3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

Resubmissions

26-05-2024 06:03

240526-gr4c1shc8t 7

26-05-2024 05:57

240526-gn2p1shb8v 3

Analysis

max time kernel
86s
max time network
155s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

memz.by.iTzDrK_.rar
Size

17KB
MD5

352c9d71fa5ab9e8771ce9e1937d88e9
SHA1

7ef6ee09896dd5867cff056c58b889bb33706913
SHA256

3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61
SHA512

6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23
SSDEEP

384:7FbiYdriLCwBoe6POLT9bxaF851AfS9KL6bPsn/OMrZAGE:7FbldrliOSbxr1AfS9KM+/OMa1

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 2 IoCs

Processes:

rundll32.exerundll32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

3008 vlc.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2056 chrome.exe
2056 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

3008 vlc.exe

pid	process
2056	chrome.exe
2056	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe
Token: SeShutdownPrivilege	2056	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

vlc.exechrome.exe

pid	process
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe

Suspicious use of SendNotifyMessage 39 IoCs

Processes:

vlc.exechrome.exe

pid	process
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
3008	vlc.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe
2056	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

vlc.exe

pid process

3008 vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exerundll32.exerundll32.exechrome.exe

description	pid	process	target process
PID 2976 wrote to memory of 2720	2976	cmd.exe	rundll32.exe
PID 2976 wrote to memory of 2720	2976	cmd.exe	rundll32.exe
PID 2976 wrote to memory of 2720	2976	cmd.exe	rundll32.exe
PID 2720 wrote to memory of 2804	2720	rundll32.exe	rundll32.exe
PID 2720 wrote to memory of 2804	2720	rundll32.exe	rundll32.exe
PID 2720 wrote to memory of 2804	2720	rundll32.exe	rundll32.exe
PID 2804 wrote to memory of 3008	2804	rundll32.exe	vlc.exe
PID 2804 wrote to memory of 3008	2804	rundll32.exe	vlc.exe
PID 2804 wrote to memory of 3008	2804	rundll32.exe	vlc.exe
PID 2056 wrote to memory of 2068	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 2068	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 2068	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1476	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 584	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 584	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 584	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1788	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1788	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1788	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1788	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1788	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1788	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1788	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1788	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1788	2056	chrome.exe	chrome.exe
PID 2056 wrote to memory of 1788	2056	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\memz.by.iTzDrK_.rar
1⤵
- Suspicious use of WriteProcessMemory
PID:2976

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\memz.by.iTzDrK_.rar
2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2720

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\memz.by.iTzDrK_.rar
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2804

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\memz.by.iTzDrK_.rar"
4⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6849758,0x7fef6849768,0x7fef6849778
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 --field-trial-handle=1396,i,15479547641722925869,5241439997679210324,131072 /prefetch:2
2⤵
PID:1476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1568 --field-trial-handle=1396,i,15479547641722925869,5241439997679210324,131072 /prefetch:8
2⤵
PID:584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1396,i,15479547641722925869,5241439997679210324,131072 /prefetch:8
2⤵
PID:1788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1396,i,15479547641722925869,5241439997679210324,131072 /prefetch:1
2⤵
PID:740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1396,i,15479547641722925869,5241439997679210324,131072 /prefetch:1
2⤵
PID:988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1436 --field-trial-handle=1396,i,15479547641722925869,5241439997679210324,131072 /prefetch:2
2⤵
PID:1812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3224 --field-trial-handle=1396,i,15479547641722925869,5241439997679210324,131072 /prefetch:1
2⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3428 --field-trial-handle=1396,i,15479547641722925869,5241439997679210324,131072 /prefetch:8
2⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3488 --field-trial-handle=1396,i,15479547641722925869,5241439997679210324,131072 /prefetch:8
2⤵
PID:2544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 --field-trial-handle=1396,i,15479547641722925869,5241439997679210324,131072 /prefetch:8
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1396,i,15479547641722925869,5241439997679210324,131072 /prefetch:8
2⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1396,i,15479547641722925869,5241439997679210324,131072 /prefetch:8
2⤵
PID:2028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2180

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2008

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1d0
1⤵
PID:2788

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
d8b731d5f7fb29d1f2923cb0c82cc2bc

SHA1
8b761d3be548e7b72b85bb1002ce4e0fe75baa89

SHA256
b19427e05a2ea877e94ce07a2a2c6659053949f2bd49e547f140bd709ec3170b

SHA512
0bb36a983ea308f67591a7587f1b6cbb6b9c13976c7e94a809c35d7fb6b400a081ab0a98d66822c01f8d586ad609f8860b9b48b7b6bf115283f47d3da694d40a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
21af9a33a3aebba325d205b4824361b0

SHA1
639865b919092d2ef579ddfd396861c0c6bf3edf

SHA256
a99b805f190d032ea154f8848b1e51c9f7562a459208b92b5210de7124fbb2ea

SHA512
bd8aa2f3a11f0d69e109d4c6898f690f64da8c32c8582df8295f89e46adef3352f588755c78b8a3b6852c5f6356646ba4d9607984800910dc547c5a70294aa36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e0449d7b-0df9-496f-bc49-d6a605330f0d.tmp
Filesize
5KB

MD5
e7dad20362714fc0a8e108441f8968db

SHA1
2c9a7ee235b177816d1269de80e160b8c37610a5

SHA256
6905a32ff2ee623e3bfe5bfba6c569d9ffda3ee056f5d76a6d8d20b4f6762a8b

SHA512
ce43af93d2d042e868057883ddaccc582f55178f8e09b19a3212a68f29ba94a610c93ecc74227f83e08befcb6fa8cac7cf1487f1cdba742991b4a5bb515353c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
140KB

MD5
b5c62a5dba1da146fe466b3dbbec85b6

SHA1
0f44dd6ac38157fd77b65aeefae40b28144324db

SHA256
076f40b894f4a93d4ad0237442ea365bf0465d34e66bc2223ec4115d06685f0b

SHA512
50c652da38d19fe93d82e6284857c58ee745e7e2f58678e419d228c1d02b85e968b49972167786e5c251084147e2863843699ba60f6f482345f0067b7c27e1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
310KB

MD5
c9a45886872a679b641e8735ebbfd5b4

SHA1
8c9c8b9d25b0c1aa323843d2e51cbed202affd8a

SHA256
5a67826103527bec02a9051baeb5fbb0cfcde6a37f28af6f1abe1e2e0db12d61

SHA512
ce6be51a9284b89080f44284358491764c8123ff8a2af8187097c8549203172ff111beee21236708334311e625dadca1c1d97ae32343c194cba01574312af822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a9320ba7-9947-4b41-9b8e-c9e5036b08b4.tmp
Filesize
283KB

MD5
400e2127ef6aabbc41bd937989a82f14

SHA1
dcb4d63d1d9c0d9c4db1d7da36ac33712a51d99d

SHA256
28734cde986fb6e4401ab04c1ee8744ed560e58ba1eedb75e773dd505da7c8c7

SHA512
d1317c38ca277df003de9ccfb4d901c758af80a887661fbf533b6e566d60ded5938c84571261bfb298136249a602b8be3775f17b728ccf314a73e05a22ff5b7d

Download Submit
\??\pipe\crashpad_2056_KHHFPKHDKLCMIGUD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3008-49-0x000007FEF5AD0000-0x000007FEF5AE8000-memory.dmp

Filesize
96KB

Download
memory/3008-59-0x000007FEF5860000-0x000007FEF5871000-memory.dmp

Filesize
68KB

Download
memory/3008-31-0x000007FEF5D40000-0x000007FEF5FF6000-memory.dmp

Filesize
2.7MB

Download
memory/3008-38-0x000007FEFA670000-0x000007FEFA681000-memory.dmp

Filesize
68KB

Download
memory/3008-36-0x000007FEFA8E0000-0x000007FEFA8F1000-memory.dmp

Filesize
68KB

Download
memory/3008-42-0x000007FEFA3D0000-0x000007FEFA3F1000-memory.dmp

Filesize
132KB

Download
memory/3008-44-0x000007FEF6700000-0x000007FEF6711000-memory.dmp

Filesize
68KB

Download
memory/3008-46-0x000007FEF66C0000-0x000007FEF66D1000-memory.dmp

Filesize
68KB

Download
memory/3008-51-0x000007FEF5A30000-0x000007FEF5A97000-memory.dmp

Filesize
412KB

Download
memory/3008-40-0x000007FEF5B30000-0x000007FEF5D3B000-memory.dmp

Filesize
2.0MB

Download
memory/3008-41-0x000007FEFA5B0000-0x000007FEFA5F1000-memory.dmp

Filesize
260KB

Download
memory/3008-43-0x000007FEF6720000-0x000007FEF6738000-memory.dmp

Filesize
96KB

Download
memory/3008-45-0x000007FEF66E0000-0x000007FEF66F1000-memory.dmp

Filesize
68KB

Download
memory/3008-50-0x000007FEF5AA0000-0x000007FEF5AD0000-memory.dmp

Filesize
192KB

Download
memory/3008-35-0x000007FEFA900000-0x000007FEFA917000-memory.dmp

Filesize
92KB

Download
memory/3008-62-0x000007FEF2810000-0x000007FEF2831000-memory.dmp

Filesize
132KB

Download
memory/3008-63-0x000007FEF27F0000-0x000007FEF2801000-memory.dmp

Filesize
68KB

Download
memory/3008-61-0x000007FEF2B40000-0x000007FEF2C4E000-memory.dmp

Filesize
1.1MB

Download
memory/3008-60-0x000007FEF5840000-0x000007FEF5852000-memory.dmp

Filesize
72KB

Download
memory/3008-37-0x000007FEFA690000-0x000007FEFA6AD000-memory.dmp

Filesize
116KB

Download
memory/3008-58-0x000007FEF5880000-0x000007FEF58A3000-memory.dmp

Filesize
140KB

Download
memory/3008-57-0x000007FEF58B0000-0x000007FEF58C8000-memory.dmp

Filesize
96KB

Download
memory/3008-56-0x000007FEF58D0000-0x000007FEF58F4000-memory.dmp

Filesize
144KB

Download
memory/3008-55-0x000007FEF5900000-0x000007FEF5928000-memory.dmp

Filesize
160KB

Download
memory/3008-54-0x000007FEF5930000-0x000007FEF5987000-memory.dmp

Filesize
348KB

Download
memory/3008-53-0x000007FEF5990000-0x000007FEF59A1000-memory.dmp

Filesize
68KB

Download
memory/3008-52-0x000007FEF59B0000-0x000007FEF5A2C000-memory.dmp

Filesize
496KB

Download
memory/3008-48-0x000007FEF5AF0000-0x000007FEF5B01000-memory.dmp

Filesize
68KB

Download
memory/3008-47-0x000007FEF5B10000-0x000007FEF5B2B000-memory.dmp

Filesize
108KB

Download
memory/3008-39-0x000007FEF4270000-0x000007FEF5320000-memory.dmp

Filesize
16.7MB

Download
memory/3008-34-0x000007FEFA920000-0x000007FEFA931000-memory.dmp

Filesize
68KB

Download
memory/3008-33-0x000007FEFA940000-0x000007FEFA957000-memory.dmp

Filesize
92KB

Download
memory/3008-32-0x000007FEFACC0000-0x000007FEFACD8000-memory.dmp

Filesize
96KB

Download
memory/3008-29-0x000000013F570000-0x000000013F668000-memory.dmp

Filesize
992KB

Download
memory/3008-30-0x000007FEFA960000-0x000007FEFA994000-memory.dmp

Filesize
208KB

Download
memory/3008-76-0x000000013F570000-0x000000013F668000-memory.dmp

Filesize
992KB

Download
memory/3008-77-0x000007FEFA960000-0x000007FEFA994000-memory.dmp

Filesize
208KB

Download
memory/3008-78-0x000007FEF5D40000-0x000007FEF5FF6000-memory.dmp

Filesize
2.7MB

Download
memory/3008-80-0x000007FEF2B40000-0x000007FEF2C4E000-memory.dmp

Filesize
1.1MB

Download
memory/3008-79-0x000007FEF4270000-0x000007FEF5320000-memory.dmp

Filesize
16.7MB

Download