cbda2a0775ffcf5547d353be9b1e4a10cfce39b17e6d512d9e83391103b2b7eb

Analysis

max time kernel
1684s
max time network
1731s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 23:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Anne_Frank_Panel.exe
Size

21KB
MD5

59bef14876881b838e82b946d9c5cbf2
SHA1

9577ac42c6fa49925366e703b44a07c5f5b7f66a
SHA256

cbda2a0775ffcf5547d353be9b1e4a10cfce39b17e6d512d9e83391103b2b7eb
SHA512

c1b25b0952c2f3f712646e861a8e3979f94a17df81a47d55530ff1054d4eb12654af87448d98bb89ac4f9bd6e6826b6225668702de73f7d1fbcc00c83d4caf51
SSDEEP

384:zmRTf+OPMY+JigV9j2cf2ijuokwlwAmb/t+aCKjTfeM+61khPxwHucU66ccup:B2NniADt+kXS4khmut6f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4840	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4840	vlc.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4136	Anne_Frank_Panel.exe
4840	vlc.exe
4840	vlc.exe
4840	vlc.exe
4840	vlc.exe
4840	vlc.exe
4840	vlc.exe
4840	vlc.exe
4840	vlc.exe
4840	vlc.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4840	vlc.exe
4840	vlc.exe
4840	vlc.exe
4840	vlc.exe
4840	vlc.exe
4840	vlc.exe
4840	vlc.exe
4840	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4840	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 2964	4408	chrome.exe	92
PID 4408 wrote to memory of 2964	4408	chrome.exe	92
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 4960	4408	chrome.exe	94
PID 4408 wrote to memory of 3932	4408	chrome.exe	95
PID 4408 wrote to memory of 3932	4408	chrome.exe	95
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96
PID 4408 wrote to memory of 448	4408	chrome.exe	96

C:\Users\Admin\AppData\Local\Temp\Anne_Frank_Panel.exe
"C:\Users\Admin\AppData\Local\Temp\Anne_Frank_Panel.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:4136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffa7fe69758,0x7ffa7fe69768,0x7ffa7fe69778
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1944,i,1154873618022047057,15692784019824791636,131072 /prefetch:2
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1944,i,1154873618022047057,15692784019824791636,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1944,i,1154873618022047057,15692784019824791636,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1944,i,1154873618022047057,15692784019824791636,131072 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1944,i,1154873618022047057,15692784019824791636,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4728 --field-trial-handle=1944,i,1154873618022047057,15692784019824791636,131072 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1944,i,1154873618022047057,15692784019824791636,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1944,i,1154873618022047057,15692784019824791636,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5332 --field-trial-handle=1944,i,1154873618022047057,15692784019824791636,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5424 --field-trial-handle=1944,i,1154873618022047057,15692784019824791636,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3548 --field-trial-handle=1944,i,1154873618022047057,15692784019824791636,131072 /prefetch:8
  2⤵
  PID:1556

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2424

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\WatchStep.mpg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
9651d458927ecf0deef0303c1ba21cb3

SHA1
55da019055a7c8dc035577bc8c1fe4329b55d250

SHA256
23bd831872b12c9646f67273fc2af46e63b982ebe3ee9893aecf806f2b54894f

SHA512
99bda8d60beaf91c46299b17be4d4ec73afb1802381edabea3bccd0cce6a50134b2097b899108378157767f4b4cb9a4a5b940de871e39c83af28e6b1f1906c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
addfdd1f15d9c5d40e65581fc52d4bd5

SHA1
c63c7f5f58e7307452ddf98d88785e08b97dde6c

SHA256
3d84273b5a6ac30763ddfd21dc0019af7410101ac96e5d615a41553c51d7c464

SHA512
96abb94a68b908aa6cd931e91fb3178fdafa337f323ceb4772aa6b4ffe02912ea0438f6571f560375e5a48ab986049e845ee01a98f74f605fcc2addd2464f243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cebcbd80c461bd78a8effa507f67435e

SHA1
24d3ca6eae90dbf4ac2c0d2e6de9a76be47171a3

SHA256
2b5dc5e1bbac3e2dd7c71ee005e4df28a5dc8e1dce19e816cc1f1cbf761f0282

SHA512
63d1ee9c2a6f3af48f6c29b4dbb7a487cf7915d3795031de1f9bbd0cc2b4d594392c43b66f428e0a83182c25ffe9bd49420c91cbc106f9f771470dd838d64836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
130c6902bbab020981dc97a8facc33a1

SHA1
320a16caa809fc150f1bfc16d66ee2d202d58caa

SHA256
40d4c7b5b9769306809ee8d1e574eed858d84b67ab84f9df6e0146d92624e708

SHA512
970af57b6a9030fa939c41fb75b7d012995b6a8da59a5a9dc305894fc06aeb55a1ebb06982b1496d60ffed181bfa9618de9a57b1fd3afe12e5b94c8cbbb55943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
3f6b29eaf8d669512aa6bd43b3f334fc

SHA1
86800afa47b5f3b76069f9bad63e15cb2f2df0d1

SHA256
4a3b444928da5258832ef324fa382fd344aef55ea96b01c119e222f062d03cd3

SHA512
14288236f180e54f0e2ee97b96c614af3536a391c88876ca78c5850235aff0a36f8e2c75581ebd37ed178e732c9e4743a7a8e7d486ec271eb65028ead0bd69ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
e2bd80513803281b51ac07ea7b013386

SHA1
a3a3ec476b780b1c50ff0ace29eff2ef3a53bfad

SHA256
c5ef5b9c2864578ae63a18bb354d5dd6b1576c15dc0fce51f7f6fcbcaf1fc46c

SHA512
40ff0ccd50e4d433ee3148b018525920bd1adb9415aa68f625b5f3fa4e705f3825e60af8f73bbc178b82cd50c54817dbcdc88cd2f7af5e023cb67ef192fef429

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
44b8c2e8204e9b7c83956fe616691279

SHA1
bbac9ec6cff8c70d9ca4ad067919b9c567ac153c

SHA256
66f709838ce075f38b260cc71f778d20c52332fe0e8ff6e3b221f5f7afe054d6

SHA512
9026f01ce8892de5c04cc47849db39c6d1546bb8c9cae196c40b5a8197eea6490527523eb1aa87bc810ec5a6a13c49a9f72acb26f473840122fb0dbe132cbf80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
f5c9ea01208dc7befc8aa8954ea7145d

SHA1
00795a4ffad2d46932ca4f80e4c8fe61b9ef8c90

SHA256
14fcbdf6dd6cf05bc0a7fd1e7c5000f1668b03bd7f7363ee203e649934bf18ca

SHA512
d1c254445eb51c94d90c5be6d33f6f428d911f4d137eeb4b59e11755e72898da8d2f492a84457cc4a27b1b0cd29bfb1bcef10641a1715eaeb5417e31277e59ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
fed12e5793c17ebe14470bdd634aef96

SHA1
37e90c53c2a133792283f70c5f0c5b1b8ecfcf28

SHA256
923f4eecf820487e08f649cc7536c1c9e272349c7d2eefc2c13ee0e19c838737

SHA512
07874be858c64b8f40307a47126be7839be077cbf536a62fc4ad8d10d80d20717ae01b54679d610e8f8804a9ba1c85eec0a0e053e5a61104ad2f98abee8ebe4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
090859265b0de31dcc606d6cb6d42ade

SHA1
309df034e0c10096071dda3155d0ea8e41cf3b30

SHA256
289740721d6790ea9e86f163b8fad53eb95c775fe0db471574925ab99ed65fa3

SHA512
608ff5f903ba16f6279ff3be6e03bb42e20b72965256b8c2d13b4de916d3385780e63aaed15a887a07c487610246b449a43603f72062e53af822f0b520769635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
5932bc3bec8d5d101885d450067c329e

SHA1
50b8ff5a8426fa60861efe9a7e6a5e7c6554af56

SHA256
a24baa6eeae5b2be7f8c55f889b476972670111f255141f741d9d089b1fc1175

SHA512
cbafef0069e852cb94d6b05c9218ce9a7e741479a5490b64a3e1da6778e6b8914b51c0d0ad8f5fb9f6cf753ede911617836e2afaa08ecfac894fa55719117e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
24f6eef8407dabd9f7fb6809a228ffda

SHA1
13c86d4ba45dff4f83c05d6bea52e95718f081cb

SHA256
0f407d0ce1e20e23e2d80f3290d478c2843a24c0cf8f448aa7537a4958204820

SHA512
d2ce573ac8a9c4defe8a2aee234b8e2661871455c4eb060ca6025ce13c021ba8eabbe8278a1c676cb639b5682b04aee98c6af474fe3cf5b5a2925583c6f2a54c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
e9b77f6be31d82657e88a8755d144b64

SHA1
ee276cfdaa0eee2d567b626f00dfbbb56156ad0c

SHA256
7e0eb852e1b1214a89e4c13e4b35c166c08e6a3caab904e6cfa5597e79314efe

SHA512
f660b27915190a0e7a2d90c7d3ec3deb52d49be1453f1249bec0aff8e6a939d8b0f5bea2722e0ea371ea8d856ba355cd998d87c4d05776a24162f7f0c4babbd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
e2f5062dc6bed1d162ef88dfadc64142

SHA1
04229de622b67e2af7ab486a5cd97d24b690cdb4

SHA256
6836c54c87001bd2791ba9b657524eb09a22642c753cd595439bf75fcc654126

SHA512
c8574dc6459c8326031dd743e54ff2f93b4c90cd0350f3f584cd380f97b13d7794cf023b6e3558dd43691e3f50b1e1cbbb7de7aa17b006411ffe3f5dba62f50f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
588861f3ad8b94c741d950015eee6bc9

SHA1
5a88f69b94c81be9b7e1ba66187e7566c171a581

SHA256
8ece484a18d1bc05705d782f601854c310bc539cb33d1ccc51f3369e7ded8a86

SHA512
8ad8b8169989c06a6b7650c12077c03663c225876a1ad7fa01cc0ac4d3b57376a9680a1b89fff921351c38f9aaff7ccc30ca3740f0dd154956eed64d7da12c16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dbd9dc04c4261c4e445eaa0c072ea521

SHA1
5515eb71570cfaef2598ad1f82b66a38678da722

SHA256
0070cd0d97d0461a84dc0c2a84eaf91067c980e8f0614dec286894614aa7e62a

SHA512
0c09ba6eb63dfbfbd506e05bda523395e0fde0cee9936b38caae15ac265d7c3a108efe37e206102d7c696555423300576fbbedf77affa6abd8fdfd5434fbdc88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a225a3141acda421f772f44083fab3b7

SHA1
dbb6b3d4fc85e36eb9276ebd4e16e51ab03b6c4d

SHA256
7eabbe4ee10086654eeb5df64544009f86cf43bb1ac9a5d5029f8191d4453547

SHA512
1744ca26be693b83a3a183ff519f9bfed6d5271206ba1a662f8c2beeb979cc4b08b3d73f662fc882271b0385e3c3cbb93d7fab19aa1856c739dbd953966263e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
e9521f47fe544a8bf149c2098fb874b1

SHA1
07e2b6bfb6a5baf66d76a5771b45ce954ac880c0

SHA256
06893bf50ee38975535af86ff024223df9c458bc643b9eb9a14db8ac555d107f

SHA512
3254b2ac98043021a9a824ecee6f04dd8efb596cc277870d637e479273e562365132722257f82e14ae7f858724de73a555a03429f2e908b10d9f9a0bc694905d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
b6fbb325f46e7436665d3ee0b7e5b97e

SHA1
a55f597aa1f8c3e93fc0e8df2076dccee1104575

SHA256
40450970455f0202205ef0718a35b2b0c276e2cf6c35ec6c79816966343f22c7

SHA512
447066c0cd7ec974f497b9ad13a1748ceb7d4e29c08978c1c25a381fad26ef084d2699d5286f4dd656fd9b1af95125898dafb3b4abf6bbec8e723d1e7ee8945b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
d61b4e0fb821b05f0af324e18e55f277

SHA1
072ab35d72dadef3b47cec9a3724c1fbebb5af03

SHA256
b0179db8637898442da14891c475a0d63e1451024cf53568b379f227f2e2c489

SHA512
832b211c9b576c547207a3516c38b776addd427323d0346166fbcfd1fb100988f78342ad19d81bba56ebc122ff2fb18220b3aa83dc165cff8a1443bcb0fb2f0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/4136-7-0x0000000074430000-0x0000000074BE0000-memory.dmp

Filesize
7.7MB

Download
memory/4136-2-0x0000000005E30000-0x00000000063D4000-memory.dmp

Filesize
5.6MB

Download
memory/4136-6-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/4136-5-0x0000000005840000-0x000000000584A000-memory.dmp

Filesize
40KB

Download
memory/4136-4-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/4136-0-0x0000000000E80000-0x0000000000E8C000-memory.dmp

Filesize
48KB

Download
memory/4136-3-0x0000000005880000-0x0000000005912000-memory.dmp

Filesize
584KB

Download
memory/4136-8-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/4136-1-0x0000000074430000-0x0000000074BE0000-memory.dmp

Filesize
7.7MB

Download
memory/4136-9-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/4840-347-0x00007FF796720000-0x00007FF796818000-memory.dmp

Filesize
992KB

Download
memory/4840-348-0x00007FFA80D00000-0x00007FFA80D34000-memory.dmp

Filesize
208KB

Download
memory/4840-349-0x00007FFA6D2B0000-0x00007FFA6D564000-memory.dmp

Filesize
2.7MB

Download
memory/4840-350-0x00007FFA6B6B0000-0x00007FFA6C75B000-memory.dmp

Filesize
16.7MB

Download
memory/4840-351-0x00007FFA6AFB0000-0x00007FFA6B0C2000-memory.dmp

Filesize
1.1MB

Download