Analysis Overview
SHA256
a6d1246d2054da7e30d2d65a8f975b64fb162a501d5967fca963272927a3b41c
Threat Level: Known bad
The file Slendytubbies 3 Multiplayer.exe was found to be: Known bad.
Malicious Activity Summary
Privateloader family
PrivateLoader
Azorult family
Azorult
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Event Triggered Execution: Image File Execution Options Injection
Checks computer location settings
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Checks BIOS information in registry
Executes dropped EXE
Identifies Wine through registry keys
Checks installed software on the system
Writes to the Master Boot Record (MBR)
Legitimate hosting services abused for malware hosting/C2
Checks system information in the registry
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in Program Files directory
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Unsigned PE
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Modifies registry class
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-03-27 15:11
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-03-27 15:11
Reported
2025-03-27 15:19
Platform
win10v2004-20250314-en
Max time kernel
501s
Max time network
511s
Command Line
Signatures
Azorult
Azorult family
PrivateLoader
Privateloader family
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe | N/A |
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0" | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\MicrosoftEdgeWebview_X64_132.0.2957.115.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Identifies Wine through registry keys
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000\Software\Wine | C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Desktop\Malware-1-master\Petya.exe | N/A |
Checks system information in the registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_hr.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_sr.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate\Offline\{C7449629-A7B2-4E62-BE59-1B7C95F3A10F}\OfflineManifest.gup | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\psuser_arm64.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_lv.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ms.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_pt-PT.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_sl.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_vi.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_quz.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_is.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_as.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File opened for modification | C:\Program Files\MsEdgeCrashpad\settings.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdate.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_lt.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_nb.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdateBroker.exe | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdateOnDemand.exe | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\NOTICE.TXT | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_es-419.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_sk.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_bn-IN.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\psmachine_arm64.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_gu.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ne.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_de.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_hu.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeComRegisterShellARM64.exe | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\psmachine_64.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\psuser.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ko.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_te.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdateSetup.exe | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_mr.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_bs.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_lo.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_tt.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_cs.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_pa.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ar.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_el.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ta.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_af.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_eu.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_mk.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\EdgeUpdate.dat | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ml.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ur.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_gl.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File opened for modification | C:\Program Files\MsEdgeCrashpad\throttle_store.dat | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_pt-BR.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ga.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_lb.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\SETUP.EX_ | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\MicrosoftEdgeWebview_X64_132.0.2957.115.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_ru.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_fi.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_id.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_it.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_zh-CN.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeUpdate\Offline\{C7449629-A7B2-4E62-BE59-1B7C95F3A10F}\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\MicrosoftEdge_X64_132.0.2957.115.exe | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| File opened for modification | C:\Program Files\msedge_installer.log | C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_gd.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\msedgeupdateres_sr-Cyrl-RS.dll | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Malware-1-master\jey.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Malware-1-master\Petya.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\wermgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\wermgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SysWOW64\wermgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\wermgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\SysWOW64\wermgr.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875618836339736" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.ProcessLauncher\CLSID\ = "{08D832B9-D2FD-481F-98CF-904D00DF63CC}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ = "IAppCommand2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine\CurVer\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41E1FADF-C62D-4DF4-A0A2-A3BEB272D8AF}\InprocHandler32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\NumMethods\ = "12" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\psmachine_64.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\NumMethods\ = "6" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\NumMethods\ = "24" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\LOCALSERVER32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ = "IPolicyStatus5" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5F6A18BB-6231-424B-8242-19E5BB94F8ED}\ProgID | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77857D02-7A25-4B67-9266-3E122A8F39E4}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachineFallback.1.0" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A0B482A5-71D4-4395-857C-1F3B57FB8809}\InProcServer32 | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ = "IJobObserver2" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{A0B482A5-71D4-4395-857C-1F3B57FB8809}" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\psmachine.dll" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A0B482A5-71D4-4395-857C-1F3B57FB8809}\InProcServer32\ThreadingModel = "Both" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods\ = "11" | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.195.43\\MicrosoftEdgeUpdateBroker.exe\"" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\ = "Microsoft Edge Update CredentialDialog" | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26} | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3920955164-3782810283-1225622749-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA} | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods | C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Malware-1-master\jey.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\Malware-1-master\Petya.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Slendytubbies 3 Multiplayer.exe
"C:\Users\Admin\AppData\Local\Temp\Slendytubbies 3 Multiplayer.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa60acdcf8,0x7ffa60acdd04,0x7ffa60acdd10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2000,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1996 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2244,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2384,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2544 /prefetch:8
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4312,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4328 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4688,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5412,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5428 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5532,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5540 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5428,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5424 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5580,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5548,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5892 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5880,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5652 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5804,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5780 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3404,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5692,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3284 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3308,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5540 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3192,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3240 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4872,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5596 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\Malware-master\" -spe -an -ai#7zMap22592:86:7zEvent1246
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3508,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5936,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5884 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5908,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3372 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3504,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3428 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5968,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6416,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6400 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5864,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6412 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6512,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6660,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6628 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5924,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4592,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4848,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6872,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6588,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7052,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6936 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7468,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7248 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7032,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7440,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7396 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7260,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7040 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6176,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7220 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7400,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7444 /prefetch:1
C:\Users\Admin\Desktop\ZoraraB.exe
"C:\Users\Admin\Desktop\ZoraraB.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe
C:\Users\Admin\Desktop\ZoraraB.exe
C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe
C:\Users\Admin\AppData\Local\Temp\WebView2Runtime.exe /silent /install
C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\Temp\EU8941.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\MicrosoftEdgeUpdateComRegisterShell64.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkFENDVBRTItNDI0Qy00NjA5LUE5OTktRTdCQjlCMTE2QUZEfSIgdXNlcmlkPSJ7QTVCODg5OTAtMjE4MC00RjZFLUEzQ0MtQzQ1MkIzNkUwNDg3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntGNTQzMUJCQi1DMEI5LTQ4NTQtQjQzNC0xRUFGNEZEMjE5MTV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iMTYiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xOTUuNDMiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjQzIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NDY1MTU2NjM3IiBpbnN0YWxsX3RpbWVfbXM9IjUxNiIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=Prefers" /installsource offline /sessionid "{2AD45AE2-424C-4609-A999-E7BB9B116AFD}" /silent /offlinedir "{C7449629-A7B2-4E62-BE59-1B7C95F3A10F}"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkFENDVBRTItNDI0Qy00NjA5LUE5OTktRTdCQjlCMTE2QUZEfSIgdXNlcmlkPSJ7QTVCODg5OTAtMjE4MC00RjZFLUEzQ0MtQzQ1MkIzNkUwNDg3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7N0FCOTNGMkUtQ0QyNy00RUUyLTkyNzctQjE2NzBGMEE4ODk5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjE2IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtFK3hiQXo2WTZzVTEyODliUzZxbDRWUkxia2pmQlVHVE1Kc2pySHI0NGlJPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMzMuMC42OTQzLjYwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzQxOTM0NTk1IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODY0MDcxNTc4MTgwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzQ3MDAxMDgyNSIvPjwvYXBwPjwvcmVxdWVzdD4
C:\Windows\SysWOW64\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "1724" "1172" "1064" "1176" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkFENDVBRTItNDI0Qy00NjA5LUE5OTktRTdCQjlCMTE2QUZEfSIgdXNlcmlkPSJ7QTVCODg5OTAtMjE4MC00RjZFLUEzQ0MtQzQ1MkIzNkUwNDg3fSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7QUJDMTIxRTYtOEMxQy00QjIyLUE2MTUtNkI4NUFBRjQ2RUE5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjE2IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIxMzMuMC4zMDY1LjY5IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTMiIGluc3RhbGxkYXRldGltZT0iMTc0MTkzMzg5MiI-PGV2ZW50IGV2ZW50dHlwZT0iMzIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjQiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0Nzg2MzUzNjEiLz48L2FwcD48L3JlcXVlc3Q-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\MicrosoftEdgeWebview_X64_132.0.2957.115.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\MicrosoftEdgeWebview_X64_132.0.2957.115.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\MicrosoftEdgeWebview_X64_132.0.2957.115.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.84 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.115 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff7104fa818,0x7ff7104fa824,0x7ff7104fa830
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6584,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6440,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6580 /prefetch:8
C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "1100" "696" "460" "692" "0" "0" "0" "0" "0" "0" "0" "0"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkFENDVBRTItNDI0Qy00NjA5LUE5OTktRTdCQjlCMTE2QUZEfSIgdXNlcmlkPSJ7QTVCODg5OTAtMjE4MC00RjZFLUEzQ0MtQzQ1MkIzNkUwNDg3fSIgaW5zdGFsbHNvdXJjZT0ib2ZmbGluZSIgcmVxdWVzdGlkPSJ7RjkyMjJFMjctRDlCQi00MDhFLThDNUItQ0I5NzNFOUU2MDk1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjE2IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzIuMC4yOTU3LjExNSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjEzIiBpbnN0YWxsZGF0ZT0iNjY0MyI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NDgwNTA3ODE3IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNzQ4MDUwNzgxNyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijc0OTA5OTMzNTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI3NTA1NzIwNTE5IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjYiIGVycm9yY29kZT0iNCIgZXh0cmFjb2RlMT0iMTA3Mzc0MTgyNCIgc3lzdGVtX3VwdGltZV90aWNrcz0iODAxMDQ2MTg1NiIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjE1IiBkb3dubG9hZGVkPSIxNzcwOTgzMzYiIHRvdGFsPSIxNzcwOTgzMzYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIxIiBpbnN0YWxsX3RpbWVfbXM9IjUwNDc0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Clean-memz.bat" "
C:\Windows\system32\cscript.exe
cscript x.js
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Clean-memz.bat" "
C:\Windows\system32\cscript.exe
cscript x.js
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=5624,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5688 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=6504,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6408,i,11248217196371797339,10630839668849890305,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4728 /prefetch:8
C:\Users\Admin\Desktop\Malware-1-master\jey.exe
"C:\Users\Admin\Desktop\Malware-1-master\jey.exe"
C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe
"C:\Users\Admin\Desktop\Malware-1-master\iimo3.exe"
C:\Users\Admin\Desktop\Malware-1-master\stak.exe
"C:\Users\Admin\Desktop\Malware-1-master\stak.exe"
C:\Users\Admin\Desktop\Malware-1-master\Petya.exe
"C:\Users\Admin\Desktop\Malware-1-master\Petya.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.169.10:443 | ogads-pa.clients6.google.com | tcp |
| GB | 216.58.212.238:443 | apis.google.com | udp |
| GB | 172.217.169.10:443 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.204.78:443 | play.google.com | udp |
| GB | 216.58.204.78:443 | play.google.com | tcp |
| GB | 216.58.204.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 172.217.16.238:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 142.250.187.193:443 | clients2.googleusercontent.com | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.169.10:443 | ogads-pa.clients6.google.com | tcp |
| GB | 172.217.169.10:443 | ogads-pa.clients6.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.204.78:443 | play.google.com | tcp |
| GB | 216.58.204.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 216.58.201.110:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.109.133:443 | camo.githubusercontent.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.179.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| GB | 142.250.178.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.178.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | e2c69.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| CA | 34.0.38.213:443 | e2c69.gcp.gvt2.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| JP | 172.217.26.227:443 | beacons.gvt2.com | tcp |
| JP | 172.217.26.227:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | tria.ge | udp |
| US | 104.18.40.144:443 | tria.ge | tcp |
| US | 104.18.40.144:443 | tria.ge | tcp |
| US | 104.18.40.144:443 | tria.ge | tcp |
| US | 104.18.40.144:443 | tria.ge | tcp |
| US | 104.18.40.144:443 | tria.ge | tcp |
| US | 104.18.40.144:443 | tria.ge | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | archive.org | udp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 207.241.224.2:443 | archive.org | tcp |
| US | 8.8.8.8:53 | athena.archive.org | udp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | tcp |
| US | 207.241.225.195:443 | athena.archive.org | tcp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | dn720003.ca.archive.org | udp |
| US | 184.105.214.247:443 | dn720003.ca.archive.org | tcp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 172.217.169.42:443 | content-autofill.googleapis.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 142.250.178.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 216.58.204.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.204.78:443 | play.google.com | udp |
| US | 8.8.8.8:53 | wearedevs.net | udp |
| US | 8.8.8.8:53 | cdn.wearedevs.net | udp |
| US | 104.26.6.147:443 | cdn.wearedevs.net | tcp |
| US | 104.26.6.147:443 | cdn.wearedevs.net | tcp |
| US | 104.26.6.147:443 | cdn.wearedevs.net | tcp |
| US | 104.26.6.147:443 | cdn.wearedevs.net | tcp |
| US | 104.26.6.147:443 | cdn.wearedevs.net | tcp |
| US | 172.67.71.2:443 | cdn.wearedevs.net | tcp |
| US | 172.67.71.2:443 | cdn.wearedevs.net | tcp |
| US | 172.67.71.2:443 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| GB | 142.250.187.238:443 | fundingchoicesmessages.google.com | udp |
| GB | 142.250.187.193:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| GB | 142.250.200.33:443 | ep2.adtrafficquality.google | tcp |
| GB | 142.250.200.33:443 | ep2.adtrafficquality.google | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 104.18.27.193:443 | dsum-sec.casalemedia.com | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| NL | 185.89.210.180:443 | ib.adnxs.com | tcp |
| GB | 142.250.200.6:443 | s0.2mdn.net | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| US | 104.18.27.193:443 | dsum-sec.casalemedia.com | tcp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | tcp |
| GB | 142.250.180.1:443 | tpc.googlesyndication.com | udp |
| US | 104.18.27.193:443 | dsum-sec.casalemedia.com | udp |
| GB | 142.250.200.34:443 | cm.g.doubleclick.net | udp |
| GB | 142.250.200.6:443 | s0.2mdn.net | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| GB | 216.58.212.194:443 | www.googletagservices.com | tcp |
| GB | 142.250.200.33:443 | ep2.adtrafficquality.google | udp |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | sync.teads.tv | udp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| GB | 23.192.21.198:443 | sync.teads.tv | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| GB | 23.192.21.198:443 | sync.teads.tv | tcp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | tr.blismedia.com | udp |
| US | 8.8.8.8:53 | d.agkn.com | udp |
| US | 8.8.8.8:53 | dsp-cookie.adfarm1.adition.com | udp |
| US | 8.8.8.8:53 | match.prod.bidr.io | udp |
| US | 8.8.8.8:53 | ag.innovid.com | udp |
| US | 8.8.8.8:53 | creativecdn.com | udp |
| US | 3.33.220.150:443 | match.adsrvr.org | tcp |
| US | 34.96.105.8:443 | tr.blismedia.com | tcp |
| IE | 52.211.32.6:443 | d.agkn.com | tcp |
| DE | 80.82.210.217:443 | dsp-cookie.adfarm1.adition.com | tcp |
| IE | 52.31.85.52:443 | match.prod.bidr.io | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| GB | 13.42.194.170:443 | ag.innovid.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | cdnwrd2.com | udp |
| US | 172.67.166.253:443 | cdnwrd2.com | tcp |
| US | 172.67.166.253:443 | cdnwrd2.com | tcp |
| US | 8.8.8.8:53 | sync.search.spotxchange.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| GB | 87.248.114.12:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | rtb-csync.smartadserver.com | udp |
| GB | 142.250.200.6:443 | s0.2mdn.net | udp |
| NL | 89.149.193.89:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | ads.travelaudience.com | udp |
| US | 8.8.8.8:53 | onetag-sys.com | udp |
| US | 34.96.105.8:443 | tr.blismedia.com | udp |
| US | 8.8.8.8:53 | dclk-match.dotomi.com | udp |
| US | 8.8.8.8:53 | gcm.ctnsnet.com | udp |
| IE | 52.31.85.52:443 | match.prod.bidr.io | tcp |
| NL | 89.149.193.89:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | dis.criteo.com | udp |
| US | 8.8.8.8:53 | video.seenthis.se | udp |
| US | 8.8.8.8:53 | t.seenthis.se | udp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| NL | 63.215.202.137:443 | dclk-match.dotomi.com | tcp |
| NL | 178.250.1.9:443 | dis.criteo.com | tcp |
| US | 35.190.0.66:443 | ads.travelaudience.com | tcp |
| US | 35.190.0.66:443 | ads.travelaudience.com | tcp |
| US | 151.101.65.91:443 | t.seenthis.se | tcp |
| US | 151.101.65.91:443 | t.seenthis.se | tcp |
| US | 151.101.193.91:443 | t.seenthis.se | tcp |
| US | 151.101.193.91:443 | t.seenthis.se | tcp |
| NL | 208.93.169.131:443 | bh.contextweb.com | tcp |
| US | 35.186.193.173:443 | gcm.ctnsnet.com | tcp |
| US | 151.101.193.91:443 | t.seenthis.se | udp |
| US | 151.101.65.91:443 | t.seenthis.se | udp |
| US | 151.101.65.91:443 | t.seenthis.se | udp |
| GB | 142.250.178.2:443 | ep1.adtrafficquality.google | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | ade.googlesyndication.com | udp |
| GB | 142.250.178.2:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.178.2:443 | ade.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ad.atdmt.com | udp |
| US | 8.8.8.8:53 | cms.quantserve.com | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | tcp |
| DE | 91.228.74.159:443 | cms.quantserve.com | tcp |
| US | 8.8.8.8:53 | dsp.360yield.com | udp |
| IE | 52.31.109.203:443 | dsp.360yield.com | tcp |
| IE | 52.31.109.203:443 | dsp.360yield.com | tcp |
| NL | 35.214.136.108:443 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | ads.creative-serving.com | udp |
| NL | 34.1.230.247:443 | ads.creative-serving.com | tcp |
| NL | 34.1.230.247:443 | ads.creative-serving.com | udp |
| US | 8.8.8.8:53 | msedge.sf.dl.delivery.mp.microsoft.com | udp |
| GB | 2.18.190.182:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| GB | 142.250.178.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.178.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.178.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.178.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons5.gvt3.com | udp |
| GB | 172.217.169.3:443 | beacons5.gvt3.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 216.239.32.3:443 | csi.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | lh5.googleusercontent.com | udp |
| GB | 142.250.187.193:443 | lh5.googleusercontent.com | tcp |
| GB | 142.250.187.193:443 | lh5.googleusercontent.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | plnkr.co | udp |
| US | 104.21.64.1:443 | plnkr.co | tcp |
| US | 104.21.64.1:443 | plnkr.co | tcp |
| US | 8.8.8.8:53 | cdn.plnkr.co | udp |
| US | 104.21.48.1:443 | cdn.plnkr.co | tcp |
| US | 104.21.48.1:443 | cdn.plnkr.co | tcp |
| US | 104.21.48.1:443 | cdn.plnkr.co | tcp |
| US | 104.21.48.1:443 | cdn.plnkr.co | tcp |
| US | 104.21.48.1:443 | cdn.plnkr.co | udp |
| US | 8.8.8.8:53 | api.plnkr.co | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 104.21.48.1:443 | api.plnkr.co | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 104.21.48.1:443 | api.plnkr.co | tcp |
| GB | 142.250.187.193:443 | lh5.googleusercontent.com | tcp |
| US | 104.21.48.1:443 | api.plnkr.co | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.187.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | server.ethicalads.io | udp |
| US | 104.26.5.62:443 | server.ethicalads.io | tcp |
| US | 8.8.8.8:53 | run.plnkr.co | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | code.angularjs.org | udp |
| US | 151.101.1.195:443 | code.angularjs.org | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | e2c59.gcp.gvt2.com | udp |
| IT | 34.154.74.59:443 | e2c59.gcp.gvt2.com | tcp |
| IT | 34.154.74.59:443 | e2c59.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| JP | 172.217.26.227:443 | beacons.gvt2.com | udp |
| JP | 172.217.26.227:443 | beacons.gvt2.com | tcp |
| JP | 172.217.26.227:443 | beacons.gvt2.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | udp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | ogads-pa.clients6.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.180.10:443 | ogads-pa.clients6.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.204.78:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| JP | 172.217.161.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| JP | 172.217.161.35:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 216.170.114.4:80 | tcp | |
| JP | 210.134.66.83:55555 | tcp | |
| US | 8.8.8.8:53 | trombleoff.com | udp |
| US | 8.8.8.8:53 | pool.monero.hashvault.pro | udp |
| US | 216.170.114.4:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cc436fead8af6883cc401b48bea016f7 |
| SHA1 | de643057f2bab85c26f0ea1e1912d0d9e0c28b0a |
| SHA256 | 8a307c3cd14cd0f23e8086f521bebff2ecf1852c247c2bd1f112f101f55005e1 |
| SHA512 | 0542fcb94b6088eb49da2e14e74050a921b28754dca29e5a9b0903e607d2fe8a561686848be28b391f737b607b67c17b4e254c212bc664b922252aef9de4bc84 |
\??\pipe\crashpad_5492_PCBCPEKFHCYMWUYH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir5492_755417324\776126f3-a359-48b3-959e-fb7a0b681f01.tmp
| MD5 | dd9bf8448d3ddcfd067967f01e8bf6d7 |
| SHA1 | d7829475b2bd6a3baa8fabfaf39af57c6439b35e |
| SHA256 | fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72 |
| SHA512 | 65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 3d883ccb4bdb4f80cc8429e741fef65a |
| SHA1 | 8a84ced085b082ef21d18a0f5c0ef7809b04ed50 |
| SHA256 | d367b2e164327549af1aceab68328d40ae5b22403ccb237a36f93aaf6890b42c |
| SHA512 | 35e5cdfe21f33067596eff54b99466b1c1282f81112ebc9f7bcc943bf6cb7a3bf7592b5092552b837e026f941a8a2e59f88fd4294b7356bc67c0038c0b5debf5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 23d673afbe0cc2b783b935fa5d848a24 |
| SHA1 | 7b3861a25df33fc3cc0237f618669597e668076b |
| SHA256 | 3773e07e2a185c0350775d514e4e07f3508df6c0433ba880ae9b44f2ca9d66af |
| SHA512 | 7c1677c36d960137c60a5733eae47c29939b70235448a21802be38b8bce0058db7011cbbf1831aea8a1c754fc9e37d72bc96bde0a42d6ed184cd29953d5daaa9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\83b50142-f3bb-4929-bc1b-bf1cd257d920.tmp
| MD5 | 9e4a9714de43ce543d5733b0393a0cef |
| SHA1 | 0777e3c77c5607d4a02e836f8934ed2ab990f953 |
| SHA256 | d1b047548f4b1bf68c4f4c622dfd8b299af5c093ade4865544a78f7ab96f982b |
| SHA512 | 35cdb9630091065ead70e97e257d23fe977ed44c4eddfe14ab50213fe58341545e50ed6acbc62c3107968876f737e480b9320c97f3cffdddff751ff4bab522a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | b6099a59df7fc332669cc85c7daab737 |
| SHA1 | 22235411d4ddbf6616b00e453a68ba6dda087627 |
| SHA256 | 01245153ad2abfd640d1e2605219f05e973e3787172fe377020a89ddbbb9c12c |
| SHA512 | f552a6ce86c074dbe1682e8218dc2dfd5d930d5415c5a2fde48fc5f56143d196d40a52af0e50f77cb349f83a37a7d643b4faa8cd19305176bc4431126862b2ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\159564b9-6d4e-4f37-bc41-c3184294b1cc.tmp
| MD5 | 2848be06c9f7c1d5acfe3c95f7aa718b |
| SHA1 | 02ba4757d3239619354a82c3a49df583a1e302b6 |
| SHA256 | 231af8191becb7d17a79db9d99b457e2fb66d76e9e37f6fb37d8d22f2eb2e66b |
| SHA512 | 436cf79ecc9a260f172a2b1f0ac5bfc36aed908d32a05c0438db6b8975debc13e3a28c7f11d180c46453b1974208df71f5958944cf3cf29fee994cb4c0e79fbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 6ae77b9124e23d32bc15ca59bcf10f5e |
| SHA1 | b04b05b0a81ca4c99c7f71082c6c6a265e530dc3 |
| SHA256 | 1510321f4c04f3503b9c8c8c6326a7231d8229d2c4f4c778297f8a5a549dd548 |
| SHA512 | 27b5ea37a6c2e12bb444f0b337e504e2ae74dab3ff06696faae754852e757fc455f7b2d912da90e9c12f430d9fe616064f257ff5f40cabcbb9188124b8bf3a18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f368.TMP
| MD5 | fcbed151841d6160cf37bde2fe3004ec |
| SHA1 | 4d038ea196f331bd3c3ac648f695115609f96a56 |
| SHA256 | 19f7c0cb58f5763af38d14c8c818ebeebf8f9dc1e357250d228ebcd3b7ccf32d |
| SHA512 | 0141c9ae0ddb7666aa6163a72e457d88cc43c55fff911ae2fc1b01e4bb091048a9a319a37a654850d55a71fe57e14c37cc1c3792dfb7d65f28d9fd5a648aefa3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 68f8a969a4169543ae4e04acf05cd2c0 |
| SHA1 | cbbd5b41f9cfd34e91a3cdc490774c929654f1d7 |
| SHA256 | d3565f3bcd12378153ce53598f04fcf01eed2eecb21e4eaf99db9fc9caa8824e |
| SHA512 | fee0cfc5c4c4fa151ea8cd70e22bcff30e354dde513651bae9b4c8c785851a0ce5161c4b0fa350693ca9ebd9847c84c05a734aba37b75e8737c788f3ba59b8c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 7407d64582b5caf4e9f48ffa61d665df |
| SHA1 | c035c0c31bcc7019128f8117021d832ced3e3eb2 |
| SHA256 | 1d4f9851343e618915723a52b6ba1bc2aad2644e3b1bb8d51cf6ee3e32d27f20 |
| SHA512 | bb9f181f4f93213e5f6bb912bc7e4d53e19b8d88a687e6140df66267b5673e4f0af8694ad077a80586ec15d003e576351ae609cc07097e9033421cc6cdc8b6ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 73d4a060da15ff49a0fe314040bbbf55 |
| SHA1 | aa09ca919770b70b78ae3bb3263b42c4d23e9dea |
| SHA256 | 8b8d0690e6d305f97e321dc827b87e12feca9c3c639b09ead67472c5f7c7da7f |
| SHA512 | ff8818303f5fca1be142abd1c2f40d9c0e8c2919841df2b4ea138cb1b4b5e4940f89fbe32be191ffdf26a63f38f2946814f84fab0cf568a8953619b9e772ee21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9066f973be234c4cc4686610b50362c7 |
| SHA1 | 11718df4c867fb604430888e1f167ab32d7e610f |
| SHA256 | 7f1343293269cd84e6304c55558bda024c2b795034c5f8e523cfb28c97e361bf |
| SHA512 | 2a637276e2ec02b2566d78ac5ec5325702845596dc41543ab10e7932f92789acaadf3584adc8da9d7046134cbd8339086eb64bc9114166ada997e9b58093f0d8 |
C:\Users\Admin\Desktop\Malware-master.zip
| MD5 | b14e2237a2be94e83a158d39b5f843f7 |
| SHA1 | 3a0b586566149334a9e84aeaf641c83200030e99 |
| SHA256 | f42c15d7457a08192bbcaf1301f96d429e5319fadd496ee4848e3913208ef4c3 |
| SHA512 | 2776fde4230de84aff67549bd75b3e5af35bd1a775b2151e6a5950c5d0f11cd3ef4ed6de9a4be27f2ee2d2cd8b44f71f8872bd4edfaf0ee172792bcefcdfd6a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | edce9ad299ce436b1d137b225740a207 |
| SHA1 | efbbd5ba34bfd8a813a053f631c832cecd48d91f |
| SHA256 | d085ada2de8f3b1048e6cca2ef33deb113612893f2a747e61a0b3b6c79eb92e8 |
| SHA512 | 1e18033dd91c0ba53e991193b3e8fe332ef766eef61c867b97c3e2a76b151748c626c7eaf8fc623d27f78596126ea49469d76667f4d1fb738ac162c8c7423692 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2755f77b8f1af439656cd6b4981840a0 |
| SHA1 | 78abd85564dcaeee2388e9839b3e21a7f72a0035 |
| SHA256 | e03ed740cbcf76a5d769b658e0bf025e9ee66014679dc447972a98b0aa3a0570 |
| SHA512 | 14d7440887a4f83d5b940b53f0b0f651bfbd979c271a716e8083c125e07d744f4a8bfd4ae112f25e046cf0dad38157e52d8165ecf0c14dda275661b0c099eb6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 54a9004264d56050910b4e1e807edca3 |
| SHA1 | 13de052dbb15eb38b0041eed6265c2273970e4d8 |
| SHA256 | fd80ffc89801a7d23751a9f031bcd470271322eccf86f296d4cf8b44e771653e |
| SHA512 | ea6536245e6b532453e62c566ef43b34268b1a3e5f50e376a30028f371dd740134a49681b8a7bc007b8814d1a85bc7774ff10c73b6237c47a450d925013918fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 46f07c039ab43c27e70bac2c74d587c4 |
| SHA1 | e62f85075c03e90158d561a0d7b559bba0a6d465 |
| SHA256 | 8def1bed9e8b4549b4d2bbd06545a29c403c9f71744f028de7d2dfb5036b9f2f |
| SHA512 | 5912833875d3d6bfb47432b8f005c7bf11342f04e4e751dd800bc2082d9f61307474f0eea9c6168f05cd9efb8f8a1f13ad3ad1fa62d9f16cefba03587f3afa55 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2e842a03ef73dd5917d32099f6f60243 |
| SHA1 | fa3ad3be4b109927f0d4cb22631570e8b50ffd9a |
| SHA256 | 719b2d4bddfae6a6685c431bb2ae6db5a6847135218b278ff53311c79806f1c9 |
| SHA512 | 20a54edc9b5907d345ffeb8e2aaa5e190c5783b46577ab7ea40456d5db780176ea23ea59c39941b8691bcf349efa3a7eac8a3787e2181acb8aa2062cb986ff2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2a17f98f01c1bc65bebe31c6d296b757 |
| SHA1 | d22e3d17b59a6ec1fb836eb857c7533a073905bd |
| SHA256 | d1e09d0c30d7f19f64cfb1108540f9495e17e492efb47d79396d9c3ebccd5548 |
| SHA512 | 8fa45897361ac6f82936e91efff564c1791af463e114da0f9cd25dd70cab71221142f815a6857d30078f422fd9b4bed7030341145b701af26720de180d4e9a51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f7e600422f199308f78425f0a01b4b16 |
| SHA1 | c22102e3cda9057005867b4abe73a30130d66d96 |
| SHA256 | 6059370ee223f19c3b4a73eb81a5ebe695c8fc8025cd62fe3b739d977079a0d9 |
| SHA512 | 4556f3f2c6a5bec3703c212de78815e6248605cc215a4a47adcc45c76aab569c114ad2178e502ea433bc84a8c0faae17dc92f733c3f2a04f89798c01a5d3c0e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2a048e82ed0c26ec1d725511894f3947 |
| SHA1 | 8d6707a6de7133b13d0113e713ec75357cab6d73 |
| SHA256 | cc6ce230449b3eb8f54a5c7fe96a5b3cd5409ca0dbe17fc2ce76a2e381b6943c |
| SHA512 | be4141d5cb9b6b90adb7e73a359b3cd203c2351579096429abe357d68cda52cf9d3731607fe8868894ece980450a76b03d4814faf7e8f91f83a8af1340487122 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac3b2125a9a610501b366704a1787a71 |
| SHA1 | d0ea804aa77621caf5dc72556de987a2c1fafc7d |
| SHA256 | 2337727dfcfb97790b580640a09fb4a6c9289262ad418635705be1918cb14184 |
| SHA512 | 96999d965d67b8cbb30a7ab540ae3ff2725b6fb23812a84563484c22a2ea9d5c1c8ddd2831afd2a9bf4191d6079414a730cf7f0d65bcd21b8030af2fee5b9dbc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e
| MD5 | 72555c2adfd253c473b83dd42144c98e |
| SHA1 | a33a792b9b56a2bdafb333683d5ec2b8ee7a6b8b |
| SHA256 | 816531ff8bfbcb60e7547e84869db6a128948f7f072befde4b9a2c13b23324c9 |
| SHA512 | 09ea73cfd0006e47de7e242ab3eb24d80d4a8c87c2c7f732ca8a846d38fe8610a9fa27f2c36b3419c8d4912a738eb03722fac457fb6f60decfb6eb3e113b2fb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 69ced8affdc046b41613c1ec4c8d574c |
| SHA1 | 44af9fb4bae48f7f629dd4127d425be82130afa2 |
| SHA256 | 1985f8406934f3a9a9ece6fb44a3342cf89d4bcbd054cfaff6b806d4c8168e07 |
| SHA512 | a280ca704c3bd0047d109fc833a2c5c94ea45544a22f792b0e4d52d99ec14949b1903e299f7aca737c45f637c3363a5d357047a0557564bf27aef610b3cd6d45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7fccfc2eaa326c4c8e74f8b4f5000269 |
| SHA1 | 9690c4b9e7fd78d844f8c7a9ac96a989c5cde514 |
| SHA256 | 48dbde09071857781921131652c7411951031c356e6f3658197989891331bd39 |
| SHA512 | 030f03ae5f7829addc04647bfcb4553b3bbc59182922591c503d1a131b2388b69a9dd4f8975f640b64492dc902e5b217a48421a12dfb736e83e937604049ec56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055
| MD5 | 8b10a8298f40b87ae236d92acdcf8708 |
| SHA1 | 7a97724c1c24a915cc5da1dd33d8157bdee39bb0 |
| SHA256 | f3d521d5805c02e3489d05fffcf2559160b37c80c9274c66a5488ce213f3fdd9 |
| SHA512 | 6ce5e72f22ae31f5b384004874af931e52d45ffcf08ce9bb6b03794ae5b700bb9bbf8663a9418f811c353254644228fb3280564022fed60a2864236a8fbff46a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052
| MD5 | 83266658f29f5cb762001d5d9f6985a7 |
| SHA1 | 9ff52157193e1e798944e6a3172d938183f5e550 |
| SHA256 | 60072b4eb6fc5f1f1214a34fcd55b3cbd1d05eddf778f85611f9b352c4c6452d |
| SHA512 | 60b2a8749bb597b71c6cb7113c4ea6c430ab90c6f6a5f78a36ab5fbd2676fbc173ade236be939e862569c786fbdc8e0aa984f1ae4263e91de2ba681cc8ce5d66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f
| MD5 | f69cefb34e81abe998b7b4c0cc0cdbf0 |
| SHA1 | b4d4d39233a096793eddabac7b913373160ea7a1 |
| SHA256 | a8787de8a8d93bb7a6d9aa55572db8d806693978d0365240507ba62905657174 |
| SHA512 | 6c8ceebb276bfe4ab080eb03bc8f497c72b7ce7fdd70d3d1689c60eb3dc091ff4af97fb21ae4dc9b6589c21638ef27c7194ee52780da6690c04baaa4c12fc4b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d31a1ebe1b6bef798480e8977dcccab1 |
| SHA1 | 8ec1140f1e4d04cd3191db2f47e4c860b806ea31 |
| SHA256 | 32f4dc51b13d735940905553b1ab6ed43ac8bfd830024a41971b714cd4cdb1d8 |
| SHA512 | 8a4c85bd1a2874beb504769842e67256e0363a0e9c8e0d15c33c674a804c32b6209552f5cbb571c0602d768d052adf142011160d8b48a59a1865059daaa7cbb4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 1a8ddf3553ef75e75926653d3b5753e6 |
| SHA1 | 470800196ddda3f99bacfb3f624b8f4e3cbc93c9 |
| SHA256 | 822d65740bd74c3f50c9d3413c7c2b4631776198a5fe37fb2849793d4d4f9243 |
| SHA512 | 5a3fa94c7d012f5df1fa10a8ae430126f6d69effb7a3bedb901369d732119744b778b47a866424ede2a855dec7c0b5059f3c5ae912c6972f3f3051b3c428ffc7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 967feab489b0520b8c3f6572cf80029a |
| SHA1 | 89e4056d68d4127dc50c197ea1b559be450f066d |
| SHA256 | f64375c81a59de6e9638fcf41147e5bee7eb1234101d4c9e6cea81b39dd4fff9 |
| SHA512 | 9574f72a133a5f56e6ff231bd7b4fa8c20edb744240ca82edac573894ee1c52064f8fb2c0ce655516ee58973f07c0a0899eb1efcfefe39a4c8f3f9a8d3e47880 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 35da20c7e2169428ea5f72f21eb4f443 |
| SHA1 | 239fef5497fb8a565aef24bf65abd654d493f4de |
| SHA256 | 1d0dcda49c508f31f192012524a1ed7aeaf08c793bce2f95706d12a5b175dc68 |
| SHA512 | 2471bdb481d94215af7b682d556c5b4468f241c17e3001f2a1064f7332a7b770ff76d0bc4112a4bb77e59befcb13f1428dda73b197adacb47393322f397c2f42 |
C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\ZoraraB.exe
| MD5 | a5dd2c9b93007d30e8f0df8e81d2d5c8 |
| SHA1 | 3910e827e31ca413b4842d7643e0cca2a973dbcb |
| SHA256 | b6c23eb719766ee1df6b2438b90751a24c105dc67fa3168f4b97c131c528b7f6 |
| SHA512 | 9f62ccb3c308f401e9d5fd4c767694a1240902d31e8bd048298133ee28bf034ed76e79b4872a109b448b201f593041afd702881e3a6d67e94ebca31360a16c0f |
C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\python39.dll
| MD5 | 11c051f93c922d6b6b4829772f27a5be |
| SHA1 | 42fbdf3403a4bc3d46d348ca37a9f835e073d440 |
| SHA256 | 0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c |
| SHA512 | 1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6 |
C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\vcruntime140.dll
| MD5 | 8697c106593e93c11adc34faa483c4a0 |
| SHA1 | cd080c51a97aa288ce6394d6c029c06ccb783790 |
| SHA256 | ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833 |
| SHA512 | 724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-1_1.dll
| MD5 | bc778f33480148efa5d62b2ec85aaa7d |
| SHA1 | b1ec87cbd8bc4398c6ebb26549961c8aab53d855 |
| SHA256 | 9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843 |
| SHA512 | 80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173 |
C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\libcrypto-1_1.dll
| MD5 | cc4cbf715966cdcad95a1e6c95592b3d |
| SHA1 | d5873fea9c084bcc753d1c93b2d0716257bea7c3 |
| SHA256 | 594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1 |
| SHA512 | 3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\zstandard\backend_c.pyd
| MD5 | 2dcee3aed139b2fe36beaac7ef702fd7 |
| SHA1 | 3900be074b35868c20b02a1a73bb3ca23bc8a993 |
| SHA256 | c14dbedc05695c70c75e98368fb01ed898131d104e1e4c006d5a57e1294177e6 |
| SHA512 | 8b8e063901a0335149e93e8af484c47be101cf1f914e5d24766243c20740d6eda6853160f5c304faab2c207652ee9627e0a9615350e02ac6b86448f5239280f9 |
C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\_hashlib.pyd
| MD5 | f377a418addeeb02f223f45f6f168fe6 |
| SHA1 | 5d8d42dec5d08111e020614600bbf45091c06c0b |
| SHA256 | 9551431425e9680660c6baf7b67a262040fd2efceb241e4c9430560c3c1fafac |
| SHA512 | 6f60bfac34ed55ff5d6ae10c6ec5511906c983e0650e5d47dac7b8a97a2e0739266cae009449cced8dff59037e2dbfc92065fbbdfde2636d13679e1629650280 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_bz2.pyd
| MD5 | 6c7565c1efffe44cb0616f5b34faa628 |
| SHA1 | 88dd24807da6b6918945201c74467ca75e155b99 |
| SHA256 | fe63361f6c439c6aa26fd795af3fd805ff5b60b3b14f9b8c60c50a8f3449060a |
| SHA512 | 822445c52bb71c884461230bb163ec5dee0ad2c46d42d01cf012447f2c158865653f86a933b52afdf583043b3bf8ba7011cc782f14197220d0325e409aa16e22 |
C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\_queue.pyd
| MD5 | 4ab2ceb88276eba7e41628387eacb41e |
| SHA1 | 58f7963ba11e1d3942414ef6dab3300a33c8a2bd |
| SHA256 | d82ab111224c54bab3eefdcfeb3ba406d74d2884518c5a2e9174e5c6101bd839 |
| SHA512 | b0d131e356ce35e603acf0168e540c89f600ba2ab2099ccf212e0b295c609702ac4a7b0a7dbc79f46eda50e7ea2cf09917832345dd8562d916d118aba2fa3888 |
C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\_ssl.pyd
| MD5 | ef4755195cc9b2ff134ea61acde20637 |
| SHA1 | d5ba42c97488da1910cf3f83a52f7971385642c2 |
| SHA256 | 8a86957b3496c8b679fcf22c287006108bfe0bb0aaffea17121c761a0744b470 |
| SHA512 | 63ad2601fb629e74cf60d980cec292b6e8349615996651b7c7f68991cdae5f89b28c11adb77720d7dbbd7700e55fdd5330a84b4a146386cf0c0418a8d61a8a71 |
C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\select.pyd
| MD5 | 7a442bbcc4b7aa02c762321f39487ba9 |
| SHA1 | 0fcb5bbdd0c3d3c5943e557cc2a5b43e20655b83 |
| SHA256 | 1dd7bba480e65802657c31e6d20b1346d11bca2192575b45eb9760a4feb468ad |
| SHA512 | 3433c46c7603ae0a73aa9a863b2aecd810f8c0cc6c2cd96c71ef6bde64c275e0fceb4ea138e46a5c9bf72f66dcdea3e9551cf2103188a1e98a92d8140879b34c |
C:\Users\Admin\AppData\Local\Temp\onefile_968_133875621191994413\_socket.pyd
| MD5 | f5dd9c5922a362321978c197d3713046 |
| SHA1 | 4fbc2d3e15f8bb21ecc1bf492f451475204426cd |
| SHA256 | 4494992665305fc9401ed327398ee40064fe26342fe44df11d89d2ac1cc6f626 |
| SHA512 | ce818113bb87c6e38fa85156548c6f207aaab01db311a6d8c63c6d900d607d7beff73e64d717f08388ece4b88bf8b95b71911109082cf4b0c0a9b0663b9a8e99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8eda3a8ffd58a125ad82a93809d5f553 |
| SHA1 | 1c99d8c375af35d45ff15ee2078a31e5744b775b |
| SHA256 | 8dd4e1b54064f9c7965c1add659ec73d1d906008968bdc6d32462d797f4a0433 |
| SHA512 | dd29baf9e15a781756d5d4d10bc767c4dbd1f3d1ffc7d9baf995a3410f6daa8b6a9e2ae9253454f3b5341633abeea28c7b96dc13d7749444b01859ad9429917e |
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
| MD5 | 70cc35c7fb88d650902e7a5611219931 |
| SHA1 | 85a28c8f49e36583a2fa9969e616ec85da1345b8 |
| SHA256 | 7eca199201273f0bcff1e26778cb535e69c74a69064e7759ff8dad86954d42b1 |
| SHA512 | 3906ddb96b4b1b68b8c2acc940a62c856e8c3415a1b459f17cf2afc09e05751e0086f8e4e5e0ddd8e45cfb61f811bbe4dd96198db68072b45b6379c88d9ea055 |
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log
| MD5 | f5eadf17eb4eccf51085e6a5c645d619 |
| SHA1 | 750f69ce8f62ac6b152610be6fd1046f5659762f |
| SHA256 | 107adb96165d303358bb1e3a8b346f5d38bfd8ad7bd67e2aea3b0500947fed93 |
| SHA512 | 8c7b49e62449c932b38c1d29da98c8029bdcea0ede21a72b9f7ee5332dbf99ac23f68c52303531812842023a5de425db05cf903311376d54707c6421c7b54b30 |
memory/5408-1772-0x0000000000AD0000-0x0000000000B05000-memory.dmp
memory/5408-1773-0x00000000747E0000-0x0000000074A06000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 97b9bc9eb83d15e587dbcea8a6249af8 |
| SHA1 | 931bfc75ecd682b22f356577bdb2c0c312dfe03e |
| SHA256 | a4da45739d1fa1ba93cfae888a992816f3a64f8319ab02b11e03852b9fec94c7 |
| SHA512 | 5f8707ce54094e3054faaf2f38f2a57cc14aa32d317bb88e38defd54aa5992d5bbcc5afecc712932a0cbf6c1452e78dd12f4748fd1ef7f1914b4ec4de4a6b4ba |
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{B05C6171-99F9-4C98-B747-33C8F4241988}\EDGEMITMP_85F00.tmp\setup.exe
| MD5 | c2f035293e07aaa688bc9457e695f0f9 |
| SHA1 | c5531aa40349601a23b01f8f24f4162958b7ab72 |
| SHA256 | 704df2272e51fce395c576e4090270e0db7c7562f5b59779d36ca0563505cc91 |
| SHA512 | 70228567ef097bee2b3e04a5300437adb3615d4217d3a2d08fbef364afbb54e43ffb5dd0e5f3931737d648f56f912ebe35121cc8421354d8c2292fe48f5efc51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_plnkr.co_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2a53925c0c103242c613c9603b1689b6 |
| SHA1 | f62bd33942cda02307b843af3eebc7c78878c80d |
| SHA256 | a01f2c9d8fef982bd25c2e434183692d5f79732544bd5212c0278db804059357 |
| SHA512 | 6a117d6b5dd40ec8d13c2a932e17ca78f7f69ab399d89a0649e80ddb65c5fb7b1ccedf1f89b193ee0373f4eb06923ac1a26eadc3872551b893cfee40ccb1a656 |
memory/5408-2248-0x00000000747E0000-0x0000000074A06000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cb13bc1e82e0ba8508b820344038def0 |
| SHA1 | 13f8a86307e82fa6e8fec82e4afbbd2ed646e515 |
| SHA256 | 454e9aca927b70289df5a5b9118daaab167610f68f7a732edf3eb62090443039 |
| SHA512 | 2c8f245260d58d7e87be223fe04ff285f4d26910efb080f585e53606dd753febc06a24feece6c118c4dee7663d3294c1caf60c60246a916282bb106499c13638 |
memory/5408-2285-0x0000000000AD0000-0x0000000000B05000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 50e18b3391872171bfa8ea586c3edba9 |
| SHA1 | 843eccaf4bfacb1d01ec78cec0ac7f8c20cf5e75 |
| SHA256 | e6e43d0efc5e6bf140bbc567768d40d6ba4810cd6bb35426414e6977b723c3dc |
| SHA512 | bbdaeecf14c2bb96c6757107e510393086b2ac9e9f108bc7bcd4068c8cc521dd7e523f68f4a4334e1d9d1d54e75324496901995e31a50d7ee0a23f5e22ad6d13 |
C:\Users\Admin\Downloads\x
| MD5 | 20e335859ff991575cf1ddf538e5817c |
| SHA1 | 1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee |
| SHA256 | 88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf |
| SHA512 | 012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d |
C:\Users\Admin\Downloads\z.zip
| MD5 | d2ea024b943caa1361833885b832d20b |
| SHA1 | 1e17c27a3260862645bdaff5cf82c44172d4df9a |
| SHA256 | 39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76 |
| SHA512 | 7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017
| MD5 | db2656b672846f689c00438d029d58b6 |
| SHA1 | 43b8d5085f31085a3a1e0c9d703861831dd507ce |
| SHA256 | aa3f28db9caadce78e49e2aeb52fda016b254ed89b924cdb2d87c6d86c1be763 |
| SHA512 | 4c57c347b10ea6b2ca1beb908afc122f304e50bd44a404f13c3082ba855796baef1a5eb69276d8744c1728578fa8b651815d7981fcec14a3c41c3ca58d2b24ab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
| MD5 | 5569de99ab1fabb4a341f6491b8ae9cf |
| SHA1 | 01bd34e042fe11149a50d8a5772c7f55bb20d59c |
| SHA256 | cdfa951fea7ca30043fb919904f7ba8af0757d017b03ae48ccddae4d1d9e6417 |
| SHA512 | d16c027aee5e5e0a2009c8e1227bf2a708083217e575cb5ad9b53bb3e1414d95f6ee266294d6bce9ff7b97b84469bfc9b10d7309399fe17d74d56094045efc21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d
| MD5 | df4ef1fa06bc34706b3b8245d4831d54 |
| SHA1 | ba8f9d4b813ee160a56e162c36d29c1bc2a3bef1 |
| SHA256 | 4a34fd6dd56215d4c81be8f211ba69410018d336605334cb190886e4b6adebcc |
| SHA512 | b6b436366a3305228cd3ef912731ee4a6481db7cd43595f5217c2ab91b1a7c19168bf45e8ce8f4943ab3b393240b9c507073d4b7492016689ef0c1735700ea9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f
| MD5 | 2dfda5e914fd68531522fb7f4a9332a6 |
| SHA1 | 48a850d0e9a3822a980155595e5aa548246d0776 |
| SHA256 | 6abad504ab74e0a9a7a6f5b17cadc7dea2188570466793833310807fd052b09c |
| SHA512 | d41b94218215cec61120cc474d3bc99f9473ab716aadf9cdcbcabf16e742a3e2683dc64023ba4fd8d0ff06a221147b6014f35e0be421231dffb1cc64ac1755e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
| MD5 | 7969b7f69e3cac8ce60468ea1b75595f |
| SHA1 | f1126bba2a7a8a591e9a2e44e39c3b2854765127 |
| SHA256 | d3cb0f15531ad90c7c02cf445cd1c6678cf90d917078bd2c183c557869fc7a0f |
| SHA512 | 9fc69243ef4074bc00453b4448ad39c960cbc964ec43924d767c48abb558c1033aa75e770f07e470e550d7cf1d694d60d3b10c7d197e763eb6a3d404ae62fd41 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | b8103746b4757c6332fe545f11de8f70 |
| SHA1 | 588965d6333eb015af39c7f44ce71dfac67fb0f7 |
| SHA256 | 4177d563a186175d3a67091c399db6c57fc271e202406e244d4bc8ad95b1aebd |
| SHA512 | c83bd52d674d90752dfffeb76971a4f9684054d6f02cfdbe8f336758ac46d8b430f306cc64be00112b8c38d191afd1b8395d58600b12cefcb6a052ab70214ebf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | bfda78672fa2098a6c4266a33e799f69 |
| SHA1 | 7a51f4a9980e6f9d5a484d12fa3e35baddc753e9 |
| SHA256 | bdfc29cd8b54192ada7194936da17428629bb5925e31a2846682571bebe402b6 |
| SHA512 | 7d01483a7da3941afcd7b1566c868018ac80927209269e98a6dab0078c1a14c0a380402efdd5b257e0a37ca6b45f68817dc774cbb32b5e7ba5f3cdefc2bc72d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
| MD5 | 92e42e747b8ca4fc0482f2d337598e72 |
| SHA1 | 671d883f0ea3ead2f8951dc915dacea6ec7b7feb |
| SHA256 | 18f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733 |
| SHA512 | d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | 057d50611dc6da29ea09acf98b39fd50 |
| SHA1 | 8a4e4078a370de6863dd5d306bee57b3991987d6 |
| SHA256 | 67ccab355ce3aa4cbd201df34c15356b4d8f003b60d1f5fec6562dcb61da5c4d |
| SHA512 | a2c9b21122040d7de0bd2716f739faf24f81214bbb5bd01a1a2bc150039936d1193382cef256176f62eb9345b61df712491d75b1fd01f4c54ad60b1f39f645f5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | ec0963f084571ccba8609e51d71bf6ec |
| SHA1 | b4a93e1b2e235488747b17c212ae14e5551c2db9 |
| SHA256 | 39041d7cca3821b6b33037d88740780d6c1b380cf4973f7a869b101d35b015c3 |
| SHA512 | 88689aab98763297eb045308d3a1c415bcb0dcb58dc5d3f4338e5c92018666a0b0c5bc2cc444ffe333c4b6ea54f0286a4c6310a9e18d418fba83ff2698be5525 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014
| MD5 | 83bb1750070e745b75b98fc47e4ef2aa |
| SHA1 | 82b8842f5ec513da92868cd4c83350a9be084760 |
| SHA256 | 56e6bbebad2d669437b7c2e18009ef193adfe7d83f33253ac91abebb37efa6a5 |
| SHA512 | add8d6f985038245f513e938a381a399a8a67b30cbf7e24042a0be5d99d47fcd7454daa476a549fee0df048c0d738ca70768f65539bb2381d4608724b34ef866 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | 89ee4d8818e8a732f16be7086b4bf894 |
| SHA1 | 2cc00669ddc0f4e33c95a926089cea5c1f7b9371 |
| SHA256 | f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82 |
| SHA512 | 89cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | fa2d7364a6cdbe8144bfc6add239bfe7 |
| SHA1 | 2b37b884e7235429a2b4d675cf1d4975f9081d4c |
| SHA256 | 3624f864be1b01a4fbcaa4623e5408ae4adf66702cf2339ebf5eb5b4cf993ac5 |
| SHA512 | 5a30f88a98af6ab94a0847989d9bb98d7e459232ec7a0ebfd0aa7f4405d0394fdbc439f33fbe2f72319f7cd8789e80443a122fde0b4f743833ebdc28bda37f92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e
| MD5 | b65b06c397db836876d34dcdfcf40f28 |
| SHA1 | 9bbfb4938e4ec5006dad600a02870dc1863b842f |
| SHA256 | 9ff83aacf31b10f685dc666cc48a92e1772db19542d1b570e760fcc18d492896 |
| SHA512 | 5ac1cafeb60a6eb07734266a31492e890b6fb9a2d789d87e8dc48f8004ce8b334ed1e5da0763891fa338d80c114bebf7a00c952541e33cd9965b189d1a067936 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | dde035d148d344c412bd7ba8016cf9c6 |
| SHA1 | fb923138d1cde1f7876d03ca9d30d1accbcf6f34 |
| SHA256 | bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9 |
| SHA512 | 87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
| MD5 | dc491f2e34e1eb5974c0781d49b8cbaf |
| SHA1 | b73ca9b5f9c627d49da4ecbc3455192e4b305a3f |
| SHA256 | f956049f0d96d455a71003eba400cb94f7067bc52620cd05b81006ecfdd438d8 |
| SHA512 | 5c9bd0d5c93a05ca76eb727328a0fde40f2be7fe53b6b6c9eb260e8f20f92cfc831fd4b46f954d85baf151ae8aba1cdd6f76b0faf96217922cad844c905f3645 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
| MD5 | 21ace0d31858ac97b17b2e0959f3d7a3 |
| SHA1 | 87702e17160c0fc6221e117e6e46a43acb254efc |
| SHA256 | c294235f4ac229e5bcbdfe700726499131bbaf8d41a54290e9c49ecb5700c018 |
| SHA512 | e8374e9a80448653acfec041deb4b0102703afee22b811d7e111f3ba931701132fbdc5e36e3de4348be4f27600f9ee8bdab183d95b5279ce55f5392cc57f678c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 858b5e31c540cde89b437f44523280a5 |
| SHA1 | 85793237f53aee30933ca8cf19e54e0685bdf1b3 |
| SHA256 | 3365104b4e43acb45844de752fec8ee5a37b3b06ca6791db2ec6a48f76dd2768 |
| SHA512 | d7d9c2bbb01b661b24015076275788b68e45dafe97cbcd3dbe9056167ab10bdf3d3aa86a31b360cc26234324e7d2fa3f3708b98e771b395418c31e42825fb7d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 72d7860ca927561121f78b69a4f759d0 |
| SHA1 | 219383f40305d27d7ae2bd669cc2d0c95ba8b7c0 |
| SHA256 | 40c7fad6dff0c54d5e45e46110cd451030bae958f4ce7b00e931696dcc2a4fc7 |
| SHA512 | 87a1f30e6afdf7aaad07ca15bec5ec8f45f5a8f44a743decf7530c3bdb7466ea7d2539db066452d77d8272ce5f31aea4d14484bdd3a7725bdabd3379fd8c3500 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000087
| MD5 | 3999309f711dae63b304b5410dbd1cd8 |
| SHA1 | 6b466f8c4c149bbf6c46e8d56ab755ece4881811 |
| SHA256 | 6cf3e8c8f3f65995bd939541a3ee03d19ce304124d258ec06fb11286d341b4b6 |
| SHA512 | 85e653c6ec0debcda59a7ee358d7e4b617b5ec1e5a8f2d7d652e13111f6b85d0d5c402dbe311e95025afff1e5a0dbc076abdcff5e48fd7cc223c30beaec8d186 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cee0ecc22a1bd9276165a087b993f862 |
| SHA1 | 27a1e2f353deb3d3e9cadc235f6b53e96be13728 |
| SHA256 | 2a150f32b1ac502106a140b26641c58be6750e5195db86f06bdc6fec515d0876 |
| SHA512 | 979e8e9309fe6a75da9f8e8ab4c9d931a0481fcf0c7fe0828a57b082f1e5d05989b923302fab802a1258bfdb9509472b376245ecb7472248ab029328657649b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a07bf6e143328b39_0
| MD5 | d240990a3d7720f79f8ca1d124f4fd6d |
| SHA1 | 6afeb327a3f5ada8970a024dd011865f686b843c |
| SHA256 | 1c1d68e63a93f8a8bcde5966c9ba2bd3fb75cbf4388ea9fceaa7bae7e47e86df |
| SHA512 | 2b9f607bed0f74b3e675731f65ac9cad4ed5ff41a88ea93f1b82071b830243a68adda2de6dd8419122d0e1f6a5eeefd98a4ec84e776875be428827f722ec5d8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d68d595963143fb7_0
| MD5 | 387dcf384890addbd6dcf77bf1dfe11f |
| SHA1 | c695bb3793fe39ebacc3cf7bb8021dbd290b0c99 |
| SHA256 | 44444d32e1235a57430bd33ab6623eba9e349e9bf3cfd5c619943c9126761322 |
| SHA512 | 7f967b3df61f4801b2bfe2fa3bdc7339721b46eb76cf29b18a2bffcf27804cffa402f194dc9bb8a9e62d9b429c4bc9dc44c0e5fb3824a3acbfbdcdd9ef48991c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e959e4c29b5d027823f657f4a7b562d2 |
| SHA1 | d928192b046a1274fcb8ad62bc70bcdfb995010a |
| SHA256 | 8174d6f1e313f2f9bf5771f1d4a7911463016170b0267c95bb669672ae9d163d |
| SHA512 | 654fcae7c271491ade3919cec6b46ef6e905ffb21502dabc0e2aca121e61b67d2e12924dcdc7a59e113c11ecdcc265f0e15d2b9dba98157dc8e4f6508689de74 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b6c1c0240dedf8dbfbe42ddc9adf7dbb |
| SHA1 | 67e09b338e1cd3d87cf500fff0cd358437e6053b |
| SHA256 | 9d990a7f913690cc9387ca304bc19e18cc2937c21c7c59e0de0933d847c83ebf |
| SHA512 | 397e957b133c4086ddcf2fe98b079e964cd46bc569c35ef7e81b841fd326a5d019b4ffa6fe854a7eb41f71668fb59e0e42336e4888c99a017fbdd516e8d17cac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7e6ce5fa17c59696351ad89432773ace |
| SHA1 | 19fbfe5ede56c88fe36601451f70559813f19e88 |
| SHA256 | cb9720560e2c4c996b4838ac34f1cb3abf22486342125c6ee7d2fc50247475cf |
| SHA512 | 014161d4f560b895320cd9da1f965b49d99f67a5355d1d728419e3e24065433d8c074dbc3dac4f78dd1d8f0153f4cabf020390465677781162780bf3dc2da5c6 |
C:\Users\Admin\Downloads\Malware-1-master.zip
| MD5 | ef37386fefe6fbbf646805a591add083 |
| SHA1 | 1abfc73d9a379c796036de72e5f7961b4295bf5e |
| SHA256 | 2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c |
| SHA512 | 112cccdada7554db108f3fd469e72fc0568aadbcad33b75a2046018827c5542d5fdcb6b454eb7bb0f58a6ea00e65bcd503a807222e1f21cc9a0f087c89453d3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d17571ab4c3c58a1d9085cdda6f48726 |
| SHA1 | 9e9d722625f5ce205a2910378254ea79ec9a34c2 |
| SHA256 | 5dc42f986b3fdf4b4a0f656b771037309160a81a73c343654447535020e402f9 |
| SHA512 | 58ddfb230f6aa22fcb780c08682675e196156b7dd1a6909de719e82bb246f63ebbfdfe7a771b009e38818490472286fd3a5551bb998b08e30fb7c4e3a8442212 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 96eeb3f14075eac65c4b7351bab15758 |
| SHA1 | 3f1b83f97eba00c2e193d2ab27277190f891a809 |
| SHA256 | 0032204ae1fbe29377be7701ff5a8a300de64ba3ab65b75593f79676ab0603b1 |
| SHA512 | 096a78882c08b70c015ca651beb3f12a0b6c62618553798af06b9c8a0556aa9171bcc9ac5fb0681281a77b971a11408d68477d837c411dd5f3cbb1c9e1e7c9f9 |
memory/5564-3017-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5320-3018-0x0000000000340000-0x00000000007CA000-memory.dmp
C:\Users\Admin\Desktop\Malware-1-master\Config.ini
| MD5 | 2db7a58f4892054c7077dab88fd68b86 |
| SHA1 | acf198a9160a872bc8633fc9185ad317e69bf2a4 |
| SHA256 | 01701b302ab45f11729fac64ba33cd7b53abbc94963578d9813a1f5848e75618 |
| SHA512 | 01926e211445f72f6637f7be04af33339f4acd78b3d2e8f4b6b4e0c28ea6c2662ea0aec976cc8a4f875ab1d12ca20eec7ebf59fe3704f76dc4adac3a0766511c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fbaa9b8408b468b6e6da067a5646d49f |
| SHA1 | d4ce685834ca17336e7188c2a19dff26d9518fd0 |
| SHA256 | c6be954fb9499ee22818144dcf1d0ea4f10ba05695cc7f56301a01a299bc99f4 |
| SHA512 | d1c1a7c7038c7241438c77eb83d15cc322c636ca7f7b60d342525bf3dc74c3ebbeb6f9325ba01150c2671b3e018743eff037fdf50b98a46b9443977a60b3aa36 |
memory/1612-3040-0x00007FFA7F4B0000-0x00007FFA7F4B2000-memory.dmp
memory/1612-3041-0x00007FF6E90A0000-0x00007FF6E9718000-memory.dmp
memory/5320-3054-0x0000000000340000-0x00000000007CA000-memory.dmp
memory/5320-3055-0x0000000000340000-0x00000000007CA000-memory.dmp