hxxps://github[.]com/Endermanch/MalwareDatabase/blob/master/trojans/YouAreAnIdiot[.]zip

Analysis

max time kernel
128s
max time network
130s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
14/04/2023, 17:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase/blob/master/trojans/YouAreAnIdiot.zip

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	YouAreAnIdiot.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	YouAreAnIdiot.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133259757927956591"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4116	chrome.exe
4116	chrome.exe
4004	chrome.exe
4004	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4116	chrome.exe
4116	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2188	YouAreAnIdiot.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4116 wrote to memory of 3508	4116	chrome.exe	66
PID 4116 wrote to memory of 3508	4116	chrome.exe	66
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 1596	4116	chrome.exe	68
PID 4116 wrote to memory of 2484	4116	chrome.exe	69
PID 4116 wrote to memory of 2484	4116	chrome.exe	69
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70
PID 4116 wrote to memory of 4408	4116	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://github.com/Endermanch/MalwareDatabase/blob/master/trojans/YouAreAnIdiot.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc448d9758,0x7ffc448d9768,0x7ffc448d9778
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1820,i,12167485574752118827,11756844180653661508,131072 /prefetch:2
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1820,i,12167485574752118827,11756844180653661508,131072 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1820,i,12167485574752118827,11756844180653661508,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1820,i,12167485574752118827,11756844180653661508,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1820,i,12167485574752118827,11756844180653661508,131072 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1820,i,12167485574752118827,11756844180653661508,131072 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1820,i,12167485574752118827,11756844180653661508,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 --field-trial-handle=1820,i,12167485574752118827,11756844180653661508,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1820,i,12167485574752118827,11756844180653661508,131072 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=164 --field-trial-handle=1820,i,12167485574752118827,11756844180653661508,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4664

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1256

C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:2188

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7e12922cf5e89a307d68a121c705d90d

SHA1
e34d291ba23fa8032a59726d46fda0216e42ee4b

SHA256
df54e1219d40756aabe4d30916a20802d6ea76965e7999017004940ad3750092

SHA512
8fdba35e06991148d6933d55ef2095f7e337510f2e5a95625284a7e84efd0dab820f58eb122923d3c8624ee5e2ac6c3c0ecc3e8f9d7a9ace1ae7e282467c03cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ddaca257c9e7c2454186b778d35e3144

SHA1
6a9c0f92bd63b7386ee8bf150fbbc51fa90b55e3

SHA256
7094919cb295a503f0658382a72e725fad27174287bbc0fe34aa7bcb534a3fb7

SHA512
ab6b35cbe29ed1c51d0f28995a238f7362411a887d5edad6a5dae24845b5168eb5c3b4ebc365a891db829f851e78b1ed8e9745c7dc5c54ed83e356035069e706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3898d2068d3d1c5cd0dc37d193edf01d

SHA1
03783a14651f8aa87a03bc035b6f7b392b4a1b96

SHA256
758ce22d425ab62cf739ac2eadc783150fa6674686ff788a075d6e99339b155d

SHA512
4e66bbb946b9e6ce6f979f473ad5e5904cc80a33d74daa60a8f4fbfb843877cde609db0266c52cecf415ca6b5a6dd4bd80b4015e66238eb4486bbc38e7d24078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
27c19e87fbd9387ae7ec5983cc9ebfdc

SHA1
3889f8b6c47f0da1a424fb8456ad5644d225791a

SHA256
e8fb2b158728f31dd994300ac470507205f131d5844e57b3c0b1cd32a69d1c42

SHA512
f4cb6cbe6ed62fe321389f6d2de72f0a335b358cc1b3337e5a6072b28317fd4330148b228ea849e4d7ea8468110c403541986a84b9508e5b5c42b8818cba7890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ec88734ee852e741353cb91b08d4097d

SHA1
dc4533613ba85e3979c678078cb6be8900431283

SHA256
130303b014e38964cd24657439a4c8f88fcdb76554bb5f9b4565827c9b5e4886

SHA512
4a0a21fb8b01b750d255c54cea9b349b44e4366983f9ea60300a1b6a0a120be7dbf3cd26d51a703135c3a837eebfafafc26b79d43069c583e6678140217402ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dbc71189c5cbc25c453e4e599715e36a

SHA1
03d5c9922291431cb1743721911a85cc2f498248

SHA256
67f1a785e734c0fefa7c4d7c36459d58073cd0e9eeb5a3ac2f3887e989057b40

SHA512
ebb557fd77994342b651939bf070f21d96d64746f1bd7bca9ddf738f216cc5c3731f27a238c991669d09090b2af5d61e7090e1b64b8910b2d9784a7c284a61ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
82bc93cf2099756277b4c7724c31325a

SHA1
e61a70fc9da173996aa0a882312198870f82dbce

SHA256
6a30214d24a1d53db541860293c1c903c016a5542ae6e178f0cde54540d550eb

SHA512
e7fe5e86cf6abd88807f4b279403b4e906e639fbe2d300b2d3f237574b2e5a4e4d7a0d4a4793eb89f556d6a073cfdb18deca39221f22a1b4d4370a119a89c5de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
b068994d6e7e17b8f56c8a8492645278

SHA1
d1f1b99d9762ed8321c2b0a5944cff8ed149c07c

SHA256
9bb873484c04db60c6888794819259745bae1b685f884b18b4bd0c2c51025182

SHA512
b399efe29f3079d4e40c34d700507b3dae93f78759911232986fc8936e5ba1a5eba57cd73f7eb19144811877fea0fb9cc9249fb528a2928fcd3c45357e5d3eab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
26706761d5811bde1a83ed726a86ef5d

SHA1
47df164a9111095bc6ce4afc500aa032b49bcb5b

SHA256
08d0498726261afa77be751a15fcff9977f4d211ffb0f8d480e41723ec0e8237

SHA512
84b88dd063c1a9a4e3190e362d1ed5b06fde73a00f34135945a43fcf33ed87fc75d5768c4a8bb4db260573a242a416a48a8b3fdce5755ddde0253f0c5750aa0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
173B

MD5
8d8e33f5f89585553109a40a90cb7fcc

SHA1
7f831f584976a593626a72f0f46985a3e61eb22e

SHA256
4428c7d57355e006ab1efcbb20db15eaa3bea740213f664f2835499285b88411

SHA512
1746792b8b9fbfa155309ae644b4de17a045e301dc7eeb9c766b2dcf212785b8ba4d6686bb90516510f06dde1a5044aeb84da2f41b9b6050ffdc0bc18c5b3687

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
492B

MD5
78ad83fc9ff75a019e36e1a983276bb0

SHA1
8755a29cde9150720688b41a1ddc7a59f0a5627b

SHA256
ec9c5f0580cfb4b84c4a2ddb56a85c8a93d5f0d6776d1221751fe4943ec9e466

SHA512
6a0dd1aa80d24d401bd858e198002f377edf56979a11f0d85e2b4793489c8e3252571cdaadac9b34dbef0b4007796e6782356b0f867bb78f31fd551ca5812bf4

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
255B

MD5
0dd3631a4df7bed11e4b389ac2e95882

SHA1
ed132266b22a36a84f6934a8f7ae7bfa78d93df6

SHA256
f06e531c2feb84b511f7feed945c13936122aa2a6dce287776f724398d27394a

SHA512
b62c1d5cc533880d95af05917da5c6156f8433c5ebe4ba0c3124e82fcdac1060f346c26d72d20f6d8808af89976c049da0bfa436281a6b7c4151c59b87f4e0d9

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
456B

MD5
bebd7191c370a96b635ff74ad0521c48

SHA1
db8eb0d6679995f32024fba1c8da01c718f3099f

SHA256
b48e6feff417b6080f59b2bb022f8c12b4116473b664414e46ee5fff57759ddc

SHA512
f0a0a5bfe4036b1325d5022f56ed67d86c1788e7b80f6aca19c91e4b3af78d01712acb39e4aff742216cebb8f573c682f598e63b307ec28999807b131f961e1b

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
225B

MD5
58ba642f0e9615cdd069d992b655a4aa

SHA1
9ba0fe048c4741de00335c945dfbe8de167ae2a8

SHA256
a39a7a588b2ffb6f0eb1a91ed173f38bd9705ded3082f85ab87b41c32c4f4fac

SHA512
17490b6a034f82468274a5355c95b04fcdd38ffb2d2fb6d4973f8f0251d68e8397756ce6155a0e69b6a5c2d288b576ac57a9a0a3fbe85ff88642f2174c96ae10

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
367B

MD5
e36d78dcde7669a34aaa2f7b40aa2d05

SHA1
5a1503afbea9b39544dc0d8d189477b658ae93c4

SHA256
4ba5c57d6c56268fe55bb002829cf16ef6d44c357bae9b8e06c6baa13ca6bb55

SHA512
ef16ec2f97c7ec0bf6607ea0e4049b7736079039673ffb867b3b8781048922b2e78802c702b9c4df8e9219022683cff419d1e7c633d6e4b3fe5028d166297bed

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
225B

MD5
b20a92e19961e4143775986377d4c930

SHA1
5e9bfcb73a8e55f42e8008d21cd08920ca6a187d

SHA256
982cc6746bacf13f548959b4f12603ddc2695c2a319b8ecf2ed8c59ebb31ba86

SHA512
dce0c77d4bfd5730ec2576554812aaabf33bc089cb64ffa12c45f152b2bb040d7613f9fa7ad0d6805d1025ede83bd9eb8845f154f69adaad32f49b8857a54f05

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
367B

MD5
dc40fc2db4fe4b76e7808520134338d5

SHA1
3558b0f31e2c544dac8186a5297e58d72c5e2fe3

SHA256
a442c5f57b48d71f0da87790f63a99eab4d5d660890688cd41ec26d6bb107117

SHA512
d17134e9e9bf835460743cc061db6315d6390ea179b9468e132121967f61aa8c10215b94da4b76566316a028ca2f88e73637acdea76b2cd49b8f2884b42f8111

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
307B

MD5
a4551028ca8013122b12d03d24f51409

SHA1
24116486801141f0ac5d5bcc5b02137dc60dd046

SHA256
e873309b84f04918908875ce4a2a276d892f9db17039e2f4e0297db4a1d64e1d

SHA512
92ab715f0a9a2433ad8fac18ec2b7742aba1c74daf377e4696bfdd2e42e1aa19fc114585cffad50a008e2e74c4d4a72f2e6c52e7cb86b7974efb99e86595ce5f

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
492B

MD5
dccdb75a2b9a5e38bd9f54c798eaf115

SHA1
bdd50410921452927b9d63768b7b221c5242bdda

SHA256
6340e90be86fb509d0b15e118571f6b73e575e3da8b952b58b682d9d6d15dd12

SHA512
d3017ef40ec40397880f76df1b0a150fa459a461454097f83c7c00e9ea1355b938c42826e580953330974b0e22c788b7ab5caa155461f4f93c8043d63f12c87c

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
133B

MD5
9edfaa23726b685a5c4ed83c46848f37

SHA1
ae2f4da4fc06c3eaf2e6f199489469ffb949b1a9

SHA256
8d35b1a74f506b7a0815d2d59609a8cd76e7437e657608bbc3a4ca4b26d4c247

SHA512
7b2f1903e5131f93dfe6cf51880b79195f8a00e8f9caa11f1f823947fb00e87e0abde70327cf16e4f4d5921346d3a2f6bdd42643023f168b57349ddcdb0fdfb9

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
173B

MD5
8d8e33f5f89585553109a40a90cb7fcc

SHA1
7f831f584976a593626a72f0f46985a3e61eb22e

SHA256
4428c7d57355e006ab1efcbb20db15eaa3bea740213f664f2835499285b88411

SHA512
1746792b8b9fbfa155309ae644b4de17a045e301dc7eeb9c766b2dcf212785b8ba4d6686bb90516510f06dde1a5044aeb84da2f41b9b6050ffdc0bc18c5b3687

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
492B

MD5
5769a9dd1aabb665052e5c93ab1beb8f

SHA1
74b85c32690fa2e37e3164da1726f04430a90dc8

SHA256
511daec7e42b272cf0735fbb23e4749c289d6066f30fba044224d96e6d4ff919

SHA512
35899477bee4681b32ddd689342e3a4227b3c10fcc9f061d63d6c042e23e9e1a098c04d230a3058ae7eace90f713e941a99a9503306fe87fd81b44d66b7e66f0

Download Submit
memory/2188-263-0x00000000032E0000-0x00000000032EA000-memory.dmp

Filesize
40KB

Download
memory/2188-261-0x00000000059C0000-0x0000000005A52000-memory.dmp

Filesize
584KB

Download
memory/2188-262-0x0000000005C20000-0x0000000005C30000-memory.dmp

Filesize
64KB

Download
memory/2188-306-0x0000000005C20000-0x0000000005C30000-memory.dmp

Filesize
64KB

Download
memory/2188-264-0x0000000005B20000-0x0000000005B76000-memory.dmp

Filesize
344KB

Download
memory/2188-265-0x0000000003320000-0x000000000332A000-memory.dmp

Filesize
40KB

Download
memory/2188-266-0x000000000A8D0000-0x000000000A8DC000-memory.dmp

Filesize
48KB

Download
memory/2188-499-0x0000000005C20000-0x0000000005C30000-memory.dmp

Filesize
64KB

Download
memory/2188-260-0x0000000005EC0000-0x00000000063BE000-memory.dmp

Filesize
5.0MB

Download
memory/2188-259-0x00000000058D0000-0x000000000596C000-memory.dmp

Filesize
624KB

Download
memory/2188-258-0x0000000000E20000-0x0000000000E92000-memory.dmp

Filesize
456KB

Download