Analysis Overview
SHA256
7b2f9ebd9a8ef42baa9416c52ceb1fbe1108c894d26a767e25849411ddc9ac00
Threat Level: Shows suspicious behavior
The file zirotu.png was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies registry class
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Modifies Internet Explorer settings
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-03-09 22:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-09 22:01
Reported
2025-03-09 22:03
Platform
win10v2004-20250217-en
Max time kernel
159s
Max time network
159s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133860312758166095" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\cpp_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\cpp_auto_file\shell\edit\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\cpp_auto_file\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\cpp_auto_file\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\cpp_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\.cpp\ = "cpp_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\cpp_auto_file\shell\edit | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\cpp_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\cpp_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-22591836-1183090055-1220658180-1000_Classes\.cpp | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\zirotu.png"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8e9a1cc40,0x7ff8e9a1cc4c,0x7ff8e9a1cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2460 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2612 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3148 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3684,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3696 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4672 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4524,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4816 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4968,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4940 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4936 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3688,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5060 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5172,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5176,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5096 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5192 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4532,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5312 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5248,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5376,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5372,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5336,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4572,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3356 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Malware-Collection-master.zip\Malware-Collection-master\h3wroKeylogger\h3wroKeylogger.cpp
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5772,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5848 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\AdAvenger.7z"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5816,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5808 /prefetch:8
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=45B1A74F5C76FAC5A127DE5EF20452C5 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=863604298C1B2F1378C387B903ACCE10 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=863604298C1B2F1378C387B903ACCE10 --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A449879E45350510A98115C8DB272DEC --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3C725BA911B09E336E8B3AAFBD04FCD8 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F20ACD71A845246B18FF7E62EC767F8F --mojo-platform-channel-handle=1824 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3440,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5736 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=3184,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6024,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6032 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5568,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6148 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5992,i,13018271169061604064,2702634867325013868,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6132 /prefetch:8
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Hitler Ransomware.7z"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0CE47076EF9C7FD7E46828EC47033E91 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9B5330502FFBEC26D2039EED28DAC93F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9B5330502FFBEC26D2039EED28DAC93F --renderer-client-id=2 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8DF5FAE3B23ABEAC4BD1763E39BC9486 --mojo-platform-channel-handle=1800 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F51271918FD04D6424745B0F52FAAD53 --mojo-platform-channel-handle=1704 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B05D630395B3870E16FD08709C91A21A --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | tcp |
| GB | 172.217.169.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.212.206:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.204.78:443 | play.google.com | udp |
| GB | 216.58.204.78:443 | play.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 142.250.187.193:443 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | ogs.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.180.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.204.78:443 | play.google.com | tcp |
| GB | 216.58.204.78:443 | play.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.200.14:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.179.227:443 | id.google.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.179.227:443 | id.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.200.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 216.58.212.238:443 | google.com | tcp |
| US | 8.8.8.8:53 | e2c69.gcp.gvt2.com | udp |
| CA | 34.0.38.213:443 | e2c69.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c81.gcp.gvt2.com | udp |
| US | 35.186.134.240:443 | e2c81.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| FR | 142.250.179.67:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | e2c6.gcp.gvt2.com | udp |
| IN | 34.93.91.7:443 | e2c6.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 216.239.32.3:443 | beacons2.gvt2.com | tcp |
| US | 150.171.28.10:443 | tcp | |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.68:443 | www.google.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.204.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
Files
\??\pipe\crashpad_3984_BJKKNBWWVXGIDEKK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3984_666995327\0f79f875-7bd9-4339-a1f1-80c256bec0e3.tmp
| MD5 | eae462c55eba847a1a8b58e58976b253 |
| SHA1 | 4d7c9d59d6ae64eb852bd60b48c161125c820673 |
| SHA256 | ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad |
| SHA512 | 494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir3984_666995327\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 1cc1ad5a8e7c773e807f448db1d89ccb |
| SHA1 | 4321645dd473abad6a808788a26a781a19000d63 |
| SHA256 | d5c02cc99e2cbce6c65ae9d575e35a0d61c29f078e185f97b4fb49019c299446 |
| SHA512 | bc9e5fbeaeb4a496ba46dc1f5c40dd8403ad4cebfdaaa3ba0484a9d89941a6ee03692bffe9a2cfb0cb62c520511f9b5ac88811e1d2e179578d98b85f56f16bf9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0677527e7dd7e26df2ff0c8f14b40f8b |
| SHA1 | 4ee4bfeb1ea39267f559c2eb489f102bcd0e9cd9 |
| SHA256 | 16b1db1dcd416b7bae2485270d621cd8eae549456ef4e5c9925c5b9951846223 |
| SHA512 | cc387d76c2cbbb5149de9999b3d8417eff000178c2bffb6e964927e22825f2d8c8de24abccee075fd33f3f3bf7a508d07463b95af35911194f3976ff9171419b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 570a6cadcc8c905025dfd29756be175c |
| SHA1 | f79e9fcb9f0dd3096a4c04e50d28dbdc9712a5c1 |
| SHA256 | 5d914f49581d7c761e7a4f0884e3cd78d90a39c58eee360142df656b45b30508 |
| SHA512 | 0e9b74bcb59ad194e6c2d3b93f9549c277fe6d6502e87ad381f300626eaceb8a35e3a4b500a07f4e63152988bec3e1ad34d839ed59dc8d1b0f47ff5eff6a34f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 027c8e5edbcc648099e21a3185593159 |
| SHA1 | 838ba3d8602ca5c9b15cae10399f33415a95b71f |
| SHA256 | 650fc6f9c7def1eabc59613009bf143df4b45a885f93d24cbb260eccc0bc95db |
| SHA512 | 247b1fd477c591c0329f01ce180e482e52441b1a0985e6ffe7d042246f8f85f4e3d26160f9c0aff933648f1d4f23dc62ad585ef0a0edc00974d7d75e2085d442 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 9bc2cb90c09c282b77ea603e8271917b |
| SHA1 | 01066da71cfc0915b99f6486b7f9230933b7e932 |
| SHA256 | 2dc16f3fdca4f53588714d8131d6be3513afafbd0c036e6660a1d6e3678d272f |
| SHA512 | 10728fc37562b555d03b0a38a5ef2168655cfd577babde123091ca242c50cedf03de043b53e8cb0d81fb7f1964ce1518200a4b48b402ebf7234c218e4321bf7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 586abc9bd1a36fc4efbaa0a20efa8084 |
| SHA1 | 51d789a84aa057c721158576b29f79cba099ca65 |
| SHA256 | c9f7219df6ce1a624c5cc1f5922b10ff0c5449f953182f24b3605159e973e503 |
| SHA512 | 19e0eb871ba23b4233e426d563076bd3c64c5545bb4f43b74c8651879143cf368ea70941fe30d979e9d5f26f61e4cce047d0d0edb20957b935037dfcba70af45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1d89de8f4502fbf0317ef08c4c6f8051 |
| SHA1 | 1a7261bc81b56bd2bd2be6147bfdadbc7153be5b |
| SHA256 | 474031fcf6142ff585d057def8e1ee034e96c35fb05a2c899b57160666715c0b |
| SHA512 | a54f6dd36a0afb00903d53d208ffe13276803edb2c10c75a59e80ff1965455f0410f32b6140e55fa96faaa05dfca95706296875e7a81119ab7bb64bcd5209015 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 25ae05dc17eebcd962080c683a68ae81 |
| SHA1 | 0d53d77e544a661b2830071dc8b40bf84ca18f3f |
| SHA256 | a96db893446a49883e0c2d61548d9ac359719bec4fc50daa46ad7e4ad5c56439 |
| SHA512 | decf0d9cfff506893a8bf2029d7a9f26e18425f012b3352dc2fdeef81e1f8ee145ee79f5d95a99b122b3296130e316711b3f21b34346a12f824cd89d221a69ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1aa6766c2200294d509c3687e60eef4f |
| SHA1 | 766bf64727700466bc8bdc8ca61715ebe8aa7776 |
| SHA256 | b1ab0f5310469334e65153b71f17c13e7d9d89ee09d42058220d6a5ea933287e |
| SHA512 | f94d9ed3d33ac4e6261d1fed27025998500a5eb921d507622183bba038114ca982c5038e6c73c3e7b6256488bcd6152b5d5891bee3d52faa0a8cdc2dfcb1ffb9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6ad5866015cc3f706318f46021771d0f |
| SHA1 | 75591006acbd4c25009b42e1dca118605d111439 |
| SHA256 | 06a9d494a79970ee503dd825891443c08908c244eac91025394dccd2e091353d |
| SHA512 | d638ae11676f5bac112d4ebfb4609d6fa75aebeba7a588a4627acb497b4080bf82dcd5b704d0993d20a8424b977f03480be80d297388badd702da9d572094082 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6fff542dce3bc3cb857c0c48fcfeb01b |
| SHA1 | 1152b280ed67fd60826a1fb058dac4c3a70e229a |
| SHA256 | 23902817869905a1067a0e94821eef510fd87e0d2f2c98a3dbc47042e7d624d1 |
| SHA512 | 3e4655a5c59f10544ae52c8155b6e0db6f391218386d5c1f9220a9b185b78fa9a56d833063070455713ee2fdaba76684a62627e0a42c27fc3485f799c38bd627 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac6be5fee805bf25d8a613690e69b329 |
| SHA1 | 9aa4afca6cfe53f6201feb7e2f6d8c99d0ecf2e1 |
| SHA256 | b47281f7b1b8b7c2dc6c775fd715d8b6829c64cca1101b09238d628500b3ec4b |
| SHA512 | 9162ad9cc1cc4a4c1ec406b0b78eea80a02a87182d27661b124454222f0c9920986a65951bdf1b53bc8ce79b7a622bedbae522c0eba2d8280410312c4a5d79bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 944b81ee3a10f8c1c3c33caad0b7a278 |
| SHA1 | 497d9634222a4aee20939c79d763bbcc1efb3ea9 |
| SHA256 | 2cfd8b6a3e522d52c14c64bae4be506330e8bdd7c5f1d560abc252ba82612d3e |
| SHA512 | bda8190432ef8fccf59d014b33a83acc4b3d5a18d93f51d090cbbc95713a865922d263c8aeb720168e9793259983dac0e2938c6b13a7c0aec0171ec45df746b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 2d5b452e2c8c483d5a93f7764f3c27e3 |
| SHA1 | bf8cf58de6e58871a5eaa9bab052a1750a9cef61 |
| SHA256 | 0d4caa8036947c4d1e0a21c46bf6de7913237d581c6a9e53ced77fb377de0046 |
| SHA512 | 8750a7ce771731d1870b9d569a9f3df0faa67eb707d4f64171db069198b11b3254dd2bc50db061560ace5988603102cb0d5350118cce58f8e03a8f95acc1d4aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | b53fd19b0503aac0dc4862ea79a3631e |
| SHA1 | 0be49e4562c5f2f41e02ddd60a1f0262a0292b26 |
| SHA256 | 491367e10aae3c105c4ee2fb546d22856155703985ad005a4b6c0b0d2289bd04 |
| SHA512 | b92efff8fd5ba178ac0143b61f0a42986084de783cb5e7500356f9ff1620cf9959b39fa3d111c57bb2a0a93e89cef095ac19e33303e2c1ec152517a509b3463b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6b927369343a756346349522d6a2f764 |
| SHA1 | 8bf3661a37af92e7b9b03aeac1d503d708681632 |
| SHA256 | 3f5b8592bbc155e0db06572f5a9abf22e26573aae771363ab7df3cf95e7b84d8 |
| SHA512 | 0665fb6a416aebdd59e4fb0f95a2bc579dca57f9cc331062d78c686da8e2400c68c9a27fa59f0de3332796ff2648aef642099f780eb82000e23153b840b01b5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8e4e02adbababcf1aac0919d5efafe79 |
| SHA1 | 195427d1bbecf64b3e0e271e30e78ef7277df243 |
| SHA256 | acedf4bcc3a7cb688ae11be193f9a1697304e7aa55d28d00c07a785f1c0f3097 |
| SHA512 | d486d4828151619f0071a2325890dae0b47e589768ffdb15f7a7695aced4acaeff5fc4fd5eb19b158d0e6265de605002a69611a99cb5e60c2a36dbd3ad16fb95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5563cc0477b2fbbfe643eaa2bedc6357 |
| SHA1 | 2b17fb9be3cbedc81112b38074e48775dce1b0a1 |
| SHA256 | 9bc49e5a8efc01691366a762b52f22567333a995994bed339e3f743b4efea422 |
| SHA512 | c25a9a3f082d130144e1903e9dce61d31a7a246554326ba5a036fad662428316bf293ec3696be9131f5690b060f6817353c82963350381956f0704c9399efa1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 883bf48d7146a2d87b0ad86ce33d7d10 |
| SHA1 | 3138701a17736831886bffddc82ef7015408d929 |
| SHA256 | 888b537290eadb428222e9aad5b4b1f2194eb88a6381e0a6b505a36d098da57e |
| SHA512 | 17ee91f59fdfce60e589e75a9bc7e62267dae345de33af887d9b679fb05ac94cfa69fa935ac215f58c29e781b958cafecd3086ee988f1affac127cd3fc4895dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d1744627634660ff4bdc482018e7b51b |
| SHA1 | 0b4279427ab84a7ffcbbd3f85cf9ed691ed231d2 |
| SHA256 | 131f1e932aa2b40fe6069564c99701543bc62c8b0629318371c6bede61f1ef90 |
| SHA512 | d86d14eabcbe5edd38275b5e8f9e9344f3cdc611bdca20c10f5b4ce3c82c4ace01948e28d11a34ccd0aa05d269eea79e79f54321012bb4fc9fc11f0b39a92b2c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7def49b2130cd9c1ea86fe2da3996c36 |
| SHA1 | 963bddf3fd4d6c4be92904ecdfa37bc0a9b3dcc3 |
| SHA256 | bfe7b04e734cafb6ebd00d37085c6ffa947e75c9b7aa1cf7a3476fcfa23e6efa |
| SHA512 | e6430161e5dfdcf9ee5245a97cb5b931f065ad72dbcf9db81562e35eaf120751f4735c8178b7e9e43b1ab8dfe53bda4a1961f5df4255d2b01c594843a001104c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b72c57ed25f788418f655c2a2ca23a9a |
| SHA1 | 7b135044edd6af046ecc33ebb341101f9c3df715 |
| SHA256 | c0df909a841c560f328537361adc8740235d5256d9528a444d2fc19c07050725 |
| SHA512 | 24b21e2483fc88056b71459603dfdf680ea142fd394b656caf284727f3b32f3f17b889e472524979e79d67c28d56539d59dd8799a8e10baacab84fee114b4be5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4e3fa64a63f0592cdbd1bf717bb653fa |
| SHA1 | ad119831d320a69bafe9594737f24eb050ab5195 |
| SHA256 | 5df86e6cbdc19aa692e03fac3eba1fe2c47248f250a0fbc7ab7ef20cc34f34ef |
| SHA512 | cf178b2632cbb0fc90d54b2ca763f87a29efd5210146c488f9edc305627d488959bd32f7a6c007a8587de1cbf9aa6875409c2754beff226c2539b9d3792ec627 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d
| MD5 | 58795165fd616e7533d2fee408040605 |
| SHA1 | 577e9fb5de2152fec8f871064351a45c5333f10e |
| SHA256 | e6f9e1b930326284938dc4e85d6fdb37e394f98e269405b9d0caa96b214de26e |
| SHA512 | b97d15c2c5ceee748a724f60568438edf1e9d1d3857e5ca233921ec92686295a3f48d2c908ff5572f970b7203ea386cf30c69afe9b5e2f10825879cd0d06f5f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9c5f50e2dc9d86a1b34e999bd4265197 |
| SHA1 | 50be99e3fddd6168cb12de7109aeed08cb26dd87 |
| SHA256 | 78a0a7947604d41383815a9441e3dfb0e6c4740d95ad12294157f2dad551d157 |
| SHA512 | 397662b78cc485026a13a8605a8d67d803b39b5645bc34fa40ca27fb02bbbd8a790776772efa86ca17811cd4358bd03326fbfa2d630fc7231c4b17a918674dcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 011ae5174069bbeca3d00f4fc1f0d854 |
| SHA1 | 4591e7108a8b509ee1d7fe0a0e33768aa824b397 |
| SHA256 | 2469a5cba72056281a64c02d7992cdd0c6247a44dbbc25f72f69d06d73075a30 |
| SHA512 | c8b49270c381fcdb5dd5a950174f638292cb9041cbde4b4edfa0bac4cc1bfd8c22a79d87be836e71c7df4861702e6e9b97f6ed521571620ee3af66a54dedfe1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3498d2e8417a93d4d1b2b9d598c79b90 |
| SHA1 | d61e531f5aaf0cb9a20b04de727949f8c9a0f93b |
| SHA256 | 06af354fce4ff5404eb2feb57c13dc6089fd75cade0e689bcd44f8d8e2ec6dbd |
| SHA512 | 7801032d7fa0e21ce0f7868ed25124823d9028ba7e2afb88bfc37d5c898654607f9097bb728ced73018aa7b1baba247e5b31d6daa2d7891c822178116dabfc29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a22b7c7e662174655f04651b9d75374e |
| SHA1 | 745fa340e6ebc0cee8f13f721f16b427a6049cc4 |
| SHA256 | 9301667207a57e409a35be189a1901adc572f5c2042f94c6f934d14826b6d752 |
| SHA512 | a76c6b904d0d215d2f2b9a3e3838e2ff33657c7a3bf992a5d5a6de0e39d68e7fde82006e182c82b3e6dac6175748732cf1d4a4c6264c4626dad9eb70ab988681 |
C:\Users\Admin\Downloads\AdAvenger.7z
| MD5 | e14cbe0b65036e79f88ee69a2f8048a0 |
| SHA1 | 01540cf29bb393db24410148573fa475e2897634 |
| SHA256 | e786a78f9661409445668d8171d9729b461b34c0c3e9de5f16b070f2f793ec80 |
| SHA512 | d93e9e3360986f673e701ad7d45984660115e38d777e7e18a9e29b28a4bb01278d7665b04f13ff0257300431447f7e45c7d221e57f87f57123e88309a3a81f57 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5e1f35905217e200ba5b5a4d7366fb76 |
| SHA1 | ae25e6e3bb778f9f80947e91311de7d4ce4cb6f0 |
| SHA256 | 2749a51a670922e602033c519aa0b696a139124e8065928eba3c7eca7cec713f |
| SHA512 | 295d2a2411b4e5cf5cf6686cdef21fec51dcb1e4122e1492e4bbe1a1e3cdaf27648e8236b770612f007af1a0495ef29fc2e215e8350d1d1ec9568fea763e66c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 393f2a387fa29b342dcc1d1fc09864c0 |
| SHA1 | 5a474128273efb15d5a2e9ac0f0df5a918caae43 |
| SHA256 | e2f0a91c9da2699c2c77a97081a1d49f9a3e83ecbce08c35855c89e8d907de96 |
| SHA512 | ff24a77c8ed884df197d720f63d32ecbb61385f6869f187bc6839e6712c7709ed6ecbf45ceb936486ef2c601f5fef678656db2ce4cc82a51d7bed6e3663d449b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d1c3df9a39b7688ffe7b77b03d6a7f41 |
| SHA1 | 641e32a62a452954bd3188bd85ffe0841055a436 |
| SHA256 | b70ee358473ff7dcb7473a336dceda70423fe35d4621577408a6f6b685846692 |
| SHA512 | 087f8fe20612d5126a5a6820625d8c57cd0e7deeea05e45d722be47ff4741aac4d66da458d0b0bc1d82c7e45b71a677613606c9cb949227c929c8cbfb9db475d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 91fbcfd3c3311e668371fb714afaabdb |
| SHA1 | 452e27554526bd0b239b9935e8c050f402025269 |
| SHA256 | 2dc7721efb6aef631502481d45f3fdac89679dfbd3c0ea5f747dba33a487be93 |
| SHA512 | 85dedc0dc8bd45c83e449a0d2012d3b34aab11787c01d9a38783006eea3c471b7c8f65bcd2a685d9ae3be7260250700fedc11e0971cf215f2385c6a1a9f40093 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a60f0430b7ba7531a237ee14c04b3cc3 |
| SHA1 | 2e10371f8482b927e85713c56bcbf9819954dc15 |
| SHA256 | 3fdaa17288aa422b89768c898c8d469062d4e24ff1cb2a09cf3337c90782c839 |
| SHA512 | bf371fbd48a132816c7428780bd8f51364c55fc8ceffedf28f0f4e239ea710ec0a7522905e5894f57876a6b7f419a3d2fc8c217c684a0d8ad68143e4f217f060 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b783cbb3b9b60afbcd8b8bb095bfb66c |
| SHA1 | fa2b0c8d5bd83e253143bd97afbf7a53e68d6a9d |
| SHA256 | 3bda1a6c81b3f8c01c7aa844423d45e4bf1b70a1704380b3ad9f2958b955cbfb |
| SHA512 | 2bdaf80b022c330777005d13461d111f914f699e2e243f812eab26b18571e01899ddff6c6b4f2c0fff60d2aa1dcbe03a8867c698265c0160d90b20a5c2aba688 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 64fb39429ed036c1f5e534de8a4b18af |
| SHA1 | 51e5f0a8cfe99fb292b96b065233514252e101dc |
| SHA256 | 0370321a561aba939541897e09654503aef383c3bf3ce15ab6e0c8eeeb89a688 |
| SHA512 | b93e12b9b608ea9dbd8f9ae4885f5cf80f9ba4a753e40725fcd8801d1ae3e626ee501a2e2c4fdb87ca10ce9f1a398aeacd54fadbef150bf734a3d3aa8bfd1830 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d243540dd62c8f4651347c31fc3abb55 |
| SHA1 | d1c51c976d8f405b1d8f6db3b9337e4af9565ea3 |
| SHA256 | 2a9df8a3d60aabeb54ba376f62aa47e96369244e1942a7cdcbd14a33217770b3 |
| SHA512 | 4b77481636b3c262e440c289d718b3308d08a436bdd72f6b78ad67fcc4764a0da976b1fd6f54c68a0473c5ad7508d1d684bb79075e0575630acb8daa72d64e74 |
C:\Users\Admin\Downloads\Hitler Ransomware.7z
| MD5 | 57ab6fac72212a42d48a2024e23b9070 |
| SHA1 | f03b05b999b775c84fedd1c1db2928b245d5f850 |
| SHA256 | d93c5575fb40311e66d94ec47de9f67a9740ab295a81b40cc07bd83cfd932706 |
| SHA512 | 90e48850949866341baf1a72aa37e3d7d5973ef6543e39b5cdcac7209662794220f4f65ff22ea2e1d8ed29beae3aaa8de4ea6e139a22c319232dd0ad93fa20cf |
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
| MD5 | 0ca92e00a9ce4375a3638046691b4bc9 |
| SHA1 | 5a157e36bc4f2d9e92603360272114bdc0c05a6f |
| SHA256 | d4438f7c878c75f83cb468efcf7c34f76c7db8e04a90a40314785addf2227151 |
| SHA512 | bf22570e1899f239c117a4e3bd1f46f6e656ee3615490c45157c8dfc18bc3021f6b7a75afba908c2c31850c4f5db7fb56e08059eeb36552720a7aa5d9f7c23c7 |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
| MD5 | 0903d2576c9289eac97155ec15b78bba |
| SHA1 | b926920a71ca43ebf894e030849772aa87ce88d2 |
| SHA256 | 4e9ef4f8ab3832c8344e8e786cc80fec861424289bb5f0551a613ee646e39bc1 |
| SHA512 | 5308a97aea0a5f9b2056985c38d2568463d65a5e186cb4ef082e0c2da4fd59dded140c1ec11ae79071cb77cf1d1379926c9f889db968c6a752bd2b760331c4e8 |
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store
| MD5 | 7d5eea2bc08404769727ff19916bf404 |
| SHA1 | a6a81ad9e7e4e0cb62dd4ac772873eac53725c63 |
| SHA256 | 4a28c0a1a61401b25191389ef71183512728043a2b4f6a85231527d7c6cf38e6 |
| SHA512 | 160e010fc33116c4c2911fef773ea7ab01232b2fa4357b149dd45fdc29f0bd0d4996e24241f1dd1cd8cf18bda3e3d4127c034f88b1b5175463e57d84076b1d0c |
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
| MD5 | 9fd8347cd0f29a8a1f4d3ea65a9e5c1a |
| SHA1 | 2ff1d7e2954d932098fc0dc5345f5fe58ae2cb4f |
| SHA256 | 73fbbc2be6f745b28822bc55b58bb75674a2ae66e6cca287d5567f2612492a02 |
| SHA512 | 2f0f3e4e29966466ce8be08e6f43e91ec59485e014a7d31c420c2aa29841c842bb88dc230f79928a10345227e4ebfe85f9b0f0197e49eac6492775cec1210e42 |
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1
| MD5 | 33bf4cbc6bce2a2b9e6fac98b047a519 |
| SHA1 | 0f278ffebed9f2a24c4f151785d8b3078f82c707 |
| SHA256 | 0d360f50cfd4739d96ea019114fc2714b201609680aa12d1cd5d3a022561d5aa |
| SHA512 | a0e2e02f945acd860f7df064f3c8485db9fa40e7537e9b09141b3b37f6ff79ce8b20c1318d9f2ff23ca953e9f1e5f099c92188c4469a6f5ca42a06746da2c005 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 56bfe35bc0ea825a10c245a37b302fc2 |
| SHA1 | 572a19b84423626d00292e2f19188f23451e07a9 |
| SHA256 | b11ec29c54c05dc8786438dac3a5afa16d79d2ea0c95f021b29a6136f61e3ea4 |
| SHA512 | 3fb7f97bb70388bf69616486e1f549c912e7882728493032a9f3afd7f679a6fa8e0b9b234adc30fa5e1c6ad516d9fd180b0398b0b51715b7c30cf76026277cfd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 96487e1fcc41ee20f944d299a7947ee3 |
| SHA1 | 59ac2b02be464d693e0aa28e899bf0afa0a883ee |
| SHA256 | 68b28af345d4f7f5b617c7561a1c56b3b6a632ddbe54707e6ef0edb257439d3c |
| SHA512 | 25a1bf143a6908d1fd07d5f2e959bdbba91e69ce8d4bd04106b56cdd401d029c96c08065ccaeea03060918b0a31125923dea7cfb9f6f79554571a5a0fba00545 |
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | b30d3becc8731792523d599d949e63f5 |
| SHA1 | 19350257e42d7aee17fb3bf139a9d3adb330fad4 |
| SHA256 | b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3 |
| SHA512 | 523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fc5e283c0bb41a4aabcdb6b306f13fba |
| SHA1 | 91ac4bbb99342c49c639723900ee5e5c84c571f4 |
| SHA256 | 5c6a594fd72a044832f83e03615e42ce793d6a8479bc3511d485e454d0ab2b31 |
| SHA512 | 66e9e551b92ed4b4855d03292c4415b768a85f2274c1c0d54a1668822e496d931051c4bd0021be13a03470825f431fb620977684ec5fcd174ebce769b0d561c3 |
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | 752a1f26b18748311b691c7d8fc20633 |
| SHA1 | c1f8e83eebc1cc1e9b88c773338eb09ff82ab862 |
| SHA256 | 111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131 |
| SHA512 | a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5 |
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
| MD5 | be432571b22120e9150bc7246556963b |
| SHA1 | 45acf73144fdf54ad446dda8086bcceaa8ba2625 |
| SHA256 | 12d6c5dbcf969954240dcd8902925bad5f60b1ce5bebec32922d973f8872d3a8 |
| SHA512 | c1f7759c99ecc9433d3963f28c0eb46b81d345b127e668adbcd51b6f11dea94a543ae164228084b756bacbf69fd2bade864b704ce43dc3001b8061ac117d6e20 |