eternity | hxxps://github[.]com/HergonX/Growdice-Crash-Exploit/releases/download/Growtopia/CrashExploit[.]zip

Resubmissions

09-01-2025 11:57

250109-n4mdla1nhm 10

18-03-2024 10:46

240318-mt9kpseh53 10

Analysis

max time kernel
94s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2025 11:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/HergonX/Growdice-Crash-Exploit/releases/download/Growtopia/CrashExploit.zip

Score

10^/10

eternity discovery stealer

Malware Config

Signatures

Detects Eternity stealer 2 IoCs

stealer

resource	yara_rule
behavioral1/memory/2244-41-0x0000000000590000-0x000000000067A000-memory.dmp	eternity_stealer
behavioral1/files/0x000a000000023be1-75.dat	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity
Eternity family
eternity

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CrashExploit.exe	CrashExploit.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CrashExploit.exe	CrashExploit.exe

Executes dropped EXE 5 IoCs

pid	Process
2104	dcd.exe
5080	dcd.exe
4856	dcd.exe
2268	dcd.exe
2104	dcd.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dcd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dcd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808974434552541"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2944	chrome.exe
2944	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2944	chrome.exe
2944	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeDebugPrivilege	2244	CrashExploit.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeDebugPrivilege	4216	CrashExploit.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeDebugPrivilege	3628	CrashExploit.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe
Token: SeCreatePagefilePrivilege	2944	chrome.exe
Token: SeShutdownPrivilege	2944	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe
2944	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 532	2944	chrome.exe	83
PID 2944 wrote to memory of 532	2944	chrome.exe	83
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 1592	2944	chrome.exe	84
PID 2944 wrote to memory of 2132	2944	chrome.exe	85
PID 2944 wrote to memory of 2132	2944	chrome.exe	85
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86
PID 2944 wrote to memory of 5024	2944	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/HergonX/Growdice-Crash-Exploit/releases/download/Growtopia/CrashExploit.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbc44ecc40,0x7ffbc44ecc4c,0x7ffbc44ecc58
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,8629044746192429147,1209734825895050103,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,8629044746192429147,1209734825895050103,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,8629044746192429147,1209734825895050103,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,8629044746192429147,1209734825895050103,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,8629044746192429147,1209734825895050103,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,8629044746192429147,1209734825895050103,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4928,i,8629044746192429147,1209734825895050103,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:2316

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2380

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1124

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\Temp1_CrashExploit.zip\CrashExploit.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_CrashExploit.zip\CrashExploit.exe"
1⤵
- Drops startup file
- Suspicious use of AdjustPrivilegeToken
PID:2244
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2104

C:\Users\Admin\AppData\Local\Temp\Temp1_CrashExploit.zip\CrashExploit.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_CrashExploit.zip\CrashExploit.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4216
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:5080

C:\Users\Admin\AppData\Local\Temp\Temp1_CrashExploit.zip\CrashExploit.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_CrashExploit.zip\CrashExploit.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3628
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:4856

C:\Users\Admin\Desktop\CrashExploit\CrashExploit.exe
"C:\Users\Admin\Desktop\CrashExploit\CrashExploit.exe"
1⤵
PID:4652
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2268

C:\Users\Admin\Desktop\CrashExploit\CrashExploit.exe
"C:\Users\Admin\Desktop\CrashExploit\CrashExploit.exe"
1⤵
PID:4848
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
240f9d0c5bf8e6834d4dca8aec56b44f

SHA1
bb8cf602fbfea87497f2f9e1b5929894004b5a72

SHA256
588123c81768cc9484516d8147d16a18135978c6c75ebc518e7fd39afcbc80f7

SHA512
84c3a904af5374c1c142092c4d9a6238ac332e48df994a03d00c22a20183df4071f448c2752405972b17c587d90653297d4fde94fa0119d7f9a20ccbc7e1fe0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3bc100fa744221114040d6581cf92a7b

SHA1
d5d998c58644d1887e1cb6d0035eb4f3f642edd7

SHA256
fe698776eb8b4ce100ffc15529e7398a3fcd4608380641aabc121b3cdf540546

SHA512
b37c26f0b082aa7f9ff5e4551bcd9879bb50e1d5cd6efbbc6f4b17886eca513bcb4c3a91ccb1afb1f0b0c23cb0b5cbc929255dd777d12fb07c2bf31c71001bc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5d78ef6365e8b0092a9461e07171e905

SHA1
c853df359545ba5c7a458df5cc7432f7c0bdf658

SHA256
e519c32e812bfa8ac8882c5d2f3cb428354b9bdb63267a7077e7b87951eaf650

SHA512
1d6c0393e2646b00b9eea472527afbaafe13e2beb38a77c2508e0e0812c20dc12f2824118b34257a488ac2d1bca679809525e540c61fc08da74ced3ca2d14392

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
a131b98e1fc3ec52fcd63feb0d119771

SHA1
15b7e402042bfba94005b0c6cc9377181e063a0a

SHA256
433a09ae6380c3b42aa3a0aace93938d24fd57289090c574025403f71275f55c

SHA512
993b47aac4c17205ea646e25d5766b3fee1414b8fd25a1af6f7a07291b348de03816ea948dd3d995d047ce1b0c2208bd5ce97db890287326a404ef1f18aeb90f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c6aa401c6ea2e889159547eaf9c725e0

SHA1
3d4746b82c9b952a3451135e39722559b58a98a6

SHA256
ef328c1366f404a8c39cac9f6f34aac06ad91fe356eab1e2482609569710c724

SHA512
cffeac93ea0e1edb06e88acc9f312604fd732d9edfb505abfe443f8b0d3cd35acd80132db1fecbed673929a8664d1b76bd49f7de5c1261f0cf1ed77ce182925f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c8533a691efeb6bf4d1579c4320bfa5a

SHA1
ca7945d7255403f1a668dcc0491f92f52a2c6e60

SHA256
baeb6871af5176dbcfba5bc404fe41bc75ca8f3b44e1b24447eb95968fbbd64c

SHA512
2bcce5f5ed1a4d8844203d3130ffe95ad934ed829cfd9e46be3670984c289f9ae8e4679f3c1ac58506e08d29eb1270a241be8627451803a9113a8eea29bb98ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
43ffec37daaa6e0f507bf77a6df66179

SHA1
a4dbdf1bb931493868dfaafcee422fa91873e67f

SHA256
7c1312a93f6f52f1e04b5675b48f4ccdfec0beadcb9fa6d5dfcfbf08c603730e

SHA512
cc1069589e3e7c083633e0bf23a8ff732131aa6a3ee68b00a3c4a7424f062ee6ffe3932687913cbc5318a1816462e68ec76007ede7b5815b37a51b5d79fedf04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d1b0fa1a312c2fbc4c2841a34384ca4b

SHA1
d33b52018552ae4be761c2c3a4220ece61d02c0b

SHA256
14ea825df52cf6e68d93e4cd626e8db704d66ee47cbc08a98d20e70f17a2919f

SHA512
310ad8ccabdee6251ab8a1faac9a7b8af9b2f280b057716b3665b741c8b2cdf609be0cf9dcb5f915769c8e4844428dab8b2b19e10198a95638b42c4d1a4ed1a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20c29d7e428465ee2e1604449bf71ae7

SHA1
d5e9c2d57292758d526373a48e1ab14799157ea7

SHA256
321b742c98f50649dbaab43a34c9b564fb2db218ba29cf7f32daaf559009d436

SHA512
da601e7be3b48642fd76bf702e1a6faf5cb42c300af8e36909d39000a33310c0b0ed0bc748af380ef48f62daf1f2175bd6f437c7751be68dcd242b4bafed098b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7cf37ee3bf635ff496dce9d2a7714755

SHA1
a4f6e65e1cfb3017239c15db2525d2db9a09ff1d

SHA256
c58d4966418889761a3869d3f404fcf8f613d2dd19877b66e46ebef1473f79ae

SHA512
31c03f0a5f47b72cee10df9805060bcfb69b313f34da2a28de7bf2ebf1c9873d6606ce97af34112cbd04eaa7beb7cfcd03f114b50898d71077b8d6839a59a097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ae865f0c3285683b245a9375b4383dfd

SHA1
e3aa2a8178fe5f068994f26b716010b011dca659

SHA256
f7e6c4d578afdfd8d7935d0e35d4915ee25aeb8271414480e8d236fcbd627dc1

SHA512
ae1b0e79c3b0ce88949fc14637eb6d5d0ae6cfe7af972f5307f8678039527eb3486c82c7fb78b3bc177bf1b4584e1691e8f4c89f0cad9539c439c94ce486b7a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
4f14c094207d5359b8a1c9b1b278abb6

SHA1
159e6a148a1806f94915eaab48d598acd40a1c50

SHA256
5ed654d937d53e4934093e827598e9dfe91e7181b36bf4d9b54ed2e04f3a2e91

SHA512
626f0e07ca25e18ddfe03af0b92499f35f3aea2bb9439a1c4c4b616fedb369db2eca46c4bd014b25b5e2bec4917e56bd7aa6b162e3e7deef311782788d99e50c

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CrashExploit.exe

Filesize
921KB

MD5
b0176c7b27a4daadb7aaaf490509f692

SHA1
ddb81beaddbd6a21bfcfe95074937c76a1822f54

SHA256
6abc5c25ed96aed89de7074d1909b5e1ff30bf3bacecbdc179ec1db99f9a2eab

SHA512
c016d6a3545e9b69ab86381cb1fff9063c7dd7302e86331fb88b376c966aa4b71a4ce8bc8daaa02bf3696bab3b74c1d920fc06ae59068204dcf80326139ad905

Download Submit
C:\Users\Admin\Downloads\CrashExploit.zip.crdownload

Filesize
603KB

MD5
63321e8320e3aaed7c4672c6fdd76495

SHA1
4d434f402da0e6465fdad035b68040ebe3b9d9bb

SHA256
5913a8fe84b60b1cb65aaca798cd380ef568dc62c361add4b2b0b8460c80927f

SHA512
0cf0211f0e1a3bc058451adbc6f0f51ae0588563cc33388837e67e5699f421e598e5acbe5be93287b075e19efef4d26e4989510ab3a5f22d9b566e616cce0341

Download Submit
memory/2244-63-0x00007FFBB0720000-0x00007FFBB11E1000-memory.dmp

Filesize
10.8MB

Download
memory/2244-70-0x00007FFBB0720000-0x00007FFBB11E1000-memory.dmp

Filesize
10.8MB

Download
memory/2244-41-0x0000000000590000-0x000000000067A000-memory.dmp

Filesize
936KB

Download
memory/2244-42-0x00000000028A0000-0x00000000028F0000-memory.dmp

Filesize
320KB

Download
memory/2244-40-0x00007FFBB0723000-0x00007FFBB0725000-memory.dmp

Filesize
8KB

Download
memory/2244-62-0x00007FFBB0720000-0x00007FFBB11E1000-memory.dmp

Filesize
10.8MB

Download
memory/2244-51-0x00007FFBB0720000-0x00007FFBB11E1000-memory.dmp

Filesize
10.8MB

Download
memory/2244-46-0x00007FFBB0720000-0x00007FFBB11E1000-memory.dmp

Filesize
10.8MB

Download
memory/2244-45-0x00007FFBB0720000-0x00007FFBB11E1000-memory.dmp

Filesize
10.8MB

Download
memory/2244-44-0x00007FFBB0720000-0x00007FFBB11E1000-memory.dmp

Filesize
10.8MB

Download
memory/2244-43-0x0000000002730000-0x000000000276E000-memory.dmp

Filesize
248KB

Download