Analysis Overview
Threat Level: Known bad
The file https://idtsoftware.com was found to be: Known bad.
Malicious Activity Summary
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Suspicious use of SetThreadContext
Drops file in System32 directory
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Program crash
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-28 18:39
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-28 18:39
Reported
2024-09-28 18:45
Platform
win11-20240802-en
Max time kernel
335s
Max time network
335s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 720 created 2840 | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | C:\Windows\system32\sihost.exe |
| PID 2328 created 2840 | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | C:\Windows\system32\sihost.exe |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
| N/A | href.li | N/A | N/A |
| N/A | href.li | N/A | N/A |
| N/A | href.li | N/A | N/A |
| N/A | bitbucket.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll | C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe | N/A |
| File created | C:\Windows\SysWOW64\temp.000 | C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\shell32.dll | C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe | N/A |
| File created | C:\Windows\SysWOW64\temp.000 | C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2544 set thread context of 720 | N/A | C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
| PID 2096 set thread context of 2328 | N/A | C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Program crash
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\openwith.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\openwith.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133720223923094579" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\AppSetup(Full).rar:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://idtsoftware.com
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1b2ccc40,0x7ffa1b2ccc4c,0x7ffa1b2ccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1796 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2084 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2380 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3084 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3124 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4532,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4576 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3484,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4276 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4248,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1040 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5104,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3656 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004DC
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5272,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5284 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5456,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5468 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5284,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5808,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5800,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5996 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6116,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6080,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\" -ad -an -ai#7zMap22880:120:7zEvent8386
C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe
"C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
C:\Windows\SysWOW64\openwith.exe
"C:\Windows\system32\openwith.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 720 -ip 720
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 484
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 720 -ip 720
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 480
C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe
"C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\openwith.exe
"C:\Windows\system32\openwith.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2328 -ip 2328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 512
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2328 -ip 2328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 508
C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe
"C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | idtsoftware.com | udp |
| US | 154.49.142.2:443 | idtsoftware.com | tcp |
| US | 154.49.142.2:443 | idtsoftware.com | udp |
| US | 8.8.8.8:53 | 2.142.49.154.in-addr.arpa | udp |
| RU | 87.250.250.119:443 | mc.yandex.com | tcp |
| US | 104.21.20.107:443 | api.inetstatic.com | tcp |
| US | 104.21.20.107:443 | api.inetstatic.com | tcp |
| US | 154.49.142.2:443 | idtsoftware.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 154.49.142.2:443 | idtsoftware.com | udp |
| US | 154.49.142.2:443 | idtsoftware.com | udp |
| US | 154.49.142.2:443 | idtsoftware.com | tcp |
| GB | 18.135.152.101:443 | api.fontshare.com | tcp |
| GB | 18.135.152.101:443 | api.fontshare.com | tcp |
| GB | 18.135.152.101:443 | api.fontshare.com | tcp |
| US | 192.0.78.26:443 | href.li | tcp |
| US | 192.0.78.26:443 | href.li | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| US | 8.8.8.8:53 | gfs204n161.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs214n154.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs270n418.userstorage.mega.co.nz | udp |
| US | 8.8.8.8:53 | gfs240n109.userstorage.mega.co.nz | udp |
| FR | 185.206.26.64:443 | gfs208n154.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.64:443 | gfs208n154.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.64:443 | gfs208n154.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.64:443 | gfs208n154.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.194:443 | gfs270n418.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.194:443 | gfs270n418.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.194:443 | gfs270n418.userstorage.mega.co.nz | tcp |
| LU | 89.44.168.194:443 | gfs270n418.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.64:443 | gfs214n154.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.64:443 | gfs214n154.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.64:443 | gfs214n154.userstorage.mega.co.nz | tcp |
| ES | 185.206.27.64:443 | gfs214n154.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.19:443 | gfs240n109.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.19:443 | gfs240n109.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.19:443 | gfs240n109.userstorage.mega.co.nz | tcp |
| SE | 69.30.89.19:443 | gfs240n109.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.72:443 | gfs206n162.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.72:443 | gfs206n162.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.72:443 | gfs206n162.userstorage.mega.co.nz | tcp |
| BE | 94.24.37.72:443 | gfs206n162.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.98:443 | gfs204n161.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.98:443 | gfs204n161.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.98:443 | gfs204n161.userstorage.mega.co.nz | tcp |
| NL | 185.206.24.98:443 | gfs204n161.userstorage.mega.co.nz | tcp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.204.74:443 | ogads-pa.googleapis.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 142.250.179.228:443 | www.google.com | udp |
| GB | 142.250.200.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| BR | 142.251.129.227:443 | beacons2.gvt2.com | tcp |
| BR | 142.251.129.227:443 | beacons2.gvt2.com | udp |
| IE | 185.166.142.22:443 | bitbucket.org | tcp |
| IE | 185.166.142.22:443 | bitbucket.org | tcp |
| IE | 185.166.142.22:443 | bitbucket.org | tcp |
Files
\??\pipe\crashpad_2116_PUULAGGLELQJYEBZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 6ab482c766c311f9cdaa1fbd65879548 |
| SHA1 | a66118645534490b2edfcdec62c428d2cd056d01 |
| SHA256 | 51d32ff10e51500e274ee47641a47e38c5b89c981ace30b5e434c1cf045e06e6 |
| SHA512 | 01baf6c68e410276fa522ed1bdee0a4b35a1e7528800f652a51aeb2e8822595d0d4244c41e2c0a7bb9bdb42c81a577c7dc796ad0e0a17cae8f02c5e040a8d107 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b07ec50c0681dec3f0bbc4f70cf0a492 |
| SHA1 | 3fdfe2102ba89823807517644634697294d7bb21 |
| SHA256 | 34d616093f4ea77c750bb3ed74596f83e2078bda27d2a9df8a651ed18ba4a771 |
| SHA512 | d2f1b251f622b73970a7df1ba7f28af7477a59b30f1e65e07eaaeff201e83c56df148d5b7e33440758aca668db1e1102ceba48d131fd1cdf2aed82fde2438b31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 39634d8d31d0bbcf33de61f023ad9a6f |
| SHA1 | 1d1a43657f892871eb27d6846e990d7e43ff76f9 |
| SHA256 | cf5b8dff6a6885aa576a19d72c2d03e3aa7f2dd1f51d768567edb8ccbf3a9cce |
| SHA512 | c5a8f7c14ea9a4811d55ce83b8c934d8c8b4ddbc90401a173c1897882801a724b2492f861bc1109344275a6c81c1be25ee0d7365382f7b0bd221b3ff370adba6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 423a4d1dff0111bc60e5b8bcb03489d8 |
| SHA1 | 49e5a65721988d57611e59bbceaa60ecffe07dc9 |
| SHA256 | 9255772ea1136b8a2c495223e012a392c027777063db05d74843dd9a977c168c |
| SHA512 | 85dd88a3d121992c4e8e4353ac73aa88351b4251abaaa8eb76c11297964c30fa4d52baf5f052a801b03fb388c534ff3195ff0cbdcdb6fe45dd345a2015f90ed0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 457903fefbdb843513167078cbeb3033 |
| SHA1 | 3fe315cc08195ab354eaa640e1f2d9fd585d48bd |
| SHA256 | 71ebc7d48b501475b2bb0f6617c7f65ee9f14f5691cedd5dd2eb5f3c87b63047 |
| SHA512 | 7e3a76fb5a8f689d4b4215e2fe0a34d7b8bc72b4ee7a55a8b107f98938917e215df8a6570bd23c06b38072bad9dbf35392f3107f2e4c69eefd8d5129449a7540 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | daea29fae6a5307a113cfdf9e836f17f |
| SHA1 | 2709410e67d8d159e15d5993f321dc9ffef7f6e1 |
| SHA256 | 6da2edaffd74d39e06fe324e814661e419715fabc62d9df3838db750cd0f24ba |
| SHA512 | 7886bc9dedcc982be943f9c26d2d34071727f990ee812b4656eb06e769ed1501556c978bd4a6b76c493c3ec9cc5371379b3a8cf1f36ec645d6e0bf4f0bad1530 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | df508fa96275385de816796642d9e353 |
| SHA1 | 820ff2586f2548c2e575ff1835295176ce8baa66 |
| SHA256 | 9202b410612097b024b35bac2c0844b1b40a121d49210a838d1c0e9c00f18809 |
| SHA512 | 4ffaa87c9ba751b87fcbe9a4c7ad1d82675d151cf2e7bc508bdcbcaf6cd4bfb04f9c322466f141342aab53bb6262abe06632869c9380e1ffba009f525b5d7934 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0afb03f2dedddd01ccc4383684ecad9d |
| SHA1 | 24f2d556e0fe771a4064e0e0680cb8bac8fdc641 |
| SHA256 | a6e32881782714237fdd3478a6d3b60adf097a3e9b7ba51cf7e8cba6786f3aa8 |
| SHA512 | 279947c7c9ce52443a85f7987274a05e4fdab81726eeb5b31549c54511145291848fb50f27463337f24bdc953416b2998908534cebc621c98da577892bf735f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3e991c1c2be81c4351c90df4f8729dcb |
| SHA1 | 791d6f62157ced3d47802c34eb8734ccd96fb45a |
| SHA256 | c967d840a27db07c5a61fef5860aa6f3d9f04b8d96fc6f3299003d5ccb959879 |
| SHA512 | 0aaf9a62b994368c68797cebda8b7a56c59ea98ec11eba5a8426369e229093458b2a8b03bbf86bff5473e12693a619529c25e751e4ede2bdf3c739f38bd2dfc4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6cefe7e214918ec52d80be0c736296f8 |
| SHA1 | a7cab6e869a7205610c1a6abcfdc4cca2f40354e |
| SHA256 | b318574b4e9411965b611dfe615c88e1ef0cdebcac9bd87870b8c39f9f12c7e1 |
| SHA512 | 6ee020b263e6ad44e2c3a2ebe34e29ad2f22cc22d7325baad084fd19bf3fdf97979a5a67032e40745f20e8b70d3c34568f3a4bc4a9bdf3c62017cb3fd1a4c122 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4929b13b738128fc3c9d4cbd422a2dd3 |
| SHA1 | 565b8cdf2fce0f57f34d1cb8df5c8e6097ed397d |
| SHA256 | 565a7d1f85f7d4d3fa7f1e25ffa9b256ad07cd5f4a5ac5e89054fa2ed7534b2f |
| SHA512 | 673bea11b99bdfc247d1ef6f2f894fb01e0699bb06c3cfdcf34959e08f858d863af64b939c96bc8ca4a41dbd7a9602e10fe971cbff83b098aa1bc91ac12e9406 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 313ab49a1bd2bc6a7dd5b528420762d0 |
| SHA1 | f5f44f9ff4aa7a06d03bddc39300c00e33a5d632 |
| SHA256 | f11eea541ba8d20f6e531d565e87b4660e29106f7e73e274623475090b207b71 |
| SHA512 | a54580efc8c2daf35a5195e38667fc61552ce17e2c6621a97b790946db24df7c71a6b4b126ce8dc8f64f7face5f9c076268cc02370523782ab6760ee20d181bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ca71145e123c57371acb7dabdf84edb0 |
| SHA1 | 2c7af167b20ac81a1fffaf9d33755800f9df255c |
| SHA256 | d05c9d0a8ac5c259c391eda1ad35f1764389005789246e3925601c52cc739ff1 |
| SHA512 | ba24ec03a575958e37da277ac6f8c86ac0b437c27d2c7fe9e71a05792d619bdaf7e179908c3b92cb37b74afc076e730fb29a3237482ca1ac406a9aec9e8786b4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 928dd2ad21db516907f14fecdd3eec74 |
| SHA1 | 0072243447ab1e52e6ee9f5bc4ca44ab067324f3 |
| SHA256 | 741038c0b83b00aaedb23258fc884342ae5da030d365efc57c4bfba46b91ccd2 |
| SHA512 | 779c9e173c6d36783e0567700aba382d976718bd03b9c1c3af117c78ee422150b1908999b0895194ad28f88f0f277dbe57972004859d7e0894213c1ad73e442f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b026af4a6db98fae9b7dc828fa87ca37 |
| SHA1 | 9d0f239d987979a4cc886e483ff257298aa0611b |
| SHA256 | 665934ec87ecaf01f3ba3aab464798cd0dfbd3b747dfc197a402f9ba7b398d44 |
| SHA512 | c03e18a06283069488da11a87f9b1c20da99e488b4157958a98b9bce4ebb5de74fcee6ccdf5bdcb0710054d8bedd093bf3306b1ba0c728a50a26fe9c2077283a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8171e4ca7545c0d33aa94ffffcb565b5 |
| SHA1 | 732383b6548182d1b78c59198015749bd39b26d0 |
| SHA256 | 5109d676696df6c8058a25b6432ac19e36f596fbd935be7c7ef45e1e0e367c22 |
| SHA512 | b704c284a4c93234bb9333c51c2977da73a39356f6c18618d98878f3133b2228c9d8347ff7c0956075668a8ad059b828eee0c2ce6336f5a40c71d98c283115d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c7e148b2ac27f72f698e20d7cfc347f |
| SHA1 | ccd85e0d0719f953d740ba6da488d8001105e09e |
| SHA256 | 760a8fe470535af283c9cc111ea7995b5838e4638354b6ab29d673e573ddcf75 |
| SHA512 | af10990ae8d2b856503608c7318d00293edcbf65e327e8300128d56f68d7c32bdc2aae4ea55c34ac0079aab48ca708ffedda71250ff1311ee53140436b11974f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 08b6b26910b794cefe2001ab4a4de96f |
| SHA1 | fcd242290894edd67b22701f1914dc65593cc96b |
| SHA256 | 517130baf849f49c9c27a5f8973f5cb2f342f3727c2898eaa9b136f523345d2d |
| SHA512 | e747443d3f342cfed257bcff149317cbe3128bb5b7a0d10b9818f92c58318c4ce091a9f1335280e7fbf932b0384d69e06d54a768a0817084decc4267ca139391 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 812b67a5b823c91e4d4e1de23a75e0cd |
| SHA1 | ca5e3b1a4e3cdd56e169f6d4cc88c4861c291638 |
| SHA256 | 8d0a78b96e7143a82e90365c7ef4aecfd7f80395a39d0bfd8815de466218aa43 |
| SHA512 | 5899eef3bc5e453770dbad1e1fbcc88d7d2e35a2bf55ddf860d8685f81bff3868fbe0f63394cbe0fbe2bff33b3acfe23e6c04720a883b3f753e51b850124df60 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9c5f245b764ff20999d8f597e95abc89 |
| SHA1 | 8ccb1d0ac4f463acce86cc18d67e683da4a5e96c |
| SHA256 | 30f87fd06e7524ebf972deff019ddf2227fe3b154a247f86ebaec0dfa89e4dc4 |
| SHA512 | 1975a4776a68c2c5b76d5e31ceef79ba5e2fcd0a89b1415186e15fbb52a0ec22b75dc0387b2fa4bb8c51eb8c905ffa2e9ea7311ebe739c9234d5e4c0d36559e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\Downloads\AppSetup(Full).rar:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a23236f492a2e88a95d63a6ccd5b60c2 |
| SHA1 | b99aba31e6c5428d2739ac14d64049161d670206 |
| SHA256 | 5d394909586496cbbe828c3751dcb5caa2cf24969bf2eb41b0f62970a86e79e2 |
| SHA512 | 70ba57942aff72553cfa28bde30db42db3b7653f6015bb27825fc73ba7b4615d5f37009b7a4076e2f017d0ae67ac37fd29bafeb905b92d696fd6b4b0f019dea1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e
| MD5 | f942900ff0a10f251d338c612c456948 |
| SHA1 | 4a283d3c8f3dc491e43c430d97c3489ee7a3d320 |
| SHA256 | 38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6 |
| SHA512 | 9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 22b9ae5d6bc8fa1d3dbed7dfe28bd32a |
| SHA1 | f415ee4fd4dc1b5a8f39937a9f0cc99ee40a1f50 |
| SHA256 | 4d23b4a12a93dd4073f7e7cd90c08137b1482176b0c2b90b0f3771f08e7d5922 |
| SHA512 | ca2a6307df32f2d549c0327961ba2e8265ec47757319090bfe59d42100aef2e8ad68b461ede6dcd0746a3122e8a8d85f5858d7c24a88621265d77db3402d0326 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0b7715845ebad4d744f60ac4e3373e38 |
| SHA1 | 3d762daa47b35a44d8e9427f72d10600c4a23072 |
| SHA256 | a4796eea3a3b92392537d0cb556e45dea300b0c5630394c788b22702533847fe |
| SHA512 | 6803f69fcd0a954650b1e049e7a4ac440720323de29abee146f0052c5141021d002368aabc51f761aa2edcaca13a78e7a012f0966e2af4e54a8c0e43725df2af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d9e6ca88a2ea7d865b79e5b6370ef08e |
| SHA1 | 0358eeab99775994ff74bf4a79db0e896fea4200 |
| SHA256 | d5189b5c8e86f59a28b448d30f944b48f70336c01b8ad8d3dac8742545657020 |
| SHA512 | 2cf119bab39c630eb09d5e7ad4f5a7151db482e02c341216101827adbcb138e0d017aa36b77a9c0da83a79f4fb6982b43d2d379b2711159f4f73435ec36b84bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 40d2c29b9e6edfef4b9ea0e4ac1741d4 |
| SHA1 | 42180be93c9ab4a8fd632b75d165f76ce730765d |
| SHA256 | f3cd57a72f3b247a894d26764b498bee569e7a72f66243d9d72c156c47f9e1c2 |
| SHA512 | 09fe5aafd30a4e7c0fdd91ce97598c3a8c43e668130c5ccdd0761df407d6819d3c5c93bf335712dc4f815779c2c4c5c8264c2e51295fe0d923194436add8eaf1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 73a3b2c747e1f18692f081f661e8177f |
| SHA1 | 4b71df53f697c416b65da42645b47748549cef0e |
| SHA256 | ca8099c2eb63e9e2722d3fe224251aee0647f5deaaf9406d4815cee2977f5385 |
| SHA512 | f9330db04907adcb034b0a87648f2f70e3e64afff3bf10e429cbb6c1469f5187367acf9949bd3251d632c918a438e4b9804c5cdb9a73dc103ae42c5dd82b5896 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c2a934d8f72be693113df89a1a58c49d |
| SHA1 | e70d0230c020ad644492754e1bdaa5b277ad40bf |
| SHA256 | dd667a3a7f55f6d1c9f4c8c64b9d06dee757e499b6e4e09655e3cc3d305799ab |
| SHA512 | e25d21c2717ec7452fce746766ff527a30b58049fb5e7d0db2145d2c003fd7835bbeef974cd50542e408ad29339b72c0b0263f3fccf5ffd64a055614df222b6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9a2da4a3fb4815b8b4094d49b2070bef |
| SHA1 | ee4a24c182239d3cd64bdfa07951e7701f666b77 |
| SHA256 | eb63567281de8b94fec05c77fbc684472c852b75d26119bd83bd284043796e94 |
| SHA512 | 5d7bea32b4acf8ca6f252ae0bcca9669ca2c5af0347b185fa8b4c404fb2da348aa48342fa39ac86edaee03799337a2b467c3bf38822481eeff895c851953c11b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5f589a87d42771ada685d81c85d6560f |
| SHA1 | 65a456fffbbfc61acaef11f42007f08e79acf61f |
| SHA256 | 60fe0871fb2b614aaceb1f7fc858a1dbefd82ab04af5ebff5484776420e0f48b |
| SHA512 | ae1846841573e9601d387f03abe1a2faf9c372dd6535c3c9bac0754a1479d89a3b3c36d7c7fab1e9d3035660e6663159f8bf93eadc7cf924d21f1e154e3703b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | afb0bb6c790eba80d9b834b30d06fc1e |
| SHA1 | 40d6b1c47e2d1021a7e4a497138b327706d11b0c |
| SHA256 | 78b884cae1a45a9eeff367847ed938893ecb1a30c6394cddbc176642daeda5a1 |
| SHA512 | 065676bdf7d81624e5c111133dbfc0fd3d7753db21dbe5ee0620898cfe4315d94a35de9f251c146a89498b0a0b539a96443369ced52d2270663d49ef3f5a94ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 021bdfc3ad85386b7577e64b5165f2a4 |
| SHA1 | 627e6b2ab50fc0ce5bbac7bb1275d18bdfb74947 |
| SHA256 | cbcc2fc85870e31760f8f128a4e041920c0e36a1edc04495db73dc23d0f576d0 |
| SHA512 | b5b2ad1ebe6ed3e40d7939952b6512b33032bdf81313ad66ed85a665e80fb14136a2c9b79dd44f97faee862578cf09cccd8f21457036ba40372a2f2aebcda32c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2d21c59caf5b6f893ee75aa053f98ced |
| SHA1 | ec99b83f87d6de6c017e6dd6705263081b7ae2d8 |
| SHA256 | 6777b80e3847f9ef1e659abaf39783b40e665edfe887403df5f74591fb3e6e6a |
| SHA512 | 3d0d088da0d7bd4b991308ded01357f6adb612234f8ad254e03a5d6c99751a37ccea004fbb7ea2ae3496e7443c170f79bd2a209326c081914a3e7e1aabeae659 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8de4f76a2f55d3f70c7fe0fa1f11de3c |
| SHA1 | d72a60a72a4037dbcaec116e3bee76578cd2ed9d |
| SHA256 | 946aae92d35217c1772778c1c9f16b51adea84052bcc83bf8d58923837480b8c |
| SHA512 | cadddf266c5fbdd9cfdc36edb329ff2694355fd5c30ed2af6c584895d349ca7c2c295949e891428ee4d0badbbced14cb8902d1ae8f085d9e81a887f195d3c283 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 8af6a140962f71c0bd137b357dd928c8 |
| SHA1 | 7839e85dc46e856ab5281886f7210c7508c5f761 |
| SHA256 | 9d171ed5d219e74e6581337143612f119b033d1c1edbd36141b4b9aff9e7c18f |
| SHA512 | fc57a76a3d6a83de217c926a2dce7bf163df34e7a2d05a16b603c97776684d874b81ffed210a654d4b79e06c33281b68d6724af8a9b07fdf6b7d1f9641c44831 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ce922062819913f0a879572117312fcc |
| SHA1 | f23d500e7a5e58a6404381ef5862a6395f819c5c |
| SHA256 | 9bd222dad4c1e6e0d0eed2fb60b147d8fa8157ca0ddbc806111ddcea14cc0fc0 |
| SHA512 | 81559449708077714921c035dfc5de6239d19ae924c6649ab08f2c98ff6bebb86815365f7cc88668126fff1f92b10438a3fc6fd10bcbbd87d17c91436146e210 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 26ac495a2991c0e5b277053e909c30e5 |
| SHA1 | a0f000cae55caa24601b62abdbc9bc840ceb0e24 |
| SHA256 | 8f612c5a189420ced90fdfab9b6b3cb9ced46dd3e7a6d30c03645fc50018ad07 |
| SHA512 | 45ea44f00730c99d827a7218f0b40f2ceb9f4d487fcb09354c62834da1eb06371ccc96885e1ec677ad4e31e7831f2943c96b01f1104e3c40680a5725981c781d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | de21b7f99a7aa0e07f6f58e9d9853236 |
| SHA1 | 151580c47f8923e4bfec76a19c42f5d79f0cc47a |
| SHA256 | 90d00709a5a737f25a1015842a76c16a91d1e1ef7cd54bc8d848399125c501be |
| SHA512 | 1da4f4a4ed5ee7f480470e9b2fe592f522ff9f78d4a726dbf235bfe9c6ea07467fa8799af837d53aa4cbd79886229d81a10db13af338cee9e6cb72e85c35443e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3848ca5d532179937cd8c71e64691fab |
| SHA1 | 58eef095b319d814629aa205d33f2e3bb731ac0c |
| SHA256 | 2a1df08d9da2dfb0b2d1d99ab3cf129849d0337230789744c63b1068f7a736fd |
| SHA512 | 53b640d7d641241ff1e4648c6ac5190ae19099f4d0a39af7951b6307e8ecf455a763dbafde0f34c56b734669ac28830f4e0fd3a6d4e75eac4afdb7df6bcdfe5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 802a1f7b5f8d8443dc9dd92588cfe880 |
| SHA1 | 86b3fdaa9fc75ed7a19fe933da94335a8b6ad256 |
| SHA256 | 28dc1e4bb1d537f0fefa2fb90060f88ba155f91a59effa708bd3df88068917f6 |
| SHA512 | b44f5afc5e1b1d161092e6892ec725c3da074d86e72a690de3967cf895a9d4e7cf164f1b7136d5a3c667db1d5b188295b240ea12453aae0c27064092ed0b232f |
memory/720-703-0x0000000000400000-0x000000000047E000-memory.dmp
memory/720-704-0x0000000000400000-0x000000000047E000-memory.dmp
memory/720-714-0x0000000003D90000-0x0000000004190000-memory.dmp
memory/720-715-0x0000000003D90000-0x0000000004190000-memory.dmp
memory/720-716-0x00007FFA29FE0000-0x00007FFA2A1E9000-memory.dmp
memory/680-719-0x0000000000450000-0x0000000000459000-memory.dmp
memory/720-718-0x00000000761A0000-0x00000000763F2000-memory.dmp
memory/680-721-0x0000000002190000-0x0000000002590000-memory.dmp
memory/680-724-0x00000000761A0000-0x00000000763F2000-memory.dmp
memory/680-722-0x00007FFA29FE0000-0x00007FFA2A1E9000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d0877bbffe42cc3601d3873c41f7b5a1 |
| SHA1 | 5d89cfa3c237b486283743d383ed5bf4e5d83038 |
| SHA256 | aaf52599eb25713115cf90b83c892d6d51d40a7f3098a323976bd9eea0f412db |
| SHA512 | b52ff42439c02f5e958e294f95118aaca193377c17c8bd7b526c989a931a64f427a23db268bc101a78a249189ed1ccc9907956014cc90dc387df478f553d8987 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4D1ED785E3365DE6C966A82E99CCE8EA_4FF21E9CE9761A304E66D2F0263F90A7
| MD5 | 66e72c9ec5f916af0c768669ac2ab9d2 |
| SHA1 | da6ba4d3df11c28bafe01e7c44c7fceb29bdf4ac |
| SHA256 | f2409aaa60fbdeaf8f8c4776ef406be823df4837a751ae614ba6f719996f6511 |
| SHA512 | 57de986829586bbc20ee1331ec0dc579019173e62ab9c2e211c49467269750987b9c9c570b7849c08aa81b047e8a69847badc95168ceee618106e8a1a0c7e886 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4D1ED785E3365DE6C966A82E99CCE8EA_4FF21E9CE9761A304E66D2F0263F90A7
| MD5 | 252ead01f91025b9f1b6138c6dc1c01e |
| SHA1 | ab1e5be73881b587f1911c298a959f510414ff6c |
| SHA256 | b25e34f08696fb725ac9113d03fc0dd4c67f0e99234329722150387d6c4da6ab |
| SHA512 | 60d7dbe0dba89ee9001c42a04dbe98aa176bad01292042eea79861b0e3f1806d09d4eac0e5f38afd079d3f283d53f27cab9becb4423d80b39aeaf1a86ef10994 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
| MD5 | 26267d0b5fcff4107d12aa1d51770f3e |
| SHA1 | dde296d906dde54ea74a610ba32b039d544b26fd |
| SHA256 | 365b315d9d1033491107ac3dde425bf0cdc080c9266819a613d79675a684bb8f |
| SHA512 | 0cfdd4ddc4bf3dfc9748c597553a49bb3f3e812bcfb08b8a68ed2b5c4ca090770447e60615629527335058fa380f7a9d87d0b7f2caa5745c4817c7711e94b1f0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
| MD5 | d525b5c16dda2b365e03275d21f80bba |
| SHA1 | 8ed61c931441b0173c9f3704af1ce6dbc07902ff |
| SHA256 | 2609dff51cd3aa925fb9a8a4b1707dbd661a2f22ee849b2b12d33ca08c410314 |
| SHA512 | 9115882135feeaebd957bc0b71e787736be786f77f4e72b518fd6be4bd5514363025d8b6c9d26ad5a339d3553ada0d99f4508dfc91fe73f5e504d2a515bfc599 |
memory/2328-746-0x0000000000400000-0x000000000047E000-memory.dmp
memory/2328-744-0x0000000000400000-0x000000000047E000-memory.dmp
memory/2328-748-0x0000000003F90000-0x0000000004390000-memory.dmp
memory/2328-749-0x00007FFA29FE0000-0x00007FFA2A1E9000-memory.dmp
memory/2328-751-0x00000000761A0000-0x00000000763F2000-memory.dmp
memory/2228-755-0x00007FFA29FE0000-0x00007FFA2A1E9000-memory.dmp
memory/2228-757-0x00000000761A0000-0x00000000763F2000-memory.dmp
memory/2228-754-0x0000000002B70000-0x0000000002F70000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 931ecc04f4f7f149aa3b910bcb53a11f |
| SHA1 | 1207bdc54f4078731b66445bb276f5316bc40f33 |
| SHA256 | 20d05851a30265602f1ff8c398ffc24214803e8ddf7a43ced1d7950870904696 |
| SHA512 | 35c01b6461fbd6623f861088fb09b29d355fa8e1858c51633a178af9961cdd845c1bbf5d6e8f637568dfacaee0c8880f1c45faba1b1a6137fb68e9d2d880377b |
C:\Windows\SysWOW64\temp.000
| MD5 | f8fe9c0f79a84765671e486a6bc61467 |
| SHA1 | fedde14757da0bd69c45d5ac7b3a672225a79e6b |
| SHA256 | 5843c14694c4b2757db55b47f6d41d0a98f142dac5cb759cfb5141b4ca5e8a5e |
| SHA512 | a3ece423a605add292678acea634fff753ceae1d9419c3639fe1b200a99451819deb709606a3ffa5b9056bcc048bb91a577f9aaa88da08b426a9fc4282593e27 |