0900ba071d4a0fd3f48064fe4c5399129c4b1b19243864eaf4d0ba96e6384cb3

Analysis

max time kernel
85s
max time network
295s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27-07-2024 04:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

favorites style home.reg
Size

2KB
MD5

0d5ee43035ca27d7bf76b5b0b7616846
SHA1

100d4ec37985ef736875b3ed6536f558069030c9
SHA256

0900ba071d4a0fd3f48064fe4c5399129c4b1b19243864eaf4d0ba96e6384cb3
SHA512

4f5da7d85e837099037f2eb45f704256d3040f970504940492ef7958fa133b494ed4ea7ea18baeacc370253ca2d7360c22e007ea8242997b3daef531b234a81d

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Runs .reg file with regedit 1 IoCs

Processes:

regedit.exe

pid process

2992 regedit.exe
Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

chrome.exetaskmgr.exe

pid process

2668 chrome.exe
2668 chrome.exe
1700 taskmgr.exe
1700 taskmgr.exe
1700 taskmgr.exe
1700 taskmgr.exe
1700 taskmgr.exe

pid	process
2992	regedit.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

Processes:

chrome.exetaskmgr.exe

description	pid	process
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeDebugPrivilege	1700	taskmgr.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe

Suspicious use of SendNotifyMessage 49 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
2668	chrome.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe
1700	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2668 wrote to memory of 2804	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2804	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2804	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 3032	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 1512	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 1512	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 1512	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe
PID 2668 wrote to memory of 2392	2668	chrome.exe	chrome.exe

C:\Windows\regedit.exe
regedit.exe "C:\Users\Admin\AppData\Local\Temp\favorites style home.reg"
1⤵
- Runs .reg file with regedit
PID:2992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c59758,0x7fef6c59768,0x7fef6c59778
2⤵
PID:2804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:2
2⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:8
2⤵
PID:1512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:8
2⤵
PID:2392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:1
2⤵
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:1
2⤵
PID:1732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1140 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:2
2⤵
PID:1032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3132 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:1
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:8
2⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3668 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:1
2⤵
PID:2408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2680 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:1
2⤵
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2636 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:1
2⤵
PID:1740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3836 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:1
2⤵
PID:2892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:8
2⤵
PID:1520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4068 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:1
2⤵
PID:860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3784 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:1
2⤵
PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4196 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:1
2⤵
PID:2400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3740 --field-trial-handle=1176,i,11633948733191397899,9021246725777891807,131072 /prefetch:1
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2044

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1700

C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe" SYSTEM
1⤵
PID:1616

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2516

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
813d413388c3a428c0befce17297721e

SHA1
3c3c604dba24af7b55a0570a66044744f2af7dc7

SHA256
7a25257ff60ea4b7d9405056eb8966e62e2709a251e41a258a3eb888f1c04550

SHA512
19063e8799c3541f80270348bf85d10ff56c59a246214e9f0456f37e9e5e1814d36ff3385aa99b8c08bcfb5ce500fbd4a528ede33daf8a34f9ee240d0e45c78a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
e32c4a698f2417cb37e54f280d59b65e

SHA1
3897906738f585a1e56b72e3c74f209f50ee22f9

SHA256
0d6a522c4b9f68ddfc54b607206a7be6a8f6e6af0c4a44767e4cbc37f259141e

SHA512
97abfb799eae6e7c9781bc9cfa81e258988a2d686229b3db71705fbbef1a66a5dff1669eae9030b453437b12af164058028bda303ca0bf38e0f761dadd9ee659

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
05d2219e8e6a1934c649ff43e5772d1b

SHA1
19c322f8a1f22640b35e3c21dffbb70c519fbd73

SHA256
b858a91eb3d566ab5a9bb45a4481efdff1c337cb2439e7455c4030347a400d4f

SHA512
9b1b526f89d36b2fd3807adae05b9a39caa01a0c8185003b4cac64e04b8797e31c22367f4878fd7538e977fd7b419e873e5440ae03e93a706ef1cd399ff0564c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
7dd58f8dbf2667094a940470d64a1e38

SHA1
6e5ab15b5c98402c8bb602789fc9e215b63cdced

SHA256
04d14640cfbe5c4aa35b6503bcd89e26341d0b94bf01f7bfb6b9e0f0d8e0ef40

SHA512
1f963dd2b9511ba70d53f47f41faa5715bb29a11831c36e0517588dd480e74ddc4f5189c9e74bdc65cb5c7de28cfff55ce195c5d6d90d0fad737e8ed6842f654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
109f3ec66c90b819744ffa7938415b82

SHA1
d2e4ab8369e967917d2d3335ebff28fa39c071ed

SHA256
313757da1098aceddf352300a62559288c5bf248588a2584e3c6ac5b2b7069a1

SHA512
1dd6e67bb807b915249797bdd996695b52a1270e7d3e6cc081ee6da1267023af38440ee9810bc9b9cb613c9b1e6c7786a0c6fb4305ddf53a0f9ba1b5e7d369e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
363B

MD5
5f84c6154976dabb24f41ef64e9d1255

SHA1
fb961e335d84605e6bd80a528ef89063276347bf

SHA256
dc9ea58d36120e71a07e77002a36bd969c58cd0c1d8d02d8667710c56597c4c7

SHA512
3b598a0969d9ff98ff24a9f733e4932e487fc439cd621c079360a4fc214fc168149243bc62a4781adfcec28f8d1dbbdcee5af3a2926a87657dbe5729fc484aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
4ce7a22b2d69640b767a2d66f910e436

SHA1
b6249cb0d7f4121a5e8a417c527f9b1883aaba1a

SHA256
276efd4d774035436396abcddd6829b256926b0f58aaeae6d13c054a2f48c100

SHA512
c2a1c85b23e6fe2a96c8a75f01959ee24315a6bd0181ff4a06410a0c2f2f6901a8c0fb69e2f923234dd25e6779a7e3b5f2d34cdd7f47367c2e76089a4f9120f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
6a86475f0a170977eb77a37f3e1b80ce

SHA1
b2ee454fa51b6a114c0ea94056bf797502f1e521

SHA256
65a4e2a88bfbbbf98217cf14bb9da05a2f7bde1551ceed0a1fd6da19c4c6d03f

SHA512
8eb1ac6571c32c99cc6ac05eb8231e19d320c9c03121d20c1538517613bd6a53e1ec7e363ffe6de121376971358361db91d3eb12bbd13161497df4499a797173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
4193ecb52f57143c66fe94d3c3b779da

SHA1
3352d8f3ffa7f7113a8ea8c66532079e17fde5f1

SHA256
950a91678d6bf1a0c29fffea7cc4f4c8500ce6e3d7e99b2b9cabf6334731a478

SHA512
ea51902cc635cdefbca4d9827e5efcf2bc822023af946f51a0a974d1193be6fc8e4a91344b4d9f8eddeb437fb28c15ed915064dbe4c82185f8fc0426504330a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
312KB

MD5
0fb76a9b9b58878e5d1694935e32fdac

SHA1
1d360ff66632d7302464bd56fc95d7a4a7248b29

SHA256
00d54046f1786af4a9f3219f05fca85c9239bac1f380927e8002a335c4dfe9ab

SHA512
308535f2c4c94f3ab7965639035fbfefdf717a47be5b7b7faa7622f1260f4272abfc2c6591494b8f66a7a49108acc91813e41206a29439cfb52e17d7d456d2a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5CD1.tmp
Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5E0D.tmp
Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\??\pipe\crashpad_2668_VAVVFSBQLINSZFBB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1700-49-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1700-48-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2992-0-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download