0297a88c7c77fdd1809ed01e4e99ac5614b3ef9c4b81755645abc90e71b97e98

Analysis

max time kernel
48s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 18:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

za.exe
Size

5.3MB
MD5

6ab6aa05fc0a1b39e105907dc370ab0b
SHA1

81008d8923698e14572d29aaeda76c7f6ba6c352
SHA256

0297a88c7c77fdd1809ed01e4e99ac5614b3ef9c4b81755645abc90e71b97e98
SHA512

403853907c2af5723592369083ffab488abe34688dcf85b6090a07d27e24d88286f447e4d195127a5fee4d514b4cd71a7687d104db8f553d26771d9e5b9f44fb
SSDEEP

98304:0dGzVJtWzeffTjHvOImIQ7b14NwLhlMA28Wl80vUcs:3zxf3POIo7b14NuhyoWlbvUcs

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2960	za.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	za.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2604	chrome.exe
2604	chrome.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2960	za.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe
Token: SeShutdownPrivilege	2604	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe
2604	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe
2960	za.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2604	2960	za.exe	32
PID 2960 wrote to memory of 2604	2960	za.exe	32
PID 2960 wrote to memory of 2604	2960	za.exe	32
PID 2960 wrote to memory of 2604	2960	za.exe	32
PID 2604 wrote to memory of 2720	2604	chrome.exe	33
PID 2604 wrote to memory of 2720	2604	chrome.exe	33
PID 2604 wrote to memory of 2720	2604	chrome.exe	33
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1480	2604	chrome.exe	34
PID 2604 wrote to memory of 1388	2604	chrome.exe	35
PID 2604 wrote to memory of 1388	2604	chrome.exe	35
PID 2604 wrote to memory of 1388	2604	chrome.exe	35
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36
PID 2604 wrote to memory of 2376	2604	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\za.exe
"C:\Users\Admin\AppData\Local\Temp\za.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" about:blank
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef70e9758,0x7fef70e9768,0x7fef70e9778
    3⤵
    PID:2720
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1376,i,12406206312406030571,3159514615331731273,131072 /prefetch:2
    3⤵
    PID:1480
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1584 --field-trial-handle=1376,i,12406206312406030571,3159514615331731273,131072 /prefetch:8
    3⤵
    PID:1388
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1648 --field-trial-handle=1376,i,12406206312406030571,3159514615331731273,131072 /prefetch:8
    3⤵
    PID:2376
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2308 --field-trial-handle=1376,i,12406206312406030571,3159514615331731273,131072 /prefetch:1
    3⤵
    PID:464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1376,i,12406206312406030571,3159514615331731273,131072 /prefetch:1
    3⤵
    PID:1060
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1156 --field-trial-handle=1376,i,12406206312406030571,3159514615331731273,131072 /prefetch:2
    3⤵
    PID:2460
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3348 --field-trial-handle=1376,i,12406206312406030571,3159514615331731273,131072 /prefetch:8
    3⤵
    PID:2188
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3436 --field-trial-handle=1376,i,12406206312406030571,3159514615331731273,131072 /prefetch:1
    3⤵
    PID:1584
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=1376,i,12406206312406030571,3159514615331731273,131072 /prefetch:8
    3⤵
    PID:2700
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=1376,i,12406206312406030571,3159514615331731273,131072 /prefetch:8
    3⤵
    PID:2872

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d5b42cc44fd6c7fcba39b155ea262b85

SHA1
19bec892eaf3461b0b1d017e6c3d3925fa9360b6

SHA256
56c793ba4f5c57706b4a52d6ea89a47e5076ed457a21751f9039016e82fceb37

SHA512
b4f4981f4b7a71a4a0f43d22472e4177cd666b3ee27ee43aaf62dadf22d5ff358497d385d5882c64a77add2e81e3967b48f0db4dd46b8de238d45dfefeac9a43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
01df9d689ef15a95c87a3aefd16c9c49

SHA1
2ffa7eee15e5d12bd81e10f75940693e549be411

SHA256
f13ff5b02120bcd1bbb5de9ed5299b38f5e9974c482c93afdad80fa635ed6a0e

SHA512
ef7278dff337d05da200b423e3a7acf799bd0b4f0e0f1385c20a775ba13d35ae1dd218b78ad799d4c5978a1b7a69fe45c8c146952ac8b47804fc1ed27ffa2716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
accbc5520a62f1b4bda2089e7f6e822e

SHA1
6a381b8dd175ffebdbbb68bca441517fd91227d9

SHA256
e5c4909ed65e87af5b0f058f42721811b6092361b44b530f7ce9f1606347cd3c

SHA512
10051878cf3e74fdbf7ad4494aa9aee773a14e917bda788d27de252849fdae7c891772afc8ec958c25641390a8fb01d00133cd89474a79f44ec3897260573a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
170KB

MD5
d32eaf89960fec3f88d1f7d5353251e4

SHA1
b67b6acb66b8cb01d23a57a7cd383a92adc539cd

SHA256
bbaf1a5a17b45fec378ed23fe4187a82d88a188a207b54fa019f8e34c998d86d

SHA512
5460efb1ca26d32439aa591daa6e05fa838b1f24131248d3a26b6314eada5e65fdf2e4f2f516a5e32cb274adaeeb11b63b477e7d080d72d7dc3ddfa1685d3e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
340KB

MD5
cdf652c1df2b4c4942960c1aeb7469f2

SHA1
36225385b0a3a0da65905a1930f227d83b933f45

SHA256
ed91895b59d76aebc3b8071f828fd779e474eb5759384b90885b7e74bfa846c3

SHA512
4bfc467759401d7e26665e7521d9375482a5567cf6a9003cb287a966f526648785d0c05051aeea68284dba520fecf81b899f49025657cb4b12e92691f1d7461b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
357KB

MD5
a5cc6c9e7626aafe71802c453163760e

SHA1
8ce5459fb7fcb9bbc06a88c0637e63d8ae26946c

SHA256
fd2f4044710d9a02816f8010c4c9422fb5fc126d2d577b4542cd14279aa93592

SHA512
4d0c2e0fb7aeb23217dd8fffacb7a8135f52aeee1357a164cfbdbb389642f4ebb328d549e891cbd443375239961b48e35026d351b8b89906402ed60bc2b49016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
340KB

MD5
0dd8bd5cad612c1c913706aa23c05d6c

SHA1
69c42a170fe60540c2ef03152bb89493e77ecac6

SHA256
f665379d23078c38ba20d941a34b6dcd915ca8abba6ba65ea399e24f9bfeb6c8

SHA512
275a70262d34814a02a91b60f8e203740dcdd6562c54c59c22cd49533482ee4287b315816b3171ebac91d19f17b9a9f2337caf023a3a4ce25c41421dd816afb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\Users\Admin\AppData\Local\Temp\runtimes\win-x86\native\WebView2Loader.dll

Filesize
113KB

MD5
6e91d5628fcaf7a67cd8cca2c2de9342

SHA1
36818e155a3a760306d908e318f6327d635b7453

SHA256
dd4c6797ff04625934a14aa7b22d76b847c8b6bb1cccd7c587ee6fec6b636121

SHA512
df4e115a718224fcf9dc7315197b4c9135404018f0f6c176d5e826090d1b6f1dc70627c3c3b3834e6e5f721b9a809eca7d3c51a225f5b0f176ab72cd70e48856

Download Submit
memory/2960-13-0x0000000000CB0000-0x0000000000CBA000-memory.dmp

Filesize
40KB

Download
memory/2960-35-0x0000000008970000-0x00000000089FE000-memory.dmp

Filesize
568KB

Download
memory/2960-0-0x0000000074B4E000-0x0000000074B4F000-memory.dmp

Filesize
4KB

Download
memory/2960-15-0x0000000004E20000-0x0000000004E28000-memory.dmp

Filesize
32KB

Download
memory/2960-16-0x0000000004E30000-0x0000000004E38000-memory.dmp

Filesize
32KB

Download
memory/2960-17-0x0000000004E80000-0x0000000004E88000-memory.dmp

Filesize
32KB

Download
memory/2960-14-0x0000000001250000-0x0000000001258000-memory.dmp

Filesize
32KB

Download
memory/2960-18-0x0000000004EA0000-0x0000000004EA8000-memory.dmp

Filesize
32KB

Download
memory/2960-19-0x0000000004F40000-0x0000000004F48000-memory.dmp

Filesize
32KB

Download
memory/2960-20-0x0000000005650000-0x0000000005658000-memory.dmp

Filesize
32KB

Download
memory/2960-21-0x00000000056C0000-0x00000000056C8000-memory.dmp

Filesize
32KB

Download
memory/2960-22-0x0000000005D10000-0x0000000005D18000-memory.dmp

Filesize
32KB

Download
memory/2960-23-0x0000000005D40000-0x0000000005D48000-memory.dmp

Filesize
32KB

Download
memory/2960-24-0x00000000064A0000-0x00000000064A8000-memory.dmp

Filesize
32KB

Download
memory/2960-25-0x00000000064C0000-0x00000000064C8000-memory.dmp

Filesize
32KB

Download
memory/2960-26-0x0000000006B70000-0x0000000006B78000-memory.dmp

Filesize
32KB

Download
memory/2960-27-0x0000000006F30000-0x0000000006F38000-memory.dmp

Filesize
32KB

Download
memory/2960-28-0x0000000007280000-0x0000000007288000-memory.dmp

Filesize
32KB

Download
memory/2960-29-0x0000000007300000-0x0000000007306000-memory.dmp

Filesize
24KB

Download
memory/2960-30-0x0000000008640000-0x0000000008646000-memory.dmp

Filesize
24KB

Download
memory/2960-34-0x0000000008690000-0x000000000869E000-memory.dmp

Filesize
56KB

Download
memory/2960-12-0x0000000000DF0000-0x0000000000DF8000-memory.dmp

Filesize
32KB

Download
memory/2960-36-0x0000000008B10000-0x0000000008B16000-memory.dmp

Filesize
24KB

Download
memory/2960-37-0x0000000000940000-0x0000000000946000-memory.dmp

Filesize
24KB

Download
memory/2960-11-0x0000000005600000-0x0000000005640000-memory.dmp

Filesize
256KB

Download
memory/2960-42-0x0000000074B40000-0x000000007522E000-memory.dmp

Filesize
6.9MB

Download
memory/2960-10-0x0000000000B20000-0x0000000000B28000-memory.dmp

Filesize
32KB

Download
memory/2960-9-0x0000000000AD0000-0x0000000000AD8000-memory.dmp

Filesize
32KB

Download
memory/2960-8-0x0000000000A80000-0x0000000000A88000-memory.dmp

Filesize
32KB

Download
memory/2960-93-0x0000000074B4E000-0x0000000074B4F000-memory.dmp

Filesize
4KB

Download
memory/2960-94-0x0000000074B40000-0x000000007522E000-memory.dmp

Filesize
6.9MB

Download
memory/2960-7-0x0000000007430000-0x00000000077FE000-memory.dmp

Filesize
3.8MB

Download
memory/2960-115-0x0000000074B40000-0x000000007522E000-memory.dmp

Filesize
6.9MB

Download
memory/2960-116-0x0000000074B40000-0x000000007522E000-memory.dmp

Filesize
6.9MB

Download
memory/2960-129-0x0000000074B40000-0x000000007522E000-memory.dmp

Filesize
6.9MB

Download
memory/2960-6-0x0000000004F90000-0x0000000004FCA000-memory.dmp

Filesize
232KB

Download
memory/2960-5-0x0000000000A00000-0x0000000000A0A000-memory.dmp

Filesize
40KB

Download
memory/2960-4-0x0000000007090000-0x000000000720A000-memory.dmp

Filesize
1.5MB

Download
memory/2960-3-0x0000000074B40000-0x000000007522E000-memory.dmp

Filesize
6.9MB

Download
memory/2960-2-0x0000000004C20000-0x0000000004CD0000-memory.dmp

Filesize
704KB

Download
memory/2960-1-0x00000000012D0000-0x000000000181C000-memory.dmp

Filesize
5.3MB

Download