Malware Analysis Report

2024-11-15 06:03

Sample ID 240928-xar7estapd
Target https://idtsoftware.com
Tags
rhadamanthys discovery stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://idtsoftware.com was found to be: Known bad.

Malicious Activity Summary

rhadamanthys discovery stealer

Rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Drops file in System32 directory

Drops file in Windows directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Program crash

Suspicious use of WriteProcessMemory

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-28 18:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-28 18:39

Reported

2024-09-28 18:45

Platform

win11-20240802-en

Max time kernel

335s

Max time network

335s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 720 created 2840 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Windows\system32\sihost.exe
PID 2328 created 2840 N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\system32\sihost.exe

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A bitbucket.org N/A N/A
N/A bitbucket.org N/A N/A
N/A bitbucket.org N/A N/A
N/A href.li N/A N/A
N/A href.li N/A N/A
N/A href.li N/A N/A
N/A bitbucket.org N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\shell32.dll C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe N/A
File created C:\Windows\SysWOW64\temp.000 C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe N/A
File opened for modification C:\Windows\SysWOW64\shell32.dll C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe N/A
File created C:\Windows\SysWOW64\temp.000 C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\openwith.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\openwith.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133720223923094579" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\AppSetup(Full).rar:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2116 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 2348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2116 wrote to memory of 1612 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://idtsoftware.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1b2ccc40,0x7ffa1b2ccc4c,0x7ffa1b2ccc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1796 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2084 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2380 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3084 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3124 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4532,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4576 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3484,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4276 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4248,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1040 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5104,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3656 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004DC

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5272,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5456,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5468 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5284,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5808,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5800,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5996 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6116,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5956 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6080,i,7747571805927697656,3763651190259117183,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\" -ad -an -ai#7zMap22880:120:7zEvent8386

C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe

"C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"

C:\Windows\SysWOW64\openwith.exe

"C:\Windows\system32\openwith.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 720 -ip 720

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 484

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 720 -ip 720

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 480

C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe

"C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Windows\SysWOW64\openwith.exe

"C:\Windows\system32\openwith.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2328 -ip 2328

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 512

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2328 -ip 2328

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 508

C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe

"C:\Users\Admin\Downloads\AppSetup(Full)\AppSetup(Full)\App_Installer.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 idtsoftware.com udp
US 154.49.142.2:443 idtsoftware.com tcp
US 154.49.142.2:443 idtsoftware.com udp
US 8.8.8.8:53 2.142.49.154.in-addr.arpa udp
RU 87.250.250.119:443 mc.yandex.com tcp
US 104.21.20.107:443 api.inetstatic.com tcp
US 104.21.20.107:443 api.inetstatic.com tcp
US 154.49.142.2:443 idtsoftware.com udp
N/A 224.0.0.251:5353 udp
US 154.49.142.2:443 idtsoftware.com udp
US 154.49.142.2:443 idtsoftware.com udp
US 154.49.142.2:443 idtsoftware.com tcp
GB 18.135.152.101:443 api.fontshare.com tcp
GB 18.135.152.101:443 api.fontshare.com tcp
GB 18.135.152.101:443 api.fontshare.com tcp
US 192.0.78.26:443 href.li tcp
US 192.0.78.26:443 href.li tcp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 gfs204n161.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs214n154.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs270n418.userstorage.mega.co.nz udp
US 8.8.8.8:53 gfs240n109.userstorage.mega.co.nz udp
FR 185.206.26.64:443 gfs208n154.userstorage.mega.co.nz tcp
FR 185.206.26.64:443 gfs208n154.userstorage.mega.co.nz tcp
FR 185.206.26.64:443 gfs208n154.userstorage.mega.co.nz tcp
FR 185.206.26.64:443 gfs208n154.userstorage.mega.co.nz tcp
LU 89.44.168.194:443 gfs270n418.userstorage.mega.co.nz tcp
LU 89.44.168.194:443 gfs270n418.userstorage.mega.co.nz tcp
LU 89.44.168.194:443 gfs270n418.userstorage.mega.co.nz tcp
LU 89.44.168.194:443 gfs270n418.userstorage.mega.co.nz tcp
ES 185.206.27.64:443 gfs214n154.userstorage.mega.co.nz tcp
ES 185.206.27.64:443 gfs214n154.userstorage.mega.co.nz tcp
ES 185.206.27.64:443 gfs214n154.userstorage.mega.co.nz tcp
ES 185.206.27.64:443 gfs214n154.userstorage.mega.co.nz tcp
SE 69.30.89.19:443 gfs240n109.userstorage.mega.co.nz tcp
SE 69.30.89.19:443 gfs240n109.userstorage.mega.co.nz tcp
SE 69.30.89.19:443 gfs240n109.userstorage.mega.co.nz tcp
SE 69.30.89.19:443 gfs240n109.userstorage.mega.co.nz tcp
BE 94.24.37.72:443 gfs206n162.userstorage.mega.co.nz tcp
BE 94.24.37.72:443 gfs206n162.userstorage.mega.co.nz tcp
BE 94.24.37.72:443 gfs206n162.userstorage.mega.co.nz tcp
BE 94.24.37.72:443 gfs206n162.userstorage.mega.co.nz tcp
NL 185.206.24.98:443 gfs204n161.userstorage.mega.co.nz tcp
NL 185.206.24.98:443 gfs204n161.userstorage.mega.co.nz tcp
NL 185.206.24.98:443 gfs204n161.userstorage.mega.co.nz tcp
NL 185.206.24.98:443 gfs204n161.userstorage.mega.co.nz tcp
GB 142.250.179.228:443 www.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.204.74:443 ogads-pa.googleapis.com tcp
GB 216.58.204.74:443 ogads-pa.googleapis.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.200.10:443 ogads-pa.googleapis.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
GB 216.58.213.3:443 beacons.gcp.gvt2.com tcp
BR 142.251.129.227:443 beacons2.gvt2.com tcp
BR 142.251.129.227:443 beacons2.gvt2.com udp
IE 185.166.142.22:443 bitbucket.org tcp
IE 185.166.142.22:443 bitbucket.org tcp
IE 185.166.142.22:443 bitbucket.org tcp

Files

\??\pipe\crashpad_2116_PUULAGGLELQJYEBZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 6ab482c766c311f9cdaa1fbd65879548
SHA1 a66118645534490b2edfcdec62c428d2cd056d01
SHA256 51d32ff10e51500e274ee47641a47e38c5b89c981ace30b5e434c1cf045e06e6
SHA512 01baf6c68e410276fa522ed1bdee0a4b35a1e7528800f652a51aeb2e8822595d0d4244c41e2c0a7bb9bdb42c81a577c7dc796ad0e0a17cae8f02c5e040a8d107

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b07ec50c0681dec3f0bbc4f70cf0a492
SHA1 3fdfe2102ba89823807517644634697294d7bb21
SHA256 34d616093f4ea77c750bb3ed74596f83e2078bda27d2a9df8a651ed18ba4a771
SHA512 d2f1b251f622b73970a7df1ba7f28af7477a59b30f1e65e07eaaeff201e83c56df148d5b7e33440758aca668db1e1102ceba48d131fd1cdf2aed82fde2438b31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 39634d8d31d0bbcf33de61f023ad9a6f
SHA1 1d1a43657f892871eb27d6846e990d7e43ff76f9
SHA256 cf5b8dff6a6885aa576a19d72c2d03e3aa7f2dd1f51d768567edb8ccbf3a9cce
SHA512 c5a8f7c14ea9a4811d55ce83b8c934d8c8b4ddbc90401a173c1897882801a724b2492f861bc1109344275a6c81c1be25ee0d7365382f7b0bd221b3ff370adba6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 423a4d1dff0111bc60e5b8bcb03489d8
SHA1 49e5a65721988d57611e59bbceaa60ecffe07dc9
SHA256 9255772ea1136b8a2c495223e012a392c027777063db05d74843dd9a977c168c
SHA512 85dd88a3d121992c4e8e4353ac73aa88351b4251abaaa8eb76c11297964c30fa4d52baf5f052a801b03fb388c534ff3195ff0cbdcdb6fe45dd345a2015f90ed0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 457903fefbdb843513167078cbeb3033
SHA1 3fe315cc08195ab354eaa640e1f2d9fd585d48bd
SHA256 71ebc7d48b501475b2bb0f6617c7f65ee9f14f5691cedd5dd2eb5f3c87b63047
SHA512 7e3a76fb5a8f689d4b4215e2fe0a34d7b8bc72b4ee7a55a8b107f98938917e215df8a6570bd23c06b38072bad9dbf35392f3107f2e4c69eefd8d5129449a7540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 daea29fae6a5307a113cfdf9e836f17f
SHA1 2709410e67d8d159e15d5993f321dc9ffef7f6e1
SHA256 6da2edaffd74d39e06fe324e814661e419715fabc62d9df3838db750cd0f24ba
SHA512 7886bc9dedcc982be943f9c26d2d34071727f990ee812b4656eb06e769ed1501556c978bd4a6b76c493c3ec9cc5371379b3a8cf1f36ec645d6e0bf4f0bad1530

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 df508fa96275385de816796642d9e353
SHA1 820ff2586f2548c2e575ff1835295176ce8baa66
SHA256 9202b410612097b024b35bac2c0844b1b40a121d49210a838d1c0e9c00f18809
SHA512 4ffaa87c9ba751b87fcbe9a4c7ad1d82675d151cf2e7bc508bdcbcaf6cd4bfb04f9c322466f141342aab53bb6262abe06632869c9380e1ffba009f525b5d7934

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0afb03f2dedddd01ccc4383684ecad9d
SHA1 24f2d556e0fe771a4064e0e0680cb8bac8fdc641
SHA256 a6e32881782714237fdd3478a6d3b60adf097a3e9b7ba51cf7e8cba6786f3aa8
SHA512 279947c7c9ce52443a85f7987274a05e4fdab81726eeb5b31549c54511145291848fb50f27463337f24bdc953416b2998908534cebc621c98da577892bf735f2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3e991c1c2be81c4351c90df4f8729dcb
SHA1 791d6f62157ced3d47802c34eb8734ccd96fb45a
SHA256 c967d840a27db07c5a61fef5860aa6f3d9f04b8d96fc6f3299003d5ccb959879
SHA512 0aaf9a62b994368c68797cebda8b7a56c59ea98ec11eba5a8426369e229093458b2a8b03bbf86bff5473e12693a619529c25e751e4ede2bdf3c739f38bd2dfc4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6cefe7e214918ec52d80be0c736296f8
SHA1 a7cab6e869a7205610c1a6abcfdc4cca2f40354e
SHA256 b318574b4e9411965b611dfe615c88e1ef0cdebcac9bd87870b8c39f9f12c7e1
SHA512 6ee020b263e6ad44e2c3a2ebe34e29ad2f22cc22d7325baad084fd19bf3fdf97979a5a67032e40745f20e8b70d3c34568f3a4bc4a9bdf3c62017cb3fd1a4c122

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4929b13b738128fc3c9d4cbd422a2dd3
SHA1 565b8cdf2fce0f57f34d1cb8df5c8e6097ed397d
SHA256 565a7d1f85f7d4d3fa7f1e25ffa9b256ad07cd5f4a5ac5e89054fa2ed7534b2f
SHA512 673bea11b99bdfc247d1ef6f2f894fb01e0699bb06c3cfdcf34959e08f858d863af64b939c96bc8ca4a41dbd7a9602e10fe971cbff83b098aa1bc91ac12e9406

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 313ab49a1bd2bc6a7dd5b528420762d0
SHA1 f5f44f9ff4aa7a06d03bddc39300c00e33a5d632
SHA256 f11eea541ba8d20f6e531d565e87b4660e29106f7e73e274623475090b207b71
SHA512 a54580efc8c2daf35a5195e38667fc61552ce17e2c6621a97b790946db24df7c71a6b4b126ce8dc8f64f7face5f9c076268cc02370523782ab6760ee20d181bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ca71145e123c57371acb7dabdf84edb0
SHA1 2c7af167b20ac81a1fffaf9d33755800f9df255c
SHA256 d05c9d0a8ac5c259c391eda1ad35f1764389005789246e3925601c52cc739ff1
SHA512 ba24ec03a575958e37da277ac6f8c86ac0b437c27d2c7fe9e71a05792d619bdaf7e179908c3b92cb37b74afc076e730fb29a3237482ca1ac406a9aec9e8786b4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 928dd2ad21db516907f14fecdd3eec74
SHA1 0072243447ab1e52e6ee9f5bc4ca44ab067324f3
SHA256 741038c0b83b00aaedb23258fc884342ae5da030d365efc57c4bfba46b91ccd2
SHA512 779c9e173c6d36783e0567700aba382d976718bd03b9c1c3af117c78ee422150b1908999b0895194ad28f88f0f277dbe57972004859d7e0894213c1ad73e442f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b026af4a6db98fae9b7dc828fa87ca37
SHA1 9d0f239d987979a4cc886e483ff257298aa0611b
SHA256 665934ec87ecaf01f3ba3aab464798cd0dfbd3b747dfc197a402f9ba7b398d44
SHA512 c03e18a06283069488da11a87f9b1c20da99e488b4157958a98b9bce4ebb5de74fcee6ccdf5bdcb0710054d8bedd093bf3306b1ba0c728a50a26fe9c2077283a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8171e4ca7545c0d33aa94ffffcb565b5
SHA1 732383b6548182d1b78c59198015749bd39b26d0
SHA256 5109d676696df6c8058a25b6432ac19e36f596fbd935be7c7ef45e1e0e367c22
SHA512 b704c284a4c93234bb9333c51c2977da73a39356f6c18618d98878f3133b2228c9d8347ff7c0956075668a8ad059b828eee0c2ce6336f5a40c71d98c283115d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4c7e148b2ac27f72f698e20d7cfc347f
SHA1 ccd85e0d0719f953d740ba6da488d8001105e09e
SHA256 760a8fe470535af283c9cc111ea7995b5838e4638354b6ab29d673e573ddcf75
SHA512 af10990ae8d2b856503608c7318d00293edcbf65e327e8300128d56f68d7c32bdc2aae4ea55c34ac0079aab48ca708ffedda71250ff1311ee53140436b11974f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 08b6b26910b794cefe2001ab4a4de96f
SHA1 fcd242290894edd67b22701f1914dc65593cc96b
SHA256 517130baf849f49c9c27a5f8973f5cb2f342f3727c2898eaa9b136f523345d2d
SHA512 e747443d3f342cfed257bcff149317cbe3128bb5b7a0d10b9818f92c58318c4ce091a9f1335280e7fbf932b0384d69e06d54a768a0817084decc4267ca139391

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 812b67a5b823c91e4d4e1de23a75e0cd
SHA1 ca5e3b1a4e3cdd56e169f6d4cc88c4861c291638
SHA256 8d0a78b96e7143a82e90365c7ef4aecfd7f80395a39d0bfd8815de466218aa43
SHA512 5899eef3bc5e453770dbad1e1fbcc88d7d2e35a2bf55ddf860d8685f81bff3868fbe0f63394cbe0fbe2bff33b3acfe23e6c04720a883b3f753e51b850124df60

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c5f245b764ff20999d8f597e95abc89
SHA1 8ccb1d0ac4f463acce86cc18d67e683da4a5e96c
SHA256 30f87fd06e7524ebf972deff019ddf2227fe3b154a247f86ebaec0dfa89e4dc4
SHA512 1975a4776a68c2c5b76d5e31ceef79ba5e2fcd0a89b1415186e15fbb52a0ec22b75dc0387b2fa4bb8c51eb8c905ffa2e9ea7311ebe739c9234d5e4c0d36559e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\Downloads\AppSetup(Full).rar:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a23236f492a2e88a95d63a6ccd5b60c2
SHA1 b99aba31e6c5428d2739ac14d64049161d670206
SHA256 5d394909586496cbbe828c3751dcb5caa2cf24969bf2eb41b0f62970a86e79e2
SHA512 70ba57942aff72553cfa28bde30db42db3b7653f6015bb27825fc73ba7b4615d5f37009b7a4076e2f017d0ae67ac37fd29bafeb905b92d696fd6b4b0f019dea1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

MD5 f942900ff0a10f251d338c612c456948
SHA1 4a283d3c8f3dc491e43c430d97c3489ee7a3d320
SHA256 38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6
SHA512 9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 22b9ae5d6bc8fa1d3dbed7dfe28bd32a
SHA1 f415ee4fd4dc1b5a8f39937a9f0cc99ee40a1f50
SHA256 4d23b4a12a93dd4073f7e7cd90c08137b1482176b0c2b90b0f3771f08e7d5922
SHA512 ca2a6307df32f2d549c0327961ba2e8265ec47757319090bfe59d42100aef2e8ad68b461ede6dcd0746a3122e8a8d85f5858d7c24a88621265d77db3402d0326

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0b7715845ebad4d744f60ac4e3373e38
SHA1 3d762daa47b35a44d8e9427f72d10600c4a23072
SHA256 a4796eea3a3b92392537d0cb556e45dea300b0c5630394c788b22702533847fe
SHA512 6803f69fcd0a954650b1e049e7a4ac440720323de29abee146f0052c5141021d002368aabc51f761aa2edcaca13a78e7a012f0966e2af4e54a8c0e43725df2af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d9e6ca88a2ea7d865b79e5b6370ef08e
SHA1 0358eeab99775994ff74bf4a79db0e896fea4200
SHA256 d5189b5c8e86f59a28b448d30f944b48f70336c01b8ad8d3dac8742545657020
SHA512 2cf119bab39c630eb09d5e7ad4f5a7151db482e02c341216101827adbcb138e0d017aa36b77a9c0da83a79f4fb6982b43d2d379b2711159f4f73435ec36b84bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 40d2c29b9e6edfef4b9ea0e4ac1741d4
SHA1 42180be93c9ab4a8fd632b75d165f76ce730765d
SHA256 f3cd57a72f3b247a894d26764b498bee569e7a72f66243d9d72c156c47f9e1c2
SHA512 09fe5aafd30a4e7c0fdd91ce97598c3a8c43e668130c5ccdd0761df407d6819d3c5c93bf335712dc4f815779c2c4c5c8264c2e51295fe0d923194436add8eaf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 73a3b2c747e1f18692f081f661e8177f
SHA1 4b71df53f697c416b65da42645b47748549cef0e
SHA256 ca8099c2eb63e9e2722d3fe224251aee0647f5deaaf9406d4815cee2977f5385
SHA512 f9330db04907adcb034b0a87648f2f70e3e64afff3bf10e429cbb6c1469f5187367acf9949bd3251d632c918a438e4b9804c5cdb9a73dc103ae42c5dd82b5896

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c2a934d8f72be693113df89a1a58c49d
SHA1 e70d0230c020ad644492754e1bdaa5b277ad40bf
SHA256 dd667a3a7f55f6d1c9f4c8c64b9d06dee757e499b6e4e09655e3cc3d305799ab
SHA512 e25d21c2717ec7452fce746766ff527a30b58049fb5e7d0db2145d2c003fd7835bbeef974cd50542e408ad29339b72c0b0263f3fccf5ffd64a055614df222b6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9a2da4a3fb4815b8b4094d49b2070bef
SHA1 ee4a24c182239d3cd64bdfa07951e7701f666b77
SHA256 eb63567281de8b94fec05c77fbc684472c852b75d26119bd83bd284043796e94
SHA512 5d7bea32b4acf8ca6f252ae0bcca9669ca2c5af0347b185fa8b4c404fb2da348aa48342fa39ac86edaee03799337a2b467c3bf38822481eeff895c851953c11b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5f589a87d42771ada685d81c85d6560f
SHA1 65a456fffbbfc61acaef11f42007f08e79acf61f
SHA256 60fe0871fb2b614aaceb1f7fc858a1dbefd82ab04af5ebff5484776420e0f48b
SHA512 ae1846841573e9601d387f03abe1a2faf9c372dd6535c3c9bac0754a1479d89a3b3c36d7c7fab1e9d3035660e6663159f8bf93eadc7cf924d21f1e154e3703b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 afb0bb6c790eba80d9b834b30d06fc1e
SHA1 40d6b1c47e2d1021a7e4a497138b327706d11b0c
SHA256 78b884cae1a45a9eeff367847ed938893ecb1a30c6394cddbc176642daeda5a1
SHA512 065676bdf7d81624e5c111133dbfc0fd3d7753db21dbe5ee0620898cfe4315d94a35de9f251c146a89498b0a0b539a96443369ced52d2270663d49ef3f5a94ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 021bdfc3ad85386b7577e64b5165f2a4
SHA1 627e6b2ab50fc0ce5bbac7bb1275d18bdfb74947
SHA256 cbcc2fc85870e31760f8f128a4e041920c0e36a1edc04495db73dc23d0f576d0
SHA512 b5b2ad1ebe6ed3e40d7939952b6512b33032bdf81313ad66ed85a665e80fb14136a2c9b79dd44f97faee862578cf09cccd8f21457036ba40372a2f2aebcda32c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2d21c59caf5b6f893ee75aa053f98ced
SHA1 ec99b83f87d6de6c017e6dd6705263081b7ae2d8
SHA256 6777b80e3847f9ef1e659abaf39783b40e665edfe887403df5f74591fb3e6e6a
SHA512 3d0d088da0d7bd4b991308ded01357f6adb612234f8ad254e03a5d6c99751a37ccea004fbb7ea2ae3496e7443c170f79bd2a209326c081914a3e7e1aabeae659

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8de4f76a2f55d3f70c7fe0fa1f11de3c
SHA1 d72a60a72a4037dbcaec116e3bee76578cd2ed9d
SHA256 946aae92d35217c1772778c1c9f16b51adea84052bcc83bf8d58923837480b8c
SHA512 cadddf266c5fbdd9cfdc36edb329ff2694355fd5c30ed2af6c584895d349ca7c2c295949e891428ee4d0badbbced14cb8902d1ae8f085d9e81a887f195d3c283

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 8af6a140962f71c0bd137b357dd928c8
SHA1 7839e85dc46e856ab5281886f7210c7508c5f761
SHA256 9d171ed5d219e74e6581337143612f119b033d1c1edbd36141b4b9aff9e7c18f
SHA512 fc57a76a3d6a83de217c926a2dce7bf163df34e7a2d05a16b603c97776684d874b81ffed210a654d4b79e06c33281b68d6724af8a9b07fdf6b7d1f9641c44831

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce922062819913f0a879572117312fcc
SHA1 f23d500e7a5e58a6404381ef5862a6395f819c5c
SHA256 9bd222dad4c1e6e0d0eed2fb60b147d8fa8157ca0ddbc806111ddcea14cc0fc0
SHA512 81559449708077714921c035dfc5de6239d19ae924c6649ab08f2c98ff6bebb86815365f7cc88668126fff1f92b10438a3fc6fd10bcbbd87d17c91436146e210

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 26ac495a2991c0e5b277053e909c30e5
SHA1 a0f000cae55caa24601b62abdbc9bc840ceb0e24
SHA256 8f612c5a189420ced90fdfab9b6b3cb9ced46dd3e7a6d30c03645fc50018ad07
SHA512 45ea44f00730c99d827a7218f0b40f2ceb9f4d487fcb09354c62834da1eb06371ccc96885e1ec677ad4e31e7831f2943c96b01f1104e3c40680a5725981c781d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de21b7f99a7aa0e07f6f58e9d9853236
SHA1 151580c47f8923e4bfec76a19c42f5d79f0cc47a
SHA256 90d00709a5a737f25a1015842a76c16a91d1e1ef7cd54bc8d848399125c501be
SHA512 1da4f4a4ed5ee7f480470e9b2fe592f522ff9f78d4a726dbf235bfe9c6ea07467fa8799af837d53aa4cbd79886229d81a10db13af338cee9e6cb72e85c35443e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3848ca5d532179937cd8c71e64691fab
SHA1 58eef095b319d814629aa205d33f2e3bb731ac0c
SHA256 2a1df08d9da2dfb0b2d1d99ab3cf129849d0337230789744c63b1068f7a736fd
SHA512 53b640d7d641241ff1e4648c6ac5190ae19099f4d0a39af7951b6307e8ecf455a763dbafde0f34c56b734669ac28830f4e0fd3a6d4e75eac4afdb7df6bcdfe5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 802a1f7b5f8d8443dc9dd92588cfe880
SHA1 86b3fdaa9fc75ed7a19fe933da94335a8b6ad256
SHA256 28dc1e4bb1d537f0fefa2fb90060f88ba155f91a59effa708bd3df88068917f6
SHA512 b44f5afc5e1b1d161092e6892ec725c3da074d86e72a690de3967cf895a9d4e7cf164f1b7136d5a3c667db1d5b188295b240ea12453aae0c27064092ed0b232f

memory/720-703-0x0000000000400000-0x000000000047E000-memory.dmp

memory/720-704-0x0000000000400000-0x000000000047E000-memory.dmp

memory/720-714-0x0000000003D90000-0x0000000004190000-memory.dmp

memory/720-715-0x0000000003D90000-0x0000000004190000-memory.dmp

memory/720-716-0x00007FFA29FE0000-0x00007FFA2A1E9000-memory.dmp

memory/680-719-0x0000000000450000-0x0000000000459000-memory.dmp

memory/720-718-0x00000000761A0000-0x00000000763F2000-memory.dmp

memory/680-721-0x0000000002190000-0x0000000002590000-memory.dmp

memory/680-724-0x00000000761A0000-0x00000000763F2000-memory.dmp

memory/680-722-0x00007FFA29FE0000-0x00007FFA2A1E9000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d0877bbffe42cc3601d3873c41f7b5a1
SHA1 5d89cfa3c237b486283743d383ed5bf4e5d83038
SHA256 aaf52599eb25713115cf90b83c892d6d51d40a7f3098a323976bd9eea0f412db
SHA512 b52ff42439c02f5e958e294f95118aaca193377c17c8bd7b526c989a931a64f427a23db268bc101a78a249189ed1ccc9907956014cc90dc387df478f553d8987

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4D1ED785E3365DE6C966A82E99CCE8EA_4FF21E9CE9761A304E66D2F0263F90A7

MD5 66e72c9ec5f916af0c768669ac2ab9d2
SHA1 da6ba4d3df11c28bafe01e7c44c7fceb29bdf4ac
SHA256 f2409aaa60fbdeaf8f8c4776ef406be823df4837a751ae614ba6f719996f6511
SHA512 57de986829586bbc20ee1331ec0dc579019173e62ab9c2e211c49467269750987b9c9c570b7849c08aa81b047e8a69847badc95168ceee618106e8a1a0c7e886

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4D1ED785E3365DE6C966A82E99CCE8EA_4FF21E9CE9761A304E66D2F0263F90A7

MD5 252ead01f91025b9f1b6138c6dc1c01e
SHA1 ab1e5be73881b587f1911c298a959f510414ff6c
SHA256 b25e34f08696fb725ac9113d03fc0dd4c67f0e99234329722150387d6c4da6ab
SHA512 60d7dbe0dba89ee9001c42a04dbe98aa176bad01292042eea79861b0e3f1806d09d4eac0e5f38afd079d3f283d53f27cab9becb4423d80b39aeaf1a86ef10994

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 26267d0b5fcff4107d12aa1d51770f3e
SHA1 dde296d906dde54ea74a610ba32b039d544b26fd
SHA256 365b315d9d1033491107ac3dde425bf0cdc080c9266819a613d79675a684bb8f
SHA512 0cfdd4ddc4bf3dfc9748c597553a49bb3f3e812bcfb08b8a68ed2b5c4ca090770447e60615629527335058fa380f7a9d87d0b7f2caa5745c4817c7711e94b1f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 d525b5c16dda2b365e03275d21f80bba
SHA1 8ed61c931441b0173c9f3704af1ce6dbc07902ff
SHA256 2609dff51cd3aa925fb9a8a4b1707dbd661a2f22ee849b2b12d33ca08c410314
SHA512 9115882135feeaebd957bc0b71e787736be786f77f4e72b518fd6be4bd5514363025d8b6c9d26ad5a339d3553ada0d99f4508dfc91fe73f5e504d2a515bfc599

memory/2328-746-0x0000000000400000-0x000000000047E000-memory.dmp

memory/2328-744-0x0000000000400000-0x000000000047E000-memory.dmp

memory/2328-748-0x0000000003F90000-0x0000000004390000-memory.dmp

memory/2328-749-0x00007FFA29FE0000-0x00007FFA2A1E9000-memory.dmp

memory/2328-751-0x00000000761A0000-0x00000000763F2000-memory.dmp

memory/2228-755-0x00007FFA29FE0000-0x00007FFA2A1E9000-memory.dmp

memory/2228-757-0x00000000761A0000-0x00000000763F2000-memory.dmp

memory/2228-754-0x0000000002B70000-0x0000000002F70000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 931ecc04f4f7f149aa3b910bcb53a11f
SHA1 1207bdc54f4078731b66445bb276f5316bc40f33
SHA256 20d05851a30265602f1ff8c398ffc24214803e8ddf7a43ced1d7950870904696
SHA512 35c01b6461fbd6623f861088fb09b29d355fa8e1858c51633a178af9961cdd845c1bbf5d6e8f637568dfacaee0c8880f1c45faba1b1a6137fb68e9d2d880377b

C:\Windows\SysWOW64\temp.000

MD5 f8fe9c0f79a84765671e486a6bc61467
SHA1 fedde14757da0bd69c45d5ac7b3a672225a79e6b
SHA256 5843c14694c4b2757db55b47f6d41d0a98f142dac5cb759cfb5141b4ca5e8a5e
SHA512 a3ece423a605add292678acea634fff753ceae1d9419c3639fe1b200a99451819deb709606a3ffa5b9056bcc048bb91a577f9aaa88da08b426a9fc4282593e27