6f4571882606ee838590243876609effc6a78455fde3a908ed9f9220758c8eb9

Resubmissions

08-06-2024 12:42

240608-pxlddscf48 3

08-06-2024 12:30

08-06-2024 12:10

08-06-2024 10:05

22-05-2024 02:11

Analysis

max time kernel
146s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
08-06-2024 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58a728da4e405ca979e73e774fe72fb9.exe
Size

449KB
MD5

58a728da4e405ca979e73e774fe72fb9
SHA1

33bfff315ba2bdef39002d8cc066b513cfe70aae
SHA256

6f4571882606ee838590243876609effc6a78455fde3a908ed9f9220758c8eb9
SHA512

660748265950e3a7836c273a8bdba75296993c4510256bda4b531cb85f68b6f00652d584326bf0df5615265a88220a5f6fd4f5af09c59679e3debe6818cd3dce
SSDEEP

1536:wC4qH594gLbOWgoI9CKtc4x9Rfy+3YVad1R:wCB3rSJ3CsrkUd1R

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623241756620054"	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

58a728da4e405ca979e73e774fe72fb9.exechrome.exechrome.exe

pid process

3204 58a728da4e405ca979e73e774fe72fb9.exe
1628 chrome.exe
1628 chrome.exe
1740 chrome.exe
1740 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

1628 chrome.exe
1628 chrome.exe
1628 chrome.exe
1628 chrome.exe
1628 chrome.exe
1628 chrome.exe
1628 chrome.exe

pid	process
3204	58a728da4e405ca979e73e774fe72fb9.exe
1628	chrome.exe
1628	chrome.exe
1740	chrome.exe
1740	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

58a728da4e405ca979e73e774fe72fb9.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3204	58a728da4e405ca979e73e774fe72fb9.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe
Token: SeCreatePagefilePrivilege	1628	chrome.exe
Token: SeShutdownPrivilege	1628	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe

pid	process
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe

Suspicious use of SendNotifyMessage 20 IoCs

Processes:

chrome.exe

pid	process
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe
1628	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1628 wrote to memory of 4772	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4772	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 1320	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 2968	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 2968	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe
PID 1628 wrote to memory of 4276	1628	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\58a728da4e405ca979e73e774fe72fb9.exe
"C:\Users\Admin\AppData\Local\Temp\58a728da4e405ca979e73e774fe72fb9.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\Desktop\ConnectShow.shtml
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8d426ab58,0x7ff8d426ab68,0x7ff8d426ab78
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:2
2⤵
PID:1320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:8
2⤵
PID:2968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:8
2⤵
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:1
2⤵
PID:2548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:1
2⤵
PID:2824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:8
2⤵
PID:1500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:8
2⤵
PID:944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:8
2⤵
PID:1584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4356 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:1
2⤵
PID:1336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4348 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:1
2⤵
PID:1964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:8
2⤵
PID:3316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4972 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:8
2⤵
PID:1492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4872 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:1
2⤵
PID:4540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4584 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:1
2⤵
PID:2616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4804 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:1
2⤵
PID:3420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1644,i,4879757128784959991,17496946233545755159,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1740

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b2d069e5f5711320d6ad6093f64c43b9

SHA1
27685f89d746d1e3301a26461005c57ef9d5d26f

SHA256
a1e25ccadf65c6eeb17d9b9317784f72437856f042f4f7ee77e7686b0c898189

SHA512
3162ef2d40254b4d50208661222ce8bc82db4c2840f011b6eb9f2d691309a809c4bd568b8ac1e9786793b7cde67166d133821a933b823f5cf1e23f686321ae8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b34767ddc20bf9954f5e63bfe9f21d80

SHA1
8b343e828c09e537d429772fd346bddaa2a41b36

SHA256
1f7f05cb70482406bc2630063ec9f67bbbc886422e58e0ce9e7584b344b98ec4

SHA512
967c038a10f36631606a710988a0661fb9f60a5d3e69350d7c0facbc4d54bd2a2e4a4e6b2e857c4e803b6c86a48066bce70547f222ada34ee517632c5cc4c620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
504f9b6a563e8445672800a72c287b81

SHA1
0ce743a34a6818ca53620e43ab5d07b976abab56

SHA256
2e53178ff24bf704ee1cc6f8557e6f1c9ed47c92f7fa5957d21e6813e1ba7179

SHA512
a0bbb0ecbfbe81d50df368a470dcfd34399dbf4bd1adc55ea531d8f7332dbb8c63b8c9a1c8d284fc65ce6ddc8f638ed4cce2838cf363460d25b9f9627c2d17dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1fd9686325261de4fbe16f4ec610953e

SHA1
342b5f278f4c6d92a3a59781afc2780569d3a450

SHA256
53c005cbdd4422f8de24193dcb1c8cd2d501a4ea23fbd33c76be55a8ac5fc2b6

SHA512
3262c2d618d46011310a2f820d787c637a9f3ee658b3322ad12119e1a7f2fadc2c441f071b2b623492dd76fa478566c753c51324c8739458a8970fbb3e93bdd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2463bde9914a33e752083c66013064bd

SHA1
079cba00a889221970c2de9aae2676ce943dd919

SHA256
be7d5c556a80572ac8c38c3ee112d37cee1b29e1ce562f17738cb0895a317cfa

SHA512
e7be4d7db159e1ed150b3997385cfd3e5fc9f1e1bf124c02210a28cb9d6ba03cce164a73a5de00711a235af66e2913883cae298c5e673d40072dbed1d8304094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e5412ddd047996193adad0d64c9df239

SHA1
6cb75456a02422751f12620f413a6ef5bc081fb8

SHA256
f9ca87b0fa988cc9ac60f5c71cd070d7e80272f2fdb1f94752b18926772f8c0a

SHA512
3d002b6a1c4578d31470b3d710b06adcf6f7f4dd1c9c0c430eede5a63f71d523d1f851e4095db7530a1aee0235dfa8f039f25ce5d23423ada157863608f6f761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
b700302dfc3a02a5c3be212968333962

SHA1
747f084a3379bf1c4928106736e8d18a01d771cb

SHA256
e61a06731f142c0b2f33076327ff7991906ad214ef82fde3cebdcf649def2433

SHA512
8d667fd65bbe621d682a9c241b40a467fbe2e4b40a9139673aedae3e662f995dfb93d4d9ced5f9309bce4ef97c1be395e14f8f4196ee8b934a3a928815fb8a71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
8d07515f06511589089ddd3defbd1ec4

SHA1
d1040c21edc918c7fa9af48cedb1703953f137b6

SHA256
c14e70a8fc3b6919aaa62bd01d035ce62a13c6fe5466351195adcdb829f5875b

SHA512
03a594eab4b82c3574da362625f5b3427c32ba9a51b226aa48f770ff1dbe7843c8f1a8af9e9de66e3dc7912f51915faf5a0f68bde4a03399ea86f73bf64c7c3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lqwamspm.ve4.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
\??\pipe\crashpad_1628_PEKJGPVCZQTIDZWV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3204-11-0x00007FF8DE4D0000-0x00007FF8DEF92000-memory.dmp

Filesize
10.8MB

Download
memory/3204-62-0x00007FF8DE4D0000-0x00007FF8DEF92000-memory.dmp

Filesize
10.8MB

Download
memory/3204-61-0x00007FF8DE4D0000-0x00007FF8DEF92000-memory.dmp

Filesize
10.8MB

Download
memory/3204-12-0x00007FF8DE4D0000-0x00007FF8DEF92000-memory.dmp

Filesize
10.8MB

Download
memory/3204-0-0x00007FF8DE4D3000-0x00007FF8DE4D5000-memory.dmp

Filesize
8KB

Download
memory/3204-10-0x000000001ADE0000-0x000000001AE02000-memory.dmp

Filesize
136KB

Download
memory/3204-1-0x00000000001A0000-0x0000000000216000-memory.dmp

Filesize
472KB

Download