Analysis

  • max time kernel
    42s
  • max time network
    47s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/05/2024, 15:03

General

  • Target

    https://app.mediafire.com/394mngqbesoll

Malware Config

Signatures

  • Detect ZGRat V1 3 IoCs
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 3 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 41 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 45 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://app.mediafire.com/394mngqbesoll
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4884
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8a78ab58,0x7ffd8a78ab68,0x7ffd8a78ab78
      2⤵
        PID:2748
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:2
        2⤵
          PID:1552
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:8
          2⤵
            PID:836
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:8
            2⤵
              PID:3116
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
              2⤵
                PID:4416
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                2⤵
                  PID:3388
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:8
                  2⤵
                    PID:3556
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:8
                    2⤵
                      PID:1844
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4948 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                      2⤵
                        PID:2924
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4932 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                        2⤵
                          PID:884
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4792 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                          2⤵
                            PID:1424
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5172 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                            2⤵
                              PID:1472
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5368 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                              2⤵
                                PID:464
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5528 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                2⤵
                                  PID:3304
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5560 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                  2⤵
                                    PID:840
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5576 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                    2⤵
                                      PID:2600
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6052 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                      2⤵
                                        PID:3164
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6172 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                        2⤵
                                          PID:4660
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6344 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                          2⤵
                                            PID:5184
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6900 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                            2⤵
                                              PID:5300
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6224 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                              2⤵
                                                PID:5412
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6532 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                                2⤵
                                                  PID:5440
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6808 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                                  2⤵
                                                    PID:5448
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6284 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                                    2⤵
                                                      PID:5600
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7216 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                                      2⤵
                                                        PID:5680
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7376 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                                        2⤵
                                                          PID:5688
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7568 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:1
                                                          2⤵
                                                            PID:5828
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:8
                                                            2⤵
                                                              PID:6088
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7540 --field-trial-handle=1908,i,11360715916896356671,2124794893011048197,131072 /prefetch:8
                                                              2⤵
                                                                PID:5148
                                                            • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                              "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                              1⤵
                                                                PID:2008
                                                              • C:\Windows\System32\rundll32.exe
                                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                1⤵
                                                                  PID:2496
                                                                • C:\Users\Admin\Desktop\TORONTO.exe
                                                                  "C:\Users\Admin\Desktop\TORONTO.exe"
                                                                  1⤵
                                                                  • Suspicious use of SetThreadContext
                                                                  PID:5820
                                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                    2⤵
                                                                      PID:5900
                                                                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                      2⤵
                                                                        PID:5904
                                                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                        2⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:5912
                                                                    • C:\Users\Admin\Desktop\TORONTO.exe
                                                                      "C:\Users\Admin\Desktop\TORONTO.exe"
                                                                      1⤵
                                                                      • Suspicious use of SetThreadContext
                                                                      PID:5132
                                                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                        2⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:3624

                                                                    Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                            Filesize

                                                                            40B

                                                                            MD5

                                                                            ead5c5b65992ef68cf2eb90edd0f8846

                                                                            SHA1

                                                                            e23f95767614ce9830147ec6ba7b0b5ca18a8101

                                                                            SHA256

                                                                            be7c1faec23a46d25250554bdeb10d8f49b4fc3176004c914f34cd0c8caa990f

                                                                            SHA512

                                                                            043645f254ad57e33e6968a60ad645630ca980de7555b410631fbc597bdee7402e1f4b15e7d522537f01304ca08400fd58a69609a125e7440dfa3f1bb33d1077

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                                                            Filesize

                                                                            56KB

                                                                            MD5

                                                                            1d900174b33faefc91805efe00c27f8f

                                                                            SHA1

                                                                            74109ac1c4a58f259dd2fc201c00b66868884f20

                                                                            SHA256

                                                                            2e29d1870efdb62977283ed655df8e446e66626a0a8874c9fee036268f13934b

                                                                            SHA512

                                                                            3de179640a3d3494cc86d03e400955cdc7df71435d307bedb8349c858b21e7053f2b217c94bd9528bfca0a7161392d622c967af4b7d6adb594de1e4b9db78a7c

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                            Filesize

                                                                            2B

                                                                            MD5

                                                                            d751713988987e9331980363e24189ce

                                                                            SHA1

                                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                                            SHA256

                                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                            SHA512

                                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            82163549db9dee120434b4ee688a508e

                                                                            SHA1

                                                                            5925797ce09f8b361754288bf0b5c51a563c08a3

                                                                            SHA256

                                                                            12d9a7914bd7cea8cf2389f0551632cb6995789c016ed6ca9999262812643495

                                                                            SHA512

                                                                            8241dac8d9515d60232a01e447a4e5b2f2253bed2878365dd2ea2f4d46d7f4aa3f49dcf7657389170b1b9f3e8807dc2f14ce067e6c14fc211b8a086bbc2e41be

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                            Filesize

                                                                            2KB

                                                                            MD5

                                                                            bfef9ee21f0ef2405a8ca85c7045284f

                                                                            SHA1

                                                                            79b93406fbd3b2971b049dbc7c50aa4d94a76001

                                                                            SHA256

                                                                            d25a0159f16b5d126c9064af35fe7b7971ed25a5922939ff1b20f15deab0cf66

                                                                            SHA512

                                                                            4d3a2c35dea9863d2c86a950001665771e1d6d901505c8f412633f01198115e10ecdfb5b3696d8ebf8d76a29a13304d774d75a92a63392c91ca5499626d9da9c

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            3d8440268773b397a9a8ba0a445e5058

                                                                            SHA1

                                                                            222d2e739dd2e7a4b54657dabd256c9a52944083

                                                                            SHA256

                                                                            78d0dcd425aa680862ef26c76ead08f0e33982225ca3e6583d60e88345ac5526

                                                                            SHA512

                                                                            2d6059549cdb73ce9244a99172207d3700ecbef53d6fb8485e7c215720eed2c89da0e83c52ca6f9596e710d48ba449a555241581a01d27db3dffb9e654f296bd

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            eec757da892e9c044788a8f1c1e2d3c2

                                                                            SHA1

                                                                            5f6ed4d78f9fa79113fc56f6093878919f8390ea

                                                                            SHA256

                                                                            2c9b8bd57cd44ef478d823c22799359b8b15b38abc8fc3014dc912229c794b54

                                                                            SHA512

                                                                            bab744185a398f03eff8e00db1ebeec9b888d9787770d16953a22a9d4e377feaf89889ad60f7ce2cee28f0c44d3a22c4ee135184f785b1f9fc00abedde2e3436

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                            Filesize

                                                                            130KB

                                                                            MD5

                                                                            2a2e8236cd47627beb513cada514bf9d

                                                                            SHA1

                                                                            2b1a07140b727dec40d25ec0e21c075b5d0f0c96

                                                                            SHA256

                                                                            1f6ffd1107436c12b3a8b283ce95340d277473317752835eda597b2e80147843

                                                                            SHA512

                                                                            02ef0db46f9b07cd74bcd2d6680d2b367f946d8fb9c458059ccd6cba48e32294c1360866350b4ea07ab9de683d797b2c987724a09df6719f471e301995a02841

                                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                            Filesize

                                                                            130KB

                                                                            MD5

                                                                            75add0a684f2bb77b721a54c54994903

                                                                            SHA1

                                                                            0e0863b3631499e145e8ec00366064f9c7f1d0ea

                                                                            SHA256

                                                                            b8c19f0c3b18526c100e79348c989050d115f1adf3de458d1cda51041a13ac4f

                                                                            SHA512

                                                                            2ae9e99cd398e2e74966c105484b8c63bac966de7b0a03bfa6c4622712759627d72ba5c7aecf7bc8a525550933e35f6f4c374c9a0d73f37d788d804b845d5331

                                                                          • memory/5132-284-0x0000000000DD2000-0x0000000000DD3000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/5132-285-0x0000000000D60000-0x0000000000DD5FAE-memory.dmp

                                                                            Filesize

                                                                            471KB

                                                                          • memory/5820-260-0x0000000000DD2000-0x0000000000DD3000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/5820-262-0x0000000000D60000-0x0000000000DD5FAE-memory.dmp

                                                                            Filesize

                                                                            471KB

                                                                          • memory/5912-265-0x0000000005710000-0x00000000057A2000-memory.dmp

                                                                            Filesize

                                                                            584KB

                                                                          • memory/5912-272-0x0000000006990000-0x00000000069DC000-memory.dmp

                                                                            Filesize

                                                                            304KB

                                                                          • memory/5912-267-0x00000000058A0000-0x00000000058AA000-memory.dmp

                                                                            Filesize

                                                                            40KB

                                                                          • memory/5912-268-0x0000000006D00000-0x0000000007318000-memory.dmp

                                                                            Filesize

                                                                            6.1MB

                                                                          • memory/5912-269-0x0000000006880000-0x000000000698A000-memory.dmp

                                                                            Filesize

                                                                            1.0MB

                                                                          • memory/5912-270-0x00000000067B0000-0x00000000067C2000-memory.dmp

                                                                            Filesize

                                                                            72KB

                                                                          • memory/5912-271-0x0000000006810000-0x000000000684C000-memory.dmp

                                                                            Filesize

                                                                            240KB

                                                                          • memory/5912-266-0x0000000074860000-0x0000000075010000-memory.dmp

                                                                            Filesize

                                                                            7.7MB

                                                                          • memory/5912-273-0x0000000006B10000-0x0000000006B76000-memory.dmp

                                                                            Filesize

                                                                            408KB

                                                                          • memory/5912-274-0x00000000074A0000-0x0000000007516000-memory.dmp

                                                                            Filesize

                                                                            472KB

                                                                          • memory/5912-275-0x0000000007420000-0x000000000743E000-memory.dmp

                                                                            Filesize

                                                                            120KB

                                                                          • memory/5912-277-0x0000000008DF0000-0x0000000008FB2000-memory.dmp

                                                                            Filesize

                                                                            1.8MB

                                                                          • memory/5912-278-0x00000000094F0000-0x0000000009A1C000-memory.dmp

                                                                            Filesize

                                                                            5.2MB

                                                                          • memory/5912-264-0x0000000005C20000-0x00000000061C4000-memory.dmp

                                                                            Filesize

                                                                            5.6MB

                                                                          • memory/5912-263-0x000000007486E000-0x000000007486F000-memory.dmp

                                                                            Filesize

                                                                            4KB

                                                                          • memory/5912-261-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                            Filesize

                                                                            296KB