c580edcf28394361f03064a34daad6552fcac1803ee55eb40fa60c3cda5f63ff

Analysis

max time kernel
143s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-08-2024 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MCENTERS 5.0/VC_redist.x86.exe
Size

13.2MB
MD5

9882a328c8414274555845fa6b542d1e
SHA1

ab4a97610b127d68c45311deabfbcd8aa7066f4b
SHA256

510fc8c2112e2bc544fb29a72191eabcc68d3a5a7468d35d7694493bc8593a79
SHA512

c08d1aa7e6e6215a0cee2793592b65668066c8c984b26675d2b8c09bc7fee21411cb3c0a905eaee7a48e7a47535fa777de21eeb07c78bca7bf3d7bb17192acf2
SSDEEP

196608:oRjgvJ2flpQcIIS/Rj7BWl+aV8t8z72BxBwBgO42BE6+2DQlMp1sHW5ZDmCCM0Xr:IgRIlptVYmfr7yBG/4pXMHsHW76CsGE

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Executes dropped EXE 1 IoCs

Processes:

VC_redist.x86.exe

pid process

4148 VC_redist.x86.exe
Loads dropped DLL 1 IoCs

Processes:

VC_redist.x86.exe

pid process

4148 VC_redist.x86.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

pid	process
4148	VC_redist.x86.exe

pid	process
4148	VC_redist.x86.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

VC_redist.x86.exeVC_redist.x86.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VC_redist.x86.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133693382072630370"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2924 chrome.exe
2924 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

2924 chrome.exe
2924 chrome.exe
2924 chrome.exe
2924 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

VC_redist.x86.exechrome.exe

description	pid	process	target process
PID 2500 wrote to memory of 4148	2500	VC_redist.x86.exe	VC_redist.x86.exe
PID 2500 wrote to memory of 4148	2500	VC_redist.x86.exe	VC_redist.x86.exe
PID 2500 wrote to memory of 4148	2500	VC_redist.x86.exe	VC_redist.x86.exe
PID 2924 wrote to memory of 1756	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 1756	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4436	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4800	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 4800	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe
PID 2924 wrote to memory of 3060	2924	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\MCENTERS 5.0\VC_redist.x86.exe
"C:\Users\Admin\AppData\Local\Temp\MCENTERS 5.0\VC_redist.x86.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2500

C:\Windows\Temp\{FBDEA459-FB68-4978-9F36-518DB477B601}\.cr\VC_redist.x86.exe
"C:\Windows\Temp\{FBDEA459-FB68-4978-9F36-518DB477B601}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\MCENTERS 5.0\VC_redist.x86.exe" -burn.filehandle.attached=704 -burn.filehandle.self=688
2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe7056cc40,0x7ffe7056cc4c,0x7ffe7056cc58
2⤵
PID:1756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,13302242191694725,10781475084166668265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1960 /prefetch:2
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,13302242191694725,10781475084166668265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1716 /prefetch:3
2⤵
PID:4800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2328,i,13302242191694725,10781475084166668265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2528 /prefetch:8
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,13302242191694725,10781475084166668265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3268,i,13302242191694725,10781475084166668265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3444 /prefetch:1
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3684,i,13302242191694725,10781475084166668265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3744 /prefetch:1
2⤵
PID:2484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,13302242191694725,10781475084166668265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4860 /prefetch:8
2⤵
PID:1764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4892,i,13302242191694725,10781475084166668265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:8
2⤵
PID:4184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=240,i,13302242191694725,10781475084166668265,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4784 /prefetch:1
2⤵
PID:4984

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2316

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f19da0874297646046651a67f8227b66

SHA1
c8273eae344a2535c3cc6c27833c6e7a6248e258

SHA256
24994c7afce3bc7251306424c457b460cda014360c1a5163482a29d640021641

SHA512
8549c2fdf27c5cd576d53b886e44ba02581f8744049cc30341776d2b1402e7b2cbb8e44ead006d98fd40d45d9477b3cd659d934c65b97b83b23b9f13b5feee0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
8de74bd21e0b8eab79c2cd645325f8f8

SHA1
94cc522ce78d7a2030febd1c2015ca67473fb11a

SHA256
95d6b3ab3d662ebf5f22983b65f9c8a93308e74f638055d9773dda8c41591f23

SHA512
61e70351ada53a1128da2432b50783f0a831ab0582819172a6062114cd1524bd0e74606bfd60020b96e09aae766c5bdbd44cf79c34b47c2e93afa58551735ca0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f603f32843a6873698059b2bcb90708a

SHA1
3df1cf589acc152213391f006292a58781e1da83

SHA256
4ddf448d7de1911a008bdd32e9d36ca9700e8156b34cc41a9a29bd0a53d15db6

SHA512
459c8d977b5d82aa85b233cfb8c5a4748cae879070c7ecc41beea963eed64bf0c41788f653a1b6afc4faee4ea75508f8fa7547cf1f7b828b1de981bc368a2a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d5a3af99487ad85c392751167de97781

SHA1
8ce1673f8dde0fd61ca47aa31d26cfae0803c6ab

SHA256
b1b72b6a40ae97bb5ea7317dd9784e9e2556dbad168741995828ecc5d14c2278

SHA512
f0273123901db5aba06eea94845d1c58057936215eb973bbd70afbd1f54b9018936f9706b0b7a75558ed1803404c9275ec2bfa537b3900c48241b398ec238445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
bacae5910eb1f380284919f2ab5f35f6

SHA1
edaca95a70b80a068ff48cf99455d69cf1cebf95

SHA256
862c55e50566c7f82ba5885fa10639c22fcf0ae0a72b13f44c9b0a3f68c79297

SHA512
e979b3ae026cd6f8f9686af52427b6c9e4bad1597a4d80078ab5bd2e7e27ec71f3ad4e843eb4f6cdbdf4375411bc4cf6f5ca7151e0d471093779bc57b06def7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
185faa07f9ed363e09af593cf13f4dfc

SHA1
b214152b8242334cf6b28b86d7293ba0c5b58c9a

SHA256
44f0e21d05a43fbb627938520f623be620ce5e050462e35feb140540e376f533

SHA512
2254eafa56169d3a32c2f8da09e44327adf724f34875e125259c22981e42adb7baa5ca31c766775c7a60b06e098bed98475a9c57501b39db70ad470ec770777f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30101ffc1ceea5a00da6456ec40d210c

SHA1
88e2354f1b09e8dd1a828b5f067b630f19c4701d

SHA256
edfaac040fe5d0448a303d5fecbd012c797063c75cbd536d0faf519424556210

SHA512
590e29f5aa2321b4c31b872b125a5dd481204ecbd90ca39bd59160e3d040d32376c45dd804e90f15f4330b9345ed91147450afca5c1516ce27b1507c1fa9b1f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc40b65b79d85427351793af8de39146

SHA1
a906e360d7d354b3597795b33ce3f0a03580392a

SHA256
10610e795b108926cb1791a1d2a59c44e808413698b1e93dc9ec3bca35338173

SHA512
86220612feedf1000bd40c2a92591c88850de5ac279d214a170a6e78555e3b345035aa944066731a1b7108d0adb734b0f7662ff886e06364481194d072c520df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cffa92ed2fff5620d9beebfe821438fc

SHA1
40e9dc400efb9c467c6f4947a830fb6c668a52d1

SHA256
4e3eeae1b1bc64433498d6dbd6409534e0756f0dc4e1c7494e5e0fdd6adc7434

SHA512
07c4e37f94f4bbeb7655056d74a0d8fb207f6748a380b16dbf63eb6a0bc12dcc633ed5e660887739ba5d707969c9aa62c0d96271f277959627290e453ebd8782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ce6b00111a524a365c4f4ec318639ebc

SHA1
c3624fbefa7453b75ce32f39684e4f9558643460

SHA256
4b1bb52c8cf23da93481341672e2bb8bbd2f1a5f24444663e8fbbcbfc3535446

SHA512
84df65d391e4189edaa0ee8c4bd12f3e781a42a8e14cf285e01eec4a76b17a60a40ca5d3a97048c71933b64318571f958e87cbec11bc828d58730bf63f2f700f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
4270129d204a7ef41b7949f7be05f027

SHA1
5a43955c5758da6e7c0eb3b0f25980345a37d03b

SHA256
8826c3a55b64ad7f87255e072d9b0c318e1138f0817e3bc8cba40e8fa0f7ada9

SHA512
39ee5a456bba9f1301b094a3aa6763dbe59c46f7b46508bc567b95d5439181842e239b1892bf56922b73ce0400c2a0a19172cfe4400220b8d82b1ada9b151039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
b3d12592a3a204b4bfc323222168919a

SHA1
7b6ae3bb91661ccf3713993d04639c5d68333b69

SHA256
e25521a5e40ee9cd55d0666ac3dd31fdd7fce18b92e4d0d6a0aae59381a3f284

SHA512
9ed632fb298bee7ab0617f1335628be89b994b50a9ffda15975950f339587721cf7601815b5d750ef8910627915b1c3d6c0bd9df97a06cc983bdfd7013a36521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
9b3c411e1889f532b7b1eb0f07b89fd4

SHA1
bb30cd701256e3f95d77c7a107b174ced111cbaa

SHA256
6086d5740fd5a8a9fefd9ef261c8472d824fc35a31966df616ad15af3945e5e0

SHA512
0267ed53bc0a1d66e7e3f8f9af6ea54bbf5530a40fcaa2a374b87ba518c9cbfed0a4377e0ac1f923f02999c2a06b682779a45b25399909dfbb15df46b98b497e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ba79b457683d5733af1e80cb11e9b706

SHA1
e3a066a161ac5df5f3c2809af0ef515161f6eb9f

SHA256
924bb12149a333a621551dd01756f80a60a7b38f1ef5e61003733d0d6888e943

SHA512
524daf7d4f35bec2fb4d03bab6d2e0d79d51eba93c0e3cef1bdcd88e4f4903096a0107ba458522142bf29bccd56435ad99cfb910ddea874577d9873aa8b87979

Download Submit
C:\Windows\Temp\{0482C937-EDF6-45FC-9B90-D24B5EABA75A}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{0482C937-EDF6-45FC-9B90-D24B5EABA75A}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{FBDEA459-FB68-4978-9F36-518DB477B601}\.cr\VC_redist.x86.exe

Filesize
634KB

MD5
7bd0b2d204d75012d3a9a9ce107c379e

SHA1
41edd6321965d48e11ecded3852eb32e3c13848d

SHA256
d4c6f5c74bbb45c4f33d9cb7ddce47226ea0a5ab90b8ff3f420b63a55c3f6dd2

SHA512
d85ac030ebb3ba4412e69b5693406fe87e46696ca2a926ef75b6f6438e16b0c7ed1342363098530cdceb4db8e50614f33f972f7995e4222313fcef036887d0f0

Download Submit
\??\pipe\crashpad_2924_RNBTHHOFJBEFGHFB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit