85a6005f97166a73e0c63673c541a5da5db97f3b11cdedb144179aa25556d7e5

Resubmissions

18/08/2024, 21:56

240818-1tk41awhmg 3

18/08/2024, 21:52

240818-1rdbdazcml 4

Analysis

max time kernel
149s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18/08/2024, 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

screencapture-chatgpt-2024-08-18-12_20_33-2.png
Size

2.7MB
MD5

fc334642afa9b09c656c1e0c7f0ec95a
SHA1

328b92a2e47beaa10c93c518ceb86ef40bcc1a35
SHA256

85a6005f97166a73e0c63673c541a5da5db97f3b11cdedb144179aa25556d7e5
SHA512

c0bc7bc46ad16b0e00b6e4fcb9ab7a526d847ff769560a2ea800f663c01939a7c8484c57588d937c6189bfe3e7b28e2a4be54c4ca42311fdd35556bc95bb0159
SSDEEP

49152:UtFWcfE26b0+T0vfljzCd+S4rA9p57eFu44qzpGQu:WgcfEPb0QUljzYP4dza

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684916030293129"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeShutdownPrivilege	4032	chrome.exe
Token: SeCreatePagefilePrivilege	4032	chrome.exe
Token: SeDebugPrivilege	4952	taskmgr.exe
Token: SeSystemProfilePrivilege	4952	taskmgr.exe
Token: SeCreateGlobalPrivilege	4952	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4032	chrome.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe
4952	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 4960	4032	chrome.exe	88
PID 4032 wrote to memory of 4960	4032	chrome.exe	88
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 3136	4032	chrome.exe	89
PID 4032 wrote to memory of 1720	4032	chrome.exe	90
PID 4032 wrote to memory of 1720	4032	chrome.exe	90
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91
PID 4032 wrote to memory of 1616	4032	chrome.exe	91

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\screencapture-chatgpt-2024-08-18-12_20_33-2.png
1⤵
PID:4280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd447ccc40,0x7ffd447ccc4c,0x7ffd447ccc58
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2040,i,14550406294669373845,9792405394746815810,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1412,i,14550406294669373845,9792405394746815810,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1852,i,14550406294669373845,9792405394746815810,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,14550406294669373845,9792405394746815810,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,14550406294669373845,9792405394746815810,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,14550406294669373845,9792405394746815810,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,14550406294669373845,9792405394746815810,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,14550406294669373845,9792405394746815810,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:5076

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1452

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4160

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
16ff3114033bd63175e87456ee22b168

SHA1
6e33b50637a3db9f648a2211c434ea495b37be98

SHA256
9067a680522fb978de183a5d96bb3793128c06b63c85a291cd844ece6a068cbe

SHA512
3db3e76f161b330e574a084b0e0cdeab96341794d4040887d60e7e04c62487fab055bfaaabc9c8a94b27c41c73651503490ddf349ee8bb93e619772168d46b78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f9a986b8655712708cbf3d25108b1cef

SHA1
deecb6b13c38cd4cd53f58c590263cf03e3d065c

SHA256
e29d66c327cfe96c447d84ac28a5119089fdf536fb99b69f3c328bebbfc830b4

SHA512
c8fc8c0531c31394c502446e2f448c55c1e851ef4b81841bd4559188d5d4bbc2a70f4666b000d3c72844fffaa363a8aa20e63e33b128adf5ccca6cc342127483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
11941d331b94017581b2a4f17d033fa2

SHA1
ca0de334de950513427cab55dde49c3b62508630

SHA256
39e7541d807032e73768fbd13a5efa6554900d768b5864e5029cb26709ddec03

SHA512
5b4c8637f42e16cf85134a711cde3a51056c6def183e453d8c3e1dbae86acd3ce8a37c19807b8a2a1e767e17a48443fe8f6373282cd13cdf8bcfbd7e540f186d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0146390c8e8d2d9683aae2e9cf4b73b7

SHA1
efa31fa553ef7bd9c324c022ba7cd6df31ac9479

SHA256
8ec8b32f264a1317d602c8247dc9ed1e9593d62b49b09f821e4a103882f3e8b1

SHA512
6b2543c2c06dca538f500cd2ceccc052e6b6a30db0a59f8a787d48b3ba0b98f6978e02f746261252a83457bbef87a8b7b059066b1b5882d93dcb23b7115cf159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
594039c761025a2fccc5f44f7d8feecd

SHA1
118367be18be3c5062f2464a83c2043bbdaa6c37

SHA256
ff2841c3f6829ba436a78c9043897b717c805d6e740ea3bfa5406d89f5782076

SHA512
2b14df8b07d88cf2136ef3c60e87aea5c8a8c3b060e76fce411dd0e3dedd0d49208171d39c1f72840556be89075a53299fbdc5db13c085ce629dce32db134db7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
268ec9751b2a53311ebc73822c7566be

SHA1
0ef1cf0fbac6988704b472f859339fbde032f8b7

SHA256
571233a75ba0805d6862ae54adac3e7d1b7fcfa36e69b2e68386a7e1713b7191

SHA512
33b1f2664ec650c120ccdba82fa77d7a54ef96eb619d512d0fcc25af14ec7475d1020bbede26397a2a6da39401607c8d3460e524cd498929d226503956780893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
198KB

MD5
ed1e77ae4c598eed51905f727d277312

SHA1
700085260e89c8fdee31f0ad575bd45580b1a320

SHA256
8148b339e592a68e154eb6f1754f62b734886b714bd4dd3cff01acab17b6bd02

SHA512
9c5f0f6c38159257ff49ddad14531e70293df9ebd02a23b04a948c8c64c9216085e17890df42d2100b198b474cb39a6638304f2554785ddbfe62cdac77d53e0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/4952-136-0x0000026B68EB0000-0x0000026B68EB1000-memory.dmp

Filesize
4KB

Download
memory/4952-135-0x0000026B68EB0000-0x0000026B68EB1000-memory.dmp

Filesize
4KB

Download
memory/4952-134-0x0000026B68EB0000-0x0000026B68EB1000-memory.dmp

Filesize
4KB

Download
memory/4952-141-0x0000026B68EB0000-0x0000026B68EB1000-memory.dmp

Filesize
4KB

Download
memory/4952-146-0x0000026B68EB0000-0x0000026B68EB1000-memory.dmp

Filesize
4KB

Download
memory/4952-145-0x0000026B68EB0000-0x0000026B68EB1000-memory.dmp

Filesize
4KB

Download
memory/4952-144-0x0000026B68EB0000-0x0000026B68EB1000-memory.dmp

Filesize
4KB

Download
memory/4952-143-0x0000026B68EB0000-0x0000026B68EB1000-memory.dmp

Filesize
4KB

Download
memory/4952-142-0x0000026B68EB0000-0x0000026B68EB1000-memory.dmp

Filesize
4KB

Download
memory/4952-140-0x0000026B68EB0000-0x0000026B68EB1000-memory.dmp

Filesize
4KB

Download