hxxps://github[.]com/Netaa33/KRNL-Executor

Resubmissions

06/04/2024, 03:27

240406-dzvt3ahg7t 8

06/04/2024, 03:23

06/04/2024, 02:55

06/04/2024, 02:53

06/04/2024, 02:31

06/04/2024, 02:28

Analysis

max time kernel
77s
max time network
79s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
06/04/2024, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Netaa33/KRNL-Executor

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	camo.githubusercontent.com
17	camo.githubusercontent.com
18	camo.githubusercontent.com

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
1	ip-api.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133568470209335045"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Installer.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe
Token: SeShutdownPrivilege	2280	chrome.exe
Token: SeCreatePagefilePrivilege	2280	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe
2280	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3008	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 3252	2280	chrome.exe	78
PID 2280 wrote to memory of 3252	2280	chrome.exe	78
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 740	2280	chrome.exe	80
PID 2280 wrote to memory of 744	2280	chrome.exe	81
PID 2280 wrote to memory of 744	2280	chrome.exe	81
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82
PID 2280 wrote to memory of 4304	2280	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Netaa33/KRNL-Executor
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc1409758,0x7ffdc1409768,0x7ffdc1409778
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1792,i,9856314846618116454,14890468886177568628,131072 /prefetch:2
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1792,i,9856314846618116454,14890468886177568628,131072 /prefetch:8
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1792,i,9856314846618116454,14890468886177568628,131072 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1792,i,9856314846618116454,14890468886177568628,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1792,i,9856314846618116454,14890468886177568628,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1792,i,9856314846618116454,14890468886177568628,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1792,i,9856314846618116454,14890468886177568628,131072 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1792,i,9856314846618116454,14890468886177568628,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1792,i,9856314846618116454,14890468886177568628,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3808

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5008

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4688

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Installer\Installer.bat" "
1⤵
PID:3964
- C:\Windows\system32\cacls.exe
  "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
  2⤵
  PID:3616
- C:\Users\Admin\Downloads\Installer\compiler.exe
  compiler.exe config
  2⤵
  PID:464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
aba79bb7e5b5038caa98c75b79ba42f0

SHA1
4cf6352b6e87f7557f01703fba9f237e8d466367

SHA256
d99c867bdc0d38c18d79bc33aa34cad97be0c9c73e1e93b66e17c6456b32513d

SHA512
be0957b74a75d859a83affd415b39be7a501bb65e994f918c32521b17e0e23161deb77369f5d2df4fd743c3d0fcd3fe27e715d07831b052c8133d00d3a8be713

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7947d5f37ec2bb7fd3601b2eb6d8d6d0

SHA1
5a2b62eebb558af72bbf99f695feab32f0a0823a

SHA256
fa64eb1c6e5fb79eef8a5baa08a7f2b235ce1dc55d054807587fbef484018641

SHA512
05b3457f9ad663f7ade10941cd742360018d4568f28d02927e0c3eb3c77324adf24da5e82c3f6602e1bfd41ae78dbfa9197b3e48a7019dc7069141f3356749dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
762370b6bc904ccbed24baddade3c3d9

SHA1
2b133eed6a4a4f0cf8d751098afeb86016b86d5c

SHA256
242e7aea1d247ee8ca1bf8771eb829b62194cf3ea66889f20070fe3f36ecc017

SHA512
5ed47834bed21f06dd149a3fa7aa215b1ead406da17843a0078331d0a333846b6008a30c09cd1a3888c4b7ba5d53cd167f2b2e8ab2ca64442834fedd6220dc6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
af518c26beadcfd426c11fcd32fe82e8

SHA1
3deb30faef127a3be42d71c8b67c18f990d49b3e

SHA256
c773b4930dd8c5627eb122c1c9d28cf65a7342f6ac13cca1cedce3315599ffb9

SHA512
08ad6373154528834fb00fa720ce4e2c6a8ebc6d0036e57a3aaa265a4f80a11dd2ed7e88acde5ba784178c2d72e67a123774ceb0169c275191dc3ad57c325487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f20db1f32661344a2b90b5b6540998d5

SHA1
01f0ec8df2ea5f8927cf80bcfa9c2545c67f47ee

SHA256
7bbd6b12c7f6abfdffcc6dcca74aa89d363cd72e1da720fcf0061159be4f5be3

SHA512
c8dca17410363a411d70cf511b5ad24585c51e68c01655723b428b3b9972686a9e7143a1c6ff4975b8e5877538764e5ba3062e689b43dffc4acfd05da414bbbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e60b3567cf93b44c7b6c2dd008ad7d7c

SHA1
1d507d9c2f50bbaa480232545e98343576525a06

SHA256
bb845dfdc2187afc784019e32f9c226ce8d0eaf6906f45f1e37ff71d2fffa92f

SHA512
195a803bd6172a5c9692b2bec23565624a772432a79e527dd7e416049d178aa06d271c517a85fe328498d5c5ba5e98ca82ecd1fd2899109abbbe6a1bf4519c88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3e7378315e7f189d94f30f3929e271a4

SHA1
c483a2dbfd91e9d9e51f677b4839b7c34a1de56b

SHA256
9c7324e1553f2a562768a1903ea00795bf6dee35f9f02b948896c561fd3441b1

SHA512
86510a7e6f31c1f82859248536022161c25c4aee27c3bac3f0a4c21695500b725ad342f502c3d494d7784e8bf211bd14f746126f5ad6662568c48465406c3ca0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
9f6f68db2e9f405b745b6f62901398dc

SHA1
68e7cc4cf1808a473db55091178d44583fbfa192

SHA256
049d33c2e67a39a1dab476607179feec2b41f59849ff7d3513434b0f6f0907fa

SHA512
e107822f41a873e89985c9d169dcaaf49fcbe94d27c819cd8395c1149821b6eabf48a2a680b3ea06252613bf9fea8e4983b75e0f720468f91d9d75e0c6a1108a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
167b44bda90dd7cefce36dc8e239d8d4

SHA1
93fa803b24c4e1a3a56952cc50818b385e958282

SHA256
201671a1724363fdfde21a161577432759bee47a3075aefeda280f251858f5c3

SHA512
552e3e43fd9d28194eaa4770ff5d7533506a072f05c931d1c8338a98662c0d0c9b0a102a4c840ea15979b58adc651615fa8683455cf74db580405ae44bd16af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5853c8.TMP

Filesize
92KB

MD5
3eff82f26da3625cc9674251533ed78f

SHA1
57244c0cb59bf1258d1712edfa8b9a671c15aebc

SHA256
3a58e3c09e672c74551c5276eca5a705823382c213238ef3b1edc2914d46faf0

SHA512
189812d381ea7d4e6aee17ea130148a60d2cfede0ec76d8a99649f6337bcd7b64cd2d34b0478e60f1e60c3c63cc1815a0c446edbeb82bc50cdd78a3e90b2c943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
201df2af40c67cec53ff6f87f2f425e0

SHA1
218d83a9daf4270e74bc8243708143d64ccdd041

SHA256
664407fbfc1e1598355ccd822fbc5fe259f92d48e68eb81dad3dd81b33d1563b

SHA512
4cc98bcbb0d3bc53709fc96bf25cbd19f538541ef3b972c2a2578c8235cbfde8eed649c80c110971664a6a8e03ba9cd76e5b04b036ce8adf8286d6a1c565a673

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
d3c1574e06e9c0ed4ddfecf7eda00476

SHA1
e90dcb7eeb77fdeee2883c9c99fea03c50f80eca

SHA256
0b643c95e32e8cb6c8ad9a28231243f3d028db10560130aabe10cd65c62dace7

SHA512
06a7e8fa4859fd6902e842760ab1be755247ced2cb5d5b92fda7e25483749d2a65acc7ada0dd351c943711eef033f152137aafc18b5283bf3c310737b8b7077b

Download Submit
C:\Users\Admin\Downloads\Installer.zip:Zone.Identifier

Filesize
99B

MD5
e66399d30b22a67245f9f0fedd04c897

SHA1
598fefabce09775b8eae7e48916972d63f2d63ef

SHA256
03e02d7175571ec555c596ca44b840d8f28c6196d485b1b7cdafb07018fec3e1

SHA512
bbbf6454671eb6a70a8867188675b08c5953fa84fc24d27b4fc7ba43756bed981c6dedf161ab1756481e70a508dba03ac2b5a38dc614fc7bcf6f86a6700f2ee8

Download Submit
memory/464-258-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-264-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-231-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-232-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-233-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-234-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-235-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-236-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-237-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-239-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-238-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-240-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-241-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-242-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-243-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-244-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-245-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-246-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-247-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-248-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-249-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-250-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-251-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-252-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-261-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-260-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-259-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-229-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-257-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-256-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-262-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-255-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-254-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-253-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-263-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-230-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-265-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-266-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-267-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-268-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-270-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-269-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-271-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-272-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-273-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-274-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-275-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-276-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-277-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-279-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-278-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-280-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-281-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-282-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-283-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-284-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-285-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-286-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-287-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-288-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-289-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-403-0x0000000003080000-0x0000000003081000-memory.dmp

Filesize
4KB

Download
memory/464-404-0x0000000003080000-0x0000000003081000-memory.dmp

Filesize
4KB

Download
memory/464-405-0x0000000003080000-0x0000000003081000-memory.dmp

Filesize
4KB

Download
memory/464-416-0x0000000003080000-0x0000000003081000-memory.dmp

Filesize
4KB

Download
memory/464-228-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-226-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-227-0x000000007F9C0000-0x000000007F9D0000-memory.dmp

Filesize
64KB

Download
memory/464-478-0x0000000003080000-0x0000000003081000-memory.dmp

Filesize
4KB

Download