hxxps://cdn[.]discordapp[.]com/attachments/1053732193584824413/1091416131509690459/WINWORD[.]EXE

Analysis

max time kernel
309s
max time network
505s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2023, 17:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1053732193584824413/1091416131509690459/WINWORD.EXE

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
2716	WINWORD.EXE
4668	WINWORD.EXE
1484	WINWORD.EXE

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4544	4772	WerFault.exe	9

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247652379800397"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe
Token: SeShutdownPrivilege	3736	chrome.exe
Token: SeCreatePagefilePrivilege	3736	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe
3736	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 2008	3736	chrome.exe	85
PID 3736 wrote to memory of 2008	3736	chrome.exe	85
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2660	3736	chrome.exe	86
PID 3736 wrote to memory of 2728	3736	chrome.exe	87
PID 3736 wrote to memory of 2728	3736	chrome.exe	87
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88
PID 3736 wrote to memory of 4164	3736	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cdn.discordapp.com/attachments/1053732193584824413/1091416131509690459/WINWORD.EXE
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xdc,0xe0,0x104,0xd8,0x108,0x7ffb36b89758,0x7ffb36b89768,0x7ffb36b89778
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:2
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1648 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5168 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5140 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:8
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5392 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:8
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5500 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:8
  2⤵
  PID:3348
- C:\Users\Admin\Downloads\WINWORD.EXE
  "C:\Users\Admin\Downloads\WINWORD.EXE"
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5356 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1836,i,12403690374596225520,14777271413602883992,131072 /prefetch:8
  2⤵
  PID:3516

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2108

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 472 -p 4772 -ip 4772
1⤵
PID:368

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4772 -s 1748
1⤵
- Program crash
PID:4544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5084

C:\Users\Admin\Downloads\WINWORD.EXE
"C:\Users\Admin\Downloads\WINWORD.EXE"
1⤵
- Executes dropped EXE
PID:4668

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:4980

C:\Users\Admin\Downloads\WINWORD.EXE
"C:\Users\Admin\Downloads\WINWORD.EXE"
1⤵
- Executes dropped EXE
PID:1484

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f83c77d87e39423885581b43fb43533c

SHA1
395fbbf4a5031580ee8061039e4e5f4bffc7f813

SHA256
8c74a15a67c3e83eff8ec65f17b5079bd17f8f102360905c47b3d8a3ab14069d

SHA512
68eaae922cd2c6e1b232e201a29f5ada227dbba033f9c54626af1040033b9767f5e952dc3de5e169f6cfa73ceb98e647ff6ca42d384b3f52f8a52c221bb81923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce8424f3824ff9429159b39324aede03

SHA1
1b91a3172fc009b896e2e33c5cdd1fe2cce879b3

SHA256
c1d58d677fee39b7b6cba7f3057fefab3f4263df2568c4e8d99babcbf496fe61

SHA512
aade22d529ac5cb56cba6acc5bf850da8536f0600b935836f002cd2f1c74d4396be0603020a9a8a40116de65c80919535a21ace883bb8f2c284c09fd39f5f996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c2e436f3bf27126612ec428e75d6706a

SHA1
88099e159213c203630d12f7092c5b350d2915e4

SHA256
bbeaa345326cc865d0035341359e6e81ed688937d25dc1f0edaee0d270861fdd

SHA512
ac1a12151dd77b485218e63ceaa860b6304806bb56519780fa28a01a12be857340933dcd4404d31f32f0631954841946bdfa7f59b152d89cf8083cb906661868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
815b6780a3deabe640a2110c030f7f1c

SHA1
8c78a139bc54e2751ce6e6253af19ce0aeeb8626

SHA256
05fc2fa7a1862f17457609d020eac52e4af7c467ab53228c5808d3a142aec6a2

SHA512
a54c0c94c4ab5f2ba546b4f22b5c193daebd4cfa1cb7a77fa11d3f71dfcea77e4d5d8067b7157d9574746f41e2c4baa73ace5cc69ad1f0ab4996c319567f9671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
21ecd3231ead861714d6dedd3fa706df

SHA1
630c69c20dde0b50fb0d079bb70374baf1ff9972

SHA256
05a43747e3b094bed1e1e2b42f18c8ee39586a9ffa8776bb5a69c6f66c76c754

SHA512
35a31a21c0cfb74e64c4c301b705289f0b8ed1503906ee40a24c693acb4d1bafe719e0a0beba0238e014aa3dfd8b351a796fbe9788dbef3aa439e8fa13dec7e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
0ddc45fb3a3874dd9182addcdcf9aff9

SHA1
75a344d76f327a9467aaab205401ad39b7461715

SHA256
8f54bd05ad646c0be70a7a32bb0d4f9298970e06ca372ceccd29e79599635ffa

SHA512
120e3862117d7f08c26b08f58af2920bdd114bf8027cad025fd7f9ed0555fbb1dd7ad8c20e7d1271427ff36488ed69ce199365a43aea28452819ed123772cb31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
175KB

MD5
63ec0cde6fe469a54df94e82dc8e7fd1

SHA1
47bf53fc500c5ca771c969d117e2393202a54287

SHA256
2bf72608058a0816daf71f1c27c30af421cc99805654b15888440a1f31458425

SHA512
b2ec1d521c97f88c62dbd332fc55c21fdb05eee0a13ad66144843e6ef4912723daf1f2157212341ef21339c272bfb79e30ba3fc4adbd604771b001fde9667d52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
78fa2e9f122a6ebdbdbbb9c2e409277c

SHA1
9329bdbe3e33a7fb1ea77d778467daba605f549d

SHA256
5a6ac60713a8b2a22c07ea095a56c944e543e56dd45b126da17d4156c5f2a863

SHA512
f4eff79c9a33dba0c7e3e546eda75fb72f10ad68e1a864e47360a4e6c54fa6dcd751987cf8d35777687add97c0f56ffdadc7093a3e57d8921b400b2c6a83f117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
221KB

MD5
207f010a82aab5d4e7b18c56b808d360

SHA1
0b4ae4f2c18a0ef76b050a510d088efccba2368e

SHA256
73671e2b59283372b04789ee2353ec29504ef3c9f038f9ebfa1f10650f5905e2

SHA512
77e30ed7f53969f34d822a6a1f5b19d7ca291d6b00083275693d03ee1de34849980bfaa3dd1670d6738615ba8af7c53f213ff34ae499584292134b170bc6ab1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
225KB

MD5
5a13da779d6a58326485e0637a1e2c1d

SHA1
ebb6f733013b666bee6713373401f0ed54b684d0

SHA256
8599d5472fde953e79f98a911d84f850abb3c85353540b9682faad2db8251b91

SHA512
f251a519ef78b14baf1d4261056ac097075470b244aa4f08bbcbae8b097f69d9f6db26aa0f28f3eec68941529b0a1fb1d400fa934dcdbf8a21ab8b007108fdfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
a5a396cb6f5fe8e246121b4b3ffd8b74

SHA1
6a53db82a88c7bfa7bc5dd4152036d7fc71f6f24

SHA256
d4ccb8fecb6ce0b9ea8e3795bd1d2831506ce543d3059fd20fab9bdcc5a1ff36

SHA512
bb6563b75f0b9fcf08aedea6d6a7ca08561e86a2651359ae1ea2fc9c0742460e27098b253b145d9c2cee24110e06dd5548f456e1d868b155e41d00a40b8e42c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe56f32f.TMP

Filesize
110KB

MD5
aefc497e7cc4c9601e85a2098504942f

SHA1
90cf67092d528a7ca778010b0bc21d74406986a7

SHA256
57ee15896a67dbae9e0a2d3a285126f65effb8177a685e686e7380a1c28fc5c5

SHA512
ec81068bd609ba98ab7123d19166a132d1b44ec27f3fb959180289be475e6414be5194141d5485267ef0e26da69d93f2f426a15eacc68c6fbe3ee963651dbde7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\WINWORD.EXE

Filesize
1.9MB

MD5
c63e6c17fa58deaef044b159566eb549

SHA1
a5af9542c7f56cf98eaf01f1bbdc0bd528aee147

SHA256
74de25834cbfeb41c3053bf976f958dbe27def7b2e4d1e11d7d7d05f3700529c

SHA512
fd005b6d94192758ca136b638b0a78dd3e9f15aa1718eb43b5b42a63706523b83800151c56afa77d5a58b1bcb1e6cc4dc19d088cd38af45baac5c24b64d8be6e

Download Submit
C:\Users\Admin\Downloads\WINWORD.EXE

Filesize
1.9MB

MD5
c63e6c17fa58deaef044b159566eb549

SHA1
a5af9542c7f56cf98eaf01f1bbdc0bd528aee147

SHA256
74de25834cbfeb41c3053bf976f958dbe27def7b2e4d1e11d7d7d05f3700529c

SHA512
fd005b6d94192758ca136b638b0a78dd3e9f15aa1718eb43b5b42a63706523b83800151c56afa77d5a58b1bcb1e6cc4dc19d088cd38af45baac5c24b64d8be6e

Download Submit
C:\Users\Admin\Downloads\WINWORD.EXE

Filesize
1.9MB

MD5
c63e6c17fa58deaef044b159566eb549

SHA1
a5af9542c7f56cf98eaf01f1bbdc0bd528aee147

SHA256
74de25834cbfeb41c3053bf976f958dbe27def7b2e4d1e11d7d7d05f3700529c

SHA512
fd005b6d94192758ca136b638b0a78dd3e9f15aa1718eb43b5b42a63706523b83800151c56afa77d5a58b1bcb1e6cc4dc19d088cd38af45baac5c24b64d8be6e

Download Submit
C:\Users\Admin\Downloads\WINWORD.EXE

Filesize
1.9MB

MD5
c63e6c17fa58deaef044b159566eb549

SHA1
a5af9542c7f56cf98eaf01f1bbdc0bd528aee147

SHA256
74de25834cbfeb41c3053bf976f958dbe27def7b2e4d1e11d7d7d05f3700529c

SHA512
fd005b6d94192758ca136b638b0a78dd3e9f15aa1718eb43b5b42a63706523b83800151c56afa77d5a58b1bcb1e6cc4dc19d088cd38af45baac5c24b64d8be6e

Download Submit
C:\Users\Admin\Downloads\WINWORD.EXE

Filesize
1.9MB

MD5
c63e6c17fa58deaef044b159566eb549

SHA1
a5af9542c7f56cf98eaf01f1bbdc0bd528aee147

SHA256
74de25834cbfeb41c3053bf976f958dbe27def7b2e4d1e11d7d7d05f3700529c

SHA512
fd005b6d94192758ca136b638b0a78dd3e9f15aa1718eb43b5b42a63706523b83800151c56afa77d5a58b1bcb1e6cc4dc19d088cd38af45baac5c24b64d8be6e

Download Submit
memory/1484-268-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/1484-264-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/1484-265-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/1484-263-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/1484-262-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/1484-261-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/1484-266-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/1484-267-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/1484-269-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/2716-191-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/2716-193-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/2716-185-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/2716-186-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/2716-187-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/2716-188-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/2716-189-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/2716-190-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/2716-192-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/4668-222-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/4668-218-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/4668-220-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/4668-219-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/4668-221-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/4668-223-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/4668-226-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/4668-225-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download
memory/4668-224-0x00007FFB14BD0000-0x00007FFB14BE0000-memory.dmp

Filesize
64KB

Download