Analysis

  • max time kernel
    277s
  • max time network
    300s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27-04-2024 15:38

General

  • Target

    https://mega.nz/folder/1LUUlSaB#vmI1eTZf7IoZLqwif1KrrQ

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • StormKitty

    StormKitty is an open source info stealer written in C#.

  • StormKitty payload 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

  • Office macro that triggers on suspicious action 1 IoCs

    Office document macro which triggers in special circumstances - often malicious.

  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 21 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/folder/1LUUlSaB#vmI1eTZf7IoZLqwif1KrrQ
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4748
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffbc4c59758,0x7ffbc4c59768,0x7ffbc4c59778
      2⤵
        PID:4640
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:2
        2⤵
          PID:928
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:8
          2⤵
            PID:520
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1688 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:8
            2⤵
              PID:3604
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:1
              2⤵
                PID:3904
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:1
                2⤵
                  PID:1584
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:8
                  2⤵
                    PID:4956
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:8
                    2⤵
                      PID:4904
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4856 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:8
                      2⤵
                        PID:3216
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:8
                        2⤵
                          PID:2868
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:8
                          2⤵
                            PID:3416
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5048 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:312
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1772,i,2397650033942268019,105220020235050075,131072 /prefetch:8
                            2⤵
                              PID:828
                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                            1⤵
                              PID:3504
                            • C:\Windows\system32\AUDIODG.EXE
                              C:\Windows\system32\AUDIODG.EXE 0x368
                              1⤵
                                PID:3608
                              • C:\Windows\System32\rundll32.exe
                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                1⤵
                                  PID:3332
                                • C:\Users\Admin\Downloads\VENOMRAT 6.0.3 CRACKED + HVNC + STEALER & GRABBER + SOURCE CODE\VENOMRAT 6.0.3 CRACKED + HVNC + STEALER & GRABBER + SOURCE CODE\crack.exe
                                  "C:\Users\Admin\Downloads\VENOMRAT 6.0.3 CRACKED + HVNC + STEALER & GRABBER + SOURCE CODE\VENOMRAT 6.0.3 CRACKED + HVNC + STEALER & GRABBER + SOURCE CODE\crack.exe"
                                  1⤵
                                    PID:3896
                                  • C:\Windows\system32\cmd.exe
                                    "C:\Windows\system32\cmd.exe"
                                    1⤵
                                      PID:1476
                                    • C:\Windows\system32\taskmgr.exe
                                      "C:\Windows\system32\taskmgr.exe" /4
                                      1⤵
                                      • Drops file in Windows directory
                                      • Checks SCSI registry key(s)
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of FindShellTrayWindow
                                      • Suspicious use of SendNotifyMessage
                                      PID:2868

                                    Network

                                    MITRE ATT&CK Matrix ATT&CK v13

                                    Discovery

                                    Query Registry

                                    2
                                    T1012

                                    Peripheral Device Discovery

                                    1
                                    T1120

                                    System Information Discovery

                                    2
                                    T1082

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020
                                      Filesize

                                      21KB

                                      MD5

                                      b1dfa46eee24480e9211c9ef246bbb93

                                      SHA1

                                      80437c519fac962873a5768f958c1c350766da15

                                      SHA256

                                      fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

                                      SHA512

                                      44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
                                      Filesize

                                      36KB

                                      MD5

                                      f90ac636cd679507433ab8e543c25de5

                                      SHA1

                                      3a8fe361c68f13c01b09453b8b359722df659b84

                                      SHA256

                                      5b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce

                                      SHA512

                                      7641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
                                      Filesize

                                      17KB

                                      MD5

                                      950eca48e414acbe2c3b5d046dcb8521

                                      SHA1

                                      1731f264e979f18cdf08c405c7b7d32789a6fb59

                                      SHA256

                                      c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

                                      SHA512

                                      27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      72B

                                      MD5

                                      29ed06eb0a51f6f0f4514778c40357db

                                      SHA1

                                      eea3295ee330dfe960b93fe846cf8fc9b64fb6a3

                                      SHA256

                                      da251c74c715b224fe24e1c72e0fe1d7f13201519197b291ef7c56b4e21d25f5

                                      SHA512

                                      2e5c1037464356bee3a3e2d2eef1a42044cc710f6f7342c418836a0b4a1f1f31f7fdc1086c487b995cda466617668f947deebeb9028b2d34e61b00e5de1eb411

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\00\00000000
                                      Filesize

                                      268.7MB

                                      MD5

                                      3cee3a39b06278794ea9c4acba28bc33

                                      SHA1

                                      5e2a82f5021448547287d4e7b451c78dd5839522

                                      SHA256

                                      71f47f3e3b6fd8ef95dfc98e8fcb391b8716269e35a8bb21c511ee3dc2ab8e03

                                      SHA512

                                      a7e9b5cf634029317263ba94e5732e8c1ba2e06b3516b13f345b8331d8f732a70f4afbef25af404dd56f4b8950d21b6734d175f33e608d67fac83bc2c169e279

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001
                                      Filesize

                                      41B

                                      MD5

                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                      SHA1

                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                      SHA256

                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                      SHA512

                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                      Filesize

                                      1KB

                                      MD5

                                      560d227ad153f5e444cf4921afa0aeb5

                                      SHA1

                                      c278d7c6175b022e6a3b127feb4ca574a3e972b4

                                      SHA256

                                      e4e624715f3a2e5813fcab373866aea7aa3cdde5159a504bafaddb050fd3165a

                                      SHA512

                                      83fc2e4cf2858da6a5e7afd5632e4211f6ba237b3ab6a56ef96cffb3e5337c765b3fd1cb2b85c42ecb11a40dc8c652c08995fea2cedfbde3140e7d56448e8f54

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                      Filesize

                                      538B

                                      MD5

                                      5df4b8a2b3dd1934480347e3ad5ec77d

                                      SHA1

                                      c71f1be2d60451e53f04210d2f8dd089f37e9b24

                                      SHA256

                                      b8eff4c17f1ee7d65ab213bddf9829680aced346dba2d5d72eaca6afbcfaabc4

                                      SHA512

                                      bd735c1423fc1e1ebe6c108e3b15283752b7c77dbe373feb7ea9273c0061fa16358f9c18f1689776dbc73bfa3150ef8a3b02850906495714066f2b34b4b02b42

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      945479d7752bb3fc33415fac1a38fc71

                                      SHA1

                                      ee62f9616b88d70a9611d4c880335fc27b5c4959

                                      SHA256

                                      159a90ff1fc7b105e03f9cab976df861bbbc348686ffb2d9a70a245f763bbbaf

                                      SHA512

                                      7966f3c9ac6ca7d3102046926bf331e2607e94c3eeeaccd63878fce1340fb2d6a66dac1256c23d1eee2343a35ca0aa13b6bf740fc44609e04483a59a7ffe2a4a

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      4ca5d1e83c22b04de27a58499b98f48c

                                      SHA1

                                      4116b889c3717a85d17e44fc476be7cf5456cdb9

                                      SHA256

                                      4b5b84ff9f978694c814129c0433b9ba36e36534e2cb8908dfb39a6fa2068406

                                      SHA512

                                      e5008872968c7e056a7dff9671e21661328c6ea7d9b59d7cf3f2160f2ba6f904c8beb3a08c04ce35bcaf737a2269ed05f7068927ebfb374024af38e0c9ac9ca2

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      9107462f1f5b53ebb2a2b7271f8c6ac3

                                      SHA1

                                      40b5601185626db29c8685305f8306fc0db13fc0

                                      SHA256

                                      77aca96ed54eac4803255374d7f6a54452bf07391777eb8d7e72faef3d6a7232

                                      SHA512

                                      9445abbc5c05fc5b4c2abd7923abcabaab175f767ebf08bd86b76d88f450562c2c47da7fd43cfc8d4623d99769feca11aa69334f488452283c01952d4c9f634e

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      de076a29805e4092645ac05f3cedf73b

                                      SHA1

                                      e6faedb200e8546db1ed02ef08eb1d50fa908eff

                                      SHA256

                                      2e02032a085bb31bb91628da5d1fb58a73841358c3bac75ecd03db9ee861ab90

                                      SHA512

                                      e092c1d5f55481bee3f2a7f355fe751bf0601ec97888bfd889523b4bcefd2229c10ab797d66e62f93692a4623121b9cb31ec5d414ad493e69d1da54210c8287d

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                      Filesize

                                      72B

                                      MD5

                                      cf1b84511898ce7d2a295e222b26104e

                                      SHA1

                                      986cb5d60ae73701dcb28400e75ce476335e04f1

                                      SHA256

                                      de509281b9244a113d7506efb79132fc60910e30747fceff3440c7b8f8c921cd

                                      SHA512

                                      60fd0cf75ffaaea0b64813de3d86ba187989a60aaf4554153b5a795c72d0f2f881f1f3dad06983cbf308e8f4ac6fb295caf7c0d33a1bc2fd416e77ce2b3ce3d5

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c95b.TMP
                                      Filesize

                                      48B

                                      MD5

                                      f51dcedbd7832068d807f51c05f482d9

                                      SHA1

                                      6f90d557a9c56079788599fa0ba226ffe0d6f6dc

                                      SHA256

                                      7e0934f0441bc6d1db56b04a11ba95fc91ddb6b7b6e32de071e971d611b91aee

                                      SHA512

                                      3b59dc919f88b48e940b3653e5f16686874ff2e4e6fc4defef143bf0543e87e7e2cc5b1cc87e862cc859e44ff10b993a83cbfe78096387d046d7acc746d81fc1

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                      Filesize

                                      136KB

                                      MD5

                                      9a0a34d6f84d81d70f44035b7d943c1b

                                      SHA1

                                      82f50fe447ea254df076fa7a5077845bb6aa44ae

                                      SHA256

                                      35d192ea3042d48a99dd1a88a8d3ca882d0727f52d2374042a7517de2f3009fc

                                      SHA512

                                      70ea2106fbbc080fcdced4af5e2aeababdb09e31ef4521a58eb2b33c127dc3789bacf698c26a36d1ede039c6d548ed2755d110fff6047398179f6b91609de76a

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                      Filesize

                                      136KB

                                      MD5

                                      998cbf3224ba0cb64a7913fc40c4e4e7

                                      SHA1

                                      822a46b49453b75d328b1406d7497cc2eff8da98

                                      SHA256

                                      937b0db9fdc37d4211d3787d3945579e4ce15e3e4222dbb75ed1e9f18f048976

                                      SHA512

                                      fc3135c905f25b179136eb2298bea00f237478e4fb9e9c26f0f8ce905ee2e1b3766b82c9d929b4c31442b9deba0214e116d249526aa4f12ede93379f280a59a8

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                      Filesize

                                      109KB

                                      MD5

                                      ed647a4e531057cbc00e68b3fe7375b4

                                      SHA1

                                      eeefb8b698b1271ca28d3555e9cbae4028ee4258

                                      SHA256

                                      945e07f73ffb17072ca85ab9f5f35d2975183db6dbcacf86b4b63a601540040d

                                      SHA512

                                      0a5d2b6eb544790a96102a886b484602d6f56f0f370f24c3d87844bd32086eadbbb0383483d9de6c81e864241176d3b9d43016a7f1bdf42bf07d459f54dc8d1f

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
                                      Filesize

                                      105KB

                                      MD5

                                      a9088bcfa5527d5609662cca1b75ea55

                                      SHA1

                                      fac5d9e3f76c4dbc5f80d4f060bf2e09e628189f

                                      SHA256

                                      305d74698869edc659eab6ab44789e1761d9274837fdf2d599c1fe701688aab5

                                      SHA512

                                      53355a978b8635dce84d92a4d2556eaaecd8bebef2f98638afd1f9c8f52f9bb6a47ed128f2a18e32e503900c2e84482f3fc3b41ed66915d16878ba1bd525acea

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5869f0.TMP
                                      Filesize

                                      98KB

                                      MD5

                                      1c40f8d84b9b6e6bf5c63ad79a1ff715

                                      SHA1

                                      252cf1a18958bdaf84f019267a6c07b7e07effbb

                                      SHA256

                                      2d7b289769f38805173280ee3447c94f3f41bf32360b619b16f0170061d55661

                                      SHA512

                                      1e40bc5985ef33a39beda23e4f417501b7f2be4ca338578fc349798f68bc328b60590945ee74970f818b21d5438326bec6f3febd22e909689e9b490c17ef39af

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
                                      Filesize

                                      264KB

                                      MD5

                                      344ac309c18b6815f24c0596a0b4597e

                                      SHA1

                                      a01223d2b465d7c741f9b3fd9243ea8a58d27a40

                                      SHA256

                                      dd88b9adce13e8e980626f6f6256ae7d610a5a107e3489e8391cc464b18b4d8f

                                      SHA512

                                      d70d23952e794e588fa4c144e27d816889934356c3a8590e0b3c101e63a67f8a3d76d3d5f281e506cb68ee033b44966476c8ed215fffce4d747db2f96730aefa

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
                                      Filesize

                                      2B

                                      MD5

                                      99914b932bd37a50b983c5e7c90ae93b

                                      SHA1

                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                      SHA256

                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                      SHA512

                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                    • \??\pipe\crashpad_4748_KYGUKEBVNEJXZUSY
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    • memory/3896-292-0x0000000005370000-0x0000000005976000-memory.dmp
                                      Filesize

                                      6.0MB

                                    • memory/3896-295-0x0000000004C90000-0x0000000004CCE000-memory.dmp
                                      Filesize

                                      248KB

                                    • memory/3896-296-0x0000000004CF0000-0x0000000004D3B000-memory.dmp
                                      Filesize

                                      300KB

                                    • memory/3896-294-0x0000000004E70000-0x0000000004F7A000-memory.dmp
                                      Filesize

                                      1.0MB

                                    • memory/3896-293-0x0000000004C30000-0x0000000004C42000-memory.dmp
                                      Filesize

                                      72KB

                                    • memory/3896-288-0x0000000000380000-0x00000000003D6000-memory.dmp
                                      Filesize

                                      344KB