32dff107ec9812713e012e27cd162fb2c6c2f5e6f83e42fdbd003b06b439002d

Analysis

max time kernel
119s
max time network
120s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
06-05-2024 20:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Electron.exe
Size

537KB
MD5

3a6447c99a0752f08265c3c011f78a28
SHA1

492fae50258f2a4fa33baf035ef150de5d76cac7
SHA256

f8b5714d9863b4235ee7583e0ac56a98fd78a8eae3e4e94b0f86cc3a267cc238
SHA512

b2a384a69ad2d2f503a8ef0bb2b49fd9529142368b0033263f0e08bd6429c53697687809d57300b634ad93ae261ab52c7150e542ca91c1c313e624c6d9c9ea20
SSDEEP

12288:Cy/gezsE7GjGjLcL5UVcfs8zPS6pvYqvNdPkhtqQOR4zxqleasIXp/HN0YjuR+yE:Cege/Gwc5

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
748	Electron.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4468	748	WerFault.exe	71

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595008977740759"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
200	chrome.exe
200	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe
Token: SeShutdownPrivilege	200	chrome.exe
Token: SeCreatePagefilePrivilege	200	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe
200	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 3192	748	Electron.exe	73
PID 748 wrote to memory of 3192	748	Electron.exe	73
PID 748 wrote to memory of 3192	748	Electron.exe	73
PID 748 wrote to memory of 3192	748	Electron.exe	73
PID 200 wrote to memory of 2784	200	chrome.exe	83
PID 200 wrote to memory of 2784	200	chrome.exe	83
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4512	200	chrome.exe	85
PID 200 wrote to memory of 4060	200	chrome.exe	86
PID 200 wrote to memory of 4060	200	chrome.exe	86
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87
PID 200 wrote to memory of 1480	200	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\Electron.exe
"C:\Users\Admin\AppData\Local\Temp\Electron.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:748
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:3192
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 960
  2⤵
  - Program crash
  PID:4468

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe78809758,0x7ffe78809768,0x7ffe78809778
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:2
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1860 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3148
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff796517688,0x7ff796517698,0x7ff7965176a8
    3⤵
    PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5076 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2880 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:8
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3204 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1544 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3284 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3180 --field-trial-handle=1792,i,12705972860242504754,9073001245621011840,131072 /prefetch:8
  2⤵
  PID:4228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d506336911e3d762cf0050ef146ba2ab

SHA1
70af1be2ba881fb756f006574ad28a57759f95e3

SHA256
5ae52a80a71ea7cb9135e0533c28f794567168305804a3672717c49ac7efdbd0

SHA512
e020cd022182ace4ae97a5088ca4be18e37a26107a7beafa7fe724a2d13083da2744007e4fa7e5cc0d7ac4ebfb152374b2d4833044a53b4c7317cafe3578fa29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
14adefe582ae4477c424bc2a498ee8a1

SHA1
df052e34e97f1760baaab4d7467ec51aa8e63049

SHA256
04521f3fd0549b255b5ad97a12bf30627ccf226f539618348047390501b810cb

SHA512
607e95445ffb22381b6e048dae62eceb804c4b1e9a4722ea13d1282f890876f818f9f8eed9f939e65da14de767ef7c56a8418264751cc7c3fc7a3debd2efeeca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
de3efb6bcbd2638645e5cf157ed6a59c

SHA1
603a4439bd70e1c707d72c806ae4aa94a33dff47

SHA256
d07adf0b59fecda4cf000da6daeebdb24b64d0271d2491184bf6ee952c552745

SHA512
1b3b7d9bf7cfe11b9bef2961cff009235d96564dd319f9690e8e13dd6720356edddf4451720a21b2f643d968ea769aeabfef66b80a167a21425e31ba1f7dbcf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4257f1011e7b37b537f8f0736853ec77

SHA1
927b522f0a41769b63ef2d6e9d2dd7fa169e0919

SHA256
d9c84489bbfc7516e27d46fcb65b9da17d389e0db4e018f65e3928a1b26ba092

SHA512
95665812b63eb7e92b67fdb25f3340f54a309a301170a3201b73130ab88bf01783f867fbb2fec8fc684109d83c2b0aeebaf633519b6c2571608278e5fe7032ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
58d95c0e6f6b90f3667deb197f31fb70

SHA1
8f21228159f69b1fdb1a1be513f38bb53a3472f1

SHA256
8902f63ed887dae0271d9570133859da8bfb024104e9af33f196eb148a9ab687

SHA512
cb19bd67fbeda1933bd0303a69fed74b4b8a0d128a8ebb929b52f1e86aa01dfb119733e53bb5c3b0d00826d3bc629b2a1460d445cd901ed526e657fbf7c351ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8d444e7b4e463a4941705bbeb2546ffe

SHA1
fad51f4b6955d324b0a31a8ad03f947f935f9abc

SHA256
0fe0d78b95c32172599bd1cef84cd08871d4297a4f9df73dd4af53e0cd08f6ef

SHA512
98942c550ee790656219a32d0363e4061518c835fa22e5c2ebda4063b4f55857c3cd0489dadfd13127a6535385179c3ca97fc67f1119dc8e2cf979c81e868857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
056a47cbde0633ae5e35c91fa54a9045

SHA1
405d180ff3cfa89dc9f0d90ddfbae478c12ae207

SHA256
16ef8e731ef695f3131dfd5824417e3eb004cdd59b665a628ea576531232066b

SHA512
8a1b10afd833c73b6eec4a7bc082101762369c5fa0cb36127cd430fb21758598154a8cb88737420f58eed5e7f905271bc9b1608b1c1d6e6c53d0707b0fa3326e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5e8c6bd7ddb749773b11784202c15fa1

SHA1
736a79ca6d826e8e120dd8dd6f63f97b4289265d

SHA256
0a427379771b1964f5709099cd3eef8df825a121b3210aee3ec247741afb8d68

SHA512
948b7af3c15a1a7ad36bb79619e40ffc3b4c26cbd6a729d273f943b902c4c7f06e8b8041487eff639b475d699cfacd720f5e881066f9639720a622fd7a6dea43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f51fdda2641030bbff6c82b1a291e379

SHA1
161e3eff1f7e89eb306f8d64967619d787f03f26

SHA256
797111624b3e286bfea8eb2575fc8f173b1fd6e5f0d6b57d77537190f2515e8f

SHA512
8ffdf0e143144e8a956dd0ccfeb16a537b04585087effd4a481057e44f642bb9c5059bdcc53b999cc2c8aae52438eb8c7ba4e423895d37c9a03aa584b12e76c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
083a145803cfb44d8ec44b65cfab367d

SHA1
be942b6c1f48d9dfcf61ca4c380a0a7934bdfbc8

SHA256
7e4f8d2c335eceb4c23cf1a25068126b13e1a99c841fe7194a262bfdeeed1211

SHA512
aa9e220269abec914e952e2c6e093632bf000364e524f496fa32984184ac62e9d8e6c8d2b519761cd9891634ffdf25a4952c8f6949f175fe2225d16b8926372f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fcaea55716a4c7cc6c3fa9465540c794

SHA1
1ff7ee5af75d9daaa0e615773ecc8485d5d4ee14

SHA256
97462abbd2e3999e41aa888f24b714421165410c0fdc804d01551b773d9aec35

SHA512
25537652c444852c0e14b571f06dda81b89722c20932342f484165922aa8509fe16d755052eaf09eb8d6aa9e63e3c8f3f530d0cc6e476587f826f07f463d9de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
37e65514781100a686caac0e86cf09c7

SHA1
6826cfde66fbca8ad55b33967a7a72f4f3858d46

SHA256
ad8913c026888d9eba1eaaebf6d8cba10fc92b0d42c09c57d07c4b7534641b8b

SHA512
e5ad15a91a9d22e68fdcf2143ab9c3a34419a150835c31f0a76113a43e242183e9be72c4c1b466ffe13e96b688c4d0bdb477a4694b034d0aac47bd45f27d7fdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
1b8df0a5702a05ac52fa701556c2cf6c

SHA1
b67e5ad2f711ba197eae246b6161fd412eb94a00

SHA256
cf079214949ef62b1027ab333e082f28b4573a40217c33b400931e98229a7b72

SHA512
77f964b73d397da90dbb5d8017b93f4a007c1895d51e0b3fb9c932423b693de011499a7d737d3f3ee12027c840d9204bdf40009e37bf40cc1039cdfae82b341a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
5a22b226370134474c57c142c127e7fa

SHA1
0ba9a46c289ea348bb1428b5c7f7c50312bbdc0c

SHA256
b35736d2f6b2e3c4a71443f79655150f55bee9710a1dc775e0c6cd93de1582bd

SHA512
2981bc6ad14aec84f85e557cd572e7b57984e00772e59a8e604be18a3ac3ce7433028382dacca9458eb39c507751f02361dc697f6c15288bc07d0ce08126a52d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
ff2195449503502e343ee9d3cd497759

SHA1
548d6a84502e54850613905882cee1ef44e923ee

SHA256
1418ff01bfeea0e0cea47c11989806a9f5adbbe66ac86f379c8320e970f779e5

SHA512
2731931997621fc2c2ba60e88b7f071df28bb33fdbc5819fa62cb7d48c35d50487fed797b8194b9dcffe5bbf95d3ce4e55b2eb1acc7b5038e08f644729f86718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5865e9.TMP

Filesize
98KB

MD5
8b536f070432130f13870e7eca7cc70a

SHA1
9a9b6302221e78a272c3feb064a08bf043b1707d

SHA256
ffd07347461ce83bcbccd721badc2e0ae54ee625adf4a6c138edf10370ada9d9

SHA512
4d721b6b577301c6e6bb9fc38290e09df32e10616de3a77f3369eae4343146f82935f1fd700aebc49d57e07af2ee98c615a4fba4470ba647fd3cccc037a649a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
397KB

MD5
60baeb94c8a5319f5a881f24736c3dfc

SHA1
b443c7f520384859b329a5da783335e4b10c2c98

SHA256
80f64af78d639eec1d1d114fe9f26634c7f5a88840cc3c0afb0a9850cf5fac21

SHA512
a17b1775b4ca450bbca4cfa5681904cdc4828464e2a551c399fb520c2571af055cc1c1183153838e050ded7590f8a4bd8029442cdc079704e270b2e7b5bfef19

Download Submit
memory/748-0-0x000000007342E000-0x000000007342F000-memory.dmp

Filesize
4KB

Download
memory/748-1-0x0000000000A70000-0x0000000000AFC000-memory.dmp

Filesize
560KB

Download