Malware Analysis Report

2024-09-11 08:55

Sample ID 240414-3jzwhsgg27
Target https://gofile.io/d/D1GC4n
Tags
redline sectoprat cheat discovery infostealer rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://gofile.io/d/D1GC4n was found to be: Known bad.

Malicious Activity Summary

redline sectoprat cheat discovery infostealer rat spyware stealer trojan

RedLine

RedLine payload

SectopRAT

SectopRAT payload

Downloads MZ/PE file

Reads user/profile data of web browsers

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-04-14 23:33

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-14 23:33

Reported

2024-04-14 23:36

Platform

win11-20240412-en

Max time kernel

94s

Max time network

96s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/D1GC4n

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2464 set thread context of 4240 N/A C:\Users\Admin\Downloads\MSBuild.exe C:\Users\Admin\Downloads\MSBuild.exe
PID 3276 set thread context of 4496 N/A C:\Users\Admin\Downloads\MSBuild.exe C:\Users\Admin\Downloads\MSBuild.exe
PID 416 set thread context of 2820 N/A C:\Users\Admin\Downloads\MSBuild.exe C:\Users\Admin\Downloads\MSBuild.exe

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133576112531572039" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\MSBuild.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
N/A N/A C:\Users\Admin\Downloads\MSBuild.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\MSBuild.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2896 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 2888 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4960 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4744 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2896 wrote to memory of 4688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/D1GC4n

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc0c9ab58,0x7ffdc0c9ab68,0x7ffdc0c9ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2992 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3656 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3208 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4528 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4884 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4924 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4516 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5100 --field-trial-handle=1812,i,6536980954691800690,17664476084092138081,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\MSBuild.exe

"C:\Users\Admin\Downloads\MSBuild.exe"

C:\Users\Admin\Downloads\MSBuild.exe

"C:\Users\Admin\Downloads\MSBuild.exe"

C:\Users\Admin\Downloads\MSBuild.exe

"C:\Users\Admin\Downloads\MSBuild.exe"

C:\Users\Admin\Downloads\MSBuild.exe

"C:\Users\Admin\Downloads\MSBuild.exe"

C:\Users\Admin\Downloads\MSBuild.exe

"C:\Users\Admin\Downloads\MSBuild.exe"

C:\Users\Admin\Downloads\MSBuild.exe

"C:\Users\Admin\Downloads\MSBuild.exe"

C:\Users\Admin\Downloads\MSBuild.exe

"C:\Users\Admin\Downloads\MSBuild.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 gofile.io udp
FR 51.38.43.18:443 api.gofile.io tcp
US 8.8.8.8:53 18.43.38.51.in-addr.arpa udp
FR 51.38.43.18:443 api.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
N/A 224.0.0.251:5353 udp
US 206.168.190.239:443 store9.gofile.io tcp
US 206.168.190.239:443 store9.gofile.io tcp
PL 45.80.158.55:49182 tkanders.theworkpc.com tcp
US 172.67.75.172:443 api.ip.sb tcp
PL 45.80.158.55:49182 tkanders.theworkpc.com tcp
US 172.67.75.172:443 api.ip.sb tcp
PL 45.80.158.55:49182 tkanders.theworkpc.com tcp
US 172.67.75.172:443 api.ip.sb tcp

Files

\??\pipe\crashpad_2896_LZNJYFQIZOITEITQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 31a608701a1385a99451c5bbff2b9ea4
SHA1 c4247de88d6b212639b2e37c448aba1943175b4c
SHA256 aa8a4c3c921492ab9d1412adf357dd7b131ef1f36f9352b06d49ad48f8bf0b65
SHA512 af5d3621e1331d40c17cf957f2c4be4b0228a91ecd61733cb83b4e24728ffc2907a0660d0b118eb6c16c391193ecbd19e94db760c7490eb3369fcb1805a841ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b5975a5f6d04020801446bd3b3d38e2d
SHA1 85c941dc12fca23dedc077d8529c298b7b836c97
SHA256 fca76dfe23f4bd0a36b0e9eefe9072152567a0ef12b277ce12c8704475206584
SHA512 3eaca3b9d591f160ab4921bf5ad312444f63fbfa7594f845daab974740af32ce6084f9c064bbca3121d7cae781e1b6b3a302cffb0dc109efb21b04c117f07cc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4679988ef629139b5629b473ffe14628
SHA1 c477ecc1350f4b90942931a4819be19c9bb32edc
SHA256 63a566b959507b1496420a37b4f7fd35501db59c833f3b02b14575ee5b7e219a
SHA512 2747367dabc67e60295e939261b508a0a85c77e88096fca6a8ff431fc56bbefe04f3acd6aba9f8b2bd8462324abd136e1a1b9ea330933a283f1da6109db65264

C:\Users\Admin\Downloads\MSBuild.exe:Zone.Identifier

MD5 d8381149c9db344f4d18c8a675caf567
SHA1 51ee2e18834bb25fed4f3463bf8ab4fe4fafad30
SHA256 3f91854c4f699788d8d1eec4c0b6a106b87e3a4841e032a77957eb1cb4d40e27
SHA512 3e76017942f557fda6bee82e8d898bc19c36bdb8bb67b5534d1e4ccd1e1e549887d33dbad8ae7d552b749f64b16404567ac0371b19d790dc188d8c65da2ea87d

C:\Users\Admin\Downloads\MSBuild.exe

MD5 7bb3d913742d3d4ab1e2236bfde7e4a6
SHA1 abff865c52824231776460bd7b1d068b121d3986
SHA256 1c8ba0ea86801366c0e20104ab91dee4693847b2a30c7fe6a65c91ee5e449c09
SHA512 3c197af92e31ea114494c3843f1c1dedb869828db9130435478ebd792cfb09a5101832447be85aa18a8c86b9051dfb23108f5a23841553d4c5cd1951c2a6ed65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9a8c2514a3dd28c67c7c91a358226782
SHA1 428ffd5f76d7e4c6c75c1b35fe04cbf324e75e9c
SHA256 341d955bbf9f4140463187f0cc69258e7c4be16a0404fc06613c999b620547bf
SHA512 7012f710dd838f0941b0d1de8eb9d8b3e8e08fefa116fa92c25abd05dce94f228d461aecfd0738624086c2d87f5b5a22c2fe0a4f1ccd8a71a630b661f33b6661

memory/2464-101-0x0000000000530000-0x0000000000560000-memory.dmp

memory/2464-102-0x00000000746A0000-0x0000000074E51000-memory.dmp

memory/2464-103-0x0000000004F90000-0x0000000004FA0000-memory.dmp

memory/2464-104-0x0000000004F00000-0x0000000004F1A000-memory.dmp

memory/2464-105-0x0000000004F70000-0x0000000004F76000-memory.dmp

memory/4240-107-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2464-111-0x00000000746A0000-0x0000000074E51000-memory.dmp

memory/4240-113-0x00000000746A0000-0x0000000074E51000-memory.dmp

memory/4240-112-0x0000000005B20000-0x0000000006138000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

MD5 ef375f28c91db0202bf7db29c0cbc2ce
SHA1 5a3f5d4ec75a468b908c2eb2b9e6f4b1e76c1017
SHA256 f4d1c038db378dec10e7e2fc81ccc2e2d4b8132ef0d66905e3625a0b0cbbde5f
SHA512 f18141e352fcd253e02cb25fa0cff29ab06dec62bafd5aa80ca48c959d1dba97deae830d01bf521f851a8143b9416747eb170d0cedafa32b59155027c02f244d

memory/4240-114-0x0000000005450000-0x0000000005462000-memory.dmp

memory/4240-115-0x00000000054B0000-0x00000000054EC000-memory.dmp

memory/4240-116-0x0000000005500000-0x000000000554C000-memory.dmp

memory/4240-117-0x00000000054F0000-0x0000000005500000-memory.dmp

memory/4240-118-0x0000000005760000-0x000000000586A000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7cbb4b5dd839d1067e96b0db48a40d23
SHA1 1bc06c7ecaca3cb9a596de19a682435aea1a7eb7
SHA256 9cdf815733f78d25da39dfc13128bf2f50cdcf56f74b40b95cd87ccbdd284921
SHA512 c62e0754bc36336054ce7a90789cd5e42255ac01ff725283f31e842c15ca62d926e9654a5d076b1ae08264184876cd1d9456e7e6fe5488a59a287918c1a481ea

memory/4240-128-0x0000000006A60000-0x0000000006C22000-memory.dmp

memory/4240-129-0x0000000007160000-0x000000000768C000-memory.dmp

memory/4240-130-0x0000000006C30000-0x0000000006CC2000-memory.dmp

memory/4240-131-0x0000000006CD0000-0x0000000006D46000-memory.dmp

memory/4240-132-0x0000000007C40000-0x00000000081E6000-memory.dmp

memory/4240-133-0x0000000007030000-0x000000000704E000-memory.dmp

memory/4240-134-0x0000000007A20000-0x0000000007A86000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpF3EE.tmp

MD5 8f5942354d3809f865f9767eddf51314
SHA1 20be11c0d42fc0cef53931ea9152b55082d1a11e
SHA256 776ecf8411b1b0167bea724409ac9d3f8479973df223ecc6e60e3302b3b2b8ea
SHA512 fde8dfae8a862cf106b0cb55e02d73e4e4c0527c744c20886681245c8160287f722612a6de9d0046ed1156b1771229c8950b9ac036b39c988d75aa20b7bac218

C:\Users\Admin\AppData\Local\Temp\tmpF44E.tmp

MD5 14ccc9293153deacbb9a20ee8f6ff1b7
SHA1 46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3
SHA256 3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511
SHA512 916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765

C:\Users\Admin\AppData\Local\Temp\tmpF423.tmp

MD5 d67511e6b6353f4790d1c1bfdf2f53ee
SHA1 edd9873c0aa895f8af3dfeaee87edbda77a46aec
SHA256 601cbdbcca7389cc5adf6e87730de1ab78f12e64097feb3129dda15b949701da
SHA512 57474c3ab9426bac786d4d3b794bae856feb78a326fb8de6fae1fb86abcf196159ded93e21f887abd854118a4dab0e965aae506dd439846fa11f4042e5c52258

C:\Users\Admin\AppData\Local\Temp\tmpF46A.tmp

MD5 87210e9e528a4ddb09c6b671937c79c6
SHA1 3c75314714619f5b55e25769e0985d497f0062f2
SHA256 eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1
SHA512 f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

C:\Users\Admin\AppData\Local\Temp\tmpF476.tmp

MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA512 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

C:\Users\Admin\AppData\Local\Temp\tmpF454.tmp

MD5 22be08f683bcc01d7a9799bbd2c10041
SHA1 2efb6041cf3d6e67970135e592569c76fc4c41de
SHA256 451c2c0cf3b7cb412a05347c6e75ed8680f0d2e5f2ab0f64cc2436db9309a457
SHA512 0eef192b3d5abe5d2435acf54b42c729c3979e4ad0b73d36666521458043ee7df1e10386bef266d7df9c31db94fb2833152bb2798936cb2082715318ef05d936

memory/4240-323-0x00000000746A0000-0x0000000074E51000-memory.dmp

memory/4240-324-0x00000000746A0000-0x0000000074E51000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f210c208d88d556eebece4c1510e5c91
SHA1 e556b3cc92d385282b3008f7fad11b94f7eb5065
SHA256 fde9cddabf4c3e31de7d147082b930a1476b0a8f4ad14132944025151c8f5762
SHA512 7c48fe93c7835c761ee92e41affdf383fb93439de3b25841ee8e6c2452030d9a6a583a650f0cda61525be5274a416c1b4cb16ab7c585bb1affdcb608fba02da7

memory/3276-342-0x0000000005020000-0x0000000005030000-memory.dmp

memory/3276-341-0x0000000074740000-0x0000000074EF1000-memory.dmp

memory/3276-345-0x0000000074740000-0x0000000074EF1000-memory.dmp

memory/4496-346-0x0000000074740000-0x0000000074EF1000-memory.dmp

memory/4496-348-0x0000000005400000-0x0000000005410000-memory.dmp

memory/4496-347-0x00000000055F0000-0x000000000563C000-memory.dmp

memory/416-528-0x0000000074740000-0x0000000074EF1000-memory.dmp

memory/416-529-0x0000000005790000-0x00000000057A0000-memory.dmp

memory/4496-530-0x0000000074740000-0x0000000074EF1000-memory.dmp

memory/2820-534-0x0000000074740000-0x0000000074EF1000-memory.dmp

memory/416-533-0x0000000074740000-0x0000000074EF1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\tmpD3F2.tmp

MD5 4e5c0ce13eb38c3b5c07be9f05495645
SHA1 78de0126dd9a7c55d50be7f359e60ebd145a8969
SHA256 211547382ca59de974ccb8b2b54b432733dcfd639082c20cfcb0764a8548eaeb
SHA512 95affdaab641698c44a2c14080ca8d55e2a7fab78f123a9d4d83d74162078e8eb4777ec264130011b2807a8c469682232f96f034528aa697d4a9934e93b0fc30

C:\Users\Admin\AppData\Local\Temp\tmpD3F4.tmp

MD5 294c2c17228f180b04a3570f0d623cb8
SHA1 00c41008ddb2060947c1da063aadc773b1589c55
SHA256 ddd7ebecddea5f6c8c2612aa389b72ddeacf595a183dcee492eb314559e1d2b0
SHA512 fd1ba2df5dedf05393fc9a5c1f3355ae959e41266602d326fb9ff9d1289e177420cc7ce8b6fdc86b3e5f52006e74b540c41a9e9a14c5f27cc9b63bc2fad3f58b

C:\Users\Admin\AppData\Local\Temp\tmpD3F9.tmp

MD5 87cbab2a743fb7e0625cc332c9aac537
SHA1 50f858caa7f4ac3a93cf141a5d15b4edeb447ee7
SHA256 57e3b0d22fa619da90237d8bcf8f922b142c9f6abf47efc5a1f5b208c4d3f023
SHA512 6b678f0dd0030806effe6825fd52a6a30b951e0c3dcf91dfd7a713d387aa8b39ec24368e9623c463360acba5e929e268f75ce996526c5d4485894b8ac6b2e0fa

C:\Users\Admin\AppData\Local\Temp\tmpD3F8.tmp

MD5 466a1260d63b47c819294b29984935a0
SHA1 820c63062d510b1642a5e9d9310730e7b45fa46c
SHA256 a8b8df45a3f8d8fb9d85b384d0a67ed7f6939fb76f0a9f0d661a50875cb202f3
SHA512 1a1150661e6b781c549bb4a0217fe7709bb4509342518a0da2a51f75d6d9814da2ac154cf2e633eb8020973438ef0236e388ddef27fd1b50a654d38f810a95b0

C:\Users\Admin\AppData\Local\Temp\tmpD3F7.tmp

MD5 3b068f508d40eb8258ff0b0592ca1f9c
SHA1 59ac025c3256e9c6c86165082974fe791ff9833a
SHA256 07db44a8d6c3a512b15f1cb7262a2d7e4b63ced2130bc9228515431699191cc7
SHA512 e29624bc8fecb0e2a9d917642375bd97b42502e5f23812195a61a4920cae5b6ed540e74dfcf8432dcceb7de906ad0501cdd68056f9b0ec86a6bb0c1e336bfe32

C:\Users\Admin\AppData\Local\Temp\tmpD3F6.tmp

MD5 bfbc1a403197ac8cfc95638c2da2cf0e
SHA1 634658f4dd9747e87fa540f5ba47e218acfc8af2
SHA256 272ed278e82c84cf4f80f48ec7989e1fc35f2055d6d05b63c8a31880846597a6
SHA512 b8938526fcbf7152805aec130ca553e3ec949cb825430a5d0a25c90ec5eb0863857010484a4b31fdc4bb65a4c92ad7127c812b93114be4569a677f60debe43b1

C:\Users\Admin\AppData\Local\Temp\tmpD3F5.tmp

MD5 4a8fbd593a733fc669169d614021185b
SHA1 166e66575715d4c52bcb471c09bdbc5a9bb2f615
SHA256 714cd32f8edacb3befbfc4b17db5b6eb05c2c8936e3bae14ea25a6050d88ae42
SHA512 6b2ebbbc34cd821fd9b3d7711d9cdadd8736412227e191883e5df19068f8118b7c80248eb61cc0a2f785a4153871a6003d79de934254b2c74c33b284c507a33b

C:\Users\Admin\AppData\Local\Temp\tmpD3F3.tmp

MD5 a33e5b189842c5867f46566bdbf7a095
SHA1 e1c06359f6a76da90d19e8fd95e79c832edb3196
SHA256 5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454
SHA512 f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 864401a2cd76d381a505c2c53083bb27
SHA1 377cc6326eb86bec17c13b8e6214cf27481adbd0
SHA256 3316e9c6eccca6c1ce2e82a329beca95361cd3756c76356570cd899ec35641cf
SHA512 9618d8f9fa42e86431cfcb15e11da9946c28d82644569860843c6b274529bbc327d3bd7d8c1a5dbd11254278fe8d038cf517045d806da2fa6d09c22a60df7bdf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 87326fff847fda6a0956b29a5c4d25c7
SHA1 ca21caafaa6c12ce7ab138bb973e07d835909629
SHA256 262d695f153910a3653652756f5abfc7dcec0fb04e7e86c3a66a41e53066653a
SHA512 630e2aa5b88425ecef67c779eb795dcb20d0c8295325a0985c5a3fa6b2515ebb6be9277bf884cf49e6b61282266dd513a8b13d841406468cf59c6fd6264572e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 7726e4e6e2c431dfa576df64738cac43
SHA1 46585ab6d7b8540cf65df1dcb0bbf4600f3a8aeb
SHA256 f1738a5d26eb0352092f27efe0b58878940b32fc7f175dc03240433069ff45ec
SHA512 aef855fb59cd9cf4711655f1067d33f2f7fa19f24164b42db8b0e61a1d01d2ed3d8729a70be7d3e197637b80b23e80f0494de0a3d1adfe1948ff65eafc5152ed

memory/2820-795-0x0000000074740000-0x0000000074EF1000-memory.dmp