

C:\Users\Admin\Desktop\RedEye.exe.RedEye - Shortcut.lnk

MD5 fa2a28215b1204d23d6f0a72554368c0
SHA1 a6c67dcaa81a43c43bba19da971a6e1369482c43
SHA256 1bc8d5d7205a53b554b6ad22087cffbd48dce306d44bf65fde7b8db8beb9bbf1
SHA512 e8f7c09356311d1d92e6d26b793d5faedd00f3769a5e19578a82352234da1f0b12015a63b333e539ffb7e06620550d636db375eed11d577368602aa329dd71ea

C:\Users\Admin\Desktop\Rensenware.exe.RedEye - Shortcut.lnk

MD5 8e0668db9d951830bf622e8f0fed7f79
SHA1 12ba8a2b18c1b2f7da5d5ea7a03f93b694bc8bd0
SHA256 43d123db268ec1f3a2adc9627a58143d8f25180a138e767eadb9944e3a1fba8e
SHA512 008064a7178da6a9268b18a4f4cead0b1afe04387f94faffd65404c7afe55fdb94013bf1f0c9c131b62971aca5b47bf1096c49c7f6814993dee6c6e393e9386c

C:\Users\Admin\Desktop\RedEye.exe - Shortcut.lnk

MD5 f2605317649897828dafd4cc3b42c8f9
SHA1 8dbf57b1c80b657c97d9f417ed8639f3dfba16a4
SHA256 a3340a430d190676060a038f735ccd27b1d9af40168e3c0ccd2bcc8a07598447
SHA512 7a9107bada466335cf0f978e374064ed3fd1062db49effaa940945ac3da61fc772df00f2f837b46aec21bceed0dd90611ff42ce140b2bbcbaf799bad04dc3995

C:\Users\Admin\Desktop\RedBoot.exe.RedEye - Shortcut.lnk

MD5 641b285f45f424dcf7bc40b078bc0e5d
SHA1 88e147b28e1f39975555f73ad02bd2c150c252cf
SHA256 ae68ed6d75ea16e5d874af8f86192663c2ed221a2ffbf2a666c992f48e2eb4fa
SHA512 841b5c7015b7d4f5180542382b0d60266e8747c354897277a05a1ad1fa3672c12bfb659e4b84b57c1643a1eab093663890fd2d295d8803181277e5651086a226

C:\Users\Admin\Desktop\PowerPoint.exe.RedEye - Shortcut.lnk

MD5 597567e589f3571360811527269017fc
SHA1 deaef072242a3577ae94b32559b2b3d53aa8d4e1
SHA256 0dd132b6694fee797f8d2431c101a8cab0f36679f23d255ddcd8b4234219b9b5
SHA512 ddcfbf4d39a6582f3eae981618af078aeb25836be81a06d27be0d42c0117ab0268a18bbc60103d66a97f10961f619c655d54dd58a3fdeee1e62f7305d89108ce

C:\Users\Admin\Desktop\Rokku.exe.RedEye - Shortcut.lnk

MD5 74e575ec7451c634a1d14a9dd4674c51
SHA1 1d3272d2ed97fbbb73434511a41815deab56a583
SHA256 6f06a1f684ce5c90150e54101480dc043e5e0bb7b38d94ba6b8a68031b9b8454
SHA512 8f8f60d2d9705ff5a18d4780ee0d6e2654bdd8e98e4d9f8aad861b6dc95df89975b79173679035ef9810e5858eb4eb23eb6af97c345dff5f0bee582b4ebd851a

C:\Users\Admin\Desktop\Satana.exe.RedEye - Shortcut.lnk

MD5 134621039d3f715b30bbcb232e201706
SHA1 8f62d1c0dd67331b6b16c4eafa2d9e8b9b160482
SHA256 ae9e03eac51fc31369e012af5c1d6ba580b34c008c7577b13a27d5cfc3498234
SHA512 5f64182c2ffa893e79b49796bb334c0dc0d855d4f26d9ed48e32be374f7a1bbc2f01c069b57ae01b8b8081610c21bb5e7e6aaa1a7957b493b26417d694fa80cf

C:\Users\Admin\Desktop\Seftad.exe.RedEye - Shortcut.lnk

MD5 a1843cc99d316af5d5238f9ccc406047
SHA1 d027497872eee4ecf9becf53ec800a2233c2c5be
SHA256 86b47604625e1ddd69b969b38a8eb4eb0caccc776e00b244900accc3154ef583
SHA512 1e89d3c4f5e48d79a2e9a62e08e8b7be55b230173e39d2687ad0d02d6db69163d4c0db9995881c7c4a3dfed7b72091c64e9b5fb5333a2fba11334165633be3d8

C:\Users\Admin\Desktop\SporaRansomware.exe.RedEye - Shortcut.lnk

MD5 1d500b25ff8d4fbf5886fc8a6693e454
SHA1 b45da958640efadfd8b383957f49db29a1ed83fd
SHA256 1d1df7b43e53346b7c12a9c94b997f1de01786e2a19cc70bd8a85cca55bde82e
SHA512 3d83acb3b05a522b5b188b031986f2fa4bd8418e2f2c44e52f35cc32af0689d490c7f0917fd350de7e48c4b47e006af71b7404e7216e09e0a5a8371be4f1e3c1

C:\Users\Admin\Desktop\UIWIX.exe.RedEye - Shortcut.lnk

MD5 e6c8c17b8c876ec9a5e16ea7ea4a0925
SHA1 422aafa8fc42db01c4aa714743761878a02509e7
SHA256 9d192e9ca308dfcd2e5a1af8be66d9d4af53638907413fde59b4ea0daa32a37b
SHA512 c610563db32ab8e1d0349aac2d52a11cf3240f10160e8de268220b153be0517cc61a18b623cecf29cd910ea4ae7c54226d4c48e4da170b2d75918c8d718e7737

C:\Users\Admin\Desktop\ViraLock.exe.RedEye - Shortcut.lnk

MD5 af7ec6948dcee683a6d2b76e3c1173b8
SHA1 324a6c2a04c557a997603de689ba69931fd37d4d
SHA256 220422cda2e91a459e055650dd7fbd39c46a718be7f88371c4908f77e47c91e5
SHA512 f29e199236e6f9e2a6aca994b9b97da007ad9587c602ad62ae8ad23fe44eded1ee9d26a55977bf7d45ecdcb04ce20892ae51d43a8160c5fde14a23156e7eb276

C:\Users\Admin\Desktop\WannaCry.exe.RedEye - Shortcut.lnk

MD5 ab651aee5a53b55e6f14834bfb4acf9a
SHA1 12f577e0fc0a6d7f240d18bafc6c0baaece3f338
SHA256 9b4937ab8ffcfd92de145454cca532d2329fec9542c2ba2efc953d8a4d2cee73
SHA512 79c283dd50d9fad3f4870f0d2ca7ef5058ad4267db223efa0bb1b3adadeb0d279878d6aff32c027418a45c8e212298f5f9c0daf18f1d1065c259a8b9c1f0d3a4

C:\Users\Admin\Desktop\WannaCrypt0r.exe.RedEye - Shortcut.lnk

MD5 123a22522bb30541c1ee5778933f0e06
SHA1 c45341f9abbc1e905c8214cfece476aae1f5f82f
SHA256 17db9a7a4b0cf7c42f50b5cfb86695ac1707dc9c597f70397f24fcaea7284eec
SHA512 94d07a183485acd598fae14be7532bec6663731a566b6c65fb93a94d0393a8915a6608cf182e3b21275b5aef96a4b3be11c1be02a3b1c722eb1d126e706e10bf

C:\Users\Admin\Desktop\WinlockerVB6Blacksod.exe.RedEye - Shortcut.lnk

MD5 acb3480c835c29888b8e58fe4dc5e8c5
SHA1 521868c70d5fa09baf1bc0eea21c5063957942e9
SHA256 a7e47f0aef0a050961e2d8e4203ffe2662e8c064bc50c49a7f4693d2e767e8a1
SHA512 64fc083ea870d9e6051febd5b8d6bee7e123758f0911c09a47017110d6294156bf9c54ce272886363fd07f2ad09513a5b95948b0d82a3bb9369a852bc29c1f7c

C:\Users\Admin\Desktop\$uckyLocker.exe.RedEye - Shortcut.lnk

MD5 e5f3e7d8a42780ec2d0438e1a63923be
SHA1 a56d518c7e814b770df07311b638f84e9323ceaf
SHA256 6919a04d857e2b4efd25d6c17d3410158a32c2a5e742595c17d8f435ac00bf90
SHA512 0c3529c5d5510b0c0a1a3bd4f22b2e5585151664df1dd45c4d44b3f8910807672aa9197b9f0c2026ec4cf99148882b6f7637a2286fa9bf65adca865ee25439eb

C:\Users\Admin\Desktop\Xyeta.exe.RedEye - Shortcut.lnk

MD5 0319c3a810ca14ae9d6f9794ccb648da
SHA1 9597d37bcb69fe33176bbd452fc5b5b34127efdd
SHA256 6c5ac6f2fb621b987187705153069e63a228adc6e07a4a5d52d28ffe216ab6d7
SHA512 be41d77a55c122ce638dd28308da107cd1d60462ef33f4d73dcdf6f7b5bf528496c6a7fc977c2dd89624cbe357a0e6eb9e112047386fd102416fd5d287578a67

C:\Users\Admin\Desktop\7ev3n.exe.RedEye - Shortcut.lnk

MD5 360acf235b32d8bc2901f8a4a5b4cb5b
SHA1 389d3c129fdaf3417c30073e304551d5d81f06db
SHA256 6404f59c74fb1286df97533d9b10475bb23d29463c81d4204c287182b7efcf49
SHA512 911a65744b3196aa828f3a31f5b9c331719407247bb7cbb5ffd639ead691e7413419bad8c078730c23605e45cfaf73e9571ca91e0c96f29547ce8f88c663076c

C:\Users\Admin\Desktop\Annabelle.exe.RedEye - Shortcut.lnk

MD5 f28e2f6d8397b248f1fee8fdeba3f459
SHA1 1c4106449a2ac58672582c8269d6f8b1ee0368e1
SHA256 91daedf060b2980807e307ae7a2029ef104d68103b486e88b60e65e67d1a9bda
SHA512 82c8858577523fb31ea1b99907e117b71c47f08ad632b8ef7558b2230382d485e9dd0d6ca6aad1267ad8d72d3b6f03277302d378e0baf78bd2325e0b424b48c6

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d81a575e-0a23-4f4c-ae13-c214fd376b3e}\0.0.filtertrie.intermediate.txt

MD5 ab6db363a3fc9e4af2864079fd88032d
SHA1 aa52099313fd6290cd6e57d37551d63cd96dbe45
SHA256 373bb433c2908af2e3de58ede2087642814564560d007e61748cdb48d4e9da3f
SHA512 d3d13d17df96705d0de119ad0f8380bfe6b7bc44c618e2fcd0233061a0ab15beae44d38c48a880121b35f90f56c1529e5f4cf1a19acb9e2cbba5d1c402c749c0

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d81a575e-0a23-4f4c-ae13-c214fd376b3e}\0.1.filtertrie.intermediate.txt

MD5 34bd1dfb9f72cf4f86e6df6da0a9e49a
SHA1 5f96d66f33c81c0b10df2128d3860e3cb7e89563
SHA256 8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c
SHA512 e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d81a575e-0a23-4f4c-ae13-c214fd376b3e}\0.2.filtertrie.intermediate.txt

MD5 c204e9faaf8565ad333828beff2d786e
SHA1 7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1
SHA256 d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f
SHA512 e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d81a575e-0a23-4f4c-ae13-c214fd376b3e}\Apps.ft

MD5 84ac0c242b77b8fc326db0a5926b089e
SHA1 cc6b367ae8eb38561de01813b7d542067fb2318f
SHA256 b1557167a6df424f8b28aabd31d1b7e8a469dd50d2ae4cbbd43afd8f9c62cf92
SHA512 8f63084bd5a270b7b05e80454d26127b69bcb98ec93d9fad58d77203934f46b677a3aaf20f29e73dcd7035deb61f4c0aa3b10acbc4c0fc210632c1d74f705d2f

C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{d81a575e-0a23-4f4c-ae13-c214fd376b3e}\Apps.index

MD5 bf528a4141f45599f6b9579a231a7352
SHA1 2ad1452a5277891599a0f10a4a74e0d10beab6f5
SHA256 8c09b89597c808c41006bef545e24bf54451839d482aa077296da69080ade439
SHA512 be060acd176cb867248ce6521ef39f4f06e458b582140bde062cfa77ef7751d9db49222baa802470283d68e07815fe18788b82476880606fbd3b04bac31149cc

C:\Users\Admin\Desktop\Rokku.exe.RedEye - Shortcut.lnk

MD5 13e5b32e3e7d8e2db21f5fe5343c979f
SHA1 36c5ce6a3e388c79ad0e1baf4911b3a0072717df
SHA256 5a18494e5be96be260dde08159dffc7f0ce026af5a195648e07016644ad4f502
SHA512 27e24e8ca16ade3f2449d09ef3824d1e4a424e6adef659eef4dba971021bb99855ddfe9b91caa4503890475bcfa60780754b20b399b13ee917cb18ddb35ad7e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fec6f16f171f3ba55568802a7592f7fc
SHA1 d679be0b4270bfd7d811bc8d028052a267160eab
SHA256 770fad00532e966f5f2e2a77afb0a177187a92b72c5b55890b3907300f91a652
SHA512 c7e88c90b615c353bef4f425d84c8e128d53d12f9a07cc1261b38bcbc3187f47ae63e38a614f2287f22b3ab08dcfa48b317c6f53d8cf391f3502df3966a2381e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 66978870f82e0ed49c61d622d76e7c37
SHA1 d3c0394364472adb873ea3c9ff31b311d70f8c71
SHA256 570431203d328e9fb70a7efda88d022adb47d8daf3e9ba667a97d070bfdb1f28
SHA512 4364a3674cbe7e820b7a34edb2eec2bca8ab1dbd0515dd1cb4d4437616001b6482d368120da7e2cc8804f866f83bc0af33eb9028e7b738daac2395d95aab423c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 090fa3e1c869d3b622b2b7ca0d62cad2
SHA1 ec8a9888b4c55cc2b43b3f821e4fb6c25d0b5acf
SHA256 9934c2c53ca37f1d650bd3ad013533e8c0cf0802d3b29cedbd6d70db171390ef
SHA512 d5516ee1f35b9b72e286d26ded7819c6d05a9019df3758ff291e83af1a1a767361ce2d3276c412cb074537d387bac4935443c7f3f6038858697b697431cb19f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 3c10cae8a9d7b9ebc7cbc89be72395a1
SHA1 db43de8d5d045bb2faef77f6151b6bc53c6f5b4c
SHA256 d1239d0fab783e68d6e985d20360a8a1c96fd2bef11048bf3dd0bd554ad105d2
SHA512 10fe43f043fdd1693197327ba2866b05f9a5d8ec0f915567bef5eaad8f97bd9b27dc1c16227df42987393370aa75676850c24c951a9da2f6c213f814f4d51b2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 7019feb2ac0942ca907103373c3bd3a1
SHA1 223e4c09da8acee28dcc055e279525d93708150c
SHA256 a6675171ee6e09bb626f3ab7e52cff8767d6adb66dd24d55ad24f3d18ba5fd1e
SHA512 17fd4219ad80ec958d1e5096bd385f85e4b3e6360131eb011e451c596e5b58f7207e464dcaff468f67e3abd9dce8770de0c78a47f2f397f3b464eeca1f274843

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 19b6bbec9180c6d463e159402f554cb2
SHA1 dc3112f74e814b08e0ff88d84f866bba00d95940
SHA256 79aeb351e923e1c09f115222248e1d4c2a22e7b514f92a9f8ff7ae053e161377
SHA512 4876d9f7193a31162a52f1d39f085a8838450080e8fc9e065e083a747c06bf9f414ede7f6d2c87a4a89ed9682a3d194188909455fef62172c7b0196dea2db53b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 178f6ea22044b86dae74ce6a6007c697
SHA1 61b84557106793d257137b81c19178d5c9b6eff0
SHA256 5126b90fd6d69efbb8839457c24caac2351deae60ddc2132b6c89a07b69df8ee
SHA512 1f3e098bedec9f38639758f9f933f252ec4f40eed5ee74c69c9ca0f739e088626bb8f83c05ee9d98ed83cb7059ac50856bab713136f2f15ae13dabc4e6bae0cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376426212561386

MD5 7c890a0808c53119d48ee542b75b97f8
SHA1 9d542bc8608bfac0c5582f9eb99205ced6f7d105
SHA256 010aeb92aca018241fce5d676f06fcdc1589bac5f2f3ed5082a7199fd7b4cd15
SHA512 3b7d5bbd1b23b3406f5cc068ef8d878c09da8f3003622383cd55157dc4866893ba46d53b0e78cb16e93e5a42c66ebbbfc244abeb8bc2c18bc417dec17534bd55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fb28a748-5b6f-48af-981d-351995612fdb.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 249954a6f1d1a06730eea39e86d2ac58
SHA1 193e53cdc9e5e1be5fd562fe2d79b49966b99992
SHA256 6efc4f791efc3301516b378b5922be4b5f69d8e146afab2d035e009a401c3d4e
SHA512 1a27f67a16b0d1da44a0f7c8a819c89814241cc4d16e29961229475bfb1c52d6321e85046509a40c2a217f12f12d3aa0bd052b51e3c2c097ed8f2a4d2c05c28d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 50ae5b8476c061e26bb6a875ee85cfc0
SHA1 044796801e986be46cda17e9f86a80df6ea87d68
SHA256 a31a1bb78f38b4abf8a79c42efb881b4d005d2a066f1c2b9ad4fd3bb5e468bfd
SHA512 28c7f495735054a6404cadddb587fdaa4b12601970d5f2052cafb322ac282158205dc062f4bcf9e1d56d7a07db1b6ebd75e173cdd9a491d70e31806258aaad08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 81c8190ca2378b6ed7e5dfad01b8fb54
SHA1 9693b0ae0cd2be905994842582d86b170552f2a8
SHA256 0d44be0093fa779138baf058a6a3c34db0536f90024d6cad1c89b37c41d01f41
SHA512 9bbebf0caebab19c2d0fe007fab5f1de1acd9f992674338013f3bff46ef80ba95b1a48d09c38838096c13433fc77dae695d251d6769a06a3dc0640897b429af7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

MD5 bf0e72d93e2374df87f34a62641a1601
SHA1 d3724ba4a13b822420cc02a5dcf75644820c31ce
SHA256 e4b291507272ef6a9465eab9d31526c2fbf0e8121b599ab0fe430b27f69cd955
SHA512 bac88e170953e3fc08ab3ffa95e6d2519288f1b49bf8cb5787b701bfdebc2065a5ce0c8599b2effc7b3fa547203a141e05750a3d4a57f3290731efac298118a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 37128b4e4883085adb70212099d33acf
SHA1 9c716ed5401e9dc2c6879b03f0a34d824d2ede99
SHA256 91c7f07e7aa52f1e4d6751b4ba31d098072197bf3ba6a4549d213f9fe1de1ab7
SHA512 3e3851dbdec3560fc5eb18be51de362acb4bdb889c66d1794b97f29a8a3a86aca900406360778819ace767653d083be45a21673e232be205e81ff36ddd9f63ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 769e0da74c75e130eae79d051c5daba0
SHA1 5c45063e952e2d824222b8c5f2698e28710cf7a3
SHA256 625592c16fd509d0d7c12bcc2cac08b9bfdc4e25b8cdd3379e6be47f6a22c31b
SHA512 3befd58e89e634275456f3f299409d33409d23f7e3d39b8c2d7909ecfb6e5120c76ea2f5cf94371fbe08b620b8de1238fedfbbad2705062089d94285c173f431

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 102c2da2fd511ecdda86162bfb1e1bb2
SHA1 cd2169fd440a12a22b6101b72acec7da87e44b46
SHA256 4a7c2624d1dab3166024ed0b8805d00d737cc7c006fa68a40e56f12edd83c5c8
SHA512 26471a65f96d27f96adb19260fb1499fd65e5d1587c70b2ba87d306cd19e3721bf5c632257963afe8901d8131d9836dd3c56d2d144ac3c9b81973113a0fc919e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

MD5 be115032158a1b1a612ff01e7c9ce5cb
SHA1 827192ce09465ff48b8546f8d0097e2413be4e02
SHA256 20a6b51016b0c1fd32c731b69523e7e67462c97f5e4ae753900c55680a68acd2
SHA512 eac13c342f1fa3ff3d7b3450ac06003f59093bd92e37de2f956fe4138e151a1da7882089b414f8ac00acfc935128527871da771f7abbb0b13b001f06cfa9fc48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 e5b91e22e5a713164483c49f81f7dbcd
SHA1 c6010a6523d737470b589ae611c1f8eca4c5b9c7
SHA256 5f58cfd4f7d6df59ae8615181793bd21d96f5b8548b93777962ca29e1c6f0396
SHA512 6e0f36b5d89873eb96ece6637cbcb5cb5b55102c5559e929952653d5f8e4cab6f5ab1296d42475bd434199cae8bd6dfce151a3ad6f360ded215528ef6e2794c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e5e8baa9515952641f829d3c6b70efa9
SHA1 71c378839f4bbc2c45b5f395d40f7a8f101457c2
SHA256 c6aa95e7d61f34cc399b3b4720ef0eeb68928a2333693dd5e444e2af362e5e06
SHA512 561da9c71a37b5eddebd5d1d41ba29977468ff6150e7f0a5e7287a1e16778b68d327981595ce5f7905df7a59193ee56352aec842dd46e6ad9f9f897137089034

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ea9f7b9690d296c5c0ff7255197d5086
SHA1 26edfc395da91f97e18eedff7e42fff38c0a8d26
SHA256 a3319b47b17fde90c222260399f7657ad7a6738ad4446015c120c1d035ea5ebe
SHA512 8e47f508bf5080c28405539da5d0e5eeadf70c1865d3dd60432248514c1f5704bddc30fe7b5d07b728f82c82b46f920f12ef4997b86e0f1ddaf33243f2eb1900