hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

24/08/2024, 01:43

240824-b5r91sygrh 8

24/08/2024, 01:41

240824-b4d11aygmd 10

24/08/2024, 01:34

240824-bzmgks1anr 6

Analysis

max time kernel
360s
max time network
360s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
109	raw.githubusercontent.com
110	raw.githubusercontent.com
111	raw.githubusercontent.com
118	raw.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133689369185172923"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5024	chrome.exe
5024	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe
2236	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5024	chrome.exe
5024	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
3332	[email protected]

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 3928	5024	chrome.exe	84
PID 5024 wrote to memory of 3928	5024	chrome.exe	84
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 408	5024	chrome.exe	85
PID 5024 wrote to memory of 3128	5024	chrome.exe	86
PID 5024 wrote to memory of 3128	5024	chrome.exe	86
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87
PID 5024 wrote to memory of 1652	5024	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffc868cc40,0x7fffc868cc4c,0x7fffc868cc58
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,17835598360227367476,10729628254651505904,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,17835598360227367476,10729628254651505904,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,17835598360227367476,10729628254651505904,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2344 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,17835598360227367476,10729628254651505904,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,17835598360227367476,10729628254651505904,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4548,i,17835598360227367476,10729628254651505904,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4372 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=724,i,17835598360227367476,10729628254651505904,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,17835598360227367476,10729628254651505904,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4496,i,17835598360227367476,10729628254651505904,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:948

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2592

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1284

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Temp1_DesktopPuzzle.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_DesktopPuzzle.zip\[email protected]"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:3332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
20c18084fe4b665415cb7a3764f59463

SHA1
b489014ed036a0b9f345f810bb5a491a1569cf5b

SHA256
add4c98d794d277c1814abc40d6a891cd578af014a1907a9bc1b1c3e402053de

SHA512
958d0423845001d5b0ccd73d945728a7564426313fe94228c4cddcef47857686e506a0ac0dda8bd1de8e35e16fe2530bd81e3c6795e0048bc70a871088d20dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
f354490ed29fc7aeae202d0b92a34579

SHA1
4a2f269973c81af510ff0699a4a1a548fcf2f446

SHA256
05b8921a2c1f7d214c9e501d8d2555bc3706ac28a68693bdc1c39433102e5148

SHA512
ba2c7ce35614fee13a2c438d7943c704778ee451b263c3dbe13764edb72a1e878d8bc90ee76a39addd281ecbf142b42191af390f286b9f058a7e73fb388bc8c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
deea3fa781e992ac7ec18452154b5c2a

SHA1
42756a5c8ccdc6f0b4455ad97325756385549837

SHA256
1519a61c475bdc0ad95383ddaf180c4de823f477c536268b8f94e0ecacb19ca6

SHA512
a99325dc079e8cd61e57303f90a330729fadc5664eb80ad2adda201abebc1c483f418a61941ba1743d4f7ac1575be2f3603023acb721d90af4a5feb06fd87b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d576f81433be2d01505224ce9f82e037

SHA1
92905ea1eb8aeea8033c3e028d30ee5e831b7b07

SHA256
4f761556933ca0fe32b94b5a1fbc677612841348e5c50c1510513f6f9cb79353

SHA512
66efed4113d2dff8f55852fb817a5d9b36e543415b9316f268150a87fc293a1a762d4720893f53b7701d304099d81ce4ec0268537ce6c7fdaa2ad8e893034ade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9928b2e0d2d71fa8b1dbb8e9df5bbf27

SHA1
108f58f1f9b84452c2390b0f13de5bb032b45590

SHA256
8652c5f1869bd4dd1a143e8b79e5eaa98809fad7d3cc514b6e04447d1758b86d

SHA512
342c8425596c46b02994fbe259e8ea7bb63d8196af711c4013e3ccb7f5f246da2ff22813d23efd2447ce692a4ab21a0078a58c9a36461fd255883445938f10d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
63cd798082cd8a99cd3c35ee4253ed6e

SHA1
54c2f9a8b20dd662062c1fffcd9d95890cdd5ed8

SHA256
eef2aa2359d988c51aefec7c444207b655e29b69b57b85d6ca81f4caf85bad71

SHA512
8c4d8b9ee24c3e3022775577449b159b164b818dee47c8c33c07d05e0925a373d040efea30fede6e1144f449e785dd8263bd2dc8ed8dc2d5bbf103f83009c1c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7f2ec70570995190dc69bf1be6ad40d4

SHA1
51d4bf0d13410dbfaa78fa66b82e0912ae26d698

SHA256
4ad086c48f966d580a31b986dd02a74e600f89ac0edc1a7232bad0563ccc2101

SHA512
061bc960eb794b4fcd2ab4a027898e99449610fc0552e1c5bfa07c7ef6aad686972ae250709eba3bf0c087995fbec72a5eae41e1550b54d0e8a4c380871b510c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
843c193c2da9fe0bbc7dd856467dd25a

SHA1
494345d5c373f633220af275611eac3150ad3168

SHA256
98b6724630341dd2439ffef2f9ccb14b4f9f73ca76c6e07d9e2f02e212efd89a

SHA512
e3a326939169ea13398f57fb251ab3ea538450efaf106f85f86298f8edb09eb9566afb72c74e0434ace0a2cb17919d6bd7f2dca5ca897d241d8720569b2756f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
56c885427537b603014a21c2ab018ecf

SHA1
c0df880b4e07e2dd1dc91ec88a7d7db6e8ab54c7

SHA256
18d73671c874a7df4ea399629cb2f76030cebe2dad124d536309eb4704553367

SHA512
ecfd87b03576675bf00a1e6af8f05995548693f8471908c571c5bab23964d495320f40b302e642c184a0b3ed4d62aa4bcdf076d21bbc8ea3bf8c8782a602e0d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4186c48f5738be6baf7b6c27f5d88ad

SHA1
daf49c6dfa70b4b830a74db874a2abf1962feb6f

SHA256
481d2bf4f3e7cdeda348d9c826a3c840100d01a64d4f1b652daefdf72c06ab5f

SHA512
3e58f6623b3354b81cfcdd7ccadc24ed199f4ee3ff47e6c83456d7bf2ffbe177b616e5ef9b54abd8c0b172ba321da6e25799dd36c9b94e9b202b4080e13c0295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce182e13b7315d375c5d15879e33e64a

SHA1
0bbdcfa384da23deaa464e74a0e7a9204fdafc04

SHA256
ee3c9a5c3ae366d665ba64f84ec690c96ca4e52050904f7101b94aa40324b938

SHA512
ab04f64a8c961e468b8e5c59e9423bd46e85790355e71be33c31cb988130a8e423110481a11e270a7fdaee6c80f7fccdc1451b925fcea46307d7c5087401b845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9c6d2e0cd7cc78149535850a7e721da

SHA1
65bd32e2868d5b904d37099e40be3a514ddcbb36

SHA256
7f4f9370ae134ab0fb076c9960487e4976428442adba1d6c71b50f4520226d1e

SHA512
2e254780190b8fcd7525d00eedba4b297b91d55980e673707a3ef5904f25ca3674d800fc13ba8974ccf7cceb01b9922a317f26ea45639652711803aa5b5a565f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ebe81eef5e359239f1840ee26a8a63e

SHA1
4bda2f87d6a552b4d729a755a2800ba6f6387d07

SHA256
9fd54e13a0cef4260bdaa018d32d89de33e8ea85fbc4ff10efee0db9d8510978

SHA512
373330ea5b0732d5cb5d3657d010d96c86a112949f7832845c64357303386a2e2441bb5fdc347708eda852f29494f749745b44d4eabcb9ffff4393334eddbf6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2fb0ce7b038ca5f48e1670de2f9d1d14

SHA1
eb9c7d92cab01d2c011f74d00cf249a2ec180e08

SHA256
e2a1fc3e30b086019894110b308eed084f3bcdb26cb3768c336f6f91d4b03a26

SHA512
31b68382e2e0e9c9fca5b48676e109843a60c5e74c9221b6b4b09da9e6a1b662b62b282bf6b49445be8911b67d09b2837930f0c66609035a32328358ceec76bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d3fa756e7f8594045b099af5e36750d

SHA1
fe172ad4c25c9eadf4501cc009b75b9ed76674c4

SHA256
5a4c648cf43381c46ac19900586080b1f0422b9124fad8e876ef893df7225697

SHA512
e9fd85c338adb0474101726ffb116682f3546535252eb5820c196978bbfe947b7713f862da332dce0dee56dfaad7cd24c5b3a9b7669b1682d3622aea987c8bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2a23761b7d5772e6654a36a9b0ec2f39

SHA1
159e559216a457f3edc0547b05317eff564cf128

SHA256
b5ea5d58667e636b4d59345123b7cf8623e3d158118b0d450c3294d02bbeca4c

SHA512
e1c216ad05fed7487fccd2a4fe935401db84eb082974c54875aca030c40512c8d5893da6f8a83325640aa8983b372886cb5680ce0236ada036bc8cffd9712391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b9c6e7bc69bdc21b82140226cfcd8388

SHA1
a65b7929109c2a366a666034da523e44f9129a93

SHA256
5a1adbb98a5cbc2aea2dd6e41662a03ac981819abee24e06b92320980bff7918

SHA512
f1b403eaf4b5c4da36e718c1f944ac6a15d54f5d87f3fb5a8ba4bdaf6c1495f1356060f422883f4703d2f4b7f69853ee629c2aaa6ffc2b1f80b167fe2b9a68c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
729f1631278b67629686202c958eccea

SHA1
32fdefee33cbe13e6db55e4258e2a764ecd9c131

SHA256
eee2749b66c8f97d96ad969b0d9de410d0ca9f930b5f2311c15724b109358822

SHA512
84bdd1913b43ff883d84cd88cbf4806f87d9210285b5ce9d210211541b7f9bd0aaf3845ab8032d727047d7f2841d0459fb27005c9cca56b3528d9e67bab8c32d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3003df0b90eff426c51451731c2f32cf

SHA1
358169035cbf94b127a6d813d54b5f1f692bbbba

SHA256
6c9ce2ab263c05bb21cde74f5d5ce1e696f3891ea010e3cf928f465ff326d580

SHA512
eb691ac6cff2ae95fe0e622012660977e1e92e5d28a221303e726ffbebe7e4c6b6c58fc57e37047040223cc5741d6e4464d0a49410abe1f65480db3c16fa7317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c2396d8ed230085df1160c5e074cbb05

SHA1
6c0daa502eface85430fac813ce922026f4874d8

SHA256
2325d88e000f67cbd50a0f12570c8e0ab810c407538c2a20039dcb4606ec7fee

SHA512
e5a9565af676947698cfe2e4f85d554f0da37e5f9d95f81cf318f02f8de9b2a564968dc86c9310cbbfaf04d6ab675764ceade83eba0c7993b073972a526d45e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c4a1197dfb78f96aa9e18c8daa5e0d40

SHA1
7baaf29b85a1b458aa1adb321861e51597780689

SHA256
286b491c3807c4831d4f82a174d4c4d8825e81a245b415f0a1cbf7d5c5b5e183

SHA512
16860b13059f609be30fdbe72a6033b2c25b7bbd67b01b851c7d70e6a465f0992e764c79afc945b257c44940be3ff43e26beb717bd763afdec11bcc5d055b12c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02340ec553a9e3452dab68ab8bbe0c07

SHA1
33fb6b0af72bd585910a12d4b912d135b2f854e8

SHA256
75041f013ec279c854915ea2e7a75a616f981af47b67a177ec53ca6741259ccd

SHA512
9324ca9a1a52f33104e684b04116f03122dafc00fb3921a8c48c467cf81e4eedbddcdd8a555c1d59ae39f6f09add75ff42852c193a699e4627e6b35d08cf85d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ec0551ace3e93fe6d8ff9fc4163537d5

SHA1
ae67a21cfb91b31fc5e9310f5494771fce99b6a4

SHA256
963759ae2d03308db40be4ff544b4a1f68d73530a7512ba6d1bac01544bc7d44

SHA512
f088b074c2509f4906213157b236a8a5aaddfcf9e046a51468f9826a4eaadd12b51b548168697eb7926c315a1d49dc4533067ad93c16851d74addad1db780e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cf6dfe4d42eda063b2479410cf289ce7

SHA1
de196e6653f762e8d59d459e2762c64d6f64d0a9

SHA256
75c3f88bfb21959e6fb0c367765cb4baa6b366a0d56ddd77db51dcf07d4fa8a4

SHA512
2e712e0cac35cd1bba9282276df22d4f3cf49fa328657cfe67ea2557e8a97e4a80c2574b15a1e6efab374ebf2bffa29794302a4ae59c35042eee3320d0af15f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dbb25b42e64cefb52b5b83d3476149d2

SHA1
7a0c93f698e361141fc81bc3151fb3369cb04499

SHA256
f57174ebf1fc93a47bb17cde71f2db80b629628b32ec97ebd3afd4eeca253b41

SHA512
b12a28cd8ed0d6f02b6616e9dc75ebff007191a38ae82dbe53ea19ff04a25cb6b0faf275aa9f240850eb535ba6d5e4cce36cd98ac004d780d6549cb9b21fe63b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3fc657de32b051f7da03288118c7ddca

SHA1
8605925cff423df56841aeab6d1f424b290a1c56

SHA256
10e12f2cb32d18a95aaa5d0b73a171f143a949cf14ff5bee2fbee365834f1956

SHA512
a539b09addcac9fbac66e698ce79b2b5786f8ae9f49f41a97b93bffc8f1fee0a3f2d7d174d4bd246b278cfe7bef5332a627f564fe9a3e7590c7b3251486065a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
09fed61a613c03a59ecc8e8079fa58d1

SHA1
c68869fed91a3a3b5f6a92554f52ea0413d40273

SHA256
74e686609f9321cbe01f37385319bae3474425a7f9a12269b481aec429b997a5

SHA512
641e75cd8ada48335b5f2bd4bc96fb0e66e033ca3a2efcb5bed2334fd4b051cfa48b800e3d203a99f67569755de01b851b48202002ca1d50f92f1420cdf9529b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d17bb1a03ee8b394a8aedd0d32780d76

SHA1
1d2042e8b7f5879dde404b1019a106731689b9b7

SHA256
8ec394656cf6a06a995a3aa4e144f6766b0ee5ba0d263af4015d50bc91752b1b

SHA512
0708ab30859d3a8c919f3d3a8741fa905e8be16338627042714411b2a00f1d0ffd953002fcf01332b295a7dbc3c1ec9b0b837aad3d9b624cb01c3755064db265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32f496f9f1a0f3de462c366a7a01990c

SHA1
25423384d83c32bfdb59f2fc402b4b38a0e9da06

SHA256
92287c9a7c2eb65ba5a411234433011047d0a2b0b9ec8b96014010fcbffe7a08

SHA512
b5b75942a184f87df069ed1bf51ee9d94294ebf3d3c7740cbb5780ae46cb508d2974a3e13dad37d8d6d195ced06006446259963fdf44508cfb63ec6ee6630aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a7559d75b649ecd14fef123db1442f3b

SHA1
732d7124dacab857d18a9f12420bdd55bc89440d

SHA256
d0effdfd592fbe5e8c25569460e75d9ece7e32237635ecc3a031278da98c1e95

SHA512
d520350f22b4755b61c9ff116330aff3f683a7eb187e5a8788cb163e686b7ba83651ebd519bfca858a9be45419af82fcf7fe7883acd1a73a9356159e7a603152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
206d39546e14e7dee061b9c863655495

SHA1
f59982e74b2121d6b873d4894252d67f2bd4f347

SHA256
b6c6fa6afd771f958a3b6d11f61eac8af2726b87507b53ec9feedd20ed4b0c38

SHA512
77aa2f565f8d3e40e01631d2a7b1723cf1d7935452ec6297587a38e738f36163315075638f0359130ccb1440a4fe125872db1197d18c3201c162bd83e8956b60

Download Submit
C:\Users\Admin\Downloads\Spark.zip.crdownload

Filesize
1.6MB

MD5
860168a14356be3e65650b8a3cf6c3a0

SHA1
ea99e29e119d88caf9d38fb6aac04a97e9c5ac63

SHA256
1ae2a53c8adc94b1566ea6b3aa63ce7fe2a2b2fcbe4cec3112f9ebe76e2e9bf9

SHA512
0637e4838beded9c829612f0961d981ee6c049f4390c3115fed9c4e919561ad3d0aa7110e32c1d62468a7e4cdc85d2f2e39a741939efd1aafae551de705aab61

Download Submit
memory/3332-458-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/3332-468-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/3332-469-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/3332-479-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download