83a5f942b2a15eab4826ef1709ec6a7f9637a7ec0fce16585776848797307fa4

Analysis

max time kernel
49s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-10-2024 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hvtrs8_-lculcjep (1).exe
Size

32.3MB
MD5

4f02ac057355b5dc73ea28aecd2d56b4
SHA1

32591cb75779a3e308a44e75a76f821e7dee11e0
SHA256

83a5f942b2a15eab4826ef1709ec6a7f9637a7ec0fce16585776848797307fa4
SHA512

9eb08f85559df6af9192bec8904097d4e43a832ba9e9cc1c7be1a366af8d103c3a6db3886f00927ae5eb62055fbc770c7b5a3d2a122a0b460b51136083015368
SSDEEP

393216:nbekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9ye:6Zn/G4Gqk1cWe2iTVCMue3E

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2852	2736	WerFault.exe	30

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hvtrs8_-lculcjep (1).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1648	chrome.exe
1648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2736	hvtrs8_-lculcjep (1).exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe
Token: SeShutdownPrivilege	1648	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe
1648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 2852	2736	hvtrs8_-lculcjep (1).exe	31
PID 2736 wrote to memory of 2852	2736	hvtrs8_-lculcjep (1).exe	31
PID 2736 wrote to memory of 2852	2736	hvtrs8_-lculcjep (1).exe	31
PID 2736 wrote to memory of 2852	2736	hvtrs8_-lculcjep (1).exe	31
PID 1648 wrote to memory of 2848	1648	chrome.exe	33
PID 1648 wrote to memory of 2848	1648	chrome.exe	33
PID 1648 wrote to memory of 2848	1648	chrome.exe	33
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 2988	1648	chrome.exe	35
PID 1648 wrote to memory of 3008	1648	chrome.exe	36
PID 1648 wrote to memory of 3008	1648	chrome.exe	36
PID 1648 wrote to memory of 3008	1648	chrome.exe	36
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37
PID 1648 wrote to memory of 2472	1648	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\hvtrs8_-lculcjep (1).exe
"C:\Users\Admin\AppData\Local\Temp\hvtrs8_-lculcjep (1).exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 1108
  2⤵
  - Program crash
  PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7b39758,0x7fef7b39768,0x7fef7b39778
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:2
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1428 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1580 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:1
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1692 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:2
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1528 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3112 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3692 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3512 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:8
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4068 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1912 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2304 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3656 --field-trial-handle=1284,i,11836905248943320990,11887758511048075435,131072 /prefetch:8
  2⤵
  PID:1640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
232KB

MD5
32e1efd129c6fa06d7a88ffa97e7705d

SHA1
d3dc9e1c0a53de109e075fd939cd16b30c988c17

SHA256
ea507c441544b4e0ad272c51be61c2bbfb18a0e907014870c6c0ce8df8194c93

SHA512
0f4143bfd62094902c51a0e4fbe5cf519eb53a7578688f8972be40c2a9404f41fd2596fbd6423bae9fe75036d54f7e8cfcfe39decf135379787ea420bbb1aba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
20KB

MD5
c81b620f62478ae71d3f19a691c3f7b3

SHA1
1e9b87e78c706b712cc6765288102d77e08b4927

SHA256
c10d789b9a08aebfbbcda53a5ac6ea4dd1adf5edc0afc0512f8b872946e4231d

SHA512
2cd4c0da0f9b466a83a16fd8a6ce0b8475fafb0fe7e3686e7091e67b6679950119eefd4abf27bdf8000fd2003cdb8e0420b5e1ad5064e1a204bdf8cbaa136fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
47KB

MD5
d4573f829b4f14307ba330cb30e84a4f

SHA1
914f31667c202743a1f761d6e5d97af867692822

SHA256
153998221610cf51fb52561639d94a86a7e027225571296ce96aa1d716916828

SHA512
a2df48fdd73f7615c370c063e175d76f35c3e73e6c7b06f8c96c222b0810ac0694044084dc824f57c4a67dc783fcf92412c89927abb358f2c4af260bfca737bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
607KB

MD5
0b2cb411df0c267c83abb83802dee87a

SHA1
cc65aec20bacb8bee07f10981658dec751b6b270

SHA256
77177367eae44aa70ec5fd107ccd6c589092ff93e9166b9bdd19a0477d2d2e42

SHA512
17fb4be12d013d7fc19d6e26a6e25131e88ce6272fec1bce23a94d6a6a3e309ea9dbad75fe91b80862fc014de1687016b3418215d962836bfd0d536c4f95b22c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
32KB

MD5
4165e15c0e8e7f5313aba85f1fa09233

SHA1
15566d6448757cbbf77ba502d1451b9751a9de0d

SHA256
cb66c6e5653cc31df85d918477a83b8ce0e896f5bdd5878a09d00810eaf9ec90

SHA512
ee14c5f30f35b0e40d8fa082fbbbba642943d1c1039f7bf8c37ef83fedd15495946150074a1c4b603e581be3029ef9fa1e78e235286aaf276899823ce025bc19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
33KB

MD5
0ceb818a26c32ccc800255c207c0afac

SHA1
ecca1bec3f2eb5c5c444eb86a9835ed4ffd9766e

SHA256
b8f195a536a61525543f3a65ec2d11ec9cc27c2c18b74def7ac218ef4fa41124

SHA512
8f89398cca104d6fe7b4c3e7d86cdb6b401f1368ee711b7650c19a688dc616c36093aed2bf0a4dd27a269cfd6946bd3b4a435d4f9d6f2f48eab8ceb3803695f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf77b819.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
4cbd513d10dc007c7a7717f26eddd4dd

SHA1
4e3997df8d224ce4b9a7b1e439c1dc3f77242a7c

SHA256
8b4ff7e5d5ac49866a49b0d31b6f1ecfe418fed0c6ba980be83a7e3d1085a679

SHA512
c141f42cfa0ed03244a472206c6a0a0205ebddf33cc10de4eed1f445b2f10c31caa925bee5f2dd4c329a696f7b2ac6a7d478d0398a738e694cedc9bbf8b752b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
fd1c72abc1795a37ba9d869df5e715bd

SHA1
50c33de529bf3a34975cd6aa9fe14ce94fbf92d4

SHA256
2d1ddca3964e47b3128694a43c7b4f53a48ceef35f6bf37f254e5ab7d7f1940e

SHA512
f6c43d9edee36960c88fd172afc8d11a8c56cb40a902ba9623fb712d6d0e2b7d44304671d1d7c112f83f7aee04f8aae24a3a4d75206b7f76b376503c280f4d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
274e2914be4380fd6b3e966ad2f92d9e

SHA1
6c3753c6cc3cb725d7fe9746a6525472bc116101

SHA256
962340c779aa5973843168164e1c08ff32b7e048691dfa0ceb0aaeb0532f2859

SHA512
218de2e1ea5a608c4979493cfde32138e00381b683bef9b36c29c59d55b457aa641fd8b8c08e374f33213ae5f0b3efe17e39ff8d445392a6ee153fafa1d44b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
92b507004b63c12b8a89b728408132c6

SHA1
d3cfd1be96371716aa81a093c1df583ae7f1760b

SHA256
9c47df55670beab9195de8064b67c347d57af678c44a8d3edcac0f6e3062cf15

SHA512
a1d547652db7dbd38b1238c8d8074bc1e614b322e43e44c66fa3162bf0bfec09ce6151ace07cd0e14b24e1baeda37652e591626afd1e83375afcc49b509735bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
75cd9f5854c50195a7b779c40fd398f8

SHA1
3feac0731a6099a83ddda375c9371fcb745e370c

SHA256
64e0869a12563ab138dc653be00b8c0c5661baa459e766c343c4caa12452b1a2

SHA512
22dfc48094f2acbca1fb03c999f3e34acc183311a9cbd70a42ee377bb0f6a812004e84cc94200c5705f2a727a6617eaa6b712b0b5b60be1280cc2624dbc65ecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
513d733e2438a804e645e672df77dc49

SHA1
3507208d6570af061b1c6901fb9bec4e03ad9d12

SHA256
ae63fdddd5b51db30b1a46bdd60ee6e695e6036476fa2ce593c1e9229636ddfa

SHA512
c48c754c05388c4bab29d5522bd715e92061ba74aa9446e99f7375df2204564281427d38ceae0eb03d99dd4c2208931e5ea4e9adf5fb1204b95d1ce3639be5ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1d5b7be3-51a0-4d22-9a21-15cc42961b26\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8dc789a0-b43a-49c3-85f8-2fe7a62c1101\index-dir\the-real-index

Filesize
2KB

MD5
1342eb5577effec306298b6367654d1b

SHA1
5358f5935604e21a4bbfad0a31fe62705d7baf7c

SHA256
fcb55a27542ce6349708e7d408b21c8c371fde6528bed7de5db66f80408d006d

SHA512
e4964542059908a1b353e6404d1969b01e5efcf3df3f296c1a870477734323350cd06350ca9e855357fd8b994f3e059617c0a7a81088b9a070718477ad5b3701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
dfaf147ac05513d4cf89e6eec158ae3f

SHA1
950d8a5d561f6480407482e69c30016529b1e002

SHA256
05d8562f2243623c2da340ce358b4e79495c07093eccad308372acf84f50a6af

SHA512
674c223c6cb8055c374f564eaaeec2bf22bd669721f484095c4e61700988083055aa7a0b5ebe5ca03965398629d880c691a68248d1563e07cbf147597517ef1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
4821731231f23343093e98246969dfc9

SHA1
287fbdf02604b4e4258aab63ec2dc7f2d1421762

SHA256
076cbd00f8dbda8618101df5b4e749d764c2436102c00760dc61bd92f03e8364

SHA512
7146326c91c427ae90ceaffffed23d41baab50f652d6bd872099c78d77d6d0393e7122197e18fea7217361c30d452dc15c964e5f9667282677baa0c0775db454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
91e6dc45878c77aa092e7e2d96477ff7

SHA1
4ec7bcd2560b6f04cab7a63a9e76a28fbd640ce4

SHA256
bcc3b846e4504bb65b3437ef4bc4bf615ea9ab5c989f5b3513d5b34a81c7490c

SHA512
eacbb911be9b83a925b3d13d5423b2f36f29c5e4f848eb64672e8595ef2bd85639cea4f202eefa56b348a736ee699685bb397162d46cf89a704e4539b91378d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
ab542a249337b9572a9a5d94c02ef694

SHA1
223ecd04c89f3cac470495056eb0b1bba6d4103b

SHA256
3bf2cab7e0225c84ce71cfb4fadd3bb55d1308721e03f9b775f5111426306c0d

SHA512
e908ac7219a7ddfaab54a595ef10f72043444511084c238c7193e0830b5cd7fbedeb5bae579f3a3581a68ca0ffca6672df28eb7a01a03566274c597d96ca2a27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
cb42a13920ea1a816dd94feed5498060

SHA1
2772243412ebdb397dd74d149b13a1f297d358a2

SHA256
9a36cd9b64e84de6a44f1f8cf09bdcdc9ce72db8026765f7cf438d0266a620b1

SHA512
51d4a60ab3060e007fa91b20886b3b800b36c72c60cbdc3e5a00846159b9f77d926fcc28d13e0299564629463a964bdc3e8eb10898e6215c28272932180ec5ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1648_1377409620\Shortcuts Menu Icons\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
memory/2736-5-0x0000000074D30000-0x000000007541E000-memory.dmp

Filesize
6.9MB

Download
memory/2736-4-0x0000000074D30000-0x000000007541E000-memory.dmp

Filesize
6.9MB

Download
memory/2736-2-0x0000000006990000-0x0000000006B52000-memory.dmp

Filesize
1.8MB

Download
memory/2736-1-0x0000000000E10000-0x0000000002E66000-memory.dmp

Filesize
32.3MB

Download
memory/2736-0-0x0000000074D3E000-0x0000000074D3F000-memory.dmp

Filesize
4KB

Download