84db2274e64723614690ec6d69844879d54709e8680a10170da02269b3df7f4e

Analysis

max time kernel
52s
max time network
153s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
26/05/2023, 08:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Filestar.23.0.13.0.win-x64.DvgQL.exe
Size

19.5MB
MD5

17ff423a11de7b4f9d75f5b34982453a
SHA1

f7af47f0019e7fa780ed9449f4155d277b2f91da
SHA256

84db2274e64723614690ec6d69844879d54709e8680a10170da02269b3df7f4e
SHA512

2c939dc460987c05c759d6f732a94895b09d990e826c7eb63f14563e12be69ac13782ed296a741581a09980e70d7a74835c1cd193213046650dd4889f21fd6a5
SSDEEP

393216:6hn5QEJ2nYTOYz7yZF4MYUlX1kQ5nqE3UgofnLOmBDwYoJBVbZKZjNg2PFaV:cn5QEJn7yXU5LOQyVbZKpFa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1164	Filestar.23.0.13.0.win-x64.DvgQL.tmp

Loads dropped DLL 1 IoCs

pid	Process
1192	Filestar.23.0.13.0.win-x64.DvgQL.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
584	chrome.exe
584	chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe
Token: SeShutdownPrivilege	584	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1164	1192	Filestar.23.0.13.0.win-x64.DvgQL.exe	27
PID 1192 wrote to memory of 1164	1192	Filestar.23.0.13.0.win-x64.DvgQL.exe	27
PID 1192 wrote to memory of 1164	1192	Filestar.23.0.13.0.win-x64.DvgQL.exe	27
PID 1192 wrote to memory of 1164	1192	Filestar.23.0.13.0.win-x64.DvgQL.exe	27
PID 1192 wrote to memory of 1164	1192	Filestar.23.0.13.0.win-x64.DvgQL.exe	27
PID 1192 wrote to memory of 1164	1192	Filestar.23.0.13.0.win-x64.DvgQL.exe	27
PID 1192 wrote to memory of 1164	1192	Filestar.23.0.13.0.win-x64.DvgQL.exe	27
PID 584 wrote to memory of 436	584	chrome.exe	29
PID 584 wrote to memory of 436	584	chrome.exe	29
PID 584 wrote to memory of 436	584	chrome.exe	29
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 692	584	chrome.exe	31
PID 584 wrote to memory of 1556	584	chrome.exe	32
PID 584 wrote to memory of 1556	584	chrome.exe	32
PID 584 wrote to memory of 1556	584	chrome.exe	32
PID 584 wrote to memory of 1952	584	chrome.exe	33
PID 584 wrote to memory of 1952	584	chrome.exe	33
PID 584 wrote to memory of 1952	584	chrome.exe	33
PID 584 wrote to memory of 1952	584	chrome.exe	33
PID 584 wrote to memory of 1952	584	chrome.exe	33
PID 584 wrote to memory of 1952	584	chrome.exe	33
PID 584 wrote to memory of 1952	584	chrome.exe	33
PID 584 wrote to memory of 1952	584	chrome.exe	33
PID 584 wrote to memory of 1952	584	chrome.exe	33
PID 584 wrote to memory of 1952	584	chrome.exe	33
PID 584 wrote to memory of 1952	584	chrome.exe	33
PID 584 wrote to memory of 1952	584	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\Filestar.23.0.13.0.win-x64.DvgQL.exe
"C:\Users\Admin\AppData\Local\Temp\Filestar.23.0.13.0.win-x64.DvgQL.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Users\Admin\AppData\Local\Temp\is-072LF.tmp\Filestar.23.0.13.0.win-x64.DvgQL.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-072LF.tmp\Filestar.23.0.13.0.win-x64.DvgQL.tmp" /SL5="$80022,19571656,785920,C:\Users\Admin\AppData\Local\Temp\Filestar.23.0.13.0.win-x64.DvgQL.exe"
  2⤵
  - Executes dropped EXE
  PID:1164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb069758,0x7fefb069768,0x7fefb069778
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:2
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2236 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1156 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:2
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1388 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3904 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4012 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4116 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4496 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4008 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2300 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4832 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 --field-trial-handle=1284,i,8952647139434700678,14386542011222026877,131072 /prefetch:8
  2⤵
  PID:2796

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1880

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6dbb74.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
6a59a40eb22bcd4b171ef286c5420e0d

SHA1
66916c045d938f0d1175dd2189677bc25691f6f5

SHA256
5d2ad3fa3250cb500941f53511a2feac6337d7d8e16a5fc026ad5339ac317226

SHA512
5d21abd3d5a2469122ca81e6edf35e437de3141688c15ceb5d95cf348e9cbfd16e36fdc86f348e5bf24b68301ab22bb429b3c51f1a31922bb0772d46f4511ab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
83696301a7db3434cf85a4f75c454ef5

SHA1
e42fc44ff5dde76ee291ce372960f95352f5d55c

SHA256
4b088887f705311a65369187b76c8b6b023ddc7d07a54ad013834e24b94ea655

SHA512
888c6c3ece9edaebb5bb497ed08a1e4f54d9422e130ab1ae4614f7d5a601d83f878a88aa755423a8bc4a18f3e47a168f075e0eafc780f167c3e54c604ad3b494

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c07593651c63a1fc051179c4e9d9b768

SHA1
866287a28a83e7131fb738661be7b4fdb63a8528

SHA256
c0bbf84ad37cd5ac73704d72eb3c2183b8492c3e956d991ce8d6b39612191b1d

SHA512
d296cfb7cbfd974b745dd61142c4028e8e9436c3b5ca5e8a6c2c0ced209aeb06fa5333e03955acd82f69edf4d383726e60432db2db49586e9472c4653c64a84c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
4b7e2cd0c3c63ac790f4657b4c609abb

SHA1
725a1a4dae9d8f2d7458928f079fbb84d652bcd3

SHA256
a21c7aaf78c69dac125c9ab0b357f9d8bbefdf596d15f6cceed87a91223d1df3

SHA512
8e914815d5d7d3c1cee08f1243dfcde1c7e5a6984694ba641e406f5ac2cad0b36bf96ef4e48bbecf0cdb771cefa6ef40a2bd91da5924ec0c438ce9ff692bf5de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0799eaf0a2588cfb9061b760f85fe109

SHA1
ea903bb4c822031a3ae9576f29b1a47329fdc668

SHA256
558e2cb823a6ce97b7cbc3306701e278a9bf0053d84b1896fa9ad0c2e8f99fc7

SHA512
5eba855996b2607e85fa8cc3dbf6f009da050de358d08cc3bc38749e80650b33977430be3cae0be2b794a38c7e62d5cec640b85b8123a66f83963e3b28ac3a2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-072LF.tmp\Filestar.23.0.13.0.win-x64.DvgQL.tmp

Filesize
2.9MB

MD5
34c5e8d40362deb6f6bf4ec83a795c51

SHA1
03c10464a4dda1ade923e580f8c9735361efff3c

SHA256
95d5c0cebe63100ebcdf0418446c22ab03038d819dc4e350319872947ba6a6f3

SHA512
c56ef3ab91bd32a435404dec7fc94966c97f2480dc31516fa491de5278b2487f65c9a064ecfd7c636359b9eaf1e42c73c39ee1d892ee375d36fb115ac5b6f4a6

Download Submit
\Users\Admin\AppData\Local\Temp\is-072LF.tmp\Filestar.23.0.13.0.win-x64.DvgQL.tmp

Filesize
2.9MB

MD5
34c5e8d40362deb6f6bf4ec83a795c51

SHA1
03c10464a4dda1ade923e580f8c9735361efff3c

SHA256
95d5c0cebe63100ebcdf0418446c22ab03038d819dc4e350319872947ba6a6f3

SHA512
c56ef3ab91bd32a435404dec7fc94966c97f2480dc31516fa491de5278b2487f65c9a064ecfd7c636359b9eaf1e42c73c39ee1d892ee375d36fb115ac5b6f4a6

Download Submit
memory/1164-63-0x0000000000A10000-0x0000000000A11000-memory.dmp

Filesize
4KB

Download
memory/1164-105-0x0000000000400000-0x00000000006EF000-memory.dmp

Filesize
2.9MB

Download
memory/1164-62-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1192-104-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1192-54-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download