hxxps://archive[.]org/download/red-dead-redemption-goty-edition-xbox-360_/Red%20Dead%20Redemption%20-%20Game%20of%20the%20Year%20Edition%20%28USA%20Europe%29%20%28EnFrDeEsIt%29%20%28Disc%201%29%20%28Red%20Dead%20Redemption%20Single%20Player%29[.]zip

Analysis

max time kernel
67s
max time network
300s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://archive.org/download/red-dead-redemption-goty-edition-xbox-360_/Red%20Dead%20Redemption%20-%20Game%20of%20the%20Year%20Edition%20%28USA%20Europe%29%20%28EnFrDeEsIt%29%20%28Disc%201%29%20%28Red%20Dead%20Redemption%20Single%20Player%29.zip

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3016	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3016	vlc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe
Token: SeShutdownPrivilege	2392	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe

Suspicious use of SendNotifyMessage 45 IoCs

pid	Process
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
2392	chrome.exe
3016	vlc.exe
3016	vlc.exe
3016	vlc.exe
3016	vlc.exe
3016	vlc.exe
3016	vlc.exe
3016	vlc.exe
3016	vlc.exe
3016	vlc.exe
3016	vlc.exe
3016	vlc.exe
3016	vlc.exe
3016	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3016	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 352	2392	chrome.exe	30
PID 2392 wrote to memory of 352	2392	chrome.exe	30
PID 2392 wrote to memory of 352	2392	chrome.exe	30
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2828	2392	chrome.exe	32
PID 2392 wrote to memory of 2992	2392	chrome.exe	33
PID 2392 wrote to memory of 2992	2392	chrome.exe	33
PID 2392 wrote to memory of 2992	2392	chrome.exe	33
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34
PID 2392 wrote to memory of 2772	2392	chrome.exe	34

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://archive.org/download/red-dead-redemption-goty-edition-xbox-360_/Red%20Dead%20Redemption%20-%20Game%20of%20the%20Year%20Edition%20%28USA%20Europe%29%20%28EnFrDeEsIt%29%20%28Disc%201%29%20%28Red%20Dead%20Redemption%20Single%20Player%29.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6969758,0x7fef6969768,0x7fef6969778
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=972,i,14819501144048313307,13822743970672563721,131072 /prefetch:2
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=972,i,14819501144048313307,13822743970672563721,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1508 --field-trial-handle=972,i,14819501144048313307,13822743970672563721,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=972,i,14819501144048313307,13822743970672563721,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2312 --field-trial-handle=972,i,14819501144048313307,13822743970672563721,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1124 --field-trial-handle=972,i,14819501144048313307,13822743970672563721,131072 /prefetch:2
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 --field-trial-handle=972,i,14819501144048313307,13822743970672563721,131072 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=972,i,14819501144048313307,13822743970672563721,131072 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1972 --field-trial-handle=972,i,14819501144048313307,13822743970672563721,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3844 --field-trial-handle=972,i,14819501144048313307,13822743970672563721,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4004 --field-trial-handle=972,i,14819501144048313307,13822743970672563721,131072 /prefetch:1
  2⤵
  PID:1660

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1992

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\MoveUnprotect.aiff"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5a3b4d31941f808a579b9a72ed6e0386

SHA1
f269c6c80babd9dc7a2c31b381c5028ad6d7791b

SHA256
b0cdfdb15992f037cea4ab32c722cb825fbb574e3c1763c806f3c58164894238

SHA512
129e899ce9a00ce4efc08d9631cfb3cd57c7c95066af6d22edc9f3c23d60f2d055edd930d6571bd3cf21e39c7383adff439930de376c9cc8d280c4893f84423f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
fbf39747ec2be4e9f581fac2c607995a

SHA1
9a35d806e2ba936eaa919e7619fd1843d3e9aae6

SHA256
850457e3475b64de225e9da994452910cd9946284656ab329c09b28430b373e5

SHA512
e9220d132842eb56fe9388c72e2df1a75583e771799ce7a03dd0934e940d80c7a0ea280551b5e67167913bd9e2fd19629f2dbe20315ba4ee417f71682c669e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5175b303058f559fbc974dc61e0f26f0

SHA1
20d3aa331d8f6c628eec43a5648de2079fccf82d

SHA256
3861d26d5a5eb8387787e17b0cdc8a2117643dd11d94192aec8ec1dcc31e636b

SHA512
c16cde26c103516e600d3b8ae61934a90ac8d8db8109f9e97c2f4d553dbf338cffe96ae2ccf88e59c7f910769b8b1b35275e7d072c39d0a50eddbcbb961b2d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
632B

MD5
da57e71dfebce80ef933569bcd33838b

SHA1
401e0f80bae2eb3eed93607ac51c4a66335eb944

SHA256
51db6e300298153c0ce3d8ad671de54c12a3c36171d12d810e105d5b9d369989

SHA512
bdda6011d4f9efb19cccc0076ac7b5f7cb67af7b2a889e10f7c8345d82328321137df704c957329df79532b2eccedc53ab8ba5b2b9031c76c448c170f70c9ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
f228a8d527c2f8d8277c7f16c5f986ee

SHA1
d441fd8b9ed88c2c7d4cb3f50174d8f92e84d759

SHA256
8f25a39de295f051c6013054f2fcfb96f14d7fbb7b208ef7aef831a42c1adf9e

SHA512
ca87adf8e21520faacdd2308cd4369d48d18e72f36cbe2ccbc6ece379dfe74d4b6d9caffe10798d8b0ef6890c5c41bc37ec0b727defafb6f2894bb9869d04a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
689B

MD5
ae2c79797f11926d79903f616dbb1cea

SHA1
c081124a0c156055847cdc54692abeb3b6913787

SHA256
1a790cc31af6616ba9830f74bd8d715dee4cca08ae29d67fddc1a6a957c98679

SHA512
3403b995b3a1c88e19d7f2284fb5199d0c3dc719d69402b66459309debf16cce6043884f892a6132a4ebc66256972fe5b85c63c3bf7e62a201c43a8a391a06d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
515a815371d3252996e75c4fdf1d3a72

SHA1
8a11346e18e6ec44db65c74c1f9ac5bfb20f4c86

SHA256
051e56a74b11ce0da24a1c34baff4195bc3c51d3e3a153165f8afa45e5c7277b

SHA512
4b2f16f2976d1c48c850570c39ed418dafdf5996c5bbdb7c51d2c3c9aa3f6a8712eb606f5ec783034d528673c47d99e6a82a8b81771dbbe38a2499652d2b828c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
131c5498172dddd5961347741c6a96d2

SHA1
835718e2a634fe0b30ca1061118bba5ae650eb1e

SHA256
61f5d992e5aab9f52b5cac8344b795d7bebc70f92012a9e5cff04b3704a5e18e

SHA512
9b53c35649724c706e4bb59c3a4c50c8b7c881a319dcc40662bda769932ab8ff9c6f6444c6e7c88c26cf6401dd6994a043d5f0c5a096aecfaf0e363a5af16302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
55b5d8c5ffefe9a61b3347a986566903

SHA1
a5eece59426023be19e7842eb8fc378d899dd275

SHA256
6be6e0b5a7221fc96570c600b5d09a3cb224bcfdc25cdc76a6bfb2b400de6243

SHA512
bb8b42ea7ceddb66c5eddb5d766bec88b2c9785ddbc3f5fd1e40029019336cc344698da62babaf18d9d024fb23f8bbcb308178c7082a6016569fc426355a0048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
da15941555ba9d4d248e21a39f9ec567

SHA1
a49b72f352528c3b6022a61a1626ddfdb9f54064

SHA256
5d8169538b98421b9d889255b324cf7665ecf16fab07fc806db0738945914dca

SHA512
8e43989b7170d4f10bf6a8f915cf3cac3f5ad7b95d193e9136a017faf0577ce0851db3a16a7f0f6a4b7b15a0ba4b653fda1777b78e30313404a591a862691d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
d656b92708f3771afc9a083e81ec101b

SHA1
018fda8393ed893e380c4c29f1fccb3d5c240e7f

SHA256
a295fe7e036562dbb820cf4676b4b840cf984e66485124e800361fd5cc787999

SHA512
ec825757c13169aa0312b6829ce4e371bf934e4218ad732102b38318b1ff93af3d6541580c939d4a4a74d46448d00af03a65e9cc340b4eba295a47495c5b4590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
1d281832598d0a5ed93f688c3fb8f0ea

SHA1
6e0ee9c12493b3e844a079baa2a8bb0d30cff7d3

SHA256
d4170c99c588dfcdd0b2474916115f0c8f6f015c428d1b39ad355d949aec233a

SHA512
5eea3ce8439b1f0930dafb23750537a7f7fedd08e34b86f609598c1c9d135dc715223f0322abd867a17b277a247b2253f1ee3731248b81b2892811d6517b7615

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab94B3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
memory/3016-146-0x000007FEF2000000-0x000007FEF2023000-memory.dmp

Filesize
140KB

Download
memory/3016-133-0x000007FEF22D0000-0x000007FEF22E1000-memory.dmp

Filesize
68KB

Download
memory/3016-144-0x000007FEF2050000-0x000007FEF2074000-memory.dmp

Filesize
144KB

Download
memory/3016-145-0x000007FEF2030000-0x000007FEF2048000-memory.dmp

Filesize
96KB

Download
memory/3016-128-0x000007FEF23B0000-0x000007FEF25BB000-memory.dmp

Filesize
2.0MB

Download
memory/3016-127-0x000007FEF25C0000-0x000007FEF3670000-memory.dmp

Filesize
16.7MB

Download
memory/3016-148-0x000007FEF1FC0000-0x000007FEF1FD2000-memory.dmp

Filesize
72KB

Download
memory/3016-147-0x000007FEF1FE0000-0x000007FEF1FF1000-memory.dmp

Filesize
68KB

Download
memory/3016-139-0x000007FEF21B0000-0x000007FEF2217000-memory.dmp

Filesize
412KB

Download
memory/3016-143-0x000007FEF2080000-0x000007FEF20A8000-memory.dmp

Filesize
160KB

Download
memory/3016-142-0x000007FEF20B0000-0x000007FEF2107000-memory.dmp

Filesize
348KB

Download
memory/3016-141-0x000007FEF2110000-0x000007FEF2121000-memory.dmp

Filesize
68KB

Download
memory/3016-138-0x000007FEF2220000-0x000007FEF2250000-memory.dmp

Filesize
192KB

Download
memory/3016-137-0x000007FEF2250000-0x000007FEF2268000-memory.dmp

Filesize
96KB

Download
memory/3016-136-0x000007FEF2270000-0x000007FEF2281000-memory.dmp

Filesize
68KB

Download
memory/3016-135-0x000007FEF2290000-0x000007FEF22AB000-memory.dmp

Filesize
108KB

Download
memory/3016-134-0x000007FEF22B0000-0x000007FEF22C1000-memory.dmp

Filesize
68KB

Download
memory/3016-140-0x000007FEF2130000-0x000007FEF21AC000-memory.dmp

Filesize
496KB

Download
memory/3016-132-0x000007FEF22F0000-0x000007FEF2301000-memory.dmp

Filesize
68KB

Download
memory/3016-131-0x000007FEF2310000-0x000007FEF2328000-memory.dmp

Filesize
96KB

Download
memory/3016-129-0x000007FEF2360000-0x000007FEF23A1000-memory.dmp

Filesize
260KB

Download
memory/3016-161-0x000007FEF3750000-0x000007FEF3A06000-memory.dmp

Filesize
2.7MB

Download
memory/3016-160-0x000007FEF3A10000-0x000007FEF3A44000-memory.dmp

Filesize
208KB

Download
memory/3016-159-0x000000013FCC0000-0x000000013FDB8000-memory.dmp

Filesize
992KB

Download
memory/3016-130-0x000007FEF2330000-0x000007FEF2351000-memory.dmp

Filesize
132KB

Download
memory/3016-119-0x000007FEF3750000-0x000007FEF3A06000-memory.dmp

Filesize
2.7MB

Download
memory/3016-120-0x000007FEF3730000-0x000007FEF3748000-memory.dmp

Filesize
96KB

Download
memory/3016-121-0x000007FEF3710000-0x000007FEF3727000-memory.dmp

Filesize
92KB

Download
memory/3016-122-0x000007FEF36F0000-0x000007FEF3701000-memory.dmp

Filesize
68KB

Download
memory/3016-123-0x000007FEF36D0000-0x000007FEF36E7000-memory.dmp

Filesize
92KB

Download
memory/3016-124-0x000007FEF36B0000-0x000007FEF36C1000-memory.dmp

Filesize
68KB

Download
memory/3016-125-0x000007FEF3690000-0x000007FEF36AD000-memory.dmp

Filesize
116KB

Download
memory/3016-126-0x000007FEF3670000-0x000007FEF3681000-memory.dmp

Filesize
68KB

Download
memory/3016-117-0x000000013FCC0000-0x000000013FDB8000-memory.dmp

Filesize
992KB

Download
memory/3016-118-0x000007FEF3A10000-0x000007FEF3A44000-memory.dmp

Filesize
208KB

Download
memory/3016-162-0x000007FEF25C0000-0x000007FEF3670000-memory.dmp

Filesize
16.7MB

Download