marsstealer | fcec85746f0f2a92b1268830d6d0b075eb9080707358b93ba5fbd917b1a0a8ea

Resubmissions

28-09-2024 17:55

240928-whvrva1epa 10

30-08-2024 09:50

240830-lvc3fsxgqf 10

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-08-2024 09:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MarsStealer8_cracked_by_LLCPPC.exe
Size

159KB
MD5

caa1ddfbbe03a5a5daeb718605daacb0
SHA1

1dc62e3529aaafb20c3ca16697deb5cf6792d83f
SHA256

fcec85746f0f2a92b1268830d6d0b075eb9080707358b93ba5fbd917b1a0a8ea
SHA512

fb805afdf01603eb5af3ee8807fcd42a04e49d3a106e945fa9ab57a68a5068bdfc19a685213d3601be228dfbfae52315953e2400be9051a283f6df0923518ce7
SSDEEP

3072:Um/E8k9ZjpIL+zNch12KbAwSaSbJSp8Bb8EG:N/E8k91zz6/t88EG

Score

10^/10

marsstealer default discovery stealer

Malware Config

Extracted

Family

marsstealer

Botnet

Default

Signatures

Mars Stealer
An infostealer written in C++ based on other infostealers.
stealer marsstealer

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

3196 3480 WerFault.exe MarsStealer8_cracked_by_LLCPPC.exe
4732 4300 WerFault.exe MarsStealer8_cracked_by_LLCPPC.exe

pid	pid_target	process	target process
3196	3480	WerFault.exe	MarsStealer8_cracked_by_LLCPPC.exe
4732	4300	WerFault.exe	MarsStealer8_cracked_by_LLCPPC.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

MarsStealer8_cracked_by_LLCPPC.exeMarsStealer8_cracked_by_LLCPPC.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MarsStealer8_cracked_by_LLCPPC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MarsStealer8_cracked_by_LLCPPC.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133694850780712147"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3012 chrome.exe
3012 chrome.exe
1076 chrome.exe
1076 chrome.exe
1076 chrome.exe
1076 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

3012 chrome.exe
3012 chrome.exe
3012 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3012 wrote to memory of 4584	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4584	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 4424	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3308	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3308	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe
PID 3012 wrote to memory of 3176	3012	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\MarsStealer8_cracked_by_LLCPPC.exe
"C:\Users\Admin\AppData\Local\Temp\MarsStealer8_cracked_by_LLCPPC.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 1124
2⤵
- Program crash
PID:3196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffba67dcc40,0x7ffba67dcc4c,0x7ffba67dcc58
2⤵
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,16062814626213240009,6265417827814863498,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1992 /prefetch:2
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,16062814626213240009,6265417827814863498,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
2⤵
PID:3308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2320,i,16062814626213240009,6265417827814863498,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2528 /prefetch:8
2⤵
PID:3176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,16062814626213240009,6265417827814863498,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
2⤵
PID:2148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3296,i,16062814626213240009,6265417827814863498,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3440 /prefetch:1
2⤵
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,16062814626213240009,6265417827814863498,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1
2⤵
PID:744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,16062814626213240009,6265417827814863498,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4852 /prefetch:8
2⤵
PID:3200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,16062814626213240009,6265417827814863498,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:8
2⤵
PID:4208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5016,i,16062814626213240009,6265417827814863498,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4960 /prefetch:8
2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:1076

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3480 -ip 3480
1⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\MarsStealer8_cracked_by_LLCPPC.exe
"C:\Users\Admin\AppData\Local\Temp\MarsStealer8_cracked_by_LLCPPC.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 1124
2⤵
- Program crash
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4300 -ip 4300
1⤵
PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5446aa10-fe26-496d-86ae-b789edc85fa3.tmp
Filesize
9KB

MD5
a9893ba898698a8ae42a95957dbcb474

SHA1
b1c92c1da66e6ac6bdce20aea6498e6c0f7a5303

SHA256
6c3b1fe196fc08dfd72b4866594d1d7dd75a3cace1729647298a8fe8ef5deb1f

SHA512
7e2ffeea76a8ac1e285d62c48082f973cf3eca6b08afbe15ef082b886c7dc20ec1d39bb67d9b047388518520290460dca614a5dae1386ff03608d77b39b0f2cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
b9f43f7f5767fb4cd9fe30c3826817d1

SHA1
b1163a64c9b6d8a355122db5e4f7808a602ebe2b

SHA256
a7c4239d5375396ac252776dbe7530a583bcceff26596b349a2bdeadf835e38e

SHA512
7b06d29e8da69a5226fe533434fce800a084468b53c11ba902731a89a2f88a075efa631c4e789409886fc8021e525025d0e126be1476fb2ced79242e38b54d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
ec302f007a39f4d5c695116eb764b721

SHA1
61d4ce30f313b2d8f8b47d717d98db7ad4a084ea

SHA256
593fab908f9e3238b406520f90d36f54a18bf4fbee75b4edf62a4464c105dcbe

SHA512
2f7e28000744424edb0daf08f1bb87f8838591a8f42c2c3c71efbf3cb08ba4ca734afba5bd41f417b3c879798abbe04f33d53cf5185d1c204d93bcd9b1dd29c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
a690e492527db2aa9cdf332820a4822d

SHA1
789e4bcc53d2910cac7c1324a142625b96be467d

SHA256
29d11016fe72fc5e0b3dd152bd504640028195f26bba6bcab1e7cc643c97fe37

SHA512
947518b0df902a2603b43f55114803700920e42283e0fbc811f0405f3aa250a64497eb09f0ad4721e8f4f423a066bab6f8138034b021f1c3f8bf4e3dc45825d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
14f35c4e57bad1a6a81bbf8d731d37a6

SHA1
c846424052b352c4f297d5fcbcdd0b2f70d30059

SHA256
019dcf30b231f42cb623a221542445ae3013feb96e90ff57d44eb7a8e8b2006d

SHA512
ed9e388a3456325d68a6002e85d076c9a86f03d8157161898ca140ed420a49e81632deb5e465ee5b05ab0fb5066a871c034c5f48453d12ff24168ec9d65e9863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
33ddacce14177436e1fdad4ed70e1882

SHA1
a3d32263ee050b569048792f27d3cfc8d0b93ac1

SHA256
fd4c4372de127de210a565ca7eb1bbcfe04593d07e2fa9507621716268d0b175

SHA512
b1fff105d1d26fbff3573d786bce4999c04fedad607fe6fea23c6620bc2ee3579e629d1c48d8f8d26a1d9daefbc76b631460a80205264158def6709156f996f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
f88d06c768f30d39bea5ee765c89f6d8

SHA1
9c5436895ea670e5678bcc862d5f872fcf610f54

SHA256
3d916c42e2ee03d1ff2c16642d26ccb7340a314e6583c5234a7ca14c0bd07315

SHA512
ceedf92274ea9972e4b699c4a2dc55a2a93d0a2c5a28c6a13a92d32b7b95cfe2523f35bff03bf8632d63758d579c51d5c3b0d84b426af5ce70ce5523cf1b6d4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
1415002850daa7947af08c5455555f98

SHA1
c0bb6db6568d7c92da90b5b6a8fcdc14e9090169

SHA256
3e650bc786388d61f728ea32624ad9d7cc7ae9c771ae7c85daa0695bbb751812

SHA512
7b6ffe93afc3c217acff1e21f04f615d3e6f73344199c8c9258f6d282f19d27e255720d56b9d09bda319885ee3f3b89d43a9071bc3437d7c40ae6dc8d5acb018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
08df6882f4c4fc348f7c4b9ec00d3d26

SHA1
2e622a1aacfbacdeb677a43454117cca61f7ad03

SHA256
706c04ab88ad79249add9408b489f82b243a9882bfca5dd2fe293d9b8d5974fa

SHA512
a7fb3684f587fd4f099cd301de3a15e92ac762bf4006df16c29dfcd6b498e3d2abfd8a893b6e10920d73ae047ca97b51d491e72c20ea70ecdc23a6f89422721b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
d9e440de906ddb7586abae289e8a8298

SHA1
b368e8025af8bd200c6b977cd59e581450297124

SHA256
1469ae07ea7ec4e17118c88bc92e51507bed71fe0424fbe67b4e6bf5872d24e9

SHA512
fa4d07d230a94bf8be45f84f84fca58d03d0c72646ca3b829d4fc588567c8da9eebcb18539765497aa1a375625c900d52f71376e6cf7e979aaadc4e4837f50fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
9f64afcfdf748eed6159e5cf6f9e465b

SHA1
8022011c78c3c3014c4aba4b891b3b25d4177c6d

SHA256
68fcca537301effc7a99293b4670f9ac1cb6217bf5d0ffb39d1b479a7cd2da6a

SHA512
a56a6481e9c4f5ca2cedf6ddf1d888e110b062367aa9d3a0d2bafd3b3e7c099a5a94afa4c92da28bfc14ac179c7e7989c6580dbdeac8ea2f051ee53856705cfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
58a0bd9dd42496c672aca2ab6303f989

SHA1
51764f5fd9056b660179ce5758014fc7b82dbe52

SHA256
93b851147465ed528eb249563bfcb598e0c63fcb0fa2f56b52c35df5f82d00a2

SHA512
86a90bb65d39bd5518db8d9bf5f82c8f65d6f1d46cca4305aced53a64c1401dc0a85da549e49e7c3bb056d1d1f5fd4ba1e94371801b9eb9f1cb22eb1eb56c136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
204KB

MD5
ce9b555543ba85f050e75c915cd846f5

SHA1
b5019cea6cae83957bf611a688a86024543d0db6

SHA256
85cf9b901d8c12b55d92b2db81a50ff0e101a6ea5f353228a395a377c96179f1

SHA512
4ac6762c992e90dcdc03a52ec939207c0ee5037dee4418213699d588e81262955ab62cce0092ff8feeb1ac22149d9a9d850c950d2b3cf2b13128759d826ab711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
204KB

MD5
35f0974ef9f03f104db9c441e68b0258

SHA1
253160c8ee12a528bec25f553aa461d7a7e3b262

SHA256
d654fea5c8bf6db468b33f1cafc00386217095ae861bf9b4f3100d8a2989ffea

SHA512
741e56b600ce473ec689135dfdb9cc1153ff38def900a90e4fdae92f65dc31b443a6c651504640763ed0f99340277d33ff25b24272c9d04238cab82773c91f32

Download Submit
\??\pipe\crashpad_3012_YQXWFDFRVVALLXFW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3480-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3480-33-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4300-63-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download