b521b864eb6904102d8a48652d57d6605be86dabfa202c5854af06b9d8906918

Resubmissions

27/01/2024, 12:47

240127-pz6r4secbr 4

Analysis

max time kernel
71s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VSCodeUserSetup-x64-1.85.2.exe
Size

90.4MB
MD5

b8b623446bbc5118c68bad8b280e6141
SHA1

e55b9d5c2079ae510e3b2824f384c1900b9d058e
SHA256

b521b864eb6904102d8a48652d57d6605be86dabfa202c5854af06b9d8906918
SHA512

b66aedef79a61090b782c2687b32873ae121a373a0a71c4f516813e46372993dfab62ede5ba79434ac81b511d6a2acd751bf987cc42bd725177d8a0472f5d624
SSDEEP

1572864:pTuzFiJIlXlrnbGwImeZKlDANYLXqyz98dBjOz3AvmhaJ3Ks:pTVJKXlDCo+yEC3AvPl

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2216	VSCodeUserSetup-x64-1.85.2.tmp

Loads dropped DLL 1 IoCs

pid	Process
3044	VSCodeUserSetup-x64-1.85.2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2364	chrome.exe
2364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe
Token: SeShutdownPrivilege	2364	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe
2364	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2216	3044	VSCodeUserSetup-x64-1.85.2.exe	28
PID 3044 wrote to memory of 2216	3044	VSCodeUserSetup-x64-1.85.2.exe	28
PID 3044 wrote to memory of 2216	3044	VSCodeUserSetup-x64-1.85.2.exe	28
PID 3044 wrote to memory of 2216	3044	VSCodeUserSetup-x64-1.85.2.exe	28
PID 3044 wrote to memory of 2216	3044	VSCodeUserSetup-x64-1.85.2.exe	28
PID 3044 wrote to memory of 2216	3044	VSCodeUserSetup-x64-1.85.2.exe	28
PID 3044 wrote to memory of 2216	3044	VSCodeUserSetup-x64-1.85.2.exe	28
PID 2364 wrote to memory of 2764	2364	chrome.exe	30
PID 2364 wrote to memory of 2764	2364	chrome.exe	30
PID 2364 wrote to memory of 2764	2364	chrome.exe	30
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2668	2364	chrome.exe	32
PID 2364 wrote to memory of 2676	2364	chrome.exe	33
PID 2364 wrote to memory of 2676	2364	chrome.exe	33
PID 2364 wrote to memory of 2676	2364	chrome.exe	33
PID 2364 wrote to memory of 2652	2364	chrome.exe	34
PID 2364 wrote to memory of 2652	2364	chrome.exe	34
PID 2364 wrote to memory of 2652	2364	chrome.exe	34
PID 2364 wrote to memory of 2652	2364	chrome.exe	34
PID 2364 wrote to memory of 2652	2364	chrome.exe	34
PID 2364 wrote to memory of 2652	2364	chrome.exe	34
PID 2364 wrote to memory of 2652	2364	chrome.exe	34
PID 2364 wrote to memory of 2652	2364	chrome.exe	34
PID 2364 wrote to memory of 2652	2364	chrome.exe	34
PID 2364 wrote to memory of 2652	2364	chrome.exe	34
PID 2364 wrote to memory of 2652	2364	chrome.exe	34
PID 2364 wrote to memory of 2652	2364	chrome.exe	34

C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.85.2.exe
"C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.85.2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Users\Admin\AppData\Local\Temp\is-31P0Q.tmp\VSCodeUserSetup-x64-1.85.2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-31P0Q.tmp\VSCodeUserSetup-x64-1.85.2.tmp" /SL5="$400F4,93784131,828416,C:\Users\Admin\AppData\Local\Temp\VSCodeUserSetup-x64-1.85.2.exe"
  2⤵
  - Executes dropped EXE
  PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6859758,0x7fef6859768,0x7fef6859778
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:2
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1564 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:2
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3216 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:1
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3480 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3604 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3500 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=724 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2612 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2812 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:8
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1656 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2804 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4008 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4164 --field-trial-handle=1220,i,17187155953624769825,11761740283940224006,131072 /prefetch:8
  2⤵
  PID:1844

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
653ac21e0ba8da906bccb67e0acf7d3a

SHA1
1d78b2de639970c61fa4dc8e0ed18fd88923a8ab

SHA256
b252dd6d7cbbb95a8762cb23fd4561ef13d939f2fb2a21c2be3655875c137aae

SHA512
9d44b50116b0bba5eebdd87e78bfb12e02ed87a467898dda993f8a723b49f2ad94469b6428c15e56600cd6eadf9995fcea88daf866884fa17ef8d17c0ffd1fb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
b6fe80e8dbfc506749b1b59c700eba3f

SHA1
54d79110d8a20fab0bba0b7fbf021623d5b44f5b

SHA256
ed4b60a9fafc90dbc00b2c7357d63680c52a996c6e5c6586ca9035e53ddbaf27

SHA512
c6a777df6e9de532079a021d670515021e595a23538c8743b3c24ac36f20faea3e894b22af2a9090f1a38e0618eb763fd00056daccb76a07912c4aa6b9e09a24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
4265d586e858ceb295dd61f8fa0a8565

SHA1
8a4ac16b8166f3e5a4e7248ad7282b36ed71a0a2

SHA256
6fbc74ba274cdecdf423214e670ee54619269cb559f863cf4f4e51d823085d17

SHA512
dcf864292ccc8d1a6e83d3623d839ef65f0022a19f404cbdefb70460e37888017733b0d3bb9f9c6baed2c93a22ab8128263e3e1c8526623568fd72efdea35db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5777efc39e2525154637941115b8c379

SHA1
996843064106c34a397934bb92b92c82ba0a42dc

SHA256
f7f119721d76433c9f5d0b14199b9507420a7f31a8a6c74dee649a66cc60da1c

SHA512
4498f03b1caa5ad5230a84b50ee6788ac7dd48de9037448ebf4a7d79ca84bc712142bda1d26eab6ee7d973ecb349c9984b0cf4017d0cab2f63cc42bab1968864

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
27613716e3fc51c4cb7d6716ecc5a222

SHA1
42c86cc08b72607198cf54e5fcbffb6588db79a0

SHA256
29e753dab073a5271268266cdd8321cb1998b21129d12d60600502d8253e6652

SHA512
288f8cdad423af9f85552fb41138e574f8ab7fd10c402f7cc18bb74bc98e1fa82d5b6484b5bf980334196b41e01ea881d46476db5b2513b6b32628c20e5ff6e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
567a189cd3551af7d31c53b5987ddf97

SHA1
719993c9ff4baa9a70284f6d3ac4b5a4d1ee337f

SHA256
ad613e657e0d12924234c218bac82ba3fe15989ebe02dbf5578bb40a58639058

SHA512
6d2a4d524ddea28d2c034fe273bc7a4443cf5b654cb8b9fbf5b6c2d3a9c4879b658a668d1aa2df0aaf554a9fe4e3b7727f235d16885778cdc1371bf38fbf372d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
24776aa4fed77f5498037fb5c22e9640

SHA1
94084199d1d763c272e373283645dc0394be5490

SHA256
bf103a0c108fa9c69cb417f5b9a27ba007cb7d4404c88c2f0a43398eee025d28

SHA512
3999f986d0284d3f86ca2b15845aebd58493788e8588cb1dbd4f66b500b859a91c46b4986a12726239af77f48ff37193aa7f577164dab63cc0b5adc5f25498cd

Download Submit
\Users\Admin\AppData\Local\Temp\is-31P0Q.tmp\VSCodeUserSetup-x64-1.85.2.tmp

Filesize
2.5MB

MD5
5cdf6de3cc48e1c70b6714bcd8ad1350

SHA1
8140dfa11d384b440b1c13301fc347b76367fdb1

SHA256
1db918805665cb020bc69b2410af4742d7a09838e5d677b1fa7a15ce4eef81e6

SHA512
3ed9c72b5e34143b564b80439927f9da1a0bc1f9ee8fc217eb73875cd475529fd9c0335874a6cd28f944e4636ba71a1b029dcde4216bb3b161dcb388071942b4

Download Submit
memory/2216-9-0x0000000000400000-0x000000000068E000-memory.dmp

Filesize
2.6MB

Download
memory/2216-8-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3044-11-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3044-1-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download