782fb8575019a6351828a11157c4c0fa73d8f1523e7935c8f898b4458713115c

Analysis

max time kernel
210s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-09-2024 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PCGameBenchmark_Detector.exe
Size

104KB
MD5

04873a11bdd1fcfb24367527a65400d6
SHA1

74d2641f155f1fc649e3f6e4f47e28b30654958a
SHA256

782fb8575019a6351828a11157c4c0fa73d8f1523e7935c8f898b4458713115c
SHA512

f155c99fa6878fadc61367989f2ab87d9a671a7639c54ce7dc2a662d74488c6743df8f74d4ecc5467bda8e2f2ce727ddf89d91398c81989d2d6f056366b4a9bd
SSDEEP

1536:ggF8ywvEfyl0cIb99b9x2WL4G1OQMs9O:gg6ywkbLbqO4FsI

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCGameBenchmark_Detector.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133697538171141734"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 3872	4440	chrome.exe	104
PID 4440 wrote to memory of 3872	4440	chrome.exe	104
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 3504	4440	chrome.exe	105
PID 4440 wrote to memory of 1456	4440	chrome.exe	106
PID 4440 wrote to memory of 1456	4440	chrome.exe	106
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107
PID 4440 wrote to memory of 1040	4440	chrome.exe	107

C:\Users\Admin\AppData\Local\Temp\PCGameBenchmark_Detector.exe
"C:\Users\Admin\AppData\Local\Temp\PCGameBenchmark_Detector.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4988

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe5736cc40,0x7ffe5736cc4c,0x7ffe5736cc58
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2036,i,13060534940954963846,169342204244924452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1824,i,13060534940954963846,169342204244924452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,13060534940954963846,169342204244924452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,13060534940954963846,169342204244924452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,13060534940954963846,169342204244924452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3676,i,13060534940954963846,169342204244924452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,13060534940954963846,169342204244924452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,13060534940954963846,169342204244924452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4408,i,13060534940954963846,169342204244924452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5172,i,13060534940954963846,169342204244924452,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1808

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2724

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3a425e8c-319c-4753-b1fa-5dceda6e5304.tmp

Filesize
9KB

MD5
a98543ec6113d281a60b453489fd09b0

SHA1
f52bfa16d33dc6b85e2b51d26237a20717ee3399

SHA256
b14d36b62d9d3f9e307b7bedec6ac9fa4d76928ca6d03372142b4fd0bfe45eeb

SHA512
01658a9bf4ed6331436551aa3b9d0c688d9b6c7875ca921c1dc9436f180a266608eab53a3c1c4e5588dd76c66ba4ccd7ee1db04011ccde1f23bd1b86eb1a8ab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e50b989fcc9c758153bb795b25a189eb

SHA1
2741b151e43ac3cc755748a5a57086511dea1bbb

SHA256
6307b006114b563ed1e8d42b92de6442faf74d0af222b1a24d61094ebbc4dd38

SHA512
c37eaabb3a720c0ff2dfad43d87404cc506e1dc92cf552cb6344a5c0336eef4f359caf24eb70d20f460f5de4f1ac7dd0eb6d81f0c2869d61cbaf299615ab4708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e8543863cdc85343a8d468c7137cb51c

SHA1
79016a5c6a7d95b746173df88b02b773ec6564bf

SHA256
7f66798b17c3b0b87056964deb220f8f6f76ba7083701fd7591b6288dd282582

SHA512
3a4a2769395e1276209fe2f59e6199bfa4970f31c8fd2cbeb9d69e450ed652a0efb6b95e83bf157af0937e0d534417801155d8b85ce21e340ec886014d29cbd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dcbe2a80df8fc04a9cd328372273394f

SHA1
e2a244864d9b627de454f3d8227fd3ed96917d3c

SHA256
869252c1657c41fe8b2c638a9b08e845de846ab232253bd996e38a64c8f317c3

SHA512
ca9b1d74360deb2f42f39b4410d5de57c1091a12f3a13345ba4e3aa3e2f036ac34158655f0133b4df1ba9500ac8ed5c283ee457b22b1ef0b0aecaa927677e036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6654d467fc5d1439dcc7f9289bad3987

SHA1
63b26de4f9626034f32e041739615b2ca85f7ca1

SHA256
fa68c27afd6b6e6983e640109465c6647dbc0c08eecd02f7829e69658a8f6522

SHA512
a7fae5c13c6ce275d60549b632025806908dff951b43bde6a1c721425c3ed34fd46c75dc2c6975fb239f97a538f6ecbbb38604c42ea7683601a79ae8fa9e9474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
76be81e84ee6b8ef9e783115d1196469

SHA1
8456c6ba604dcadee65c9a5fae5300860359ee1c

SHA256
3de7d7e8ffa03fff534ae8a015ed48a228f97d3751606437bd31430781da653e

SHA512
c48d2ff1e0583263c0a357011e172b8ceb7b5fe9964f0aeae19abf51df7fc3ce8e72d4e85d79f0493a6b995cd33407271ea0948a26f28016f73536b228ce1061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eddd1664b9c01393cdd3123c9a4023ba

SHA1
07257361b57466c86b7ada0067c26f5c420776e1

SHA256
f5c64d4fe36a39d92a435ef181cf9a5f50c76babef0293a104f654d9b406f33d

SHA512
4ea86b2055c93bf9746e080af4b9a5feb1b9a7e26ff8b1951db45694892e6c918c2618807f06f125be827068c5cc7b6c5189e89a30d6536655cebc2d2e239fd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bf75180a797d56364decbb9ca374f19

SHA1
afd3761d369019c0e8c20988b4f7a2d982dd3ceb

SHA256
bf15e98f7b335d0d2b89a89efe88444eba737880dd30f4918e35075544429255

SHA512
6e03fdc545a8bb1eb41416c6840604374150550e0ad21d308468caf9792925ee688ed9f3527a89ee4b7929894da6dd15f0d7a8a7eb310d758e8cd881874f5a71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f123602ce7ba3177b2d7b365e38855cb

SHA1
5d07255f6e9063ba6d7ab65fc005e5e8edbb1440

SHA256
e354974f8b31d3d6f35e635dec1467c47b2a7dd14659b86323c6882b252fd006

SHA512
413efef3a007b8231655d83130f4f99e87366c3896e56b03b8474dbeaaf6aeaebce51409dc4b954e42ea62688137fed85b31d91d464a725c54b6e1ef99f5a158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa9a54a8ec8d4e3138abe57a49e29e40

SHA1
3250fc1b78712fb796b74dc9e09ff175e0105ee7

SHA256
031590053206aa1237ac427f30445cb4a24c58681c7f5966a706d838f214ab74

SHA512
50e86ca9c09fd096c1a1f463fe62d37f83d5569fff9568885312584e13f01ff3afde76e227ed6616eecfe7e18b37befccb0425b82b40f12205346ab1a01a1f60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8222ee28a83bd472018de59ff4d9d49f

SHA1
698349c0fcf104addf21e58c1c73f4cf45a93492

SHA256
da5d8884fa2ced818181b92965ffc2d2729efa6ed2eac681360ad0d3dbb22ee4

SHA512
b7b4dfa60c6ece8a78c997441477687a69f0eb3640389a82124a86c1bbb90330be998238de47bbe4bb9211824cd2a3a00370665b9a2ac19cb919943c0a95a125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c030366eb966e0e78627e498f9d31da1

SHA1
5c605ecf5739d4e9e3343dedb073381546fb818c

SHA256
7e0dcfc7d5e6bd7725f719ad0f6748e28cb6a5898ef8a31fae460fdd64d601b2

SHA512
4cf747029778597a8147ce482e63c2a45cdbaa2be028750ef4a7ce7a08380058e73a382d90cbd499eafaa9bf146b245aa34e0cfdb0f03f31314fdf62b96ddaf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f941d70f89d4e833efa5908da4db925

SHA1
9eb99429308814820a9256ceba0365feec730831

SHA256
01bf1040443b17daf85018deaad67f535c2a0f9a82a8f9ac234edd5549ea8a8e

SHA512
7adbca30ac99f4396adbc0c0bd8f3d072789fffcc521926bf006f3cf099eabbd5262ba9234c996bb74f27c1b28a958f0f524f5583ecbd8db8bc96151637f0675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
75537dbcbd14293bf5eb964a442c4839

SHA1
8cb6b0d458706a616c0be3671ae68b952de88105

SHA256
ae8c2bd169442609b78c7b01869aae42000e89cc170026f7922dd058c7827b34

SHA512
66e02a8caee684bb7eaf97a7d09cc16d19b6fa55a3e916e4be15a713f852edd9220ade7f051da2138b2c9416b9a6bc4ccb8eca819e8806113d4ef2655dfcb31a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
a58cd13c6a06368811889be29bbca502

SHA1
61351b439213e2509aa55e0ec4f2adf24a5e087c

SHA256
506f337f645f7d1e780c47501f369b4c6860b217033210709bac88788d563511

SHA512
09d0820ec10951f8650cc2ff130da4296af8b4b1e7ddce323b368931d5fe6518faea9d254385b1952069d6f4f3cdb2ff8db8ceab7dcb38345bc44d633b2e6532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
3402d070eb9a7e39fc9262a30bd42fe4

SHA1
5a8a498b35f7fd3be96c88561edf46f4318cb381

SHA256
7faf8740272665c56bf3f724eaf72227daf3af9119bac480921d1c44a9ca05a5

SHA512
797b1f873f9dbc69aeabd9e70518c68ce486258223cdc7fb8b2845a8171f85917c38f875a46987af57199f884610106a437f6a835256d69fa38b5461c97b4b86

Download Submit
memory/4988-11-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download
memory/4988-9-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download
memory/4988-0-0x000000007459E000-0x000000007459F000-memory.dmp

Filesize
4KB

Download
memory/4988-8-0x000000007459E000-0x000000007459F000-memory.dmp

Filesize
4KB

Download
memory/4988-7-0x0000000008010000-0x0000000008076000-memory.dmp

Filesize
408KB

Download
memory/4988-6-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download
memory/4988-5-0x0000000004AB0000-0x0000000004ABA000-memory.dmp

Filesize
40KB

Download
memory/4988-4-0x0000000074590000-0x0000000074D40000-memory.dmp

Filesize
7.7MB

Download
memory/4988-3-0x0000000004AE0000-0x0000000004B72000-memory.dmp

Filesize
584KB

Download
memory/4988-2-0x0000000005090000-0x0000000005634000-memory.dmp

Filesize
5.6MB

Download
memory/4988-1-0x00000000000A0000-0x00000000000C0000-memory.dmp

Filesize
128KB

Download