zgrat | 6e61d2a623aae93014a16735e2baadc7c69abbff4330292bc5b957148f0eb995

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd643dfa49e7411994295979b06bf68659ddb28f1942fe80f6149696d4aa0d2a.exe
Size

9.8MB
MD5

946f9875958c6ff0a4ccbcc8717068a0
SHA1

229484accad0a2f744b0f7c857b12de1c2896f38
SHA256

fd643dfa49e7411994295979b06bf68659ddb28f1942fe80f6149696d4aa0d2a
SHA512

5171ade7f004baf4c59da167eb9357e97744eb34e012bf6a2baa5c411488f56a011019cf53b994e26f18c92ebfbf66184779d9908e7bd35afd44132188466ada
SSDEEP

196608:VFg/KSH4rynHHiJrWnfossDb9NfwSdcvTP5AUewGUeF1w:VK/ZH4OniJrcOfwSdcv1A02w

Score

10^/10

zgrat rat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral2/memory/2420-1-0x0000000000350000-0x0000000000D1E000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.bat	fd643dfa49e7411994295979b06bf68659ddb28f1942fe80f6149696d4aa0d2a.exe

Executes dropped EXE 2 IoCs

pid	Process
4340	SysInitVal.exe
5072	chromedriver.exe

Loads dropped DLL 4 IoCs

pid	Process
4340	SysInitVal.exe
4340	SysInitVal.exe
4340	SysInitVal.exe
4340	SysInitVal.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
24	api.ipify.org
25	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4340	SysInitVal.exe
4232	chrome.exe
4232	chrome.exe
4340	SysInitVal.exe
4340	SysInitVal.exe
4340	SysInitVal.exe
4340	SysInitVal.exe
4340	SysInitVal.exe
4340	SysInitVal.exe
4340	SysInitVal.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	4340	SysInitVal.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: 33	1864	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1864	AUDIODG.EXE
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 4884	2420	fd643dfa49e7411994295979b06bf68659ddb28f1942fe80f6149696d4aa0d2a.exe	90
PID 2420 wrote to memory of 4884	2420	fd643dfa49e7411994295979b06bf68659ddb28f1942fe80f6149696d4aa0d2a.exe	90
PID 2420 wrote to memory of 4884	2420	fd643dfa49e7411994295979b06bf68659ddb28f1942fe80f6149696d4aa0d2a.exe	90
PID 4884 wrote to memory of 4340	4884	cmd.exe	92
PID 4884 wrote to memory of 4340	4884	cmd.exe	92
PID 4884 wrote to memory of 4340	4884	cmd.exe	92
PID 4340 wrote to memory of 1468	4340	SysInitVal.exe	96
PID 4340 wrote to memory of 1468	4340	SysInitVal.exe	96
PID 4340 wrote to memory of 1468	4340	SysInitVal.exe	96
PID 1468 wrote to memory of 4232	1468	cmd.exe	99
PID 1468 wrote to memory of 4232	1468	cmd.exe	99
PID 4232 wrote to memory of 1768	4232	chrome.exe	100
PID 4232 wrote to memory of 1768	4232	chrome.exe	100
PID 4340 wrote to memory of 5072	4340	SysInitVal.exe	98
PID 4340 wrote to memory of 5072	4340	SysInitVal.exe	98
PID 4340 wrote to memory of 5072	4340	SysInitVal.exe	98
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 3556	4232	chrome.exe	102
PID 4232 wrote to memory of 4144	4232	chrome.exe	103
PID 4232 wrote to memory of 4144	4232	chrome.exe	103
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104
PID 4232 wrote to memory of 4372	4232	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\fd643dfa49e7411994295979b06bf68659ddb28f1942fe80f6149696d4aa0d2a.exe
"C:\Users\Admin\AppData\Local\Temp\fd643dfa49e7411994295979b06bf68659ddb28f1942fe80f6149696d4aa0d2a.exe"
1⤵
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C start C:\Users\Public\Release\SysInitVal.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4884
- - C:\Users\Public\Release\SysInitVal.exe
    C:\Users\Public\Release\SysInitVal.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4340
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /C cd C:/Program Files/Google/Chrome/Application && start chrome.exe www.google.com --remote-debugging-port=9000 && exit()
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1468
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        chrome.exe www.google.com --remote-debugging-port=9000
        5⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:4232
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x114,0x118,0x11c,0xf0,0x120,0x7ffc5159ab58,0x7ffc5159ab68,0x7ffc5159ab78
        6⤵
        
        PID:1768
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1916,i,2255748615386952985,13272330649039255843,131072 /prefetch:2
        6⤵
        
        PID:3556
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1916,i,2255748615386952985,13272330649039255843,131072 /prefetch:8
        6⤵
        
        PID:4144
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2308 --field-trial-handle=1916,i,2255748615386952985,13272330649039255843,131072 /prefetch:8
        6⤵
        
        PID:4372
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --remote-debugging-port=9000 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1916,i,2255748615386952985,13272330649039255843,131072 /prefetch:1
        6⤵
        
        PID:1772
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --remote-debugging-port=9000 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1916,i,2255748615386952985,13272330649039255843,131072 /prefetch:1
        6⤵
        
        PID:4500
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --remote-debugging-port=9000 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4008 --field-trial-handle=1916,i,2255748615386952985,13272330649039255843,131072 /prefetch:1
        6⤵
        
        PID:4884
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --remote-debugging-port=9000 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4556 --field-trial-handle=1916,i,2255748615386952985,13272330649039255843,131072 /prefetch:1
        6⤵
        
        PID:1332
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4644 --field-trial-handle=1916,i,2255748615386952985,13272330649039255843,131072 /prefetch:8
        6⤵
        
        PID:4496
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4820 --field-trial-handle=1916,i,2255748615386952985,13272330649039255843,131072 /prefetch:8
        6⤵
        
        PID:4500
  - - C:\Users\Public\chromedriver.exe
      "C:\\Users\\Public\\chromedriver.exe" --port=59909
      4⤵
      Executes dropped EXE
      PID:5072

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3748

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8 0x404
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6fcad458-1a87-496a-999a-f2e4cb8c665b\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
374cd0aaf42f8c872b1aed70138a6ae5

SHA1
46f19ddab6583e5797a8678cf73240893bba3482

SHA256
cdecb6b19d40cd49176b50fb48f2b4e98fb0e4152a52ebe9f1d74047ff58f68a

SHA512
8ee8f15f66669d48ba821f9a208724bc75b3b15d09d611a047db1ba4988a0e8e08fff3d90afb3a3721d206dbdbd3268bb1d3018e4b7f60a07158aebe7442eb62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
78bcc2d0094e6100ad54df89b6eefe40

SHA1
9be03ec8d9eb0b5c8839c9dc37038c18dc71819b

SHA256
dd289bfe21b3dbc2c27052015fb93ea19b1e18b84d3f85d7540e62fb31d1694f

SHA512
5312098ffc5bca6269eecb0971bdf9ea52b4c103cb8e433ff8349360b329d28287b0f5c89ed2158e209534a9688e720ec34d77a8dc5358236e94082edf2c760e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
caa73da5e4df43621b38009ea75859f8

SHA1
ed9b4b7b646f50fa709faf3786c57b4d5a5f725c

SHA256
4c675b44afcf081083c0a83797136688a338fa43e7332b1cf10bd61bf057f274

SHA512
096696215df6e8e152e69a7ce6a1ff94b6b83e1c0e8483cca0ec7b180227006bdf6364a3fcffb6bd9b9721419ed971dfdea243880baa9aab9c3355021a551bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
ab00043cbca12bccfdcbd155405ace70

SHA1
1caa5896d1d358f0a27575aefd0b826fef8562b7

SHA256
69af882cee1d1ede2db02967286ff925bfdc78b761216f3fbc848f78978ff484

SHA512
65e66c6242b8e13e479497b82afa4d071cadbff19e10d7e15035ee699a16bed6a505022af020e3c0c6eac272b8be23acea84fc980b48bafe1235578d3c87389f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
eba2e372d67a9d4e601dcaeaa1aca33e

SHA1
989a503b184c5cf1f09a452fd8598a27f8638d58

SHA256
bbbdc58c4ba8451c9c662ca891e9c4886c5e175ec1e3ee993aef4db959f37cd3

SHA512
4c237f4baa5e47fb42e8fa9cc4f0532f9edbb669655615a08247a7bfd3647a79c75fbb17e0d85f98075ddb7d7ae5aed0c9b31d555d2d5e86b66a4df0cee5e8ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe577918.TMP

Filesize
119B

MD5
623d4a2052ac73c16770326c5916b898

SHA1
20f7db46bc1c4ec0860ec137b4013b5e30a71d0b

SHA256
33a22c18994951a9d8890ef36de422c756f745b5da748886f16ba57fad81e551

SHA512
519aeffa9d55abf7553322100c81e26b6bfcafc4621c7186c54645ae595433e821ccffb931d9dd055bb0a93e060686ce00a2f90fe3295bb284f429a49e0c1395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Public\Release\MySql.Data.dll

Filesize
1.4MB

MD5
a74256b68260055729cdd9f6d433b415

SHA1
701496a7079b97b0c83dfaf507192ff0667a2a9b

SHA256
d9e7ab5caf93bd457cda27ed1d80286f3f3608a9cbf9268d2fb6e140fdf12f34

SHA512
a31ae75f5c260b8a6c09c532ba4d03dbfc23bd3be1ec1b4ac786b73dbfb2096a9b566d06312e41a38727ed24a9233d0de24fae7016180cae32acd01fc8d8c4ea

Download Submit
C:\Users\Public\Release\SysInitVal.exe

Filesize
28KB

MD5
fa4c682cbc8333cc045650b307e2cd63

SHA1
5431ee0769349e94534121afca8d0e58c6450631

SHA256
a244e538ea0b6e2a2bfc01cf8991e4a1e5a55b3cda7c48d309ee15c026c1fc24

SHA512
8819b61a86f0603fb82860618d58594bc607093c550d4bc5ab02d3b1d30e5b116a31307f53175731058f1b8ed583f0df1a34a07c123c2f9049e617d076167b6a

Download Submit
C:\Users\Public\Release\SysInitVal.exe.config

Filesize
2KB

MD5
cb2b2c25a6efc8c10164aaa77148efda

SHA1
cc4284f4d485cc0f40b787125ae131447d82d2fc

SHA256
6e759f77ebb07aa3646743769c49f91572441ee6e9c6e26514a664feaf0fe00e

SHA512
9ee774ed948d02976242bbc839daba30a3719cbeb4fd7fa284f3769ca9b549c8ed1c19d7126b0f47739da14b8931e298a4ee59684c4cdc948a65887817084af9

Download Submit
C:\Users\Public\Release\WebDriver.dll

Filesize
8.5MB

MD5
7271f7ec23174fd688b8f5afd183ce18

SHA1
4e8ababdf1f7d423fa93597811abea2eb763f836

SHA256
f7291844c409b4622f324072353497120a6b12ec7c9c2d82edfa3c5048f8fc8e

SHA512
3d66cb0e04d7d5c53fc414302bded0f6505f052f625722f4f735b9ae3b9b556fadf18318117bc2ca4cb0f2d783ca4308be2c5df503811ce0bc066c91d6b53d23

Download Submit
C:\Users\Public\chromedriver.exe

Filesize
12.2MB

MD5
724727cb078889952fe0e4aa995cee6f

SHA1
69e7ee1dbc405f997e42ed46723bbb8f8da1fdac

SHA256
78ee9334b57d75f3365b6ba570e5a55369728dd0376d26b0c92bd63c6537e216

SHA512
9b66b579bef35c0f7fcc612009f3f0b37feb5f6bbc970844e86217a5bad08557309f0a3ffd6097add5368cd02a58771a55ee3401d7eee91f3660808cec00bcce

Download Submit
memory/2420-7-0x0000000005690000-0x00000000056A2000-memory.dmp

Filesize
72KB

Download
memory/2420-0-0x0000000074E60000-0x0000000075610000-memory.dmp

Filesize
7.7MB

Download
memory/2420-68-0x0000000074E60000-0x0000000075610000-memory.dmp

Filesize
7.7MB

Download
memory/2420-4-0x0000000008B70000-0x0000000009512000-memory.dmp

Filesize
9.6MB

Download
memory/2420-3-0x00000000056E0000-0x00000000056F0000-memory.dmp

Filesize
64KB

Download
memory/2420-2-0x0000000003020000-0x000000000302A000-memory.dmp

Filesize
40KB

Download
memory/2420-1-0x0000000000350000-0x0000000000D1E000-memory.dmp

Filesize
9.8MB

Download
memory/4340-74-0x00000000008D0000-0x00000000008DE000-memory.dmp

Filesize
56KB

Download
memory/4340-98-0x0000000008440000-0x0000000008462000-memory.dmp

Filesize
136KB

Download
memory/4340-97-0x0000000007A60000-0x0000000007A81000-memory.dmp

Filesize
132KB

Download
memory/4340-96-0x0000000007AA0000-0x0000000007ADC000-memory.dmp

Filesize
240KB

Download
memory/4340-110-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/4340-112-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/4340-89-0x00000000064A0000-0x0000000006506000-memory.dmp

Filesize
408KB

Download
memory/4340-88-0x00000000061D0000-0x000000000621C000-memory.dmp

Filesize
304KB

Download
memory/4340-87-0x0000000006330000-0x0000000006496000-memory.dmp

Filesize
1.4MB

Download
memory/4340-83-0x0000000006690000-0x0000000006F1A000-memory.dmp

Filesize
8.5MB

Download
memory/4340-79-0x00000000051E0000-0x00000000051EA000-memory.dmp

Filesize
40KB

Download
memory/4340-78-0x0000000005340000-0x0000000005350000-memory.dmp

Filesize
64KB

Download
memory/4340-77-0x0000000005350000-0x00000000056A4000-memory.dmp

Filesize
3.3MB

Download
memory/4340-76-0x0000000005200000-0x0000000005292000-memory.dmp

Filesize
584KB

Download
memory/4340-75-0x0000000005710000-0x0000000005CB4000-memory.dmp

Filesize
5.6MB

Download
memory/4340-73-0x0000000074E60000-0x0000000075610000-memory.dmp

Filesize
7.7MB

Download
memory/4340-300-0x0000000074E60000-0x0000000075610000-memory.dmp

Filesize
7.7MB

Download