Analysis Overview
Threat Level: Known bad
The file https://www.thegamesdownload.biz/pc/rise-of-the-tomb-raider-game-d/ was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Executes dropped EXE
Loads dropped DLL
Suspicious use of SetThreadContext
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-02-25 12:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-02-25 12:18
Reported
2024-02-25 12:23
Platform
win10v2004-20240221-en
Max time kernel
258s
Max time network
247s
Command Line
Signatures
Lumma Stealer
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\Setup-File.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\Setup-File.exe | N/A |
Loads dropped DLL
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1976 set thread context of 4460 | N/A | C:\Users\Admin\Desktop\New folder\Setup-File.exe | C:\Windows\SysWOW64\cmd.exe |
| PID 912 set thread context of 4696 | N/A | C:\Users\Admin\Desktop\New folder\Setup-File.exe | C:\Windows\SysWOW64\cmd.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533371430794416" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\Setup-File.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\New folder\Setup-File.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.thegamesdownload.biz/pc/rise-of-the-tomb-raider-game-d/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf3849758,0x7ffcf3849768,0x7ffcf3849778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5148 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5492 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5604 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3164 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5292 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5576 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5592 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x4ec
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1768 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_@File_2255_P@ssWord#.zip\Full_Set_Up_File\@File_2255_P@ssWord#.rar"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_@File_2255_P@ssWord# (1).zip\Full_Set_Up_File\@File_2255_P@ssWord#.rar"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5272 --field-trial-handle=1888,i,14343496128453320741,10385306135195046076,131072 /prefetch:2
C:\Users\Admin\Desktop\New folder\Setup-File.exe
"C:\Users\Admin\Desktop\New folder\Setup-File.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
C:\Users\Admin\Desktop\New folder\Setup-File.exe
"C:\Users\Admin\Desktop\New folder\Setup-File.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.thegamesdownload.biz | udp |
| US | 104.21.55.170:443 | www.thegamesdownload.biz | tcp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.55.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 104.21.55.170:443 | www.thegamesdownload.biz | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | bit.ly | udp |
| US | 8.8.8.8:53 | www.thegamesdownload.net | udp |
| US | 8.8.8.8:53 | canastagruff.com | udp |
| US | 67.199.248.11:443 | bit.ly | tcp |
| GB | 142.250.187.234:443 | ajax.googleapis.com | tcp |
| NL | 172.255.103.118:443 | canastagruff.com | tcp |
| US | 188.114.96.2:443 | www.thegamesdownload.net | tcp |
| US | 8.8.8.8:53 | happynewyear2023.online | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.248.199.67.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 172.67.131.141:443 | happynewyear2023.online | tcp |
| US | 8.8.8.8:53 | thegamesdownload.biz | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 172.67.131.141:443 | happynewyear2023.online | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 172.67.131.141:443 | happynewyear2023.online | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.103.255.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.131.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | nobitgras.click | udp |
| US | 172.67.151.176:443 | nobitgras.click | tcp |
| US | 172.67.151.176:443 | nobitgras.click | tcp |
| US | 8.8.8.8:53 | href.li | udp |
| US | 192.0.78.27:443 | href.li | tcp |
| US | 192.0.78.27:443 | href.li | tcp |
| US | 8.8.8.8:53 | quoifck.click | udp |
| US | 172.67.180.36:80 | quoifck.click | tcp |
| US | 172.67.180.36:80 | quoifck.click | tcp |
| US | 8.8.8.8:53 | 176.151.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.78.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dpaste.org | udp |
| US | 104.21.45.68:443 | dpaste.org | tcp |
| US | 104.21.45.68:443 | dpaste.org | tcp |
| US | 8.8.8.8:53 | 68.45.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | 5.144.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.127.203.66.in-addr.arpa | udp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.15:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 15.125.203.66.in-addr.arpa | udp |
| NL | 66.203.127.11:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs270n361.userstorage.mega.co.nz | udp |
| LU | 89.44.168.71:443 | gfs270n361.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.71:443 | gfs270n361.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.71:443 | gfs270n361.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.71:443 | gfs270n361.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 71.168.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| LU | 89.44.168.71:443 | gfs270n361.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.71:443 | gfs270n361.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.144.5:443 | mega.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs270n321.userstorage.mega.co.nz | udp |
| LU | 89.44.168.31:443 | gfs270n321.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.31:443 | gfs270n321.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.31:443 | gfs270n321.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.31:443 | gfs270n321.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.31:443 | gfs270n321.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.31:443 | gfs270n321.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 31.168.44.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | technologyenterdo.shop | udp |
| US | 104.21.80.118:443 | technologyenterdo.shop | tcp |
| US | 8.8.8.8:53 | lighterepisodeheighte.fun | udp |
| US | 8.8.8.8:53 | problemregardybuiwo.fun | udp |
| US | 8.8.8.8:53 | detectordiscusser.shop | udp |
| US | 104.21.60.92:443 | detectordiscusser.shop | tcp |
| US | 8.8.8.8:53 | edurestunningcrackyow.fun | udp |
| US | 8.8.8.8:53 | pooreveningfuseor.pw | udp |
| US | 8.8.8.8:53 | turkeyunlikelyofw.shop | udp |
| US | 104.21.76.253:443 | turkeyunlikelyofw.shop | tcp |
| US | 8.8.8.8:53 | 118.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | associationokeo.shop | udp |
| US | 104.21.10.242:443 | associationokeo.shop | tcp |
| US | 8.8.8.8:53 | 253.76.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.10.21.104.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2104_KNLIFBJTFBFDYFVD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a1d2a05294b517ad2d50851c5cd1efb9 |
| SHA1 | da5558b0e6991eef9551997ba0d7a3ef80805e63 |
| SHA256 | faa1ccb4f300b18c2015b1c67941e2076b5170e17b52ea9de48b97a810a710e6 |
| SHA512 | 01727caeea0e1a5953cfc5aac2da007e534b14aba56f876ff6498a1dcbd2aa363d338314178a62a34580f60827bcecc29d5e670c341fc9a14ff93868e1cfe7e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a5dd84ba7b48683ae686439a18197749 |
| SHA1 | ffb1a71c6b1febe1f458b15bdd445dbe72b09a45 |
| SHA256 | 869d46b1a3ec30d59e635d8ba2c43310da9313569f0c435736b29bd1785ad80c |
| SHA512 | 2edc9b8ecdc86d91568e85f9d970077bcc61bcaa3140681c36f5249ae3a3a5b3b20d361e53b91f2ca0745326294c5054b2d43591144630d28efdf15c6dcbfd9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dea595e7fd6c95bb23e54db918cddf67 |
| SHA1 | ca89b1812cac35d2035b2de5a246c3a52464b6fc |
| SHA256 | 91c025de685becb4e522616a049958e7e55d4d1d10b5e101e0a03d26773759df |
| SHA512 | e02d9eb3141f81b4bc181fd3a0d9894f11307719cf8e3a691f8d218441f1d227466d196909c49f34fc5534f4f9e7cb5cb70313c6525d5ad1e4b2bce8ced9e30e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 49e22ee6dc7631ba61631195ea70fa35 |
| SHA1 | b077da696629088a586779ed65bdd67319bea7d9 |
| SHA256 | d22340c7e6438862e1f74da24ab29c786c2db7cf346ff02717836c1343ccdd45 |
| SHA512 | 7fee6b4a919252f0507791261416a07c3da069b4cf96ee65c4e13d8e5c0726572f194daa772d1a9f36221caada62eed6f51667f97a0256d37ce5380cea9c245b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c7f45ea3cff98adfd4e4b6a69f5897ee |
| SHA1 | 500444382e0e80b45322dcf28863864201fc53da |
| SHA256 | 0f685f77cf3c3ad8c45755fb4759523ae7eb9a17db3682d4b1e7687fcef4b8a7 |
| SHA512 | ce7b68d81c6adef879d8e3170937759c10d6766207be732a03cdda1b56ff50225c0cd36223792ef414f9f7a770d5236f8e2c3137b51cd0301654ce472b6146ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 55fc76588e5cfe4a11855a6265ee94d7 |
| SHA1 | a85e71ed9f15bcd8c4aa3050312569559b856268 |
| SHA256 | d1be349d20f6ce7f68507c19a0186102f050ba13e4888c8ceb8eb5e4d63dc688 |
| SHA512 | 289e8cadecfd71d37be72cf9f3a45f22ee6dd8cdf8e7f136b5c11c5422d4f628e1adedde5f028c7bd8e8eba4aa22bbca5259e6c6763a5b932c35479217a2e633 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030
| MD5 | 950eca48e414acbe2c3b5d046dcb8521 |
| SHA1 | 1731f264e979f18cdf08c405c7b7d32789a6fb59 |
| SHA256 | c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2 |
| SHA512 | 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9 |
C:\Users\Admin\Downloads\@File_2255_P@ssWord#.zip
| MD5 | dcdc3dd6fb6b3dfab420c3fdf1e9c76d |
| SHA1 | 1a9b10dbe5c5719fe2c4271d13b8fc783658f24f |
| SHA256 | 3ad453f7fd898c540b6a83fe2209509ee4dcf96585381c68d41f619cf93bed00 |
| SHA512 | 5966eb937475d86340a27d2e7afd08d87ea9a86b53de227513228501fac4c6171a343c00e41bef6fa267d0af0cea4e70f60c42f491e413e8b0017f1c6bf464b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dd66fa83cff5eb31ee678f0b8a9da555 |
| SHA1 | f675f7eec7275985d306db72f2dd4fe9ef0ebb8f |
| SHA256 | daf8d174e9291dc615a49f5d8bb8a2380e662811337bed6c7ab57e2472d747ba |
| SHA512 | df3434f7481d03124b3bce11f492475c733e03e4712a186fe281bb753acd0b97f4346a63d978f328f004497aff5ed9aa70f230a6d08f4170bf3d85e3e06305fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 11ad5f4827923bf2771479d06822243c |
| SHA1 | 58aa6f5c4b529f7f965f7c9944a23cb051e874b0 |
| SHA256 | b39b2789050960be0fbb98eb30d827b6dbc9a5792404047e34d8d5f11d7183c4 |
| SHA512 | 69ba5bafe7e355ffb56d0cfd7690d7f03a1abd44e98b0ecd471703c28a9ad23c7f9e123d5bd9a57b99f4050e35e34346263342d3f63821db62522e9387fff48c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | b4f1f96c8c7ce409caaf94b7f085fe32 |
| SHA1 | 7a709d1d26235025bbde943b2c2c583d22e69a86 |
| SHA256 | 0df729be37491a9374e1d7a19ecf8aafd33485e28e7770319848e82cee98c2fa |
| SHA512 | 49f9c04a67a1b2c1274d4130ee54fdc7f4a1f14ac4e955f645836d4bf9b897ec1a1ec9e882411fa19879a32f8bbb8bd2a113ef8cc2a876c3512a0171e95c4b48 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5815f4.TMP
| MD5 | 4b994e4080dbf2b31f24de2f3ccacfc4 |
| SHA1 | 243a32426713ba00d6c72d358034fc13f578c7e0 |
| SHA256 | 2c9e1ef1b2ef43134c70e8bbe2f94cbe5892b5b3cfa8c3753ae3ffdd4aba6059 |
| SHA512 | 5d2350e4d0e81bae0e936f57e923170c81a0fd773d9baea0275af47f0539e2733d78a28342fb6ab87f1863067d3893979b757da8185e7d9d5887598c8f96b99b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 7a41f9bd1c0e3764bae68196fdd83907 |
| SHA1 | 83a8611809d0fb321a1d72f58a492d443a046d7f |
| SHA256 | 61a03abf45e34fbbbe7939875769328dae10dc2db7a330fea602982adc2d4af4 |
| SHA512 | 7d8e6194f8b33077aef2c428c13c183d66adfa98370d1242edded82d8705ebbe0b3a3426e24d31e38dc576858400d64075f479de40185fe81aea751e31d9dfca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582575.TMP
| MD5 | 06f279a60cd025bfd533cc2e42c4241c |
| SHA1 | cfe6e7af9deb19a74fe8d924f7daf56a59176d0a |
| SHA256 | 18b31a18a97457bd06d96598aea0b5d5122a21fbcad4c32be1023e61ef732032 |
| SHA512 | 4b20868b9ce29e81ac724982ac8357949b685f8884ab340c8d47a4107b71458124ba9ea40589e6ed977377a3a943005a270178f90801840a65fff4b7b7e359aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | af489e0c261437aec5707be4130d3ae8 |
| SHA1 | d0dad5de4a26e92f714ddc8b8716ce78245bfe70 |
| SHA256 | 9400266dfae9735d45a4fa2870583fc31577ec22e9ae3ef1089092e65c95ab57 |
| SHA512 | 63e6babe06cf1fa3ea76b9153b36acfb8a0accefb342ed0413ca4dccc6a3128e8a2e38448cd262197c7a247dbd2e35ddc2e19e9357c0421c879cab4e4499cef9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4460ee387f390ef8f685b7f077c24c4e |
| SHA1 | 56779d781d1ed1bb24888eb46d7b30dafa81cca3 |
| SHA256 | 58aadcc3ced098a28f629f5eb4b59673d228db27539fef42d6287ea68b92a42a |
| SHA512 | 5a6a43684a0035a73ef77b50e329f56b9156c0b328c3d87ef7369ad5de95d9bae0cd1da1c295641abf10366df8cb6fa40d8daffc9a3131d48a819c9b36fe09ce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d68225333a40e1421daa9d6a54fa2897 |
| SHA1 | eec550f00e8bb0da69346cb831e204a331652095 |
| SHA256 | ecc652d87e22f6b68a67047c1811d6a73520c6e5ef1871ae299008325caffdcd |
| SHA512 | 2fe8f44cea5a0b96cc02dc66618d8cba4add14cd0848a560a104a7620f3cda42afccaffea041419c97d241dee92714a560fbfb62cd9b428eac6d9ccb09e4ad81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ee6e421e60cea230e2270bd8d1a36207 |
| SHA1 | b7a145b78a4e67796f9c7b07e912fca5c5cb5443 |
| SHA256 | 8b723d4ea4f861aa24bf76ab6133062b8d01f7d70027d14586c8e873534dbe1e |
| SHA512 | b4c3853864b700992b4fa2f825c410ecb2b750a71c02ead530b5ae8ae5dc6590aa828b6d0e51b09e08e775c9dc297d122993b3bcc2fd19ef4e30eeba948595bf |
C:\Users\Admin\Desktop\New folder\Setup-File.exe
| MD5 | ae224c5e196ff381836c9e95deebb7d5 |
| SHA1 | 910446a2a0f4e53307b6fdeb1a3e236c929e2ef4 |
| SHA256 | bf933ccf86c55fc328e343b55dbf2e8ebd528e8a0a54f8f659cd0d4b4f261f26 |
| SHA512 | f845dbb13b04f76b6823bec48e1c47f96bcbd6d02a834c8b128ac750fe338b53f775ee2a8784e8c443d49dfcb918c5b9d59b5492a1fe18743b8ba65b7d12514c |
C:\Users\Admin\Desktop\New folder\glib-2.0.dll
| MD5 | 2c86ec2ba23eb138528d70eef98e9aaf |
| SHA1 | 246846a3fe46df492f0887a31f7d52aae4faa71a |
| SHA256 | 030983470da06708cc55fd6aca92df199a051922b580db5db55c8cb6b203b51b |
| SHA512 | 396a3883fa65d7c3a0af7d607001a6099316a85563147cb34fa9806c9a4b39cfa90c7fa9eb4456399977eb47438d10896d25ed5327ae7aa3e3ae28cd1d13701c |
C:\Users\Admin\Desktop\New folder\gobject-2.0.dll
| MD5 | 24a7a712160abc3f23f7410b18de85b8 |
| SHA1 | a01c3e116b6496c9feaa2951f6f6633bb403c3a1 |
| SHA256 | 78dd76027e10c17824978db821777fcaa58d7cd5d5eb9d80d6ee817e26b18ab8 |
| SHA512 | d1f14a7bd44e1fc9bfc61f0b751ee6e0677322807ce5621206eeef898bab6c71ef1464962b20dc50f706084e53281a0d4b6d9142c6c1170a1e0a5fe4b12171df |
C:\Users\Admin\Desktop\New folder\vmtools.dll
| MD5 | a1c7b8b893a0e413f87d7304409fdb6c |
| SHA1 | 54afef7867790fbdca361bd36150bfcb0314171e |
| SHA256 | 3de9e8dc56516b31122f36600af63bed34eaa7f330a992f44a0903c588f803c6 |
| SHA512 | 5bb97dc8a4f22113329e11112114bc06f774bb91b8a16d54d8c505deacb992222aeb763c0677b4c6781bd161b94c3ab92ec99aaea78a9f0fa83e250ce24e59bc |
C:\Users\Admin\Desktop\New folder\iconv.dll
| MD5 | 862dfc9bf209a46d6f4874614a6631cc |
| SHA1 | 43216aae64df217cba009145b6f9ad5b97fe927a |
| SHA256 | 84538f1aacebf9daad9fdb856611ab3d98a6d71c9ec79a8250eee694d2652a8b |
| SHA512 | b0611cd9ad441871cca62291913197257660390fa4ea8a26cb41dc343a8a27ae111762de40c6f50cae3e365d8891500fc6ad0571aa3cd3a77eb83d9d488d19a8 |
C:\Users\Admin\Desktop\New folder\monogyny.ppt
| MD5 | 4a516d58ebbb9d2307640bbaaae5ebcb |
| SHA1 | fad445cf0560b0568284cc8dcd66a9610c5ffa75 |
| SHA256 | 9f2ffcb4d46535acb5a64e64ebf850fa1e8c66774450a660b1e770124823e1c2 |
| SHA512 | 4bb6ec86149798e58f007bc02fd86c28060d549893d9da42bfefb7db8087ae25bdcba741f6147281146752024dd6850c412c3fbbce951e7c4a1f411eda7230fa |
memory/1976-1444-0x00000000755A0000-0x000000007571B000-memory.dmp
C:\Users\Admin\Desktop\New folder\gthread-2.0.dll
| MD5 | 78cf6611f6928a64b03a57fe218c3cd4 |
| SHA1 | c3f167e719aa944af2e80941ac629d39cec22308 |
| SHA256 | dbaad965702b89c371462e735dd925c694eda8d8557b280f7264bba992c0e698 |
| SHA512 | 5caf019a6b75ba0330b8d0b60d362201d4863c0f3d70d2a9c84b6dbea2027d09bc8a6433820f28a41d126c7aaa13dbe126b38dc5c6d14a67ddef402fed9d9b7c |
memory/1976-1445-0x0000000000A90000-0x0000000000AA1000-memory.dmp
C:\Users\Admin\Desktop\New folder\intl.dll
| MD5 | d1a21e38593fddba8e51ed6bf7acf404 |
| SHA1 | 759f16325f0920933ac977909b7fe261e0e129e6 |
| SHA256 | 6a64c9cb0904ed48ce0d5cda137fcfd6dd463d84681436ca647b195aa2038a7e |
| SHA512 | 3f4390603cd68d949eb938c1599503fb1cbb1b8250638e0985fad2f40f08d5e45ea4a8c149e44a50c6aa9077054387c48f71b53bf06b713ca1e73a3d5a6a6c2e |
C:\Users\Admin\Desktop\New folder\gmodule-2.0.dll
| MD5 | b0a421b1534f3194132ec091780472d8 |
| SHA1 | 699b1edc2cb19a48999a52a62a57ffc0f48f1a78 |
| SHA256 | 2d6bc34b38bc0abf0c5e2f40e2513b4df47af57848534e011a76d4e974ad958b |
| SHA512 | ba74654843c5b0f94dfefbed81cbee4c5f360193ef8ea92836c712fbeada39fa8179a51f0849f6c4be23add1ced08f5e25f873c4b0e7533ae647fa2b19b83f98 |
memory/1976-1446-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp
memory/1976-1455-0x00000000755A0000-0x000000007571B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cb7c8573594b8eee127e9e069ef94d54 |
| SHA1 | 86ec77b96578e18074c0bf75f53ebb28c2724d63 |
| SHA256 | 5c3290e1bcd43b23e950484698008b757f6f022343902af4ffdb70908336287d |
| SHA512 | de65fc1800523b37e410686f0e5988907a1c267f4237096a6424b59e102ebdd8b55e5ec97017f8e316958ee66f1fcf0ec5ef21d808ff0ec4d893970e4d76db9d |
memory/1976-1465-0x00000000755A0000-0x000000007571B000-memory.dmp
memory/4460-1467-0x00000000755A0000-0x000000007571B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\c0458554
| MD5 | 1360863ad01ca3090201a73204618808 |
| SHA1 | 8a8d20ef56655ea807ae40ebc39b4c06c0a42811 |
| SHA256 | d5b0c17e3a4fcfe26ab2be458ebd75bb05f7e5c40d6c8f3bf02168b6ca8280eb |
| SHA512 | 63fe9191347e135ffe27ba7c79716d1046403cd997ffd1a2299eb6b853537b6bff5604ba2f1c45cfeb48854719054cf0040514766fa404fba5eadc464be99631 |
memory/4460-1469-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp
memory/4872-1470-0x00000239521B0000-0x00000239521B1000-memory.dmp
memory/4872-1471-0x00000239521B0000-0x00000239521B1000-memory.dmp
memory/4872-1472-0x00000239521B0000-0x00000239521B1000-memory.dmp
memory/4872-1476-0x00000239521B0000-0x00000239521B1000-memory.dmp
memory/4872-1477-0x00000239521B0000-0x00000239521B1000-memory.dmp
memory/4872-1478-0x00000239521B0000-0x00000239521B1000-memory.dmp
memory/4872-1479-0x00000239521B0000-0x00000239521B1000-memory.dmp
memory/4872-1480-0x00000239521B0000-0x00000239521B1000-memory.dmp
memory/4872-1481-0x00000239521B0000-0x00000239521B1000-memory.dmp
memory/4872-1482-0x00000239521B0000-0x00000239521B1000-memory.dmp
memory/4460-1484-0x00000000755A0000-0x000000007571B000-memory.dmp
memory/4460-1486-0x00000000755A0000-0x000000007571B000-memory.dmp
memory/4460-1488-0x00000000755A0000-0x000000007571B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\win_rtm.090713-1255.exe
| MD5 | 53aad2e4026c58223f4282f18954b224 |
| SHA1 | 350ad08ce6d0f7d3e573b7254c18ba2dfbd4e2be |
| SHA256 | be0f607d5dcf558b16910646b943f0e92da29fcb1590b8e5fb69d53f899b2ca5 |
| SHA512 | e9a0ba189e9862871235f3d339adb7de77c8c3a6cc574c9e3216b07ab460529befdd543f54fbacc139d071ea9549427402104b1d37cdacec6895af89590f8338 |
memory/2688-1491-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp
memory/2688-1492-0x00000000000E0000-0x0000000000128000-memory.dmp
memory/2688-1493-0x0000000000400000-0x000000000040A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 07c60b42a25d94a7ea6c458f0d064280 |
| SHA1 | 449ab1d1ebc369b7fdaa8fd384da0e753a8ab14b |
| SHA256 | dc104e3aaf5b5ce774e7d232d47a716964654321155eecbb835a53ee7e721d9c |
| SHA512 | b87f1063562ff504a927fc414e4e7e7d5d4909b702d054d70906c933e2f279dc8bafcefb914fdc8808809760bca60e87ae981c70db29229d08291bdd7623f59e |
memory/2688-1503-0x0000000000400000-0x000000000040A000-memory.dmp
memory/2688-1504-0x00000000006C0000-0x00000000006C1000-memory.dmp
memory/2688-1505-0x00000000006C0000-0x00000000006C1000-memory.dmp
memory/2688-1506-0x00000000006C0000-0x0000000000700000-memory.dmp
memory/2688-1507-0x00000000000E0000-0x0000000000128000-memory.dmp
memory/912-1517-0x0000000000A90000-0x0000000000AA1000-memory.dmp
memory/912-1518-0x0000000075640000-0x00000000757BB000-memory.dmp
memory/912-1519-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp
memory/912-1536-0x0000000075640000-0x00000000757BB000-memory.dmp
memory/912-1537-0x0000000075640000-0x00000000757BB000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\29121630
| MD5 | 78ab5743ae6908b507579314d9b288bd |
| SHA1 | 7b6408aad20214d133fafc61b092c8167928a148 |
| SHA256 | 78844d54a0a5c04386960cd11416c20512fa7b0705c8a55a3b7a2bb697872a05 |
| SHA512 | c76805617455f2f03d740616f77f40e9c125b724e8358784f49cc69c76838e5c2f7977607c393f3b1ce342c48fe5fe37e19863e2bff626ad70aba82fe4c6da99 |
memory/4696-1539-0x0000000075640000-0x00000000757BB000-memory.dmp
memory/4696-1542-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp
memory/4696-1543-0x0000000075640000-0x00000000757BB000-memory.dmp
memory/4696-1544-0x0000000075640000-0x00000000757BB000-memory.dmp
memory/4696-1546-0x0000000075640000-0x00000000757BB000-memory.dmp
memory/1596-1548-0x00007FFD01D50000-0x00007FFD01F45000-memory.dmp