c954ba4d9f8e230d8fd42b5fa0bd25bd978725b78b9473e23da4740cda0606c1

Analysis

max time kernel
125s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/WinShell.dll
Size

3KB
MD5

1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1

0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256

9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512

7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3412 1604 WerFault.exe rundll32.exe

pid	pid_target	process	target process
3412	1604	WerFault.exe	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627218733830858"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

1408 chrome.exe
1408 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

1408 chrome.exe
1408 chrome.exe
1408 chrome.exe
1408 chrome.exe
1408 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe
Token: SeShutdownPrivilege	1408	chrome.exe
Token: SeCreatePagefilePrivilege	1408	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe
1408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

rundll32.exechrome.exe

description	pid	process	target process
PID 380 wrote to memory of 1604	380	rundll32.exe	rundll32.exe
PID 380 wrote to memory of 1604	380	rundll32.exe	rundll32.exe
PID 380 wrote to memory of 1604	380	rundll32.exe	rundll32.exe
PID 1408 wrote to memory of 4404	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 4404	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2476	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 876	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 876	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe
PID 1408 wrote to memory of 2716	1408	chrome.exe	chrome.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:380

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#1
2⤵
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 612
3⤵
- Program crash
PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1604 -ip 1604
1⤵
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4428,i,6522675234395427298,2952738987384583032,262144 --variations-seed-version --mojo-platform-channel-handle=4280 /prefetch:8
1⤵
PID:2068

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd3facab58,0x7ffd3facab68,0x7ffd3facab78
2⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1836,i,11627058798057286497,2392669584098521888,131072 /prefetch:2
2⤵
PID:2476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1836,i,11627058798057286497,2392669584098521888,131072 /prefetch:8
2⤵
PID:876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1836,i,11627058798057286497,2392669584098521888,131072 /prefetch:8
2⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1836,i,11627058798057286497,2392669584098521888,131072 /prefetch:1
2⤵
PID:1476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1836,i,11627058798057286497,2392669584098521888,131072 /prefetch:1
2⤵
PID:3084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1836,i,11627058798057286497,2392669584098521888,131072 /prefetch:1
2⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=1836,i,11627058798057286497,2392669584098521888,131072 /prefetch:8
2⤵
PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1836,i,11627058798057286497,2392669584098521888,131072 /prefetch:8
2⤵
PID:2848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1836,i,11627058798057286497,2392669584098521888,131072 /prefetch:8
2⤵
PID:3068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4984 --field-trial-handle=1836,i,11627058798057286497,2392669584098521888,131072 /prefetch:8
2⤵
PID:2848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1836,i,11627058798057286497,2392669584098521888,131072 /prefetch:8
2⤵
PID:1556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4192 --field-trial-handle=1836,i,11627058798057286497,2392669584098521888,131072 /prefetch:1
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3180 --field-trial-handle=1836,i,11627058798057286497,2392669584098521888,131072 /prefetch:1
2⤵
PID:4280

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
b737f35e99fc76fa85ab9801a51d151f

SHA1
902cce66f5c9ea46d7c92b6f1a49a72c8a978f4a

SHA256
ab89e15a35849b59c78e713b83e3fd4ae19b980fcfbcad9e3f44c7d0f314b7c8

SHA512
f097171ccbe1cdecb61176ab19beab403f2cd5d5ebc4c637d2f10a8c4430e3df9c4c6eca16974e465cc482dca192603892df713a97a0fc83ebc320b43d1cdb94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
5f50c10f660135fb54487c2fe535c8d3

SHA1
67c284636b5eae1a17220c4cc465cc37508f70f6

SHA256
8442008f94f683483bc98eab245acdda8c145c637646d693b32318d20993bc66

SHA512
7a4d56952633a88f1c471ac544602315bce10c094637ecf901af83c20fcc98021b69ca883763f185fbd590c78d3ff3de370db73037f8efe05ca27c81e8002384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
35ada1215ed9983efd59b2494ba2630f

SHA1
4362c5aaf47252e5005731954fb15c098ff8521a

SHA256
e4ca90f0721a761a2d3d698bd53091a127c10fe4cc90c6f6672329d663ebf78c

SHA512
63e2f03032a9ffae79aa49be0c01e672f49c854a7adce6ac2d348003d7f8529cefd9348268051720d5123f86ab17975e5c774e9d91fc33542e9ef33b8e270c2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
e5c1a322380d8122103db1993c0c9fbd

SHA1
4c6a321d6e100858258ab09c6b2ee7df3842b57c

SHA256
8d9ec36a0a78bbf88654c0a1f28c5bbab73ad1bc4ad5ec86ca4f08c463fe1eed

SHA512
0b44a1aa477506cfcf2fceb267d53d506f4d23a4a280e2211669a822415c707febb049bb512e98d5d3ea656d11628b68ec26d63147017e5b7aa6ba83ea1395c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7d3b5d29a15e385ad4ff3e4ee8e24d60

SHA1
18cf523d169ebf043f1d86eee121f9ce5c9034d5

SHA256
50caca43538ad3c6e573f384fe34afea2aaa02d54cae90740bf092e43012154f

SHA512
ccb61355d59f77cbb0765918e825dd864d104d0181aa40e73bcb83812b078e4e4211d0eefc9ceb98baa0d7c7d4f5d9e7ad3e972309af0886b4c3a0a4b39062b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2b5593ab66de3ebf9a16d3b16601b11b

SHA1
59c38b1285ebab85110b070601c8bc760f48ce19

SHA256
4ae90e49a3e636a55e0fbe0e224112bad6f83000684b97f9234382244dd3588c

SHA512
c7d26c1bfb3c24dce3a542cd23bb9428979171607244579d3b07f71b82dba62462e499182c475b26cc495539351aab7ed7164ee6c8b403710e69d4f3ef0e67d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bd7d742014180f6f7bc479a31a72b20b

SHA1
3e9bbcd35954a099b5bdfd527ccb9a21e2e53b5d

SHA256
3bdac903754eaea194051b6e68c912bcfad39153d72d0357013ffcc852b373df

SHA512
07f9af98a7d35acfc5751613f3008e7b1e0f4ea34ef120623fd9a1800f38440c5c51a736cfee5b88930399ec1bf5b3b0565a3907c14cb25c660917aeee88c1ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1b9fec5c041ee7e7ba023e875a0b4319

SHA1
7423c2e3fe00811d2bdea5e445f1e56946fb471c

SHA256
bb8032f23ee97265a3df6310ea65bfbe811d812ae5eb8854145117eb09cf8adf

SHA512
23c7aa02224f7145f9c44ae2b6d16b47af27fd1543e5f4d07da3f5b30fac4a7b538a50e9e86f01ded903286ef3b7f168e67f2fe317133d523d3c14b52cf46461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
21646fbb41a4a710eee6f8aba53f8016

SHA1
519a39709d8c44a16759df4319d9eeec9a4d3dc8

SHA256
24b3959ab6cc3ceaedc113acdfe561ecfabe0be3334b6d848a08f2f7b10c9a66

SHA512
bdc2c245cdb8f888c7baf3774c7add60a05a64dcb08a127d66ac8cdf97114d76b61995b713b7e1c32c1559cc1b45b6873933d6a559574868cfb570b945956555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
de3f8d6606cb5fd2013d199cc8b3816d

SHA1
295bbce125647990f9fb50055471cad7ebe653dc

SHA256
e088c6ed8ee0e1db08e295b49065ac108e599376e9762acbe5b7dc5bb9548d31

SHA512
f08947b669cccf10bb558c8673de4c039c3db7c2f772e59598981a62c62ea5e1e1c6d16a3f6b9979b240c01efe6e548a0379a9b47f763f65bfdd206572338933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2023681deb63427bf82c2af0038a7309

SHA1
96354c3a18cc863c46cfb788c4c020b029e73d44

SHA256
92cb65754054ee168ee38c155c0d5c7e3b766ab73ebdabbaae10bb364efbb74c

SHA512
43f0ba2d2654228903191f9521a1dc3a0f7c13f3f42ace6bd8ea8ee6a0cb97bc7d591e31181b12c43a913adb64affa940d15fb3bb6b5f7b9345b3de227d5f31f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
7a4377850ebb341f2766d858b1cb5756

SHA1
bd17f3bdb4e53cefaaab032c8e4ef96b24e9b093

SHA256
50dfc998cc9ac9743ba89790eb7252e59cb803cc474c7acddeaad17e0318a2b2

SHA512
8ef1b12decb8e79b42a4be0f1b635db7aadac56e7a47c8fdb90f1aad0297149af2fda6f7162bbe1e895a728d2e9c3f81066af3440eee0ac9b94b8ea598d6dbf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59d2c7.TMP

Filesize
120B

MD5
f1d6bf508a374a7ede8eb6d5952cf8a7

SHA1
0401ed37594b7f784ca1d8d523dffea9e1a5edda

SHA256
595cedbd97cb49dfda6b5eb9d8a01e80062c3755f286dba480106a3794a38eac

SHA512
24ff6192ed9ebdb610f1e2ec9fd039d3eaf27ff76c8a592a13e4abf8f4e31171e5efb5627414272707bedbc0cb8620bc7a054ca604b535af063383f4cc1b9cb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
274KB

MD5
729372520201d4764042aafb17b95abe

SHA1
8d54853d6a3d64589021af8e38a56674df381080

SHA256
ff19325aaf4fc3a09a47cd8297fd2aaedc9952baad2e433fc8db729d17cc8010

SHA512
a82ab653cde5659aa885acb4de99410a0c8c0c22d231393b0c7960cfed95e7ca13eea084f0edfc2e4d1f0d5f617d9bfe93a313867c7190dbd30b6064140a4147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
274KB

MD5
bcff59b6e6984765b133a39453364f34

SHA1
6f9590aeadfbd41e74b4bada1bfddc6c229ce24d

SHA256
eee81e10963e3fdaba31c93c01d8cdd7b8e206c837c85b0db6442941d544ba52

SHA512
a19b17a2e4a70a2bdccd3dce2211bc2776f37d9762163720d2eaae306a2b5ec86a62204530b8f4df7269b53edab6dbfe0ab563430a575fb1ef9c9ae715176d50

Download Submit
\??\pipe\crashpad_1408_NQYEZNLCVIGKOLKJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit