hxxp://vencord[.]dev

Resubmissions

08/08/2024, 14:48

240808-r6n7raydlg 8

08/08/2024, 14:44

240808-r4fslaydjc 8

Analysis

max time kernel
183s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2024, 14:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://vencord.dev

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
4888	VencordInstaller.exe
1680	VencordInstaller.exe
2592	VencordInstaller.exe
3236	VencordInstaller.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676021551750762"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe
3272	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe
Token: SeShutdownPrivilege	2508	chrome.exe
Token: SeCreatePagefilePrivilege	2508	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe
2508	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4888	VencordInstaller.exe
1680	VencordInstaller.exe
2592	VencordInstaller.exe
3236	VencordInstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 4672	2508	chrome.exe	83
PID 2508 wrote to memory of 4672	2508	chrome.exe	83
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 2520	2508	chrome.exe	84
PID 2508 wrote to memory of 4852	2508	chrome.exe	85
PID 2508 wrote to memory of 4852	2508	chrome.exe	85
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86
PID 2508 wrote to memory of 1064	2508	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://vencord.dev
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8f2afcc40,0x7ff8f2afcc4c,0x7ff8f2afcc58
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,1530637698991315594,7491334038043398856,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,1530637698991315594,7491334038043398856,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,1530637698991315594,7491334038043398856,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3032,i,1530637698991315594,7491334038043398856,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3052,i,1530637698991315594,7491334038043398856,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3020,i,1530637698991315594,7491334038043398856,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3336,i,1530637698991315594,7491334038043398856,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3320,i,1530637698991315594,7491334038043398856,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4480,i,1530637698991315594,7491334038043398856,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4436,i,1530637698991315594,7491334038043398856,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4912,i,1530637698991315594,7491334038043398856,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:3352
- C:\Users\Admin\Downloads\VencordInstaller.exe
  "C:\Users\Admin\Downloads\VencordInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4888
- C:\Users\Admin\Downloads\VencordInstaller.exe
  "C:\Users\Admin\Downloads\VencordInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5356,i,1530637698991315594,7491334038043398856,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3272

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3616

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2476

C:\Users\Admin\Downloads\VencordInstaller.exe
"C:\Users\Admin\Downloads\VencordInstaller.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\Downloads\VencordInstaller.exe
"C:\Users\Admin\Downloads\VencordInstaller.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
ff6a8c1d2ac11a18b67f36dd944f5bb7

SHA1
4de9e06619785237451a04a7b65d28f6229bc211

SHA256
172c05d9d6f1479d6ffe160fe64095daf18408273eda3c00cb995894e0d52c2c

SHA512
8deba7a4ec728d26350b063cc3696dc699ba5d3b4ce84edf3b3adb071716ec0c6818c8c7917dce49009e709254cb506b14fbc2901597b5c55295679cd51179aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
61a75c3ef07f7c6481cda2b271d6177d

SHA1
3665abf5cc1dc6dcd746704ca242f98e4806bcb4

SHA256
094950286f16f49b75da9a3f74673b2c27e5fce779dfb6ac4fe249d97b50813a

SHA512
008420afed657fdfdce9419994baccbf5b8923b39443b60595bbc864e0a830358a2d7297c22b1d676153e728ddf7e6aba89cb876019246e861200df7cdb085e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
1f969aeec75a50e9bab07d0b2623a2a5

SHA1
df34feee114b05735e5f9f1c1dbac4b421a7dfac

SHA256
827dcbf084d2cbab81008794e5fb8eb777570b674e6738c6bddced8769315cc1

SHA512
5cc6fb1475ec3bd592b393712ec4e32dd885325c9a2d3765b1da9047a081fd22deffefd9696485deab89c00c18a23e96c198d695364a53b1c789c538a7d178d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
03d690f7f98fe8339a61141675ba972a

SHA1
80054cac6f501f8632dd126cc502bfe9fbfddfb2

SHA256
968d1b85e57bcdb3f43050a1b43af7c6caba321e1ca92cc2a96e934f29e0c766

SHA512
01dcf6f469ba9313db3c14da8e722e96b66c5596892254562a4e6cfea48448e6b40637e38e3b3ccef337db12b8a1e6bc1968d1ed8d791ca6a2e73f3a1018b503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
09dd2cbc0f351a4b365c91bd214d9098

SHA1
902a3773cc7618641631aa489414c4ffedec3745

SHA256
9c75cd50dee3104d16643100047cf49095f43c16d430ffbc8dd6e396f7d24bfb

SHA512
a4f290d8ffa72169c6ea08416e31fc86c5a3e472e5cfec52d18a0ab6ea97f4f8e910d48f406e2cf47747dc0193b608a62c8c4f53e6ffa38b3505285b9b8e43e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bab8ccd92c748aa9f6d2ca117e3f6866

SHA1
6e10fe651daf56ed7c48a167b777d6ea581dd79f

SHA256
edeb2a0c321b34b880392635ca65958ac9250e755eb0c0da20878dfcd5195b6b

SHA512
14814bed158bb180d641e97a7aedddca3ed335a81df4c87bb305331d80554e92ae79dd56113601178f9d383f92ccc8a21842eca80c4b28ff3fa04bfa086bfc4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bad79b68c8e7416c693f74cfe57e46e

SHA1
480d73f87c92243f08bbb85d49710602fc7ef94b

SHA256
2f81e94f54ea9d66dc0243ccf93d122765911dad81595cdd51dfd5cdc0f23f3e

SHA512
b8e802cb70221c5c5ae3f66d21b9cbd6eb96cac0a61c571a58e3a61f476821257735c4868e2391b1740654b461fef69786ea57780493dd31bf7715c62156e90a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
141153b7f9ef39666771d2a3d517d55e

SHA1
321001d5564acac40be9290ab5908b83c3ebe9ba

SHA256
0227a5d772b40e1d5b79e132cbdaebc73ccf3283acf53fb6d7669e799c022436

SHA512
cefc8699bcd0e120e41e021a289aa7cdd0f3daf55d4146ed97c8679928e501ca9eb4d11dc4fcdddff230cbccf874aac3fd0ceb3cf03aeb882ede53965edb82d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4097da940696b987009134b0140ef21f

SHA1
82af3a2f081829a14ae99755bdd0265317b43d3f

SHA256
bebb64743a4d57389cfc0c9966eb1f9b196db8f5705e7e339fc000d913896efa

SHA512
8a6751f395d6faf1aefe389570775971c6c463413d32386b4ff4b4140e77a36d0e77380557a554c7d091967cde494a96c87f2e2cda8c7d351c6edc03a98a81db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13060105be9ec5af27cb262e5bbff6c4

SHA1
ef40ed46aa8b470c1827b5c3191b479c444f2e48

SHA256
b038eaf5f40cf3f69e256af64550d46e2c40ff5c45e681c7ed39fc0d79644ca4

SHA512
a7d6cba1bfa0141a53debf54d0b9c3dd88b59ee14f7e5b79d45aae738111b48849dd9894356e0e5d5af877c3d2a4628f19824e8cfad0de4547a3a93fea23ebc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f14f9c61db3613f87a6cf5ae87985a1

SHA1
35819373cd9cfc5ce68ffb9dabcc680be25be101

SHA256
bd5e40bd5b0994efbb7f7d567ffa3146179b6bb561db54127de8ae45d2c5f7a8

SHA512
9b853c8f3d05796dfda656bf897cb65f0afeccdf19bf0e6071f352ee6cc71779785fb709456cc764cca29e94d97f92dd71475c556d1c3cec9465de5d364b6a85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
67e7c2594415272f0460691763d126f8

SHA1
8e72849846d395181c6d83ea13012ff0ac1ffc9b

SHA256
f7a9a45d2c2b897309ab5bc0452692d06f5d2661a5b0c6444d18c7c893643713

SHA512
85e992ad22d2b75e262522a4d6684d2fc9efc3b556d48300b14ffd029b44967753f1d68d89308e7f9d3d4bc2278e00d725b44825e1631e49aa10564cbb8903a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6434e3978ad49c28992650db95e4699

SHA1
2cccc02d173636ce7a0266250b144304fd7a3a6b

SHA256
0cd7b4ecb01d6abd35393b9f076086671e4d8c5d772632476ae70c69a41b6632

SHA512
c05f1560b6a6ecc617b7410926fd914fab698102005b559b2b8a629dc3d61eb4ead9d7e8ad8794a544b9b178bdbc245cf3352b1e3ea18b32153ba90590d38057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f90d1e0c3d778503322de96a552b1daf

SHA1
931d9e01749179510d9a31840f9e5016131855ab

SHA256
c7c6b9d0635175e747856a635e2c6181b14e70036a1200a028a80b3181f21215

SHA512
f35ec9db6ea5a0a78f4a7bdd4959a2dfde8d215974a1a495e339c190574876df78a3162d8b1903c31a357f9aec17f008e8301963867eadca32ad6126d42a5d56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3cddba33c15f6f9fc2fe6374993629b

SHA1
2b2738bb65a0869e85ef5a5d223ac8b2eddba6d2

SHA256
df8cfa2f33885ad84e1c215831fa15dd6f66aafb17c18c26c2fc1f3f7ebf725f

SHA512
f08c90ca760cf6395c6a8c8d617c8590d572bc38e6ff9090d3a36eb394cc42132208af4b62ae60cc7c53ddca508b6be8fe46901acb4d839952825e70439528f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1ebdb1dd09389f39b090dcd38956f42a

SHA1
57ec793ed03cfef3592a8885c88b8370307820f4

SHA256
62534df060e049f0deea094dbb1e1daf480119b0d32c4c7c1cd1b51e5df539da

SHA512
6452fde612ca08faf96a0e567775d4528910ed7586156c4ceee98931180a2df8e85bb9a8268c23fa76b8c49bb265375133651ac1beb63447f10200830ba5d77c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f3558e33254fb514d6ad5ec20e90f320

SHA1
c6d9e9976e5e7c23009480f9a6478bacc5bd516d

SHA256
14e92c20119675b7c933d16ab26f5392c5853ec740ac2800206f5f9f53e9753e

SHA512
55c6299fc16d1705528e42298565a848d84cd4eb41215859cc6cb3dca15578adac0aa74e99b73fb8aef164c55c296f03d07478382f089fa12507afa141ffdf23

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 714016.crdownload

Filesize
9.9MB

MD5
1b8ee61ddcfd1d425821d76ea54ca829

SHA1
f8daf2bea3d4a6bfc99455d69c3754054de3baa5

SHA256
dc0826657a005009f43bdc3a0933d08352f8b22b2b9b961697a2db6e9913e871

SHA512
75ba16ddc75564e84f5d248326908065942ad50631ec30d7952069caee15b8c5411a8802d25d38e9d80e042f1dde97a0326f4ab4f1c90f8e4b81396ca69c229a

Download Submit
memory/1680-109-0x00007FF798100000-0x00007FF799379000-memory.dmp

Filesize
18.5MB

Download
memory/2592-144-0x00007FF798100000-0x00007FF799379000-memory.dmp

Filesize
18.5MB

Download
memory/3236-155-0x00007FF798100000-0x00007FF799379000-memory.dmp

Filesize
18.5MB

Download
memory/4888-89-0x00007FF798100000-0x00007FF799379000-memory.dmp

Filesize
18.5MB

Download