ebdddbbb2a2db91ce6e5b5e170ab8e1fd5e2a39ef1a827f96efdb80de9f7fd11

Analysis

max time kernel
135s
max time network
136s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DDU v18.0.7.9_setup.exe
Size

1.5MB
MD5

a2069f73c8c0e5acb7da7fda896949fb
SHA1

f1eba55ad421bea5746a87a2db37b856a6363eb2
SHA256

ebdddbbb2a2db91ce6e5b5e170ab8e1fd5e2a39ef1a827f96efdb80de9f7fd11
SHA512

084299dcfdb30bb10e7892ec4b439ee497b393fc7058227f9a3ef25206aa68459b600c949c3278967e4ef1dc93605a84c5271a57156e937aff724dc8bfd620c1
SSDEEP

24576:EfL4INRh9aqCGKS4WCam+yNmhkfq17D/noXTQ32v1OdKhTw9J:ekShQqCGKUm+yghki1Hn6TQ301OdKVwz

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Dutch.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Swedish.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\classroot.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\gfedriverfiles.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\interface.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\AMD\driverfilesKMPFD.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Slovak.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\interfaceGFE.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\REALTEK\clsidleftover.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Czech.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\clsidleftoverGFE.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\driverfiles.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\packages.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Hungarian.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Bulgarian.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\_For translators - ReadMe.txt	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\gfeservice.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\REALTEK\classroot.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\AMD\services.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Spanish (Spain).xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\AMD\driverfilesKMAFD.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\AMD\driverfilesKMPFD.cfg.bak	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\AMD\interface.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\INTEL\services.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\German.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Greek.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Persian.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Slovenian.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\AMD\clsidleftover.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\nvbservice.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Licence.txt	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\INTEL\classroot.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\INTEL\clsidleftover.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\nvbdriverfiles.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\REALTEK\packages.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Display Driver Uninstaller.pdb	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Serbian (Latin).xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Thai.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\clsidleftoverNVB.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\gfedriverfiles.cfg.bak	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\INTEL\packages.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\AMD\classroot.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\English.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Readme.txt	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Korean.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Macedonian (Latin).xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Polish.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Serbian (Cyrilic).xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\clsidleftover.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\INTEL\interface.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Italian.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Russian.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\uninst.exe	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\AMD\packages.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Turkish.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Finnish.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Spanish.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\NVIDIA\services.cfg	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Portuguese.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Danish.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\French.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Latvian.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\Languages\Arabic.xml	DDU v18.0.7.9_setup.exe
File created	C:\Program Files (x86)\Display Driver Uninstaller\Settings\INTEL\driverfiles.cfg	DDU v18.0.7.9_setup.exe

Executes dropped EXE 1 IoCs

pid	Process
2492	Display Driver Uninstaller.exe

Loads dropped DLL 6 IoCs

pid	Process
2676	DDU v18.0.7.9_setup.exe
2676	DDU v18.0.7.9_setup.exe
2676	DDU v18.0.7.9_setup.exe
2676	DDU v18.0.7.9_setup.exe
2676	DDU v18.0.7.9_setup.exe
2676	DDU v18.0.7.9_setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DDU v18.0.7.9_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NOTEPAD.EXE

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
3068	chrome.exe
3068	chrome.exe
2232	chrome.exe
2232	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	868	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe
Token: SeShutdownPrivilege	3068	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
868	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe
3068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2492	2676	DDU v18.0.7.9_setup.exe	32
PID 2676 wrote to memory of 2492	2676	DDU v18.0.7.9_setup.exe	32
PID 2676 wrote to memory of 2492	2676	DDU v18.0.7.9_setup.exe	32
PID 2676 wrote to memory of 2492	2676	DDU v18.0.7.9_setup.exe	32
PID 2676 wrote to memory of 2492	2676	DDU v18.0.7.9_setup.exe	32
PID 2676 wrote to memory of 2492	2676	DDU v18.0.7.9_setup.exe	32
PID 2676 wrote to memory of 2492	2676	DDU v18.0.7.9_setup.exe	32
PID 2676 wrote to memory of 860	2676	DDU v18.0.7.9_setup.exe	33
PID 2676 wrote to memory of 860	2676	DDU v18.0.7.9_setup.exe	33
PID 2676 wrote to memory of 860	2676	DDU v18.0.7.9_setup.exe	33
PID 2676 wrote to memory of 860	2676	DDU v18.0.7.9_setup.exe	33
PID 868 wrote to memory of 1496	868	chrome.exe	35
PID 868 wrote to memory of 1496	868	chrome.exe	35
PID 868 wrote to memory of 1496	868	chrome.exe	35
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2732	868	chrome.exe	37
PID 868 wrote to memory of 2788	868	chrome.exe	38
PID 868 wrote to memory of 2788	868	chrome.exe	38
PID 868 wrote to memory of 2788	868	chrome.exe	38
PID 868 wrote to memory of 2440	868	chrome.exe	39
PID 868 wrote to memory of 2440	868	chrome.exe	39
PID 868 wrote to memory of 2440	868	chrome.exe	39
PID 868 wrote to memory of 2440	868	chrome.exe	39
PID 868 wrote to memory of 2440	868	chrome.exe	39
PID 868 wrote to memory of 2440	868	chrome.exe	39
PID 868 wrote to memory of 2440	868	chrome.exe	39
PID 868 wrote to memory of 2440	868	chrome.exe	39

C:\Users\Admin\AppData\Local\Temp\DDU v18.0.7.9_setup.exe
"C:\Users\Admin\AppData\Local\Temp\DDU v18.0.7.9_setup.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Program Files (x86)\Display Driver Uninstaller\Display Driver Uninstaller.exe
  "C:\Program Files (x86)\Display Driver Uninstaller\Display Driver Uninstaller.exe"
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\SysWOW64\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files (x86)\Display Driver Uninstaller\Readme.txt
  2⤵
  - System Location Discovery: System Language Discovery
  PID:860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7019758,0x7fef7019768,0x7fef7019778
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1312,i,7752522048041507463,2688750114524326324,131072 /prefetch:2
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1544 --field-trial-handle=1312,i,7752522048041507463,2688750114524326324,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1312,i,7752522048041507463,2688750114524326324,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1312,i,7752522048041507463,2688750114524326324,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1312,i,7752522048041507463,2688750114524326324,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1344 --field-trial-handle=1312,i,7752522048041507463,2688750114524326324,131072 /prefetch:2
  2⤵
  PID:292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1392 --field-trial-handle=1312,i,7752522048041507463,2688750114524326324,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1312,i,7752522048041507463,2688750114524326324,131072 /prefetch:8
  2⤵
  PID:1312

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7019758,0x7fef7019768,0x7fef7019778
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1332,i,401347283550246619,10767479928457500621,131072 /prefetch:2
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1332,i,401347283550246619,10767479928457500621,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1332,i,401347283550246619,10767479928457500621,131072 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2224 --field-trial-handle=1332,i,401347283550246619,10767479928457500621,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2232 --field-trial-handle=1332,i,401347283550246619,10767479928457500621,131072 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1436 --field-trial-handle=1332,i,401347283550246619,10767479928457500621,131072 /prefetch:2
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3164 --field-trial-handle=1332,i,401347283550246619,10767479928457500621,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 --field-trial-handle=1332,i,401347283550246619,10767479928457500621,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2012
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x1401e7688,0x1401e7698,0x1401e76a8
    3⤵
    PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3696 --field-trial-handle=1332,i,401347283550246619,10767479928457500621,131072 /prefetch:1
  2⤵
  PID:2136

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7019758,0x7fef7019768,0x7fef7019778
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1308,i,4314268242978464518,11983498635049821348,131072 /prefetch:2
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1464 --field-trial-handle=1308,i,4314268242978464518,11983498635049821348,131072 /prefetch:8
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1308,i,4314268242978464518,11983498635049821348,131072 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1308,i,4314268242978464518,11983498635049821348,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2272 --field-trial-handle=1308,i,4314268242978464518,11983498635049821348,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2584 --field-trial-handle=1308,i,4314268242978464518,11983498635049821348,131072 /prefetch:2
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2788 --field-trial-handle=1308,i,4314268242978464518,11983498635049821348,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3712 --field-trial-handle=1308,i,4314268242978464518,11983498635049821348,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2624 --field-trial-handle=1308,i,4314268242978464518,11983498635049821348,131072 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2284 --field-trial-handle=1308,i,4314268242978464518,11983498635049821348,131072 /prefetch:1
  2⤵
  PID:2848

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Display Driver Uninstaller\Readme.txt

Filesize
1009B

MD5
b799724d8655de1ed86c7e45ac96c33b

SHA1
040706767aa9c4263429e0154f8c3eb61714f27f

SHA256
8f1885b7603d1e2cb6d231774b83c6ad622a7b7cf87de835a68951084833a517

SHA512
8538844bd03413a8837d37d63625ded67264c25d8ba221f0cc357f60924078bc339a35ad133f92daf056a9dcf730504af025479d176f8b13573d638cf082bc75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
f956de956cddcda63d6d9df45c0c463a

SHA1
0e4903dc7cd96445215d305e980cff550c725983

SHA256
2d78531b24f16c12409ad3a8528ce5ab18b4898cc11bf6a159edc02f11f86088

SHA512
0e4c73d55986be7d548101a336fe8596335cd43bd7121c13c272eecd7c7078a37674a5bed7ac0d72a0061a6f3d53b5ca02c2d5d06276f7b4dcf7866d9614b196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5fa03c78-131e-4c75-b81e-1bde18b408a0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
75ced9894cfed2995def6ca181de0f51

SHA1
4aa4c7a192ad277e781792ba2e59217ca69ff9f6

SHA256
104fed089a1286e0a6932421bf44103465bb674b3cff21a847708d8b3a81c2ef

SHA512
04ba5e62471ab0466734f1ebc1c9ad13a2d1df25aade525950fe84602a0a655af0114c089c4a49974ec429c2a5f727169fdd3d4bf5159463e4f633ec93281bc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
048374816055c14b358c29285bc3f2f8

SHA1
31e35f869c0864d262f75b82c161ee488a13eb18

SHA256
7b4bb2b22cfdcdf26ac80f231d3a08c346c34a82829a23024486792e5dd05a87

SHA512
8efb7aa4e9ee62c472d1e8fe86ea293f4115474e1bedb11a0269bfbbac9670268b866d31f875e922ddff07aa66c4a4631acfefd1a1aadccf9bbccbd065f53170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
fdc27e64e5d4b3f44de67d1bc63262f2

SHA1
7921b4c1b4e4e04c54c0f00b47c27173e5e00093

SHA256
5929c092843b9cfcf077ce55aa24a4d36e8e960ea97893ddc924759a037f7961

SHA512
4a23ce3a4539dc991660fd8058772c6a729c91e4d7c2fa5fb15c092a65172132a63b86bcf75c01067002769159ceb42c02fefe5a03b44e638100734ef8fd91dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000011.dbtmp

Filesize
16B

MD5
6de46ed1e4e3a2ca9cf0c6d2c5bb98ca

SHA1
e45e85d3d91d58698f749c321a822bcccd2e5df7

SHA256
a197cc479c3bc03ef7b8d2b228f02a9bfc8c7cc6343719c5e26bebc0ca4ecf06

SHA512
710620a671c13935820ed0f3f78269f6975c05cf5f00542ebc855498ae9f12278da85feef14774206753771a4c876ae11946f341bb6c4d72ebcd99d7cff20dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
0d7318aa9f1bafdce94107ec99a76bb0

SHA1
088fd6260d56b57fcf4b2e21ead428feb115ef3b

SHA256
735c8363c59f24aebb1986f84eb4242622c23beb1ecdf9771ffe7c5a5f5b523a

SHA512
fb1cee8dcd5dbd1e3ec32f945901efc9bbc7c5c4db6fb457fe80bbb5bf4658d934394bfc14698d4ab92b2308f5de2aa5fa0fc233c65c3635d8b3b60b5ee4cd22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
d6beff5fea8a49753605205a7e149ec3

SHA1
21e50f8d08ba95430f7a826436409ca525dbc375

SHA256
fd6c87734b6f9735a02050b7abca2d245ed035204e04f3167d2a6a34b10c621f

SHA512
7f900b137c1c89cb436d48a8b586872096c637a682df0cdbbd36e0cec5c964bd8c24574651e4736564d9b932299c30179b6d9808ebb2c4d4c1ea143157e7b038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0976740d-c0da-48e1-9b3f-6835cf1caec3.tmp

Filesize
1KB

MD5
f1256239b065c80ee1d0b5b493bdf12e

SHA1
91a3acbe2cc6a18537a665f9c04d6f879a34a389

SHA256
c8820903d58c48af08f26f052249f5e59d11d5a71f83549ac7c58d147d71b24a

SHA512
029f87091f86ac6ba75efb1c24c039833b5da72ae60d587cda1521fa1b2579d7a19d83b9e244fc45121b5a0e715db7e7fcc4921e38280c170f6df81cb254f2b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
632B

MD5
68bf80e15ea61d1fc294273f3b815be1

SHA1
7c73e4a9811c093d894381ac2933763ee65c4b7a

SHA256
e0a7359a818673a608972f3fafdc13634dc4180e940ebf13f11108e4e16ccac7

SHA512
cd36995dbb3b9740af1b8f16180e73bccba9cc4200489310349caffa1ceb7167442e71801f35c2e21af8ae1b3d152253a109d9f2c9d187de37f5352b5f9c3d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
ecebc3494977bbf3e7457f80b4647786

SHA1
94e29db71b871c15ad434c575b8ec19185efc4e0

SHA256
53357ee6e07fac83be3754e8a1402e5d652f24b7799cbefcff487e96fe18e714

SHA512
99c79c080203583452556f5b6a89e2a4c9064dc8c02140554a69af27794df824da6b50f507c1c9bcd7f5182b47403678117a6e9e8552c756a5a69abf90b54dc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
5826e243c3b6b1a341f0a47bb5f237ec

SHA1
5fe7807465b9de22ab194135e8d0b36e45c954c6

SHA256
9f21020ba23c2f9ddc98d4c469168a6e10a4b3e33daa609d6df38ba9d7cd6bb2

SHA512
b5268d511dffc25bc5130da7b24ed6b9d6e464fd64ea860e66326b3edbcd00dfd4ffba0ac9736db248e34b219634f75e925b77e5a3ac4b0ac7c56943ad6f2e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
489fdcd9510230587086d69d678516d9

SHA1
8dca8ce5e19dfcfaa40e9c5526a038adf201d293

SHA256
6d08101ca9f52078e038eef9ac193bdb3b34c8a8be618e03494d04b4b5c3c567

SHA512
905245071231f6c622c151c2a07c3a944b6cb2d740e7cad6f166278b5e5bf9a12954de7f5646c4b30c80f5d3ef75f87f9bd7e88d3ae005b93d83b1e4cb4c2ee3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
75c3a1fcc07e49d10360a3f3ad27bbf8

SHA1
7a0ad3a61b1c2c44c98ae0b3b0816bd036f3a569

SHA256
60d4dc37d628ac8cc2449e0d0f412a5a21f7e69bf7a8bcb06e0f6f70e4b147c6

SHA512
c7b97733dbb68bba76028a5bc0032f6e15fa49130e47aea72259ce7759293da0bbb472bae89929230e98d5b301b70425f57f8df81db151eb3a64614e920f0fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fb4ef2b5402f5002eb6994fceb7d203e

SHA1
043ddc42739ce90cc1290c8fcb31b4cf524a303d

SHA256
45164995c356a12a86a9114d4827132844683ccb07304cdf1c74611319174a29

SHA512
f142c293e2419cb5ae88e5020904dd0e2f66c174647e5e9ce085888aa4a36d026dcc36b3617f806dfa970986be2a0ebf8a8113dccc9ec219f08b7b08d4bfb452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fd779239f8e13a8f1ee9f9f7a1697354

SHA1
aec762e75972faa124a646bc88d4dfafb5edd315

SHA256
2e90310912d6cc1704af60494f461e10fa1b86c681a878916b931ad310b98dd4

SHA512
ccd6b9d15bdfe791ebaa8ec64d1488018bba31d0da19dcf7fe65a787c4269eab1ba0a2ba4b840a03fc7652be08daaa96630db1ff1a9daac14dbf697558daf23c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
99d2d8418c9e6a3dc59ba775388d8126

SHA1
84661256d99f68f2a59c2182f27bbc697f58827c

SHA256
c59149e161871f3103c3212b53257ee01a252deff228199710c73143f509456a

SHA512
7ca962bb03c1ae585d7241576285d92172c8a8cb6257703d0eb836bf9cd4fff414fa1f59525ffface2e40073b07b0f972ab8a4b6c2aab18faf6cd9ef9a46471e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
e9e5da69def5d3fc20767d2d3e1854a1

SHA1
c4e2b1a3a530cbc2a346c74b3e3a95107d2978cf

SHA256
98660be7f8162523b9915e3082441410438e633d358b063a2ff5fc89368450fe

SHA512
fe9331142711755c1b606b7bd03cd9b9e253e7c187ed1ffd9a3e556a88c27784018bf65ebf9935372c4badc4fa52263a5460c6fa4ec1c673e0033a86681a9166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
8793eda272c9c5d6254b70f5af90ffcf

SHA1
87f251710421569dad0d9a1ca512d28bf01c2b3a

SHA256
ecedb18b468e5b8ca0e0796633da3db989bcdfb271ee5d6a8b169bde0bb11d35

SHA512
5cc85f0875a7c6062374fa6ea3f9362fcb77e47af10d4b49ee769a0d9d6a765025a0db7c13753beae80c463f9297dcffb1a11c6c6df92dd3187d1888bac42a57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
558d303aae9772c8a93d9c4ad2de2374

SHA1
4bb38786f98a6a8ef512167b6982bcea322b3ad7

SHA256
f51c9007d22c7a3c315c6de5f8a6ad6e60f15ce0128a5cfc28192671aada5d95

SHA512
a90ba5e089c0842ba05f99f0a727c81ef8167d0da99975d9df5716cb17ab368d0ad352b46cc2cc69307a5faaace05d72f21eeee4bbc916246d2e49df3a222326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
c8d9ae57ad94e9b3e2bf4873583e6098

SHA1
a2d4c3b901e61b06582ba5cb8ab1f4e6d67e6a3f

SHA256
ba68c518fddf1c8a690c0873cbced3f098a013647d18397b886bc2390efffd49

SHA512
cd32ec06329ed057d923106e2f41d6f4dcadf9949e80a7ba129ab1337b39b955449fc5ce6eff0426eff6b0c12b51dc9c48e5cd561519266c17bbe6cb1430f755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
a14a5b8b1139e25179ef10aff4e9cd9b

SHA1
3536014965b1c7457c4635d4a3326f26b39c52b0

SHA256
3c5cfcc07e1efa6670df61a82fbbd3b3f4eef8909f5754a5a88970de52d967ff

SHA512
11d92caa9ff5ad32923fbf8f4b7864c117858206791d2a60896cd2b07a5d6f16ee861a7469730cec038f9cb5b42004b888cd86e72c71ec3f68deab541deee121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
03d881fc5a4ab4013bd1b30988abb179

SHA1
9ad861569715575d7b676e5683b14dd3cffec304

SHA256
5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8

SHA512
29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
485B

MD5
3629a525d6325c13772d6def91ac5530

SHA1
7e14b5d4c1e416f09374e43a99217e702893a93b

SHA256
e747317afed7f4fe5abaf7853fa3e0c86f328e3de1656bbeec8e6a07efc3ff72

SHA512
754b1cfa3784501f3429770b073fc955f0d29c15e1fe57eefbc5dff7f4d512d1e3fb049e91a4db6d77b622921900f318fcfe4ce885209e1c96d99288510ff05b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
189B

MD5
de7eba657c271b59ae555665dd456e46

SHA1
0168bb7358886202ef52f2b4a3a5dd0b4b6efea4

SHA256
6da8151b8ee6138c06b04017c3a2a6ca7eedc3c0c6ad10ba990e2146eaeca738

SHA512
0d212f5da8dede8664328c7d36dcd346d1d1e87f44715fdbd7eeb671914e26059d627a85ecfa63dddc04d8f8a65c4b32a86e71ffb16f41402b604f10760be43c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
ea7d0291fc8d4dc3a9567d98dfde1dc7

SHA1
5995769fa2cce49530d160c228bb5c1436401afd

SHA256
99069717f8b102fc6cc5937d58a1bad7d75f7d74bbe6e7bbe6f40943aae70811

SHA512
159b037f2d22639f0ea7400966d830fc44dea478ce8b7119527c35b20219578a871222920088f269c13f05f312d279d8ef01f09ed41579d804e097ff4aeca1d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
cce6d9e0a2fca760e3a7904fca2fa80b

SHA1
b637051510893c6688ef301bd59532f3255b3a01

SHA256
7833d6eb2a94306bd3d04cf593243cda062e5deb67528a767a43f42d8a12e159

SHA512
17740ac23a35c466429bd338214cff75d51321a95eac7785e3ff2b5597a1d6cc01a52bdfbd4143b0510affd86b4a892a6f0d337d057ee464d788abd8a4b7b2f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
318B

MD5
f428f79aeb6e06bab8d408f87b116fab

SHA1
d415f75330fa32cbd97e608c01108fec4f869e03

SHA256
53632b9cea1c4e1e1565e6b539521c170a04778fd34b03e8b121f09068b9ddbb

SHA512
8b9fb428dff29dc41670d47698b9ffc14ab88ece2ab725fc419aacc6cfa0291104806ad9ebc30e6cc23d04ed6dab41bb845915fb845fcb17896f24e2339320ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000013.dbtmp

Filesize
16B

MD5
a6813b63372959d9440379e29a2b2575

SHA1
394c17d11669e9cb7e2071422a2fd0c80e4cab76

SHA256
e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312

SHA512
3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
52269d0536612633c4ef89e90a3169eb

SHA1
dd48cb60e53fb8976928aa40e7e6fd56123da302

SHA256
ac7aa7dcb225c69ecbc36e78f1329aaa8f1b2ee8cf36aff61a3e86da8bc8768f

SHA512
c3f577edb9ab58594c5cb2188b34c52b8d34cb300b9b22dd5811a5764c52c2541ff13acdecbd8cf3b6493e266d805f49acf0a6ef5e667a3164e9227cc3745227

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
d757e9f525200060aefbd2e00bc69809

SHA1
ae551809c3435fe3e6716b76dc23b7294189b4ce

SHA256
729406f9e7c1e50d927d0c6916ee0a97eaa26c46e6cdecef7580e61b8c0dfe20

SHA512
50c15062061f449952bda82a8b0cd4bafe6f3f434f642fadb8017e65c09886bb4d0b52967c80f8fa380447c63d79b6518f605a3efe7d8eea40c2dbbaa0d41953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
eeb14d23054175c0eb899fcc98f9aef8

SHA1
5ed43c5acee89ced6778a1d6671a2a1a9334fd7c

SHA256
f80fd510f836352cd63ecb9e304eb0418edeae6a1667a2943d117d79d606cee6

SHA512
578b3f37b6d60ea9a92e8cd019d83fea17abe249ae536386f893acbdec3a772d7726efbb459fda4224f03cca1377b64ff9ef005bcda1563e70761b5cefb89d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
311KB

MD5
295b78f59eda28870e5495434e1e6580

SHA1
e14c130ef1e806406fa6e4dc9ca6dd9f18be373e

SHA256
8778aeb8c52d0da66d9afccccae969205bf28518e22d0f2dd8cc16bcde17b170

SHA512
dcf314b10e5e4947df9fca748a433e84515b9141320e9863392cf72cb0b64430a5774a2eaceba107533efa8b94ebc237b40aa1841f2a295c2695e39e6a5ac634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
c10b67bcd6832d20de5f455c35ea4aec

SHA1
55744fb050925faf7f29bf0e99d5ef00c174ff36

SHA256
91c60c1ed20db940c292978abb57504f63e7e2dd5035c3befed282fc7b4fe81c

SHA512
2e3bc4bdf1231663c3a40cfbff9bbc6ec7d4b6a572e0120021245e18a0b1fc79f11a1c8d778cbd19c034743bb6fbdec2a877122a99c12bb0aec444bd0765da5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\cc7cf14e-f35e-4ae9-8155-405ec693651e.tmp

Filesize
311KB

MD5
3c1a6b614564afa64f39a5c4efc6ffc9

SHA1
8855fa46a667640e2f2d6a4174cd69b107d31454

SHA256
004fe0f419bb0f1058181258b30246d2c6f75541ed9c7b9ba46ead6f14967ab3

SHA512
aa936ffa5b33b51730510a53097a600c80d97052545dd08be92db934ec4892daef2da7fcf433d6623d86fef02051496b871bcd90b8d7082f0b45ba8ce7a21ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d0738854-da09-4043-abcf-c3f0ae79aa09.tmp

Filesize
159KB

MD5
04147e766354a309ce9c9982a45bea37

SHA1
f9ad504af4b9281bfc86d5f2ededcf225eb7b237

SHA256
15e6a25d5ebc90d79684df31a0a193ac42e2180b0e45d1c97be6a4101267b17d

SHA512
42b06991a52f0c74e45d16d4c686b779056e7c7b5ef48e37b1c94691fe9acea5b96495b5b7dd18172e6aed7dc634a5edc8dbdc80e7b557c7787499fbc8190fd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e97f29bf-0856-4fe0-af95-0b41b7f87214.tmp

Filesize
159KB

MD5
0ef00a14fca74004a5b4f5470fe3fe80

SHA1
4fa01a3c661e7de7842a1b497da44807c8671bad

SHA256
48e15211748e51f2ef725fb1fb181ff0ed67e2bce29159a68fd0215c0d94b08e

SHA512
10dad059731ac11e2147ebce6488886d3099f1b838bc1d7f4cd3d8b926c13971b5fe07f51198f7b8b47ae380db29a4a0f560bccb68f34902331af5b22370de8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD663.tmp\ioSpecial.ini

Filesize
1KB

MD5
c2b0d6c63d9332e23430714a047e5452

SHA1
4e6ec5620900c64e140d94533509fafe9505ecd9

SHA256
1ff265b02ee1ed24adf5a00a0d6f8405f0f8006843aa64e48d2260b249a66c3d

SHA512
ae4dc251ed7de1acfac33c601c334e3be5873e76d629f9641306ca205764ba9c8d3d9cb6dd8dfb81509aed426cf1a1f6af984cb614e771ff71e4030f434b00fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD663.tmp\ioSpecial.ini

Filesize
1KB

MD5
f7c79aa25d99d5fa3ba338b315009476

SHA1
5c07f0455038a741b2c82b0a25565d52e174abd6

SHA256
7501e9d8fc4c6512a0c2e08f14fa3a669a02fbc49a8eca32d3b8930c9d5b199e

SHA512
2968dd4c7c0110dcb2421c5aaa861423f96fb7ad087c34feb01bad896a7fce71e935ee703271569c1a0bb22d0a324bd653aaabddcdc10a37d83a10e48034ac5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoD663.tmp\ioSpecial.ini

Filesize
1KB

MD5
ab246f11386ca9bc7f39df69a828641d

SHA1
dddecf13c8377f70ce41396515902f76489fe130

SHA256
77f4953227ec32e282320d318beda2231b67645312a60f2eb27b4aa1dd71f16b

SHA512
16d8bf5bee24bf102d1d40cb3280a237f5b7f31e393d6fd876facd8ff2a5094ad3742b00264e6cec3df24c086f02fbf8c83915199bc4f01086ef1d90624d8e57

Download Submit
\Program Files (x86)\Display Driver Uninstaller\Display Driver Uninstaller.exe

Filesize
1.5MB

MD5
963c3596fb48018d21df7c6c934896dd

SHA1
374ff87d9cdb10b5303ee040cec6a4a4cdd28c3b

SHA256
761f90c8c1745043f9908a2ae1765aa799e59c78c2a4eec59938631fd42f0f60

SHA512
a7658fe1c029067a43e8392b673a01da1affd60d48b6c42909c765a0c2c550ea05fa7526a3902b82195d9656f15fadac4478c7022cfb453de1bcbba8e2c98fe0

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD663.tmp\InstallOptions.dll

Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
\Users\Admin\AppData\Local\Temp\nsoD663.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
memory/2492-308-0x0000000001280000-0x0000000001402000-memory.dmp

Filesize
1.5MB

Download