Malware Analysis Report

2025-06-15 23:37

Sample ID 241122-j2e5aasrgr
Target wangnengjs-winoencxans_1.1.0.6.rar
SHA256 86c3abe07a3671d4e1e9738e45792755c017b2122b3111d29a2e5d39d8126b89
Tags
discovery persistence privilege_escalation bootkit phishing
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

86c3abe07a3671d4e1e9738e45792755c017b2122b3111d29a2e5d39d8126b89

Threat Level: Shows suspicious behavior

The file wangnengjs-winoencxans_1.1.0.6.rar was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence privilege_escalation bootkit phishing

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Writes to the Master Boot Record (MBR)

Adds Run key to start application

Enumerates connected drives

Suspicious use of SetThreadContext

Drops file in Windows directory

Drops file in Program Files directory

Executes dropped EXE

Loads dropped DLL

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Event Triggered Execution: Installer Packages

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Uses Task Scheduler COM API

Uses Volume Shadow Copy service COM API

Modifies registry class

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Enumerates system info in registry

Modifies data under HKEY_USERS

Uses Volume Shadow Copy WMI provider

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-22 08:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-22 08:09

Reported

2024-11-22 08:12

Platform

win7-20241023-en

Max time kernel

119s

Max time network

122s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\wangnengjs-winoencxans_1.1.0.6.msi

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1132 set thread context of 2400 N/A C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe C:\Windows\system32\colorcpl.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\ziplib.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\ToDesk_Daas_v1.0.2.0.exe C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\f76fc78.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76fc78.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFCF5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI264.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f76fc79.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSIFE8B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f76fc79.ipi C:\Windows\system32\msiexec.exe N/A

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\colorcpl.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1368 wrote to memory of 2624 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 2624 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 2624 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 2624 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 2624 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 2624 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 2624 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 1980 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 1980 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 1980 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 1980 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 1980 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 1980 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 1980 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1368 wrote to memory of 2920 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 1368 wrote to memory of 2920 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 1368 wrote to memory of 2920 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 1368 wrote to memory of 2920 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 1368 wrote to memory of 2920 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\MsiExec.exe
PID 2920 wrote to memory of 1132 N/A C:\Windows\system32\MsiExec.exe C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe
PID 2920 wrote to memory of 1132 N/A C:\Windows\system32\MsiExec.exe C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe
PID 2920 wrote to memory of 1132 N/A C:\Windows\system32\MsiExec.exe C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe
PID 1132 wrote to memory of 2436 N/A C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe
PID 1132 wrote to memory of 2436 N/A C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe
PID 1132 wrote to memory of 2436 N/A C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe
PID 1132 wrote to memory of 2400 N/A C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe C:\Windows\system32\colorcpl.exe
PID 1132 wrote to memory of 2400 N/A C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe C:\Windows\system32\colorcpl.exe
PID 1132 wrote to memory of 2400 N/A C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe C:\Windows\system32\colorcpl.exe
PID 1132 wrote to memory of 2400 N/A C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe C:\Windows\system32\colorcpl.exe
PID 2436 wrote to memory of 2104 N/A C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe C:\Windows\system32\WerFault.exe
PID 2436 wrote to memory of 2104 N/A C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe C:\Windows\system32\WerFault.exe
PID 2436 wrote to memory of 2104 N/A C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe C:\Windows\system32\WerFault.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\wangnengjs-winoencxans_1.1.0.6.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 99B2C1D7D95C5124A14D49CFA04827F5 C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005C4" "0000000000000068"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B6ADDCA3DC46E9811B74AD24405685C9

C:\Windows\system32\MsiExec.exe

C:\Windows\system32\MsiExec.exe -Embedding C785E9434742DF4E4E03761583D999DC

C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe

C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\\down.exe

C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe

C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe /aut

C:\Windows\system32\colorcpl.exe

colorcpl.exe

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 2436 -s 96

Network

Country Destination Domain Proto
HK 156.248.54.46:8880 tcp

Files

C:\Users\Admin\AppData\Local\Temp\MSIC284.tmp

MD5 db7612f0fd6408d664185cfc81bef0cb
SHA1 19a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256 e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA512 25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

C:\Config.Msi\f76fc7a.rbs

MD5 104377ef759cac02d376e016d9f4d958
SHA1 dec2b319dcab188536f87dcb01a321bbccbba724
SHA256 1a7c2b371e63dba9cc111702018f0d69a81ae669f8701d68984b1c56a2a15df8
SHA512 2bbaf285d5892b640b9d0d8f4efa7de66ecd84200a75f60549d4db42bfd4fcdb33e93d94324a54dc0857695d166bc950ecc825577fa496909eb0660ae2a722da

C:\Windows\Installer\MSI264.tmp

MD5 81902d13c01fd8a187f3a7f2b72d5dd0
SHA1 0ac01518c5588eb2788730c78f0c581f79cf2ed4
SHA256 eef31e9195cfacde7b4e7eb7384c8178d8811063b375fd4a28ae897cc180c6a6
SHA512 04d6e2e937328477803084e0ef9da2c3636cdc9d34af74e2d1871d7190be21cbb2771ae835175e104e24eccba52add1ba6f58407bfd522ef82b81d76e977f24c

memory/2920-50-0x0000000002560000-0x0000000003560000-memory.dmp

C:\users\public\documents\all.zip

MD5 68b50c0c6c89cb9cd971c793cda8e036
SHA1 414eb5d40636ca50baae60a42f15b259ae64e01d
SHA256 736435af598acbd3d4e802cc8e3114b38cdaf9d400ed33b971aa10fe2011f093
SHA512 d8861032bc3e84211746894cc2bd1e057fa1f6f9f5da9a9d43db578fe364c0606978d5e711bee886961206d8a6d9eb79479e396ad8ec7edb6c15a2b53aade690

\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\down.exe

MD5 e025fb98bf7b06e2e1c00d0642cff374
SHA1 34b9a8b326023ef06a2545f8932da207b2064237
SHA256 9c9a6bc84961f341a783bbda8181e2e189bafe96772bc145cd1e85739cf7da7c
SHA512 4491c9ba8f4357ecfaa9e995ec4b6693e981f4268341bc73a9709fdb8f8671b60e79917b8446370ebc22f299be655b6d3aec5041cd277cccb4588372f0159854

C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\MSVCP140.dll

MD5 c1b066f9e3e2f3a6785161a8c7e0346a
SHA1 8b3b943e79c40bc81fdac1e038a276d034bbe812
SHA256 99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd
SHA512 36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\VCRUNTIME140.dll

MD5 e9b690fbe5c4b96871214379659dd928
SHA1 c199a4beac341abc218257080b741ada0fadecaf
SHA256 a06c9ea4f815dac75d2c99684d433fbfc782010fae887837a03f085a29a217e8
SHA512 00cf9b22af6ebbc20d1b9c22fc4261394b7d98ccad4823abc5ca6fdac537b43a00db5b3829c304a85738be5107927c0761c8276d6cb7f80e90f0a2c991dbcd8c

C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\VCRUNTIME140_1.dll

MD5 eb49c1d33b41eb49dfed58aafa9b9a8f
SHA1 61786eb9f3f996d85a5f5eea4c555093dd0daab6
SHA256 6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e
SHA512 d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6

memory/2400-77-0x0000000000060000-0x00000000000DB000-memory.dmp

C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\view.png

MD5 90ddb0bcf3638b0c48caed930c641313
SHA1 95d1c419151d832260522310fab49c4694882e8a
SHA256 50fc547c6c47d3237832d7d9e40712f9c47fb547629023a78dfc46a5f1c50ff9
SHA512 5e90a257315d9b3938b9ac0e6205c3b754ee56721a0fb62081be3c06c570a094df134d8437c29cf50f34ceda6ac4461358b8518f505d0a5278617a9afb1c1cb1

memory/2400-79-0x0000000000060000-0x00000000000DB000-memory.dmp

C:\Users\Admin\74CB9133-9BA8-4ECC-9886-0000876844B0\aut.png

MD5 51698f9d781f9ba83b9d1896f047b666
SHA1 5e28f766d10af39ec28f46f20a8d047474135923
SHA256 300776a76cf4faaa2ef0d0928adf0bb9621ae486e316f81af8d71719d9f413cb
SHA512 cee9cb3c89b0a7defdc5cc61acc479f94a3e29556c9fec5ede12997cee8b67e780af443fae1f81399274e0602ac9102521e6389422ec9ede49e23647a256e952

memory/2400-86-0x0000000000060000-0x00000000000DB000-memory.dmp

memory/2400-88-0x0000000000060000-0x00000000000DB000-memory.dmp

memory/2400-90-0x0000000000060000-0x00000000000DB000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-22 08:09

Reported

2024-11-22 08:14

Platform

win10v2004-20241007-en

Max time kernel

264s

Max time network

267s

Command Line

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\wangnengjs-winoencxans_1.1.0.6.msi

Signatures

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleUpdeta_Service = "C:\\Users\\Admin\\7B3C6507-4BB4-47BD-8A73-00008F009A67\\down.exe" C:\Users\Admin\AppData\Local\Temp\{8DAA9F75-86A8-478c-A5DD-E91E6DD7D1C6}.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleUpdata_Service = "C:\\programdata\\Mylnk\\down.lnk" C:\Users\Admin\AppData\Local\Temp\{D761127A-E570-4053-A2AA-148EC4A32370}.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\colorcpl.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1508 set thread context of 3948 N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe C:\Windows\system32\colorcpl.exe

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\ziplib.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\ToDesk_Daas_v1.0.2.0.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\360\360zip\240677250.tmp C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263.exe N/A
File opened for modification C:\Program Files (x86)\360\360zip C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\e5805c7.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI644.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{02696634-8032-4C78-A753-E03908EC6419} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI889.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5805c7.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI6D2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID9A.tmp C:\Windows\system32\msiexec.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe N/A
N/A N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe N/A
N/A N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe N/A
N/A N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe N/A
N/A N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe N/A
N/A N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe N/A
N/A N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe N/A
N/A N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe N/A
N/A N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263.exe N/A
N/A N/A C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263.exe N/A
N/A N/A C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263.exe N/A
N/A N/A C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263.exe N/A
N/A N/A C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\{8DAA9F75-86A8-478c-A5DD-E91E6DD7D1C6}.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\{D761127A-E570-4053-A2AA-148EC4A32370}.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000038a6760542cf76680000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000038a676050000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090038a67605000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d38a67605000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000038a6760500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133767367046162322" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A
N/A N/A C:\Windows\system32\colorcpl.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2124 wrote to memory of 4440 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2124 wrote to memory of 4440 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2124 wrote to memory of 4440 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2124 wrote to memory of 3996 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 2124 wrote to memory of 3996 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 2124 wrote to memory of 4304 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2124 wrote to memory of 4304 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2124 wrote to memory of 4304 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2124 wrote to memory of 3836 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 2124 wrote to memory of 3836 N/A C:\Windows\system32\msiexec.exe C:\Windows\System32\MsiExec.exe
PID 3836 wrote to memory of 1508 N/A C:\Windows\System32\MsiExec.exe C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe
PID 3836 wrote to memory of 1508 N/A C:\Windows\System32\MsiExec.exe C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe
PID 1508 wrote to memory of 3140 N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe
PID 1508 wrote to memory of 3140 N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe
PID 1508 wrote to memory of 3948 N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe C:\Windows\system32\colorcpl.exe
PID 1508 wrote to memory of 3948 N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe C:\Windows\system32\colorcpl.exe
PID 1508 wrote to memory of 3948 N/A C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe C:\Windows\system32\colorcpl.exe
PID 2700 wrote to memory of 1572 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\dashost.exe
PID 2700 wrote to memory of 1572 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\dashost.exe
PID 824 wrote to memory of 4644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 4644 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 5136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 5176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 5176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 5176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 5176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 5176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 5176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 5176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 5176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 5176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 5176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 824 wrote to memory of 5176 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\wangnengjs-winoencxans_1.1.0.6.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding DC5974F0F6132CC47A292B75F293E25E C

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 91D2324D846015387371D21259BEF38F

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 1E8F2F769E5F433B11E118FC588075CF

C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe

C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\\down.exe

C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe

C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe /aut

C:\Windows\system32\colorcpl.exe

colorcpl.exe

C:\Users\Admin\AppData\Local\Temp\{D761127A-E570-4053-A2AA-148EC4A32370}.exe

"C:\Users\Admin\AppData\Local\Temp\{D761127A-E570-4053-A2AA-148EC4A32370}.exe" /s "C:\Users\Admin\AppData\Local\Temp\{285B2FBF-7DA5-45d3-9D75-0281D2889FD6}"

C:\Users\Admin\AppData\Local\Temp\{8DAA9F75-86A8-478c-A5DD-E91E6DD7D1C6}.exe

"C:\Users\Admin\AppData\Local\Temp\{8DAA9F75-86A8-478c-A5DD-E91E6DD7D1C6}.exe" /s "C:\Users\Admin\AppData\Local\Temp\{D834CEDD-E701-41df-B283-858615787A72}"

C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263.exe

"C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\libcef.dll"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Windows\system32\dashost.exe

dashost.exe {b48a18fd-83be-4c77-8e3e3bf10f37e0f1}

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap13103:902:7zEvent350 -t7z -sae -- "C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\7B3C6507-4BB4-47BD-8A73-00008F009A67.7z"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeb3ddcc40,0x7ffeb3ddcc4c,0x7ffeb3ddcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1888 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2228 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4620 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4412,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3728 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4600,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4700,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x408 0x4fc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3548,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3536,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5180,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5336,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5316,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5340,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5932,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5620,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4636,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3740 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5304,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3320,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5576,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5568 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5504,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5580 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6012,i,139116038761070542,6063065252748079773,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:1

C:\Windows\system32\notepad.exe

"C:\Windows\system32\notepad.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 155.57.22.2.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
HK 156.248.54.46:8880 tcp
US 8.8.8.8:53 17.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 46.54.248.156.in-addr.arpa udp
US 8.8.8.8:53 s.f.360.cn udp
CN 36.99.172.78:80 s.f.360.cn tcp
CN 1.192.137.22:80 s.f.360.cn tcp
CN 36.99.172.78:443 s.f.360.cn tcp
CN 1.192.137.22:443 s.f.360.cn tcp
CN 42.236.9.57:80 tcp
CN 42.236.9.57:443 tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 clients2.google.com tcp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 wetransfer.com udp
DE 143.204.98.71:443 wetransfer.com tcp
DE 143.204.98.71:443 wetransfer.com tcp
US 8.8.8.8:53 cdn.wetransfer.com udp
DE 143.204.98.71:443 cdn.wetransfer.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 tagging.wetransfer.com udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
DE 18.173.205.6:443 tagging.wetransfer.com tcp
US 8.8.8.8:53 71.98.204.143.in-addr.arpa udp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 6.205.173.18.in-addr.arpa udp
DE 143.204.98.97:443 cdn.wetransfer.com udp
US 8.8.8.8:53 auth-session-caching.wetransfer.net udp
IE 63.32.129.195:443 auth-session-caching.wetransfer.net tcp
US 8.8.8.8:53 privacy.wetransfer.com udp
US 8.8.8.8:53 97.98.204.143.in-addr.arpa udp
US 8.8.8.8:53 195.129.32.63.in-addr.arpa udp
US 8.8.8.8:53 bsp-proxy.wetransfer.net udp
DE 18.245.86.40:443 privacy.wetransfer.com tcp
IE 52.31.91.194:443 bsp-proxy.wetransfer.net tcp
US 8.8.8.8:53 experiments.wetransfer.com udp
DE 13.33.187.50:443 experiments.wetransfer.com tcp
US 8.8.8.8:53 194.91.31.52.in-addr.arpa udp
US 8.8.8.8:53 40.86.245.18.in-addr.arpa udp
DE 18.245.86.40:443 privacy.wetransfer.com tcp
US 8.8.8.8:53 snowplow.wetransfer.com udp
IE 54.194.244.28:443 snowplow.wetransfer.com tcp
US 8.8.8.8:53 50.187.33.13.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 analytics-v2.wetransfer.com udp
IE 54.194.244.28:443 snowplow.wetransfer.com tcp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
DE 18.245.86.84:443 analytics-v2.wetransfer.com tcp
US 8.8.8.8:53 public.profitwell.com udp
DE 13.32.121.50:443 public.profitwell.com tcp
US 8.8.8.8:53 28.244.194.54.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.86.245.18.in-addr.arpa udp
US 8.8.8.8:53 50.121.32.13.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 s.pinimg.com udp
US 8.8.8.8:53 js.adsrvr.org udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 di.rlcdn.com udp
IE 31.13.73.22:443 connect.facebook.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 e-10220.adzerk.net udp
US 150.171.27.10:443 bat.bing.com tcp
US 151.101.0.84:443 s.pinimg.com tcp
DE 18.173.210.167:443 c.amazon-adsystem.com tcp
DE 108.138.15.119:443 js.adsrvr.org tcp
US 98.82.157.231:443 s.amazon-adsystem.com tcp
US 35.244.174.68:443 di.rlcdn.com tcp
US 54.147.118.178:443 e-10220.adzerk.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 151.101.0.84:443 s.pinimg.com udp
US 8.8.8.8:53 insight.adsrvr.org udp
US 98.82.157.231:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 ct.pinterest.com udp
US 15.197.193.217:443 insight.adsrvr.org tcp
IE 31.13.73.22:443 connect.facebook.net udp
FR 23.200.12.223:443 ct.pinterest.com tcp
FR 23.200.12.223:443 ct.pinterest.com tcp
FR 23.200.12.223:443 ct.pinterest.com tcp
US 98.82.157.231:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.73.13.31.in-addr.arpa udp
US 8.8.8.8:53 84.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 167.210.173.18.in-addr.arpa udp
US 8.8.8.8:53 119.15.138.108.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 231.157.82.98.in-addr.arpa udp
US 8.8.8.8:53 178.118.147.54.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 223.12.200.23.in-addr.arpa udp
US 8.8.8.8:53 match.adsrvr.org udp
GB 163.70.147.35:443 www.facebook.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 nolan.wetransfer.net udp
DE 108.138.26.29:443 nolan.wetransfer.net tcp
FR 23.200.12.223:443 ct.pinterest.com udp
FR 23.200.12.223:443 ct.pinterest.com tcp
DE 108.138.15.119:443 js.adsrvr.org tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 ib.adnxs.com udp
GB 142.250.187.194:443 cm.g.doubleclick.net tcp
DE 37.252.173.215:443 ib.adnxs.com tcp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 104.18.27.193:443 dsum-sec.casalemedia.com tcp
GB 163.70.147.35:443 www.facebook.com udp
GB 142.250.187.194:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 lebowski.wetransfer.com udp
US 8.8.8.8:53 cdn.brandmetrics.com udp
US 104.18.27.193:443 dsum-sec.casalemedia.com udp
IE 52.51.81.153:443 lebowski.wetransfer.com tcp
US 172.67.69.191:443 cdn.brandmetrics.com tcp
US 8.8.8.8:53 29.26.138.108.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 193.27.18.104.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
IE 52.51.81.153:443 lebowski.wetransfer.com tcp
US 8.8.8.8:53 collector.brandmetrics.com udp
GB 20.90.134.35:443 collector.brandmetrics.com tcp
DE 108.138.26.29:443 nolan.wetransfer.net tcp
US 8.8.8.8:53 www.datadoghq-browser-agent.com udp
US 8.8.8.8:53 153.81.51.52.in-addr.arpa udp
US 8.8.8.8:53 191.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 35.134.90.20.in-addr.arpa udp
DE 13.33.219.205:443 www.datadoghq-browser-agent.com tcp
US 8.8.8.8:53 backgrounds.wetransfer.net udp
DE 65.9.66.2:443 backgrounds.wetransfer.net tcp
US 8.8.8.8:53 prod-cdn.wetransfer.net udp
DE 108.138.7.6:443 prod-cdn.wetransfer.net tcp
US 8.8.8.8:53 2.66.9.65.in-addr.arpa udp
US 8.8.8.8:53 205.219.33.13.in-addr.arpa udp
US 8.8.8.8:53 6.7.138.108.in-addr.arpa udp
US 8.8.8.8:53 cdn.lamp.avct.cloud udp
US 8.8.8.8:53 collector.brandmetrics.com udp
US 8.8.8.8:53 d9.flashtalking.com udp
US 8.8.8.8:53 donny.wetransfer.com udp
US 8.8.8.8:53 data.ad-score.com udp
IE 52.213.46.103:443 donny.wetransfer.com tcp
US 130.211.115.4:443 data.ad-score.com tcp
IE 54.247.62.83:443 d9.flashtalking.com tcp
DE 13.32.99.82:443 cdn.lamp.avct.cloud tcp
GB 20.90.134.35:443 collector.brandmetrics.com tcp
US 8.8.8.8:53 measure.lamp.avct.cloud udp
IE 52.17.119.158:443 measure.lamp.avct.cloud tcp
IE 52.17.119.158:443 measure.lamp.avct.cloud tcp
US 8.8.8.8:53 103.46.213.52.in-addr.arpa udp
US 8.8.8.8:53 82.99.32.13.in-addr.arpa udp
US 8.8.8.8:53 83.62.247.54.in-addr.arpa udp
US 8.8.8.8:53 4.115.211.130.in-addr.arpa udp
US 8.8.8.8:53 z.moatads.com udp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
US 8.8.8.8:53 tps.doubleverify.com udp
IE 52.30.199.78:443 pixel.adsafeprotected.com tcp
US 130.211.44.5:443 tps.doubleverify.com tcp
FR 95.101.225.206:443 z.moatads.com tcp
US 8.8.8.8:53 158.119.17.52.in-addr.arpa udp
US 8.8.8.8:53 230.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 5.44.211.130.in-addr.arpa udp
US 8.8.8.8:53 206.225.101.95.in-addr.arpa udp
US 8.8.8.8:53 78.199.30.52.in-addr.arpa udp
US 8.8.8.8:53 static.adsafeprotected.com udp
DE 18.66.112.50:443 static.adsafeprotected.com tcp
US 8.8.8.8:53 50.112.66.18.in-addr.arpa udp
US 8.8.8.8:53 dt.adsafeprotected.com udp
US 3.217.62.127:443 dt.adsafeprotected.com tcp
US 3.217.62.127:443 dt.adsafeprotected.com tcp
US 3.217.62.127:443 dt.adsafeprotected.com tcp
US 3.217.62.127:443 dt.adsafeprotected.com tcp
US 3.217.62.127:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 127.62.217.3.in-addr.arpa udp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com tcp
GB 172.217.16.227:443 beacons.gcp.gvt2.com tcp
IE 52.30.199.78:443 pixel.adsafeprotected.com tcp
US 130.211.44.5:443 tps.doubleverify.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
GB 163.70.147.35:443 www.facebook.com udp
US 8.8.8.8:53 wetransfer.com udp
DE 143.204.98.85:443 wetransfer.com udp
US 8.8.8.8:53 adroit-api.wetransfer.net udp
IE 34.254.149.64:443 adroit-api.wetransfer.net tcp
US 8.8.8.8:53 auth.wetransfer.com udp
DE 143.204.98.113:443 auth.wetransfer.com tcp
US 8.8.8.8:53 64.149.254.34.in-addr.arpa udp
US 8.8.8.8:53 85.98.204.143.in-addr.arpa udp
US 8.8.8.8:53 113.98.204.143.in-addr.arpa udp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 analytics-v2.wetransfer.com udp
US 8.8.8.8:53 bsp-proxy.wetransfer.net udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 snowplow.wetransfer.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 dt.adsafeprotected.com udp
US 8.8.8.8:53 wormhole.app udp
US 8.8.8.8:53 collector.brandmetrics.com udp
US 104.26.7.129:443 wormhole.app tcp
US 104.26.7.129:443 wormhole.app tcp
US 8.8.8.8:53 129.7.26.104.in-addr.arpa udp
US 104.26.7.129:443 wormhole.app udp
US 8.8.8.8:53 tagging.wetransfer.com udp
US 8.8.8.8:53 measure.lamp.avct.cloud udp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 104.26.7.129:443 wormhole.app udp
US 104.26.7.129:443 wormhole.app tcp
GB 142.250.200.42:443 content-autofill.googleapis.com udp
US 104.26.7.129:443 wormhole.app tcp
US 8.8.8.8:53 relay.wormhole.app udp
US 8.8.8.8:53 relay.wormhole.app udp
US 8.8.8.8:53 pod-000-1074-19.backblaze.com udp
US 149.137.132.119:443 pod-000-1074-19.backblaze.com tcp
US 149.137.132.119:443 pod-000-1074-19.backblaze.com tcp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 8.8.8.8:53 119.132.137.149.in-addr.arpa udp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 8.8.8.8:53 82.12.116.50.in-addr.arpa udp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 149.137.132.119:443 pod-000-1074-19.backblaze.com tcp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.227:443 beacons.gcp.gvt2.com udp
US 104.26.7.129:443 wormhole.app udp
US 104.26.7.129:443 wormhole.app tcp
US 8.8.8.8:53 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app udp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app tcp
US 50.116.12.82:443 relay.wormhole.app udp
N/A 10.127.0.255:62323 udp
GB 181.215.176.83:62323 udp
US 50.116.12.82:51460 relay.wormhole.app udp
US 50.116.12.82:56087 relay.wormhole.app udp
US 8.8.8.8:53 83.176.215.181.in-addr.arpa udp
US 50.116.12.82:55619 relay.wormhole.app udp
US 50.116.12.82:62710 relay.wormhole.app udp
US 50.116.12.82:53332 relay.wormhole.app udp

Files

C:\Users\Admin\AppData\Local\Temp\MSIA1FD.tmp

MD5 db7612f0fd6408d664185cfc81bef0cb
SHA1 19a6334ec00365b4f4e57d387ed885b32aa7c9aa
SHA256 e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240
SHA512 25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

C:\Config.Msi\e5805c8.rbs

MD5 150568ef6eb16ea5eec6e005896f4798
SHA1 349c81dd40f9b5a6c7aae1b934e02fe42058499d
SHA256 6172b12c9f87dc21db398195ac46336786fbe21504640735f8895e67b9c35d86
SHA512 9ae29cd4ef5270bb9313f473dc81dec2bf88cf4e1e67ca9d04837166fb804ea218215dcc6bc89721e67b7311726d600d68d5045e859f774c5b8ebca3c49b7fb2

C:\Windows\Installer\MSID9A.tmp

MD5 81902d13c01fd8a187f3a7f2b72d5dd0
SHA1 0ac01518c5588eb2788730c78f0c581f79cf2ed4
SHA256 eef31e9195cfacde7b4e7eb7384c8178d8811063b375fd4a28ae897cc180c6a6
SHA512 04d6e2e937328477803084e0ef9da2c3636cdc9d34af74e2d1871d7190be21cbb2771ae835175e104e24eccba52add1ba6f58407bfd522ef82b81d76e977f24c

C:\users\public\documents\all.zip

MD5 68b50c0c6c89cb9cd971c793cda8e036
SHA1 414eb5d40636ca50baae60a42f15b259ae64e01d
SHA256 736435af598acbd3d4e802cc8e3114b38cdaf9d400ed33b971aa10fe2011f093
SHA512 d8861032bc3e84211746894cc2bd1e057fa1f6f9f5da9a9d43db578fe364c0606978d5e711bee886961206d8a6d9eb79479e396ad8ec7edb6c15a2b53aade690

C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\down.exe

MD5 e025fb98bf7b06e2e1c00d0642cff374
SHA1 34b9a8b326023ef06a2545f8932da207b2064237
SHA256 9c9a6bc84961f341a783bbda8181e2e189bafe96772bc145cd1e85739cf7da7c
SHA512 4491c9ba8f4357ecfaa9e995ec4b6693e981f4268341bc73a9709fdb8f8671b60e79917b8446370ebc22f299be655b6d3aec5041cd277cccb4588372f0159854

C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\vcruntime140_1.dll

MD5 eb49c1d33b41eb49dfed58aafa9b9a8f
SHA1 61786eb9f3f996d85a5f5eea4c555093dd0daab6
SHA256 6d3a6cde6fc4d3c79aabf785c04d2736a3e2fd9b0366c9b741f054a13ecd939e
SHA512 d15905a3d7203b00181609f47ce6e4b9591a629f2bf26ff33bf964f320371e06d535912fda13987610b76a85c65c659adac62f6b3176dbca91a01374178cd5c6

C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\view.png

MD5 90ddb0bcf3638b0c48caed930c641313
SHA1 95d1c419151d832260522310fab49c4694882e8a
SHA256 50fc547c6c47d3237832d7d9e40712f9c47fb547629023a78dfc46a5f1c50ff9
SHA512 5e90a257315d9b3938b9ac0e6205c3b754ee56721a0fb62081be3c06c570a094df134d8437c29cf50f34ceda6ac4461358b8518f505d0a5278617a9afb1c1cb1

C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\VCRUNTIME140.dll

MD5 e9b690fbe5c4b96871214379659dd928
SHA1 c199a4beac341abc218257080b741ada0fadecaf
SHA256 a06c9ea4f815dac75d2c99684d433fbfc782010fae887837a03f085a29a217e8
SHA512 00cf9b22af6ebbc20d1b9c22fc4261394b7d98ccad4823abc5ca6fdac537b43a00db5b3829c304a85738be5107927c0761c8276d6cb7f80e90f0a2c991dbcd8c

memory/3948-85-0x0000014415300000-0x000001441537B000-memory.dmp

C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\MSVCP140.dll

MD5 c1b066f9e3e2f3a6785161a8c7e0346a
SHA1 8b3b943e79c40bc81fdac1e038a276d034bbe812
SHA256 99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd
SHA512 36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

C:\Users\Admin\7B3C6507-4BB4-47BD-8A73-00008F009A67\aut.png

MD5 51698f9d781f9ba83b9d1896f047b666
SHA1 5e28f766d10af39ec28f46f20a8d047474135923
SHA256 300776a76cf4faaa2ef0d0928adf0bb9621ae486e316f81af8d71719d9f413cb
SHA512 cee9cb3c89b0a7defdc5cc61acc479f94a3e29556c9fec5ede12997cee8b67e780af443fae1f81399274e0602ac9102521e6389422ec9ede49e23647a256e952

C:\Users\Admin\AppData\Local\Temp\{D761127A-E570-4053-A2AA-148EC4A32370}.exe

MD5 217dc98e219a340cb09915244c992a52
SHA1 a04f101ca7180955d62e4a1aaeccdcca489209da
SHA256 27c8bd76150ddda5b09d6db11f67269cee2eecac345df67f93aab3e3aaabde7c
SHA512 dddc15992533c8c13000163c7dd59b20e2fbdedbf611338c04f6f9209ec1a95d1f93aaeeae2778890214d333320978f5d2554348722ea6c8489320f0ef1c4c85

C:\Users\Admin\AppData\Local\Temp\{285B2FBF-7DA5-45d3-9D75-0281D2889FD6}

MD5 81a71f6feec26723958f2364a4f1aefe
SHA1 3d4605cfd771aedb8ba51389074a60e5a38775ad
SHA256 f244b12a1e911c84dcfea45a49885cf48307d2ddc4c1ac7c1aa21bc310bebd80
SHA512 84f9f20e3a381f1c3cafce07bdfeffd77e19bf0007245e95a80a97fa71e16d877e12ec8d57e8a9e60d008e08b38c9fd670f5374a058980f019590ed1dafd59c5

C:\Users\Admin\AppData\Local\Temp\RegWorkshop.ini

MD5 ff0c7c2667dff4f3ed588f40d047c642
SHA1 1162c83bd0bb0d81b7ab7f616cb012b790aa4adf
SHA256 02af5cb061fd8075e9475c45ab20e86cf2bb4ca9511ddad348645ed5183b9fc7
SHA512 539b1d443232758b6c60a287f2a40200e6e3ba7353f11f18e29ba265c9569a4610e4a80910f79660368a916576ab9c486efa248bf3257e522ef5bfb3d42ef3c3

memory/3948-237-0x0000014415300000-0x000001441537B000-memory.dmp

\??\Volume{0576a638-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{2123edcf-dfe4-4d06-ab3b-b3cefec4a219}_OnDiskSnapshotProp

MD5 58eb820451a608a59f5cdd41e9d137be
SHA1 c1a72b6de58ae8d6415f8d0e98031ddf7a5d7e29
SHA256 b6801815b0048e58271ddd4ce3c84cebc62ff8cac969cf57c25490b19e4c09ef
SHA512 86a5660f0989d5d210719f5f8998d720d643ff29ce5586de4598f09923f9e7816ecc2050b3cae8d56aaaec42318fa2616dedf6db526f175f6c4999fe7ac4f567

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 f69c191e60436d0bc0f574fbac1db050
SHA1 8e85aa0b79d5b9865ed183bd32c6b9879f05c45f
SHA256 83c4fac586a98337d5a2f826e1861cf5d500695ac5972c6111625099f80eb44d
SHA512 b86bd0033a831d8ad36496a4feb5fda5aeb1e9d02ddce40f03a5e1af08bed8568d6945a7219639b318a9ef39dee8ccb2aa582295c2439d5dfb6b200c09a18013

memory/3948-240-0x0000014415300000-0x000001441537B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{D834CEDD-E701-41df-B283-858615787A72}

MD5 bc1fdfa5af48dc5c64ca2973001c53dc
SHA1 d5aadee2004013b9f5196c26bb54f30bc0595f08
SHA256 1f36120c28700fb23608097e24d64cdb251bd6bd1f4735422a739d3456d7dca3
SHA512 52d66bdcacdec190d9fcc7590fee15b1423ef466a0219cb7f95c033efaeb90b87d64fdcfa6cede6b48035657249fd9fbc28a9734eb0c2efbff48219a1e7b5021

C:\Program Files (x86)\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263\好压万能压缩_1.1.0.263.exe

MD5 a5a77dd46371ca24d7dc6e8ac86e15fd
SHA1 0d1337fbc378928b6e3e24730f4dc2d1babc906b
SHA256 32be06a580ea8fd869b77560908c4790a01e523b68a437677de72df3bc4cfc35
SHA512 d736f9a64f624a2c539517f042aebb518fdb981a6624833575f8bffaae09cc64c16edc80e90000aae1393398ed88ec7326fd6143a52e7dd67fd0b2c4043648ad

memory/1388-399-0x00000000771E0000-0x00000000771F0000-memory.dmp

memory/1388-398-0x00000000771E0000-0x00000000771F0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{EC148C6B-90C0-4376-AD63-8EFA64C30A32}.tmp

MD5 6cf0e704c7ae3ea3452d3c0457d58e3a
SHA1 5ed41afb25d9635e83bed16d48e4d84585911174
SHA256 36c27dc744f871142fea6d6345916ee04121bcd6d119b0cbd2f0d6dd6d20e14b
SHA512 2d9fa42d34e982b191a67f3860f2b40b7d32cc75545058f0001560dcbabf7ace385d40939d2674b40c87aeb36d0507879fd18a2fe24f976f2d882f90e0cb405d

C:\Users\Admin\AppData\Local\Temp\{73207375-9E7F-4627-9594-35B115999784}.tmp\Assets\Square44x44Logo.altform-unplated_targetsize-32.png

MD5 e4ab2b7b4e364561526838ea1a8211f0
SHA1 bd29be3d4f5fba17d84aeb84de4fc365092ef1c2
SHA256 74dc878d5bf8f0cfdf8ef016fcd473c476c36163d4bb8847a250eb59a3f327ee
SHA512 b68d5cec762764df58205b6b155ddd99f4685bb482cafd4bfd29d0a60095f423b65db114f738c79586117162cee41a957d3af76bd7ff2ff386ee0c69974f9edf

C:\Users\Admin\AppData\Local\Temp\{73207375-9E7F-4627-9594-35B115999784}.tmp\Assets\Square44x44Logo.altform-unplated_targetsize-48.png

MD5 0c26d7f51aa4a736da03beef4a2748f6
SHA1 d23bbe403e9f0c12d3485f02d952fdac18fe43ff
SHA256 2af735ae280235aebf2897289a403a5190b5577cecb89fde7f42821fc6556627
SHA512 5b3725e32c1f39bfe7110f23e55da6763b06aa1c6895c80adef29646f94da295e8ca9f3da6efc19da8b25486825f9d9b46864ca088c951769321ad3690ebb7f8

C:\Users\Admin\AppData\Local\Temp\{73207375-9E7F-4627-9594-35B115999784}.tmp\Assets\Square44x44Logo.altform-unplated_targetsize-24.png

MD5 320ac6332a3c905b509fa5e6bf85e0af
SHA1 3bd3239204d1ad5e2a0aaaa5d63c53595b01b759
SHA256 8db89d221ab2c549884c66dcc16944739c90077241b95c3fb4b00c9c36e63313
SHA512 68d3991dabdfbf85b16a6a9a394a0eae9ed3d4043693a39c544fcf36ccce767bd97d8ca5bc5d9f1b188a777522349582bbc73f6874c177d62ae977277a482dd2

C:\Users\Admin\AppData\Local\Temp\{73207375-9E7F-4627-9594-35B115999784}.tmp\Assets\Square44x44Logo.altform-unplated_targetsize-16.png

MD5 8df8fa315061e0d189b3e26c8f44b3e4
SHA1 0735f03c6411b176eb3f5f17aa99b11f8edc22b5
SHA256 5d3ddad2d4ad91500eae99370196fcd996ec4f1006a6f2a9c0d30cea6149d991
SHA512 d756a5a851b389e61ab53fc0faeeb976ad2970569b82cd6e3944fd4ed73540b5f72f769052957ca45362d7b6e426f458e0cb36350b3da0bed8e08e31512a7261

C:\Program Files (x86)\360\360zip\rarnew.data

MD5 ad08fe53a5e484ea568d60544ef3f05c
SHA1 18629208273779dfa28472d5da28542b69b4dfd2
SHA256 30cbdc8b7afd4e079e93f1666220080b31a9b177f4d94ddcc1e5555fb8821f41
SHA512 f7dc9796341490b53d6a44eda6ec9e2644ab40959177db1d28682a28460747eefda3a9fc0b7d496e15d745e518e98d541078bd61a9517ff3264e304852206962

C:\Program Files (x86)\360\360zip\PDown.dll

MD5 6438c590a9ad88fa2a5606abb64671e8
SHA1 3e1ed2293772d5f79a6c8fe5017fa35f3a9dfbe0
SHA256 ab5ed6a806b827f85327471812569761ec2d7392e9993d30441eb8ff2120a7ea
SHA512 c651797d3c256e77b7e97f9aacb9af779f844ca41abee7d5b8be848f0f31a06dc79f0437d32dd88973dd5f1869a928a9da96195a5ed7c54eec36053d34c1c846

C:\Program Files (x86)\360\360zip\MultiMediaOpt.exe

MD5 68f759bb428d7a36093c5f49064f0405
SHA1 c38fb70353186fed0a40bbf2243b71689082a276
SHA256 70a4912d17ffb37fe3ed74c0d42e02656e52759f0ad7c6c561dba8dcc4f039ec
SHA512 9d8003b0468ede3868a7837575e22a9e8902239db90c6791b31287b2d686e28fa02e5c6430656996e4238a3586ae3cb8117057c16a59181491328a03a4fa2e16

C:\Program Files (x86)\360\360zip\MiniUI.dll

MD5 c2e81190230a0ba2f6fd07e02480203a
SHA1 9f4db1423e679196ea94079524a7c3e1c23597af
SHA256 69ed9c1032e6f7f43f21f2cc7d7f8aa92e27342f14ef2a77b22535662270d8aa
SHA512 f666ab9d4a116a7a2bcc8b1786352f51cc44cb392be1e4d81e1cb5043cc6499c1aa035f742b080f18bb6f34019df0a48bb6737f85c30a9c21f6a3dadb2724ceb

C:\Program Files (x86)\360\360zip\LockKrnl.dll

MD5 8620511d80d7b7077acfbb2df3d16d3d
SHA1 f5142cac0e269f7f8238a2001d9a6a8d53db1886
SHA256 e639272efbf92096e16cfe533466b9abfb36d976b7adab7ac353430b63b4c22a
SHA512 4d47be22ba5c7df9117e0fa5f25d5c32c16959d069d6d87be6405b8907de14c93da905474a839f1e8576699c23188d4234654a1ab13a2320dddaa2246f99e2f4

C:\Program Files (x86)\360\360zip\LiveUpdate360.exe

MD5 703f4234b670aa84ffbf47cc927e8861
SHA1 749ae404dbea3e9848d7a937e2ab7aaaece6dc38
SHA256 a5312b85a4783124a6512ceb4eafd364ac0414d7543146ddf525ad89dcf0a269
SHA512 8652e4c3c0b40cae4bed9f00fcdb03487e1940d53cc9c35142ccee539c56733c71cc92a2b9bc3268c364c7fb7e7774d0d7f24d5833a756de7e1662c422b339eb

C:\Program Files (x86)\360\360zip\LiveUpd360.dll

MD5 3b4ecb3a2c57c882e5994fa0d33744a9
SHA1 c16356661dbd6ab47747cff5041bad4eddcf3cd3
SHA256 d5df8134cf83e317b45771551b88b49fd9f0c65f24dd043b8e403e971ace38a8
SHA512 6ab0e1b25f6b9f1f78e5fb109cd9564911f3d4c8de85e9573e752a8f7d0b11fed53f5176d2cda5fa5c22ff3d22efb3478a154da58612cc98380b663aa0784303

C:\Program Files (x86)\360\360zip\livep.dat

MD5 744da905f156c20cc443a4224e47efeb
SHA1 e1eee1b73bdf30b627c8e88575d3c15a5f9b32a6
SHA256 315dd044eab15b9122315e73f86294c4dff170e639be271f74e7960d84e6e627
SHA512 15d3ddc6ead6b9707379d6f22d5ef1addb9ae6cc339098a57d0808f767b883ec587f562d2f6f55872f09bf32a5a9de66c2245cc1c0caa84b14176968a3677249

C:\Program Files (x86)\360\360zip\libZipSandbox.dll

MD5 e8563ca18da32150b07e008c743f105c
SHA1 5d643d6f07814a2101b00bb6794a2809fdf71084
SHA256 5816370b66dcc4d3901c3ff363c4e5527e1563f9095909046309cd9c67babbd6
SHA512 8847e74f92364f3a5370508f4c09ca59ffd86a4784667f599a42d688663d22b63d92f74f9b44dc51ed4a1b6c0b7c7dff37b6f258f9d1408ece8174b0f9290a72

C:\Program Files (x86)\360\360zip\KitTip.dll

MD5 7a13646581cfca97ca4e981c39403aff
SHA1 bfd430642c716789c666723b72d6dd7a00c64a61
SHA256 1b0029ba50a3a99724d0a26f73d790525314d14044c9dc8f6e69a6184c5703d6
SHA512 29d86953bb71e1b059a28ed09d188c51782cc95e4fdee8d0e2a4a6a6f961d767b8a7dc8939bc9253d0f8390d869a67f6f3b3e546790c5de9e4a00d8d2e824a09

C:\Program Files (x86)\360\360zip\ImageHandle.dll

MD5 b4efde4281a5e154341534ade8b8c3e6
SHA1 4f62b244921628bef0848626b81af7310c3ed0b0
SHA256 9a41e6bfae2e0094341a2bd1027a214f9b24a8df69b3886cc99cd08867fad335
SHA512 d8e8014222e532ec9bbcc47dfe7f187eef876b3fc8b5308c2d9c92d140b466ba1b0e5dc5e1e99154eba043633f15e1381f00f99548ba9cf2a5c9c9013babd4b8

C:\Program Files (x86)\360\360zip\IEFile.ico

MD5 8c8a793f357b32ddc870297bd99fe8f2
SHA1 9c7aba7862258c7a7c5e798852558a6c9e7921dc
SHA256 bf39218aa16f6fa8760f805b96a8b0c31ef23c2dbd77740e944aba26b24f5164
SHA512 8c018a0e194ff2576cac943dba69ed4048b8384ec78bb1e8db98afb09af3add16eb1ba7726014e5512a746ac82d7ad5abdab77d4cbdabf0194a6fcfc4d8d8ba2

C:\Program Files (x86)\360\360zip\heavygate.dll

MD5 05ca1b329225c764141c57d03cfbf26b
SHA1 54b1829da74a6e75f5e8c040f6c6734f562817fe
SHA256 48576b671bd975e9ea9cc40e6c9ab1fc2c4ae5114ec59442086291d1c674c7d8
SHA512 d0606401f04c36d646c93c9f20c2561fb4137c949636860fe3416179f22ce425e323e9d0b3e9a2b6851187043dbc846b72e3116edbbf72846bc2254829d327f3

C:\Program Files (x86)\360\360zip\fileassocx.dat

MD5 335ffa5edbe9bff3d25fc7ce310ed522
SHA1 3e3771bfd8f2fe75e2168d7d7f7c6ce8372e0cdc
SHA256 e4eff67bbda413f848e2774709bbf38ebf76472be20afac374e5a780269f9a82
SHA512 387f5aadabf4d6d868c775384fd56f9283afd4bd83a45bb6c35d75fd8c33b12f708454e48f1a3a66ce433b11640ab6d3b5947824a97ee41df9558a3c108d8433

C:\Program Files (x86)\360\360zip\EncodeHelper.dll

MD5 982c77fa3989985eb43cc973e93a0f2a
SHA1 ebea8f21dc2b4a1d2f2bd18d07e859a1d7e53e07
SHA256 8052090162710a671cdc7a81b11ba0e1f5792fcadc783a23833013dc94126801
SHA512 6a036ec40a72a1c3d6c6ed98a471c45794173b916d10d535d020689443e1892cbb68a1855ca92c27a9f641dab1ecd9913dbeec80c08f45ce4323ef2c4e09aff3

C:\Program Files (x86)\360\360zip\DumpUper.ini

MD5 11a5ecdf4adf7b3383a60bd276208501
SHA1 87d1165546ee08406777c4695e135a1a6071cc27
SHA256 65b07debe53b415188e2b539792cf32623f6d4905a8ba996844fcd5994058a8c
SHA512 7b89831c415087890c272cfb151171bf57b1a720b89933e5f11a50827b3815d266a6ed550b5bb42395f2ebca800c46104345823567b59f7f0af504b5332bd901

C:\Program Files (x86)\360\360zip\DumpUper.exe

MD5 d1cfea39843a15c259593ad637fe9e43
SHA1 d51ee12953d43007353864e9c8a5065ee76c5d2f
SHA256 2c87f697ba3911e0492237323a5f474022ed4efa770b4285eb6023985617bac3
SHA512 a2efbd18e8d9532869e50119a0a4db067c052e125c4c7e5a564bb47fb7460bfbe90d2414760c42bf752ddc24396d538f4149a31e8d171f118a46df4008031db8

C:\Program Files (x86)\360\360zip\CrashReport.dll

MD5 2593874a2bb83a319292f700a74d81f1
SHA1 342bcda054ce5af4766ac5a381d46f75cd5769e3
SHA256 29eae30e9ae7acfe513cb09007d07a7ba1c820e49ebb40bc718eaf6ab0f08682
SHA512 9d93ec25c47e7745ac1f9ec0b6c5dca3f3823bea3faef4a0d03c34905055f4d64129d03e3035d40a7dab2c48db75bc143ddc92fad1c073a09bbed7097dda14e5

C:\Program Files (x86)\360\360zip\config\zwin10styleskin\zwin10styleskin.ui

MD5 39aa8bca638b86a4aca1c77464a9ce3f
SHA1 b64335fa9ac504bb61e70de3fa11d8997fd744dc
SHA256 05bc1da1c95e5d2fdf24318dae09dfb3bee1798deba42cf3044bc29a59181382
SHA512 13e13cccf13f9e3d74e7786cd45467701ac50890830753f4ea989731ba05ee7cef5916b7b7da9897838f182eca1c7ac81910f7b10c528d0d3719bc403477a32b

C:\Program Files (x86)\360\360zip\config\zwin10styleskin\zMiniUI.xml

MD5 a524da40f2f010d11ddbe2952e04012b
SHA1 a4a400922304b0f6000c05412e12ac36bac3e401
SHA256 eb7a797e166b9ac937cb6fa62cc28a1c035446046aecb475d78469dd4e1ed1cf
SHA512 f73b8c08bd2b982e4935cff5b0ffcc31f0cd4114fd7eef76d0d7fd4e8c36adb1eddce851da1c8de4918afb59ab59fdb507d8adad6d29cb393f2bd9d7eef4de78

C:\Program Files (x86)\360\360zip\Safelive.dll

MD5 22ec7f792e03b0c349e772136a3374ae
SHA1 e1ac13a953dff2f110e8981148569c5827d50267
SHA256 3312e5eda4515208d044d48fecdfe2e18db6dc7695d54f9cf2ed8dd89417b768
SHA512 74ef5405e594e3d11820b778f9cdd792a4fc9f9c7daa6c19c58f98f14654d38d36649cedea6d6ace6cc18e83bef1195254c4370ad0f0a4f1612bc35cb6320a9a

C:\Program Files (x86)\360\360zip\zipnew.data

MD5 76cdb2bad9582d23c1f6f4d868218d6c
SHA1 b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
SHA256 8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
SHA512 5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

C:\Program Files (x86)\360\360zip\WICLoader.dll

MD5 60964ca6cdcd6a98cee7947e748747a0
SHA1 7d4ab9a5ed8b81b8538ff469a83df5920b32e996
SHA256 edfbe03ca5b315d5ff913224d7450978d9c93213c301e350ca91bc9f9912c123
SHA512 97896556a0de1ab82b17e4c77e61f577b9f99fa33d57543e47b990c1d705a0240231ff9f9c82f562cd7c767fe5e552698eedfd9eb62270db6d0153aa26ea2f61

C:\Program Files (x86)\360\360zip\webp.dll

MD5 ff9bcc7f5b0212ab2fa006285c3a02cf
SHA1 b223458aedcfb0f169241aea31bf0227e23e1951
SHA256 18ceeace67068c086f1dfe79c5126762a045ca55efa89ae6b0fb2ae4be4f0e4c
SHA512 d4237f76dbc7785a654d2ca391507a40a0fe6370e462f852398fdcd6974fc77179cdb48010e83b9fe5030e80480cd6210269c57a8ed20f5e8fd8a407e3edae42

C:\Program Files (x86)\360\360zip\utils\feedback.ui

MD5 534bb3781d560d4f5b3604cc6bea6530
SHA1 bec8494966579b3fed548897e7e06b1499e2143f
SHA256 39b098bba140f20ea6a5d928e830a07e1456d43d37434d8b195ca024cf316dc3
SHA512 ea883df98309d5b283db7a7b10d5d482cfd93ca940aa352c8433c5e7e6d60eeee87ccb82a67345ee29e0103ff318374c01091aa1aa5efbd16afcc1c3e2af85c9

C:\Program Files (x86)\360\360zip\360Conf.dll

MD5 b98a1e65f209fe1f10f8564dec0f0c42
SHA1 cab41605d9b7241c134798723ecdf9d3dc2f2615
SHA256 885aa4f58297382396717563137d212fbcb4299f95426c40c43abcdcecf54246
SHA512 35cd81aaa9fbadb8b174f6b2d30fa6c2c0c91786e6714073598cb09f1028790f03609de63b51c2e966021bd7da8521ec06612f0582fc1a5752ee0df7b8259b59

C:\Program Files (x86)\360\360zip\360NetBase.dll

MD5 b11004517a79d80e8231c6b13b5369ab
SHA1 cae22d102b970d51e531e5cf79f3afc2d52f8a1b
SHA256 cc12e5e770c1dd04c3fb550af900caf7e8ab0fae530450694c84734075e50e40
SHA512 aad201fb55da5763ec0449c8b61175435b25adb56dd7a49e2aefa2784de81047bce7e647c19dd6a902da9877b387851a245b948e0bd18acd38241589add7c257

C:\Program Files (x86)\360\360zip\360Util.dll

MD5 aa6fe5295487904f29594fe7eacb07ef
SHA1 af400799091b66a145fb15b325557e0b23ad8926
SHA256 ec567235037f12619390bca2540e0c6b34fcd207c150520425b1528c4acb5897
SHA512 aa7063d5343afb24f3a945f33406ad90c0111eace80f8d5f18df90dbe98664325a6ad9a1bdd2117ac299ecfa61648218e89b3003079ea698437c1a4d64475366

C:\Program Files (x86)\360\360zip\360Base.dll

MD5 c1b1aa3143bfd240426769c904c23284
SHA1 d88fe5ec458c015363470dbd07889eec45ad39ba
SHA256 df47563f588d6c3cc4a7aab373adef0a2f99d2d0735cda4915d1baeb7e7eb3ce
SHA512 298565264df20c543a6271da534ffaed201bafb253d171a76cd8ca79e3582540f46a69c02458afddf55a95e50b19bf094b8b639767753d085780ae5c096b4464

C:\Program Files (x86)\360\360zip\utils\360ScreenCapture.exe

MD5 8738c3dbafc0627290f6fd29f191c654
SHA1 9d52833dac05637e6f2aff1e8328de95481e952d
SHA256 5fca0b5e4c93d6673bda6719639a763715d1eda40356ad48e6f50882faf813fa
SHA512 3d0a8c06e4d11dbdfc8daf4d406b079448f2908e0b8b1e50c1924c845d57a1d8f2c5f74ad8d49918f4c424829e7a8a4848059f436591ad209e729a87d64f36a7

C:\Program Files (x86)\360\360zip\utils\360FeedBack.xml

MD5 71186e0562c422a68e095a05ee1e314b
SHA1 5142b1bd64c5f0cc7bc0fa857acfa4b8d51b705c
SHA256 22e0a55b96f349450a4ab9f11029fa2bda55c5470c8c6acc8c2c3963520f91db
SHA512 1a8c116e7c909064e03756e8c3ef507a23a7008d522c722cfacd6f7bf16e01a5e9acdd603ba337b23418a761b94b161feb82030046668b3b5374cdf019bff912

C:\Program Files (x86)\360\360zip\utils\360Feedback.exe

MD5 83987c682caa899127029fb977f9a49e
SHA1 7d5144f1e754a386d93397288070280fda27eb0f
SHA256 296f99c6264eaf3dc5766eab19f8e879c93dd5b89b2b4e1b1e8213ab55734fff
SHA512 650f5a43b1cd06d1125f84cec53094f3dbc25ceba3d4d318e348478285a9e8bc4c0970b4207dc819bb11c40ba78e14b283671be349389ef8b0b2c90ef5ce8c26

C:\Program Files (x86)\360\360zip\Uninstaller.exe

MD5 dd9a560a8caf6ba53c235d1372a717fd
SHA1 6301af199662344bf9a20f6e7ea2f93be1cbe08a
SHA256 04f4617106a864c64e9cc1babafea493c78eb309b91d4ab811cc594b380f40a2
SHA512 122d67ef9f49095f19d181a054f1c1db8b9304e7715abfbb596582db67e338e122c4f1403262c6f50e1231b2aec7015c59c3b6f743fd012ad94c396658997578

C:\Program Files (x86)\360\360zip\Uninstall.ico

MD5 43d8efbad648b3ed0f64ad9f8569b538
SHA1 e25dce7c4f3c3154480e5315d32dd762e1e01046
SHA256 e4a5ce7da3e9b7ee395d5731af1cc79297fa5781c23de1302fc34c680e01b97a
SHA512 aa601e2c238ff5febcc0a1eee1516be55290a1484dd5494abc76531c4ac0d48ca370b76b6eeb34270e3196dffd4d53d8385a1c5f0eeaf9c6ee09b612f6d5c873

C:\Program Files (x86)\360\360zip\tools\360PdfView\pdfcore.dll

MD5 6e99db0fb0a56b9339d47177d446afca
SHA1 3785d4592208a1d009335f696ea7d40d62e201fe
SHA256 051d2f7fa2956a7a0ef6060be5586626c89ca9650bf744a8ef544ac9b1798577
SHA512 e4c4cb0eae15d06bde03efd573c24d6b90a59c40ad6d64cc92156e10c4267d932ecde98986e59bece0fbccc490f527e85199730e46ea3a23f6ae9c730b21f05b

C:\Program Files (x86)\360\360zip\tools\360PdfView\360ZipPdfView.exe

MD5 7d85c77366bf39c39fe9ee9d2416b656
SHA1 8711ec0cfaacbca4bc3b134de30a368a1f65a219
SHA256 4454e32eb7e22a51b775d5f2288c28359c7587ad3f0265a0e1725553fd139e46
SHA512 763ef161be3197efc57ee232522b3b0cef593995e327db5d7fbbbfb919648674d09b8d8a2ee942ad441277874e4c58c65ba6d77261d61a4a4009b1a04bf60135

C:\Program Files (x86)\360\360zip\tools\360kantu\iSeeRAW.dll

MD5 462b61c0d5f3cc1263e49cec1c49316b
SHA1 73cbd04756bd5086c4a9dbf88c5264a62782ba69
SHA256 2ebfb5459aa3cce13e45d6e34167c7e794ce2e39f2745c9ac7d2ef89f29eec70
SHA512 ddb82ade3d89d00bd042e2b80d1e969941e60414f3bd2f2e6ba6efe05e69d0d626c917cba7d4ef847ec81f3ad7d63c28766a37c092a9e9c019c21fe085eacb79

C:\Program Files (x86)\360\360zip\tools\360kantu\iSeeImage.dll

MD5 a59d667bf6ab074a1ca92727610ab939
SHA1 55d4ff99538b4481b1a33eb14457bab45d8c14d9
SHA256 c4633d65e6933a0b9f1dcd651b96a4f62a049ccb6d2198c808ab9351e1ac460e
SHA512 fca65a707778b85095bd400352ca8e6495ce9764cb520ec14847717d1db80cc9ed832d9b2abfef6edc43a71ca15941316db95da56f4da47c0703e128f15021a8

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\tif.ico

MD5 cd1d0c8a9f5a3bbc5019b85aef8cd34e
SHA1 4f047c4fba218d50f30d88801b947a9a232410bf
SHA256 d63ebb78dd98487de1fe9f42bb962439fb98ef0d01000eccdabdec26b79a67ed
SHA512 d5058c957e1b1607cff49c8c4ed8aaaf4ed6f2708533fa1d75814366871d4e4ee981332f8a1208186ae63101a1b7510025c75f258dfc4b0e7d9319d782948a8e

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\raw.ico

MD5 c84d59bb36633ad43dbc1d37fefb1cae
SHA1 beae4aedeb8f31bdf5cf3191ea7ec184ca6f023b
SHA256 f396c1ccf258f53d47e4cedceefe2fcf7d24dceb7d85976f55d25b7f284ab957
SHA512 052ff58c45da3a28ad81ffa636dfeb961d5492f7b5a78de961e492cad6f56783d1c91d19a698f72ebf4b7e7ba2f3f1c0636fb442176429edffe43cb264ba04a8

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\psd.ico

MD5 93970cc7eec3cc37da2b1126ed7fda04
SHA1 ad7b9def85d7304845d0657559dd7c19aea5dae8
SHA256 f2b6c1c3cab6cb5f9fdc7a97c5cfd4a043b7b5c52ed21b0f1904fd91f6f47134
SHA512 24168d253cb062dfe23647962c1409f03aed432582178bcba3763cf42f7833cfb52859cf6192003231be0a2d2f14214b5db465ffb70b53cb33e738c157860e99

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\png.ico

MD5 70d373f1bce82d3b42d222db2f0c9772
SHA1 e20459e9b436a189b1dd85753052a9e0df2f4cab
SHA256 8d4bdcb7d2e44b6279339e55ebefc6b131bfae46aab9d14f1c43ecfae7334962
SHA512 ae293428d4e596efe0533dd8e996f246896903fc0db5f004324e47f0160d12a3230ce2b695afda6a51da9d23a97725a0223608e894b806495f269ad8b76ece93

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\none.ico

MD5 a35b601781c3c4b209efcc6236e309f0
SHA1 301c422bea45fe7e9a2375670fbe00e35ee06f58
SHA256 29acfc7fa75b8cafdf1f2c4c323bebe4b93d5991bd291ade156699ae44751f57
SHA512 7a1e60b4a64f50380df225c5499fe47a8c72b1d00e5ea4237759c3cf38fbe6f5a2c07782d8bac0c0915a981f8709f37d8e5a088b17a89635d99ab75572e629b8

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\jpg.ico

MD5 1cf6cd446c13261908e2497c84cc087a
SHA1 b340ee6bbaf45f7d27ee1b87daf367d18c142a12
SHA256 798abd202643664ac555365b1b0904a338c46740ac47df912e35a1bc056d0059
SHA512 5ffcf91a59eff7b9a7b485d9d42998c0ee6d0936d3b300dda0dffca342cad53a5f41abb04c4c4e548e23c7320241f6f9fd394fcea83e2454271d07c93c4b98ce

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\gif.ico

MD5 edbda6b7768a5e66dbf7517e110994bd
SHA1 8381207ca4a1e37f03b592d1c3aa1ffa905973fc
SHA256 09d2aa91943c2dc7fac6feefd20b48ebc815e09323ac6305deaffddaec6d6719
SHA512 09c6ca90f2b7ef68a544fdd834e58710e3a720987866e07720ff6bb5439f585417dd14219f6b8e46f8c1a9524fcf1cd03fee647404c6943f8a9c919441faddf3

C:\Program Files (x86)\360\360zip\tools\360kantu\icon\bmp.ico

MD5 ef6064cfc8fa4ce4a0ea6411c498313b
SHA1 fbfef7d8e58bc4a593bac654989cfa8bf69328c1
SHA256 236cfcb64d0796dc56aa8f42012b1f1c5a348afc8493df4a3050f24dc40c2a18
SHA512 758fc77bbf28fd8df1dfc2bb3b71b91a68604f24b24a734cf877d48b30c603fbccd0b2ffb7f6e84636a29c55848d8dc7aa944396b449b88fe91825d153cefc5d

C:\Program Files (x86)\360\360zip\tools\360kantu\360kantu.exe

MD5 8107259d6bd169ea84132a644561b0ef
SHA1 b1098d11c31f46b5558c5b346f5e3e6273d8d143
SHA256 aceb9d8d270714d07e91f7ef19d9d34297502828b0677635edde3486e768e412
SHA512 be8506ddbd788496119a09d3201f55171d645a53744a2d6cdea91ac518defe017b45c8f3452950d8d303ede881575e9d29e80299e272970e5bf66022d318b103

C:\Program Files (x86)\360\360zip\textinfo.config

MD5 a9c850fc9ae1742293ac21ff4abc6cca
SHA1 0e85d56271d4166239c998806027eb0c650ee5a0
SHA256 fa527c914a57fabf56610f1e71a0f0b0715639382d1f1bd10654b7bf0c0c9005
SHA512 da5377d268260c58cb15181c662b68f186fd2f63b8c52dba43147b2ee714f2e7b987a992c994dc47408841bfdbd61e89873c3b27342a2a4d60e209b28eeed80e

C:\Program Files (x86)\360\360zip\SodaDownloader.exe

MD5 a7e873022acddb55e4922e2a75c33769
SHA1 a6d3df3ef5bedcdab4fb59fdc562bf9d56e8d3ba
SHA256 06bb07ccaf1b28ab07bf1f71fa3f4f1a8781477b55a16fd39a76484b0450e23f
SHA512 6f1c6b9be215d657063e6dc5524a45be489c3220419eb0ae0b68ddbdea8236fa334bbda0ebac5a99f6f37561e7596d55e83f99bdb5579d485ad76acbaaf139ec

C:\Program Files (x86)\360\360zip\resources.pri

MD5 d606ddebaed29c97e294375d1c210867
SHA1 ed34d11828ca006543d34d608dddde951be8b9df
SHA256 6a3192a5f56136aa7fb660fdd4702a868231f70bf5c63fc82ed6c9fc3945be20
SHA512 c996456bc05d8df8b87495f62b7bc38930ff1541823e19a222782b7495f0b1cc70efd2062a7c5f5e75496cb918a1f8a23b818dc7d63c21420549d792b639d9ac

C:\Program Files (x86)\360\360zip\resource.config

MD5 feaef0d6e158f142c562ae1e59baf68c
SHA1 14870a4dcc5a562c9ab5ec08e911b12ff79c9ffc
SHA256 d53e652269b65a12122a7d11cbcfa5748f120e8622cd6cab07e5f576459bdbf0
SHA512 fde44bd56f91947f8eb032c7ae01751661d59c03a234092c3bf99dde4cfe1295953ffd4fe2b4610542c8ffde21515e98fc52640256f21ef8d98837dd3f180de5

C:\Program Files (x86)\360\360zip\config\zdefaultskin\zMiniUI.xml

MD5 a74ec93247975dbaa0a16ce76ee5d368
SHA1 00ae4f14d74bb7a09b82039135d013a7487af4f7
SHA256 318a89805a03b391556fa663cc52874198616063f854e3508e01f7f426a4afb7
SHA512 ef76eed5d0388c4a736a5d1774765b59e54f6b38b65a6b940e052c4093036ab05c8c1b41af41b31d1fa4680735099a2811385e6501a750fcb82b3e709153d22e

C:\Program Files (x86)\360\360zip\config\zdefaultskin\zdefaultskin.ui

MD5 4ce46203731e107d29d86851b58c4f1d
SHA1 d38e568620d106a7e295ad0f20ca17098399a904
SHA256 2d5db3bdc76dd2544b8dc65a3da6a3f062d20069941f386b57df7856970445a5
SHA512 144e3cce3af010c868ce93ab3a12a2f631278e314c73bf1ea6c486b755b328fc26d889dea2810fd12f860bec85eeb1821aaf7e0e4c67ca9b36cd03e523cd2de7

C:\Program Files (x86)\360\360zip\config\zconfig.xml

MD5 b0238046e8176a492d49cd81574fd0ad
SHA1 ce81409b56b2ee8550ca31b442793bdc20485369
SHA256 a2d79ec6689988ee90255fe0c7f95875d85630038d911b1e9bee9e2426dfc244
SHA512 95647797359956c9706131ea61ac2ac94a5d6ced206d2796650c813a71bdf69bca0c59fd715a7cea54baac482a5483a7e12b9004a8cbbe28c8882cfd01936e67

C:\Program Files (x86)\360\360zip\config\zcomment\template\template5.rtf

MD5 5418c6856750fe631453f1282df49ff5
SHA1 f3829b433dd3f63c486d443ab4be52cd84d6dd7e
SHA256 6f8b7b9a9e3887841d6c3aa408791c1fb89b62033d4aa41861f9ed79e11f998b
SHA512 ba581aaa0c269be46b8eaa95f9211d1f7dafa243992eefb7ae86dd9153c01507088e6b2fd2ce2a0b435df04f4b91448e3c01505d8cd2f7326462a4b0ca048941

C:\Program Files (x86)\360\360zip\config\zcomment\template\template4.rtf

MD5 1ec22d5a31359a15590a2cb4c40b8e0d
SHA1 ecd809d57d97442901e60d87bfe3ba3b2a23d0ef
SHA256 5496bcaec92fcfe098c36149d4d4419bda84e8c10844ff366abba5eaf65ba728
SHA512 3b86076be54e2f6805c740ad12e5a27dd26dba40ce69d9479e8290cec996663aea5c96f389c52d2cd0975cae374834ac9de89e9a3d3de41f7a1d75295551eb56

C:\Program Files (x86)\360\360zip\config\zcomment\template\template3.rtf

MD5 5d8c1859af1b06f59d6419c2ef54bae3
SHA1 093d6282c71b8dad6597f86abfbd91625df30fd7
SHA256 17142f44fac293d44b1a620fd231dc68083757c7c5725a54b4064c2d66a0ae07
SHA512 fd68dff0ba0477c211bdda9493057713ab14d31d32aebb85f0ffd0d4aa217cdcaff71525d06644a18aaf3c772505dce2db44ac1582423b73e6f972f312366e68

C:\Program Files (x86)\360\360zip\config\zcomment\template\template2.rtf

MD5 bf3cd0f7701e1a9ed1500c3d2a9eabac
SHA1 ca173cd84214e726a797dd6da700c1247f26f4b4
SHA256 e98f1fbda90dee28cf6e3fd1229bef0ae7b2c18f1878b87fd54681e09ccde58a
SHA512 298d2dff4b3ca57fcd344c03478b4c6713d86d9eeb72f006ba4ea70a5753ac32b69b02bca2540861787e38cdcf0e3ddde18311a7afead1f40d37806339505c42

C:\Program Files (x86)\360\360zip\config\zcomment\template\template1.rtf

MD5 147c993d7b8faf2036ebfb2058dcbe33
SHA1 d0ecf29fa285be5c701ddb3bd49797cba70d0e20
SHA256 c9812cd6ff409783dfbda634fada8bc75a75585da7464564ee251322bc6087f2
SHA512 9122d44e86629fcd2ae8580592e61897d240dac220c5c4e876d15f3a789f1f0a8174ca5adff04be93327af74f410b7ae9e0ea9907ad5d4df6112eac5d53560b5

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin5.jpg

MD5 f686c8fb34d556023ddc6b2258234a2d
SHA1 f624c4ff752826040746a7a724d50f33d11cd0b1
SHA256 2ef010c2074cd0f5a21133ae532fe9b81639db00b6646e1d6121c3fe41d361a6
SHA512 cb870a2a6b2494c6935c8119701bee72719f5b17b9cfd7328732676f11725e34a3dd8d5325355f73b7eb9e9f2f0e1ad992e7a63dc2b5596db6dc9aa3b6dc7448

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin4.jpg

MD5 8014d59bf19967d6e7d2783369819724
SHA1 c0f66dabdcfa250a404161e975718a65eb80131f
SHA256 c25380d366fd95c625c77b0b6025f13ff6a4d2717e6e1660c07c0b086a38d79b
SHA512 464d20b3a2a320ddea77e13fc731e8d62c710722a637f663e6ae7348746ea4a55a0d8ee7d8287cade1cc2e1e8dc0848603fb063823c9dcd40a754d76f3e386e6

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin3.jpg

MD5 ad5be1790c2981990c9356478559dc49
SHA1 555f448684ca5d18241deafa6a790e4116d3fff7
SHA256 29efa2aa564cef96e5f2dd64279a6697a681f066443091d320f2b59642bb7010
SHA512 2c0092f336b1feb10cf68e7bf08322a87a5b2c9eb9e2a7c65ea23dd23b89402c3d37438f01c1e616612a60fe4a5bbd578762921dc7b935b90f6e622985528488

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin2.jpg

MD5 8cab43852a5677c00e949b92e9d8efb5
SHA1 879936e80f9798dcdd04ace231472da649ed3dd2
SHA256 d73fa1136d46266c7a2b5e418e1adec9281b0e42caa7741040cb7db8f7274d4e
SHA512 f2876d76ca6306a31a047655b676d3dfcae57326589a0e2cae7b14cb060601acb62fbdf4a84201b67e71e1b197eb5b7f6b96305703a8bf0ca8b23f5cf74d4f71

C:\Program Files (x86)\360\360zip\config\zcomment\skin\skin1.jpg

MD5 254f08b459f9586b5f396e1fd0bcf83e
SHA1 efb5ef475f068b126a5c1f99d32adde8148282c5
SHA256 dc75fdcdada93e82ea23c4e7f5481c77208325804824c574cc6f7591e4044ada
SHA512 ec56031569a91124de2fd9df3b5fea4df9efa6713757b0ee775d021606c378651ec062c2bb5ba84ec9fa97c45b02bdb8bd0e1e68312d3a6ce26bb044564eb92f

C:\Program Files (x86)\360\360zip\config\zclassic\zMiniUI.xml

MD5 e9844106f937813ea05329a07a32211d
SHA1 d420f2da0323fbff15ca0c99ac36906651e4fb8f
SHA256 9d71e8245962f8dbab2d76c625c9c11116f5aeeae627a15e459de08bbebaac0f
SHA512 3b2e6851077ccc6aa0236799a7170560fc9ee99b7a836f41296ae3c93826510ab0047b61aa46e2bf4a64dce6b79613ada98a17157940b09e60f9c5a1b9a0ea33

C:\Program Files (x86)\360\360zip\config\zclassic\zclassic.ui

MD5 057a5a2fc66dadf0db98341a3eb030ca
SHA1 0fbd2015aeae94d1d9938b170548ee8d7a8dc35a
SHA256 d95fc9c33785365c1def82629670ceb74396267e982bc9c8ff622f5f115ebdf4
SHA512 1c98b340f1998290750248389589f5e1849b891c1d49cb3ae00144227997ccc32a8b8893d6f8f08145c66c020e96ac38fd2e76c67d029b84d30a7c2b2b2d9c02

C:\Program Files (x86)\360\360zip\config\multimedia\zMiniUI.xml

MD5 25fc5338099d0746a4216c81837731aa
SHA1 e0e64dde7d311c521f9b0eb51069a3e975f8f46b
SHA256 c9f9bbe369ff64b25f8b4b4c1351578a488e237841ba56084504bcd5aa43f796
SHA512 2bf421b28ce6a848884c7fe3f1021dd246e2e0bbeadba7916382160ef0c74ea5a5508367cc774c8057dda45c0861f2385213c77194132de2449ccd22084b747c

C:\Program Files (x86)\360\360zip\config\multimedia\multimedia.ui

MD5 e2f27b6a8cf63e9b57bbe9b3772f4393
SHA1 44301e0a26a1b144b35ed43817930d0574aaf7a7
SHA256 c8cd793c87f944b41b66aa6e47ca3033dd1c65bfae4a4ec73cd80d5be484ac71
SHA512 b446d7ecc237b9dd909698ae386217cc84977ffae2fe35cf0fe9dc9f6f598f77123b5af3cb1f5930bc17d8a3e9738c5a3dfc7537f301075f58d708d388664eba

C:\Program Files (x86)\360\360zip\config\filechecker\zMiniUI.xml

MD5 554cb6defc7c261fa6806d374341a993
SHA1 5ab3f52bf2013241b34d8f3e9892f251120d9ac8
SHA256 579cfd4811acb9d3157b413a20a6607f920119c19d97a985600fea6e49417d39
SHA512 a0cd30d3e0d41f921023c6ad314380bb5353ded2efedf6d53966a198188c5a1079bdd0ea424c0964908a2d92e511163743f8ced787e14a36528f744ab7b851f1

C:\Program Files (x86)\360\360zip\config\filechecker\filechecker.ui

MD5 50e070a8369b5433f3e0d92bb95258fe
SHA1 63d13d87d01970548a26aa02d758601e4639c3bf
SHA256 b2cc3a90049df74b21ba9e643cf72239d3dc784b6fce3173efd160ee3fbd02a3
SHA512 336b1f21609d774e91cdb4f64d928e06f0c903802ff485ea8156619fa38e211a50b2f0edae1ec938f6184779d747905c86c3d4eadbcbe6085b4fd2530923470e

C:\Program Files (x86)\360\360zip\config\defaultskin\Skin.jpg

MD5 5d1059252a64312d62181dae70a16ede
SHA1 f17c67e0bef6607ee0521a56c08dc1bbb0e941b5
SHA256 c3283eaeba5db93fd5a4f6ef457080c86822bc7b51a85284f46c98e1e6c45338
SHA512 0fa4fd465cfbcc9c362c9319d4e4b320283e2693061ecbfbf00f9db1fdf6bdeb2b27ef79b31da60bf8d1cbb71bd5f872945339a42153a8e0994e610450a99c6d

C:\Program Files (x86)\360\360zip\config\defaultskin\MiniUI.xml

MD5 59eaf6065f15bd0f249352beb05498f3
SHA1 ce050454ed4f43df114c0fb02f53f0e5b5c51c95
SHA256 6cbb4d0c5918e0d193b3ccee73b19a698d789dd98283acbed7ea4094428ca968
SHA512 a01486b2a8088fdf261682c07b525dd30493ac6866ca35ba2039ab696cdcc5f8b94d3ca2c2def8a75fdf61698a03e288bd8aae65bf5ddafdf626dba9c533d266

C:\Program Files (x86)\360\360zip\config\defaultskin\defaultskin.ui

MD5 1ea59a9ecc0cf9ef04684060c4795130
SHA1 795015fc3cb30a61db435a4e4e150365ef4e9af1
SHA256 80ab0b023867f517b21286b49b3c0c3546c115f086acd6bb1cb0ae65eeabedf2
SHA512 9c8001d40eafb6d0a53621c1df10a010efcf985489e847572e058eef0767d5251a7cf1a43ccb22c7fab319bf994a9f82227837f2229cd59f1c7f57ef5f1e613a

C:\Program Files (x86)\360\360zip\config\config.xml

MD5 871e0b0b02e22486fa1bc9d174716195
SHA1 f2c811abe0fa3d865f04f53bb176a0817fcccfba
SHA256 4d8ce759afa09ef93fbe42b3f27028572497f4b3a6de86aaa83d92eec0e3eccc
SHA512 3208ecd4f476fd9bda9962351fa09256fc566446c4691f7fadfeb761075ca474f227ffc23e0c11f30d4f56866060e6b89caa53a0651a8db970b5c1616dbbe763

C:\Program Files (x86)\360\360zip\cloudcom2.dll

MD5 6d78c74279e72a0f7dfb3ac0f2d581bb
SHA1 72e906947d3d42750c78b5b32457f3936bea60cc
SHA256 2f022ecbdecc367bc070bf9a76f5cc84970067d495e55a563ab25fb995631bdd
SHA512 30a642a7103921470476d03f11d92efc1f8d4e38bfd691af4ed5ac12e0008dcbee1eb50e3f0cad422226b3d34a31701f01bb84ba96b3f27e1602d1a1f634733c

C:\Program Files (x86)\360\360zip\BAPI.dll

MD5 ba2f452388824c72e87531fa1cb39ab6
SHA1 2ae92e628459f4d43846a67dc2b5a942125065ca
SHA256 5b0175f57e6fd913be4b94f3e37d62422fae2590320d6df830515cd744efcb25
SHA512 310d396f76be736cd6db7f7e4332a669fc55a997214e60e38d1a01039a31b7eb1b4a6ff238767e7926f911c48f22210810e9677ad790a9c472aab1f4dec90b92

C:\Program Files (x86)\360\360zip\Assets\StoreLogo.scale-100.png

MD5 650a35cea41fce99457ba419be441f9d
SHA1 5ef3adee1394b45b659612cca494bc96e5d706c4
SHA256 4fdb9d97d8f859eecbd66bec2ec0e929de4b7a2e5d5ba915e987f946b1578bb7
SHA512 bfda7d2333920004b4e952e3b4dc08e283cd34c21bd57765413330af2c3ffc24be96ee2b56202f0a2ca79b5e95599f2a4abeebf880aac32c32c0755d456c063c

C:\Program Files (x86)\360\360zip\Assets\Square150x150Logo.scale-100.png

MD5 deba18f2a8d496fd4762b99b38982d70
SHA1 a86064daf589d6cacda409396a6d622a93c40a3d
SHA256 58d8b9e6c5081324d5d830f24ee01a247b1e46b90b2f54eb597e589df79156d9
SHA512 585e0396822a46129b58960c38b54de9fdf3a55138ceadb757f50e911f07acf5d8b5d5c0a8fc1364a72b15eb799a29fdc2971428b28e0854483cd7d58da2a2c2

C:\Program Files (x86)\360\360zip\360压缩官网.url

MD5 c0669c8febaba3615325feaf279ec606
SHA1 e229bf415cc010a1288f73209206d9290fee660e
SHA256 602a8969fd04598c38c25d16c56322a41727213706e4e85124e12544a43f1a00
SHA512 e1b524236c5bb08539288609633caebfceca1b0fbfc28654a70dc5c3c170b5be39ff2bd8219e99f10affad70227484df326bf94d825726e689ff13a266e550e3

C:\Program Files (x86)\360\360zip\360zipver.dll

MD5 77f899bf224e57e855c7e10461bdece8
SHA1 85b28a35f820572538e8b98bdebd3e05b7cddd17
SHA256 78f6b4da7bd10b2b97baf4e30a0294391d0efda33a4b44a09ada283dbdc7134e
SHA512 fa0d2ae489e67f8af81f7e7ad5820fb490feb771d06dc5002fafcacda12b9721c53663827e2aa4f0412d5613ea8c86a8da31458374b9e6b8e5b1cbfd10bb7a81

C:\Program Files (x86)\360\360zip\360zipUpdate.exe

MD5 93313327e4547a3246caddd691e2c21d
SHA1 d4f66564fb75e8338974d01055421f773256a324
SHA256 92f89ca56855e90a825954e058612bf76d88eae89cad4fe486617f9563a16c11
SHA512 c8bb6ca282235f717031ae1ebea527d816ab47b24951b7d8c1b2220ade092bcc4abd8cee6d734b1b4c3a0c2e5196f7d53cc5a15c194dee46a00e38d4b5cd5c91

C:\Program Files (x86)\360\360zip\360ZipSandbox.exe

MD5 df652fbc390378bc3fa2e7a698d13300
SHA1 d02c9d387a5030a9a75cb8c7e2bcc28c96dde3f1
SHA256 5cf3c02cce4006faf3af6146953415b1d79a4502f6c0c4c08c78e22922319972
SHA512 e6f7c0d494154dad3f33de23bce59c2b6942f2c61d4d3ffc72f0e5310396bdaa43f8df48d76f49642f7a12925b15a6e25dcbe3456cf2bc47a436808d4b138846

C:\Program Files (x86)\360\360zip\360zipPluginMgr.dll

MD5 6f61f508c3ad9cb6c9f057dfe926e039
SHA1 a55ab96fa41ebf6ecff39f34ede72c0f503b74c6
SHA256 46e5ca7a70bc341e408282ae260f57a302e10f9b9e54904f413c2b48dbf4a318
SHA512 08117a1e1d46ee46991b6388ac9db9a2f7a838c3310ebf0a7340d43fb298a90f6b27833eb1ca6296a6bfd059236e63f47007114d2f9b9a4d8c4686f057edfe1c

C:\Program Files (x86)\360\360zip\360ZipMgrTray.exe

MD5 1ef94776fc2c323f3b6eb24b771ea0a8
SHA1 b19199818ced8ceab2931dd4d8e2b3721862a303
SHA256 6c6988c653b68b47fa13a5039e25c663b16c89d0ee086e963548ab241ba61207
SHA512 991e10fed337e0db482d1050c6c8a4a8ff6d37082f1aca0f895fbc90dbcfd39a26ea9159c288a4f7743ce499bb0d5abd1542f32057a10548b800977a1018f3fe

C:\Program Files (x86)\360\360zip\360zipInst.exe

MD5 958955a9fe29891363fa121aecba48ac
SHA1 6a6a576e9265562c3eb6190e5edb1f19b5db7366
SHA256 c920cf546739de6731aa628a391fad7c35b198fdc61a40c9046aa6edb646b0c2
SHA512 886a0fc287e8483bd9e15b494219cc5044f76e9111bb911b5cccecb82db8ef8b3dba0d2338600a4cbcac41bf30daf92eb6042993ddfd92d160a82034bcf7a270

C:\Program Files (x86)\360\360zip\360zipExtW11.dll

MD5 9c1adf7f3aaa423c30edc6208344c118
SHA1 c0b300925a4dde9e775040257a9eb1c48fdb73a4
SHA256 ec5e27fb5b2139b5d4028377f3c31b66f2369423596cadd987fe35f1382263cc
SHA512 0a5e6027eafed4da147e99f4a70ddaab39c009a28d3f8e7409b57fe4ce9a5524a1eba45226f19c056c0ddb50345055a5cb0e2219ea2cae4697ffde8744f57748

C:\Program Files (x86)\360\360zip\360ZipExtPackage.msix

MD5 527bf1ca46011c5c57be6cb5bbd06d41
SHA1 9ef6a5540657a3a26b9c723f1344f8bf097f5a67
SHA256 be58b0eb21c9a4d575e377bf46d0582f53ef5ce684146d53d34b3cbf1d00ef55
SHA512 9ca9597db96fc5ab6bcdcf4e3392fec6a73d816146c5568ce689ea373843d4ca76bda1ee2f37224e735292a6795024c130ae7ebe5e76677b9475464beaf31d8e

C:\Program Files (x86)\360\360zip\360ZipExtInstaller.exe

MD5 9dfc29fab503def1ded0aa0e9fb96daf
SHA1 1f9962439337a391711d1b510769e1919bc9e72e
SHA256 fc59ba49499b0f4664dd4ff4e0e791c6000eade5cf2ec5986f2216b71da9205a
SHA512 a30ff21f7aaf1708f15f21293f19ac14de4136e068d35e299436f5dc7a9e459433ec7f7b8d9032616c944ead8d9ba0f13c279307f7273ae2312a12f2ec2b9295

C:\Program Files (x86)\360\360zip\360zipExt64.dll

MD5 b843a6374d7b113e414e03315597b567
SHA1 6e54e103be6daabcdf16f7946293891e4895cf9b
SHA256 74c385728cbd55b5a4ba43fcb84708a9cdc9add9abf2776effe1f7a70a9d3215
SHA512 e800cccfa04eb27d265a1d149f0d3e0a855c582662247a3c9c519e70148dbc94205c09e0ac6eadcc1fc8fc2898ca201b0f0cd35fba9a6f604d541545a198331f

C:\Program Files (x86)\360\360zip\360zipExt.dll

MD5 f716653f2ec2dc376662f8e7d4a9247b
SHA1 9f4e8bbab3ca2179489f2877b8401c99ae6f5f7c
SHA256 27182a2fc94552780b7128db7f7462da51419bb8b6b0e3e332ab2b83f2571fe1
SHA512 f6805e083c6e9751648f38232939d49c826aabec554d4af1b5c77c3299ddfd2c068cb49c30edc67008013420201a50f708437d742f91b9496305a7ef6c87610e

C:\Program Files (x86)\360\360zip\360ZipChrome.exe

MD5 b9425e9fdd489af3f410273e4d13178b
SHA1 143eb96d332d0d1a75f2db957ca3d16cd040f71f
SHA256 59872aad8689fe8ceb7b578914ef3a84bd5cdc1bfaf7077e779984e652237e56
SHA512 34e033f9108724bec739a7a612ee3ce4fe29f51581dac2c3443689700c16bca665ef79b040ffae4797c6ce7e0540a2482f2f3bced279bd8a242f21671715be89

C:\Program Files (x86)\360\360zip\360zipc.dll

MD5 6a3bc3f8ef79118e8e224945579c3a69
SHA1 fe9f7c007b86e63f2ebb09e4d58e5892d8c433b6
SHA256 e3be8667e699a24a8d2514f3289a603871962387463b26333f0a265e74eb5ea1
SHA512 5b823183b16add1c70e0e7a7f6ed65b81bdc93a5978438f698ec2eaad574bbf5547be9d52d731b8f6667cd3f609e7747949409f0df96d18a6a714fe99910f134

C:\Program Files (x86)\360\360zip\360zip.sfx

MD5 c0dc3ea79dab77df4e5cc8dde00b210c
SHA1 edcc39660ff268c3e91918f3f6b70c9cb51e5e61
SHA256 179b874362fdd6d4461e6e5704f7f273e4cc0d4936d4a9787eaa52f7753c3a99
SHA512 3fec3e0fe91e88bbfcfe3d1174aa81f08b22d09c844b5a059b44871bf53731ef9ce23eca91046ca41ffc4570b5ad823f574ef0b078e5d2767b98579e44db1e76

C:\Program Files (x86)\360\360zip\360zip.exe

MD5 60ff306de0cd7b3dd4192c9bc1aacc0b
SHA1 d43255133060d90e1ddbd54c67fa6c6b30aa92e6
SHA256 1cfd2b8fccdffdf9de9d3a8c88a098b1266037d951c617a3c2765bb77aa78e5b
SHA512 fd3f009a707698b519096baa74382daac80defc1747a5027674d266a3b72cd499e22de70cac29fe74e031a25696b2fad936f0ca4a16376a5957a7bf9b64ea4a3

C:\Program Files (x86)\360\360zip\360verify.dll

MD5 c6d8d10683083094a44081cdff3acc89
SHA1 7fbe2de22d6971bd0e250b98fba85553203b238a
SHA256 ad06ba38f929be5d3527c2003f3fb44a457d77e4ad136c75b559f84d1d366ee5
SHA512 1f3bbe36d0650171920dbc73f4ec4775aa6ab3154ada2d1f47e71732cd56f4b0d19b740157dd86d687b19c8256a48ccbbfefe0686a20e2301c1041f38985ce21

C:\Program Files (x86)\360\360zip\360P2SP.dll

MD5 d8f05469dd3ca3fdf9665ee8452afd65
SHA1 844dd5269e5b842ee1dc851788a8d4d5ddfb5bae
SHA256 090d9b8cf0aeeafec638c1a0c869ecb4d56233fb9561129f2acbc34a2ef471c8
SHA512 94617fd1da68f7cec807ecd1ffcdf2582da67abac6f7f99ca59936d069ce00237b81827ea3d9b9e73f84c4b7e7de0969f7e0804f190b619df6dfbece1f101f65

C:\Program Files (x86)\360\360zip\360NetUL.dll

MD5 2586f41adfba6687e18e52b75f69c839
SHA1 88d1099afd28ed6c3943107904dc766bb509ec40
SHA256 e692bb1cabb48bd7652f7fcc17c10f0c421304677128e199347ca54c75340ce5
SHA512 b16bd522fd69f8190362e4003513cb0401544a5c89bee6b5eaa569e2262e88f405d9c84425b3cb1afd74b3d2771062e37e7ac367246ca69686c8414632a17f06

C:\Program Files (x86)\360\360zip\360net.dll

MD5 93779ad3d7a16ba57e879e97c51887f3
SHA1 dde56f6922b62ffffa6922c28bf2191a9d290cb0
SHA256 b674719b87562da677d8ebccc8829a5cf8ec5822ac65a49ed4ed441a919017a4
SHA512 c9a84e30316686ad6789346dc4c214bbedf577191d291e9788378a6a123c7540b5c85bd1ed16245baba31b1cfce038034e8f01e0a09a0934f3ce80f3a0117fd3

C:\Program Files (x86)\360\360zip\360ImageDecode.dll

MD5 7b6a55a491ef993b4d0e8364f3d767a3
SHA1 afd112d3a7181eaa8791c236d7bf52649eba2571
SHA256 0c32df910f368011fbfcb50e2c7fa148ac658c1fc45398a8b1849beb753fbeb1
SHA512 8e905eee5c1df4c2d1a911d6494da6928582c7c3f189de19d4b82ab76f0699687424aef418eda6640ad2f7177fa7cf554f587a49d27d782f67dc7150340b845b

C:\Program Files (x86)\360\360zip\360FileChecker.exe

MD5 7402ff49bdd3adb4e067d6601e9d5f97
SHA1 ccc8ea05ef405f1cb85198ec408049538830269b
SHA256 2692939b640e41300fb54f8f31a2faf1b5c09e025cb08033bce6dd0d9020d6bd
SHA512 57c6bbdf67af69319fa7e7b4a8ac69a7268e0b45544c0b8099f7738dcdcbeb90b46a1cbabba73809cee259da88dd6afa8a6fa05d7ef942a07d09aa0c7cb1b674

C:\Program Files (x86)\360\360zip\360ExtLoader.exe

MD5 660541237357a95b6cc425a4af9f769d
SHA1 3a3b332d63b7c346599f800b9dc6d51e7a087937
SHA256 61d2258a87a2d3cde2f9b3bb067a14bc99421cd51c452a3ba47276d6df89ecf5
SHA512 53c46267641d5d7bef7d4c9e92820cafc80a88ed9aa2b24b279500124256d9a41ff139ed3f572a0f1afae8b905c7dad3e554a1d198f03af76aeb256ea953ac11

C:\Program Files (x86)\360\360zip\360Common.dll

MD5 24b027ec1f895a84fa9766412abaa20a
SHA1 3cd74a5acd6b4e06ab9390e1d4bfe9371f38136e
SHA256 04af0d72b83ef8372b282ba4b0aa21b36b74954b80bda1b6cf2b84a13f4107f5
SHA512 efc5fbded3c984a64ac2b4514fe6ba59ab426092a3333343471b4cbd087dfd6b679790d7f25cb37dee88fffd3a9c602f03b49c471c23ba03d58e078708a08afe

C:\Program Files (x86)\360\360zip\360AblumViewer.ini

MD5 134da29f5b50197e3a9fb596bb72b107
SHA1 554504eb4019db8dace1ff783aee20982d97375c
SHA256 42debade657490554a4341bb50e4acd0c2462ba2f826f8e6936e9a678b33bcae
SHA512 0b046343bde05774ed6c53e1395f7d893e69594273822298855696642ea96d700548487e8707e2325482d177091d11493eefa025b3ef347142e2d529088b547a

C:\Program Files (x86)\360\360zip\360AblumViewer.exe

MD5 022f736520e7c7c768ac79f5f1aba71e
SHA1 09bb8ce12b2ab61f60af7817360e91ade085c3e7
SHA256 82f71e60ca952433772a5272aa8058df53f17a1f43e855c23104cef25fee9024
SHA512 7facee4f09dbf203d5d9ddbbd5be1d000b9ded9b9d845db09165e0c97cc77b80ef1d578a5a4db0385dcd35115b5e8bb3f9c50f0799e4aaf1d5009451c45a31fe

memory/1388-1450-0x0000000005130000-0x0000000005149000-memory.dmp

\??\pipe\crashpad_824_NLTBQFBGQMEHOFAE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 b0e1b2855c8b365b80a5b7246176814c
SHA1 b41d88efcfefffc4ce53cad7e38628b165cb95a9
SHA256 38e8507fa5a01c9a480144ece3a980763bcfb02119b86c5748f06b54b06dc5b3
SHA512 21eeaec0aa56937a155fe9c8158191beda22ab5088412b5bbb19330675cf70b552121859163bbda073fca41a19fe275495911577be0efe1d1c388582c3f1d502

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2e33449f563546714533ea2e7afcb615
SHA1 b724a1cf13c7420df156289457f751ba8996ab6b
SHA256 d22c8d091a59fb7e2c8a4b878d2e6ef8ca4cb01fda1bac112ed830a3cceb4d3f
SHA512 095b828601db3ece5e5b167df46a65c9e883f5cae3978f520f58baf3b3b58969577550e4270de293df9206c3be273ef544b7a320b219a565983f3e013a298f1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 09bbf185ad3d7d2f72ab1fb7af4cea93
SHA1 bef4b92bcac7763c31c9e978f14e04f482de3259
SHA256 209e78a90a9131def54bb14284aeaba433b554756138d2cb99549e719f043645
SHA512 4a73289999207646f062821f83b7961ef684b23eaf67b911eff024f3e98fc1b93ad79b9373d09ac7fe9b81d97879526eb8dd1f004d7f376e0ee60832ca143fa1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5350801dba201a98a681719b9b0859f7
SHA1 a6445d9398438c667143c393672949e8acd2454e
SHA256 7dc9674f9955bda3f735770d3527b7c7aa85c2b855c00b12ac0214e53f8440b7
SHA512 6a1adb70f81112654750cc2f62916d17e2f12aa8852e3d5278c5d0c5c277d86bac592b3347e1a99968b62c3ddb4edaf9755a8577e84cb3c3463ea5b6bdc48079

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 2a91eef34aa818742b48e86701c4fdea
SHA1 b27082001c06a82beb18977207a6eb0938c6518e
SHA256 60f35b63e35dd264d4af9d77b53381330b5edf070e9cb1ee079c5ae11513d258
SHA512 59c9bb96be90533f934d33101b50fd9ef2271c02ec2154c5ad1667bbf2be8954feee920907687756f775088e0d81343879aed6aa0b4e3dfb16515fe613ce92c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0c84ca9a93489719215414b10d1b2ed
SHA1 fb6eda64ed9db932b9a095bacc97abffe8c36248
SHA256 5a5e64f563903bec6c4a1c9e612e80d3aa3558144b2de5e9c94e7dc6d5da63ee
SHA512 a42e00a7ef736060710402fbb9ad1f7248edd1b7130aee8b586b7e40158847868114f3b58f29ee18a2ec6084198aeffdb4d42c9c1dcca18b0169070f5121c4ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6926abab5c04d18818f244b4598d7da6
SHA1 71aebc58092b624ed21fac6a53d2d08706daccfa
SHA256 640029688d343c1d2eeb34a2c645ae7efc585cdf0f8382f93c38ec4b7b8bb536
SHA512 4df78b682d581c39822c200e13e6406c09aa4e31bfab48a86f1bdb4d2a94202e5f5f58af78bdee20fbb57084bab03220c8ab86c7a98a6673705dec4c61cbfcb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d7ce6373c5691d63d8d2db98583a775a
SHA1 1c095eabfb740c4641cc79a00a064ae3c47ba734
SHA256 eb00500589d1fc1478e80683d9f4dcc7421fb57836b6f893fee73222c5cfbe66
SHA512 a2dc0637ef15a74dde6980648e6102a76400a0d1543bba32c4dc089ceb8702fa068b6d9cbe44cf4a4a180b4575fb60130805a6b02cb9fe5573760d26bb4e6042

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1aa12e1b1d98cb5434e2f81d42711fc0
SHA1 233763a33f1e2477d3dff69ca625b92b2e67a034
SHA256 46e3bf3f8bfb00ceb2604dda6db357f78bd4e66e6220b87c03ab9223de4e8f0f
SHA512 d681e829e65e649e3ce80f6a31dfb13ec0624708f9e4aed5e0ed059c5688249aec8e2ac8dde27079b3feb2eeadf6a13f603fca5516b62682bb35b2a6058eb7e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ba138ba91d8ea0b7244a76c97fde25e7
SHA1 0d7a6e64ff22966fbb30f1ef39f25b3b9430cd62
SHA256 82f39731f7c997b1f77d13573298a7bc368d2dc9a43958e828da43c9ec278987
SHA512 f9a5b19560bda89d168141eb2099dda653942016f442a91224d8881801b23563da4fc893425e85745288b294269bbe7ad1704b7a956e187d2e3301877b85453f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d3904c01d2ac629d9e0103133bb1a424
SHA1 699e841228a228342d4f7a6fe63d1b91da92a539
SHA256 0c39f230c4f89a48074b2ff59dc8fda393a36db12c88635b7215bb2a8f45ff38
SHA512 7a9f72e97cfb829d20e73a6655aa9cb06b17ef31a773a248d9d7a3817a152c20049ee83b7f443be81b92291bdd4c362cad88074efe384c2a9dd9e6ceb6b1d830

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5d3361074e9074d3b554c690f4147706
SHA1 1338b61b163029e6ee8930ee31fbd8e2d9e3198c
SHA256 e4094bff91541fd7ad226eb875e7d6b0e3210902c2012245d69bf2c3e9f97e55
SHA512 6c108eb0069b67512591476916e79877537faf68a673b99426809dbf3c42478c15ed7c1bef657d9fc9f394a1c4d7f4bbb53fd0192d8652004a91c975954b70e2

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 904fb2c5cbbb57f2b97d5484a2af92cc
SHA1 15751a511c2eb7ea79b1ff2f0f6f73b0510d232e
SHA256 9d636e78d9d1a388bfdd382ce829f38cc4949cf6e7b7691ca409dd9e6802bb27
SHA512 3032acb01a9e4b9e7f08364a701cf5436af4e2aa0bd58956d92578412c88464a4b365fd5e7db312b637ad50d6a66c890a97fc1420d46d9ef7a467a8caba9a93f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 62b6c63af6716f8cd012dc72f551a70b
SHA1 727f418bc8cfdee45d23b4fd91db960ecc77aa2f
SHA256 2980f8809c71d1fe0f115648c58b6bc6a1df23b3671b7f359d1c3fbbb5cc1501
SHA512 d10b1a72710cae6325af40f914db9f9ecda6936581d337f3dd2c182c488ba94cfbb8c6bfe21dbc47d0a589dfa0e96c270f7a6c823db6f8405c76cb5f94fd27a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2ab4180a05c117339e4136fc6043f745
SHA1 447a014d512b92cb629eacbcd18b19214feff3af
SHA256 f0308e4350d355823baf5ae135288a04378e885200d823d7b53dfd0b4ed04046
SHA512 7d426adae33adffdb1d8bbeda501aa28c3cebe8435d5382f869cd468339ffaca7f95831d9641c5c42c0458cfce0c09b564514ee67dcca13da752a41d8255f6a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 27acd5d5e718f15d3d265f9cbdbda90f
SHA1 80fab1c82776bfdef221019670bc095b22694dd4
SHA256 5fb080854625343633ce19be812fe6eb3e6ab71cf5087c847bd5e0251e31ebc2
SHA512 286d6c58ba182440d0b89e3246bac83d6770a71f820d6a8df2e75195ae985e735e5f51b6a812f6340f371171d5b006e02724f554dc195b944a0777237170a166

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\51bb6e94-0997-401e-84ab-6fba78bedb6f.tmp

MD5 48dd17916d99c4d3e018d0fcdb124e99
SHA1 521a9bad3ec8278370f1392a8ce41740a348c855
SHA256 2f3b6891414be0fec7e35b9b548d734ffa859042b46af4c724c3fd02a8f48792
SHA512 1ef9e3abffa8aa180a2fc5821edbbfa13d4b438a047053aa320e20f59951fe2cde397a93e78851fb60949a93d18559d68bd02f57bd781d143b8960ff2f81fc50

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 44b4f9447d9dd85670de32fa660b05ec
SHA1 f99e5e83c7f3bf3331daf89194eeca7e0a99e674
SHA256 fe1bc66199e6124d0a3dfedef397689f8cb833b6d331d7aa304ea67aaaa5bb05
SHA512 9abbce90df42c16f217e92211a68255b1d66866519136077c2df1954a7fb0718c60e09040dba23f36eb3c368ed9df20f42b477cee0da5ecd404025aad8c90115

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f182662a32fd0144dda1d34380889590
SHA1 5e42a23a46f0d83a0843142db5fcbe0a6ecc83bb
SHA256 f5aa3f0e39197ac781532ebd68909940c5d26eacb984a33222b17b787abbf01d
SHA512 9aa2617264306209cec565dec320266ce0bd12123f3addef6f85e8e58031420d0e2952f6b44b9d91627f4c25c8c3413475d3dd982a8f5dca3f69b06eaf4cd489

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b98aa8552af0aafaec411aa88ef6b457
SHA1 0ff6b1373d6da5c26e2ac84084ed22d8cac58c7d
SHA256 64cfeab218490bbe9242f582932de230c3aca40fd96e01bd6aeabeb7ee1e3f82
SHA512 92e9f91c3dcbc4b26d59ce4d96eead2b9d2710aa3696a9d5f5bd6f6750014ed2a3b7345205777fc4b8d68112201f205ceac2e4496197f78a8b711011aff88f26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8380ed586dc4355b95bb89319d11d74c
SHA1 31a803de680a0562bf420d855a20548904c76825
SHA256 328f2406c7581b90ac6f4bba1956f0ecdcc102ac35bf6929d99df1a7229c4fe7
SHA512 edad6875a7da85a372588cc00169c451b76d00b2ac802c20c0494e07c0e2f04bdf500e29d44a4ffecb5159171034f4af6d293008a59e495d712f7413ddbf671a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f09e65ed77779dc49c53777d0fbd7907
SHA1 e5bd5a0d3222824a172e0e9e7fb2c41113f8eda5
SHA256 2bef188bb1de5272a2cb428b5fb5f19ed9f97432cdab32afb4310e8a2ba47b1c
SHA512 92224ac978dec707730bdbbbb711fbfce0733a246ef7c08f9c972fa327771d6da77a29058b79002283dfa5b978cf5f9373d6474d330ce022f8068c8d6848c01f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 461bedc98a455cb06bce9ac56fcc540d
SHA1 af79687bfcf43f44e9e488b89f297168f4ff35e6
SHA256 db89076f9b3e8292676444ac32333a4d53d98882b92b828b508ba7e761a7c822
SHA512 1b410a3333242ce0ba37916506dbcd37c7032f2d267a4cc51280db827a1668748663e9947cd17807872ced3adb3c77f925325355f092829fa57f5a26e38a795d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 540ea57bf04401a25173ab28f3b27739
SHA1 37748098a22873274ad8b79b9c95b51fc279650f
SHA256 c22c53b1aa0c61c22b18186c1f66892858de65f50173bfdbc2bae57dbcb96236
SHA512 b7defae4fa2e3531caeb2051c3e6813e679ce605df24e0e28ec3109ac4a2e323858f87e87c8bbc9a561c7d5d2fb835fd644c78f9e7bc6fb9dcc6e49b424caa89

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 b41c0c5987ee1f0acd8b2ab70bec5f3e
SHA1 17a24ea04f6c1618e93ef16430589dad780ad186
SHA256 4de0c4488d2196177c97e5750706fcf6f454f21be15a73b75df65e09e9d8e4fc
SHA512 d3e9d4a3f57e5b6e4dc14037ed0e4084865a3337cffb3bc641aabd5be0a8b9e817bc3a9246ef65ddaba9abef0318550421a61b80935c7a281f262f7987ab243d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\22ee7b7fbc3651a8210f1437e98696bddb902f99\cc8395a9-15c5-4a5e-b9e4-1837e081ab17\index-dir\the-real-index

MD5 4af627c48d6f22a641f93bee92c70709
SHA1 7b318f42a83adb313f3ddd6c04ebcac40648fde1
SHA256 ea312692572b124c48bc8b6a2771516eb9bd909f984cd131ae252bb034cc6ff7
SHA512 b910769009163f788af813bd92d08b2f5488c88d8ce211ea3591ec47b856d212a39ebce572a30bd0c9be9dded5866dac6714579354dbc8c0c49d820a0bda3069

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\22ee7b7fbc3651a8210f1437e98696bddb902f99\cc8395a9-15c5-4a5e-b9e4-1837e081ab17\index-dir\the-real-index~RFe5ae495.TMP

MD5 18e2a67690d0f02591c163e17f1edd4d
SHA1 b557b8a1c78824d934ff84053d68ce3d5c237045
SHA256 6e2e1740f66f4f8ef42a44e726d975b0845e57ddf40255c7aa0636fe9837a38b
SHA512 247e69cbc60ba00b3e348b4e211e7efaf3acf684cf809d3853f19588270c1b59ca52d4eb150f3f0079f0ad3fee0f432a5703fc7cf3848393a3485dce3b8a77d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\22ee7b7fbc3651a8210f1437e98696bddb902f99\index.txt

MD5 60398ba2a6646175e5198a30c8e1e2b8
SHA1 c164d76f4a7cdc8a56c7f31b92c7cffa4a9e6345
SHA256 f18be90a9d24db27ea0af69447584e2fdc1bb1bebd3a751847798199fa8fd62e
SHA512 ae555ce5f5d0bc849d7437baa8c56a7feb5f261a427ba968e88a23bc605ddef3156cf057e0804d90765f88536f18f97bc2b4cd9a5776d6429e3daf4fcf604b3b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\22ee7b7fbc3651a8210f1437e98696bddb902f99\index.txt~RFe5ae4c4.TMP

MD5 49e334fc278731193b38ac2a834c27a5
SHA1 39c60a34325fe6965c89cd238859c0093211f7ac
SHA256 00a42f09f850d9dad33e1b49d926cf8bc8ad74749bf37c6083e191fc78a9e145
SHA512 803c5a54227463514def9efa004b62284f4d4a88f597605137ff8b1600b5cfc943f41e7a2673e0bb4622ee5a8186b8059ebc9d4716b5b9bf70e491e124095bef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6d0af3c093bbdee418d41b356d003013
SHA1 f907abcd801c14746cd2437cd697700eaeaacc86
SHA256 13b9d57b70883a6de2563eeb0f39e61258fe0962f3c444031b05446435776a7f
SHA512 a71de857cadf35b0767e12a41afecbb0f20d6b8a7b47d88bf81b830103fef06ad277b58f1eeb4ccb470525286323ef7ea85c58dc649897d00b255d4d16a04355

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f5d810ebc9ecd6da8321d6b05f9c51ff
SHA1 c91803ce500b31dd739ac43d849175a145035b2e
SHA256 ad17ad60306992e49e1c37bcea42b411333fa25ba811812b76e49101177e82e0
SHA512 fb9d1bc6e04f32b55096b571bfcfa872c447fce5e93275caaa2cd15a838ce4d703f9807d47f349c7f38021283ae305c57b464d1027d49d15d66375ad8457d77d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3d743ba96e3bc45e6a5273503e98ed30
SHA1 395c581e3d96e47b0402ef52f8b3d00aa0c7e147
SHA256 a27dcac3d7478dd67d6621c3575b25f656c4ef8e365b103a5991ee4cedf742ee
SHA512 97c9a96784af8aa2d41f0fc23dfa405e92d6137cb388f87f1a0dd8ee88c81c98c3e5aff9e445a41c257e115f0e3866984dd4bf090f100b8351663d69e001a3d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c928f59861f7cef6af38efcecb6291b2
SHA1 c9a980400f744bc74b1658c36e087ab8b61a48b6
SHA256 73c83c73194d5bc12b4b3744dec97a84dd41613affa4bdf4be611cf8aafaaa00
SHA512 8b8a25f362c246fe615ef641d6d14e442479683c8b8b1f5e0977679bf609fbdac216caf617e0b3515fe00cf409973ff16bad7e162f44baa4d28b3cab6fdbbef1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9bb562f78eb7c073ffa7a05cf9670ef9
SHA1 fca5856c106184d842e43c84e157fa6e6fd8fc31
SHA256 640ced9c808558619665ac80638ffd49904e1c9fd6fa5214c60f6af671f9d829
SHA512 b1146da09ba8045a49ce16886989b4d0ad1163b9bf5f3ba35ea6cd067f25f91be515a8a59b3e46a2f31423501eba86b95b8d10733cd2e95035c08864bdf8d581

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 eb76f19d514ee2cfb0f5a4a5f0ab32df
SHA1 eb1b9ce0ab6c6c77c7141fe2b8157ec78a2d9601
SHA256 314a0b36ed2ae1b0be3d73c979657ee46f4d03cbc01526bd0cb29d0bb8a0f4e4
SHA512 c83c9666ed904e49ed0c1af436f1bf7e7ffb4852e626fb33d5dbdb3bb2e41c0f434ed9aa4ecdeb52a13f450a3e7cace3717fd37c90594ee04c41240d45df6aa6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 154d29ecb946905426263e222be91d35
SHA1 6daf5e37e84f3d846826a2d120d9cbf87ee5c918
SHA256 bec5e78ed8d3d07e2c0188dc5aa1828c851d206d9f9e4cdd8af72aae99d38aa6
SHA512 68c15dec41c7ad0a64e2a4d5528c1c89ea990755471e6509477cddcc1f13db8da264efad814e3531c410d2ad00c631470f7092778bf9e1dd2c64f5fed8fdc28b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 91bd01df8e38fd8e2acbfd57d5b15bc9
SHA1 de52155c65eb6987624492128da78fdd9e519332
SHA256 3ffe9da8a23ec57a44d7db4105d7f99f641135c7ba73835c001deea185f5f5eb
SHA512 081ac5771c255ea53fc04f9730e046a1b16b5cafe357d7c3137c3d2f1a88496655dad1ae182e8e928d7785d920d8c80fe4bc333721c89ae993fcc3bac6166435

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 752d5f9f6d22cce5f9cb1edd8ef05094
SHA1 3016f3349139b5242e3367fabf3360a83f806466
SHA256 fe50f0a338c959cab1b7a8d929863186a23db0e6aeea8864b537a5df1ccf823b
SHA512 537be921bf3a138368fc0a3bf72f34c4912458dc79ee0b34202eeca8d7d3f3dec9d4e39a9fd91517bc5ec0595ec0de8379c84613d2eb9a0c454aa3b476b5e554

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 78e0ba96ab033cf8a214f78455383d05
SHA1 d6cd482768481dcb4ccdd6b2941936793108f02f
SHA256 b3fc1503a85b834013c356b105e12147112b919bfecc3fd9591662da620a8bdb
SHA512 08428ad36f97f461c51633f35bfc974f0c483f6bcfc8fd9711897b734f4f1b1a5001978b0c988d47a71a1e49bab2aefbc51c7cd658dac2b4bb4abeaf0d1ecfa7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a04843bb4afe1589119ff15f4c9f141f
SHA1 dcb66234a725b33ffd9fef4fa43a64f4af329496
SHA256 1798c7378570baaf3c69cb80d86a458c9d0d7530fdea4eb5c3290da84b386cf4
SHA512 be79c82c46294e75b41645893a9622af397fbcea2c4c6e0ce1f155f40c7b03ec4e8da03ffc1a984e7645067b1ce83306395bf8265b22bc382ddf6f234cb23b8b