b47308aaff0247545dc8ea6fa5ff1dbf0548f805e51ad2aea09cb984d18a2a97

Analysis

max time kernel
373s
max time network
359s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2024 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ElectronV3.rar
Size

10.7MB
MD5

c1463644bba01e217bbba57710f8f1ef
SHA1

01a943f4fd4f3160539b9c6bfc0cf8058ed2bddb
SHA256

b47308aaff0247545dc8ea6fa5ff1dbf0548f805e51ad2aea09cb984d18a2a97
SHA512

9e0655139736340be005f61317adb3c554642ca21f65dc76ea4a4c17c0d185811e90662b6ae829793506dbc4a1e505cdee91ae587d4cd832c2cc4c4d0f16af48
SSDEEP

196608:CAjgBwK5L4WzXw2Nms0Qy74SMwrcFqTT1UX20Es2VUJz+KakUamVdQb6SbKrrocg:vjKd5lzA2enMwr0qTT1F0gVUgkUam7rM

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133702910878326929"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2160	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1440	chrome.exe
1440	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2612	OpenWith.exe
2160	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe
Token: SeShutdownPrivilege	1440	chrome.exe
Token: SeCreatePagefilePrivilege	1440	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2160	vlc.exe
2160	vlc.exe
2160	vlc.exe
2160	vlc.exe
2160	vlc.exe
2160	vlc.exe
2160	vlc.exe
2160	vlc.exe
2160	vlc.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2160	vlc.exe
2160	vlc.exe
2160	vlc.exe
2160	vlc.exe
2160	vlc.exe
2160	vlc.exe
2160	vlc.exe
2160	vlc.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe
1440	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2612	OpenWith.exe
2612	OpenWith.exe
2612	OpenWith.exe
2612	OpenWith.exe
2612	OpenWith.exe
2160	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2160	2612	OpenWith.exe	109
PID 2612 wrote to memory of 2160	2612	OpenWith.exe	109
PID 1440 wrote to memory of 3764	1440	chrome.exe	120
PID 1440 wrote to memory of 3764	1440	chrome.exe	120
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2952	1440	chrome.exe	121
PID 1440 wrote to memory of 2400	1440	chrome.exe	122
PID 1440 wrote to memory of 2400	1440	chrome.exe	122
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123
PID 1440 wrote to memory of 3904	1440	chrome.exe	123

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ElectronV3.rar
1⤵
- Modifies registry class
PID:4444

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\ElectronV3.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4404,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=4396 /prefetch:8
1⤵
PID:1348

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xa0,0xfc,0x120,0x94,0x124,0x7ff9cea5cc40,0x7ff9cea5cc4c,0x7ff9cea5cc58
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,13317439029345476651,13343169118770307687,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1880,i,13317439029345476651,13343169118770307687,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,13317439029345476651,13343169118770307687,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,13317439029345476651,13343169118770307687,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,13317439029345476651,13343169118770307687,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4536,i,13317439029345476651,13343169118770307687,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4520,i,13317439029345476651,13343169118770307687,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4948,i,13317439029345476651,13343169118770307687,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3464,i,13317439029345476651,13343169118770307687,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:1924

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3592

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
042ed48a809d99571ed5359557a6dd90

SHA1
6b6488f248eb589e828a4c5e0c8fb32b5f1e28a8

SHA256
ef598a8f3f9573db1fdfa8bd31d0a06f55cf00a9ac6b0ad7b03355becfdddd99

SHA512
bd1321eec543c1b84e31354f91d7a672423c3360b823add42c09771b8920ea9f0455943a566abfa7ce269cd2a629853ab842eade13d1aa8dc3daad9abc61b654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
9eb08cfd078484f5492232e85152c4a4

SHA1
1e439be6c1f6cb06925ce909f3bb2cbd0d043358

SHA256
dd1f8c8a460716cc0647872c52815e85c837b6b6cd2c51e48d8ca1ec9d3ce92b

SHA512
55884f851f05f2eb743910775045dbd65bd2b64c1dadad1aad15ae1ce9c075e0ce59c28f4b35f250d86eb66a9d309f22761daa2adc1ca2b085edee72720c4ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e716d00c45b738c066fb04a0cae8292c

SHA1
1dd265e5b767f5ea779b4f01fc2559b8d1febe68

SHA256
73edb46734fcaa6fd23dc3b26ed2e4c2fddea2a9a271ba5655048f27ab136b40

SHA512
8243344994914bde3f03177bdc58459ec7562e53be96bf3b44eae18709d2e121533f718a9514708a7873e86300aed382c70c83ac22853edc0a6bd2ee521a013e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7af142566a22afc8e57c7d1f7af8d15c

SHA1
dd07b10e0d9d05d0f270de6a33233b8d5a9dfd6a

SHA256
9157c2452a67f53c039483c4f16b19916b7112d21316279f14feb9a8b5265bc2

SHA512
7b5ce8200ffcb8d34a91317fa937bd6e630fabb23c9d573b021c9b786317a3e3afdfef5d654adf58d77ad1af9bc9b795eb99520511ad66b485504607b4e2f9ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
657e2006e803eba6d9dd1a3d1b5e376f

SHA1
720bdab175c538e70915a9e75c44f857cdc1c632

SHA256
ce815c772da483d25d7eb20bbc304c8291b0261ad62083ee030086a9fd8b2fa7

SHA512
36be14d1d4881c044bb900a40acf89c59d7b3fac0407f4f0906cbd188f30452b4db89bed42f9304a28592558c198b01be3692e76dd94abe1fc995e85eb922c4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f1e573555448bdacc2c1e17d7e195d06

SHA1
4584259e317a6b179ac36e74e06533b707c9402d

SHA256
b5503421fc75cfe3d914a34f25222c744530968ffea4999ef67500f5f99cb9ab

SHA512
9c5a626bc439c3d7c59f267db5ee964aac31c8e187f9f741db4f8fe411e5b261da2f5633bfb57c99501a1f6eccc3147f5bf5039c7159b0db1dcd7f2acd4bd622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2cbbbac549de09e53fbaae4c6986d254

SHA1
5a69865ac078c66b1eeb404a4669cdd508d0013f

SHA256
4510a9ddf9d7eeae8ac06b2a73561ac52d773a281acc2ea4cda2cd31eba4624a

SHA512
5df41aa1ea7e2dc35fa9c5468b72e51433a9d67a39a992ac93fc5276ecfd21ad2b3e310a7452b802ba415864fae6808b02ad58329ed9232931dcae64dee5ce27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3af7cf48f57fcbd5e1ff3db4fe8d236e

SHA1
174eb297a856630f6e5f75492d874f4bce8df22f

SHA256
f0965e23eda792c833a1fba21b83fccaa4795b2cd28e91e28e12e282a67be880

SHA512
19773b3ae3e5532783f11ff742bd637eb935d481af1df157616461157c3f3f877717567db18cd35e680c1d5c7477602a2b75599732e7b55667a9461b07259fd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b02bffe55c4d5a551fa03493ea9dc34c

SHA1
d683eeb7fd901c1190d9e223ecdd25bab461ab45

SHA256
e487611bae06aaec2fad8818b4e8813b8c4ebfb328cdf8dd95d601e6586589ff

SHA512
61dc81db3c7a9769bc9042c70f1c0c381531e9a1f4b67e8c20d165787c5aa096baa804482a023a5808033e41f6b835aa88f2103358062dee3ea4c2c29af7d706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9aaafa5fb1052941b02fa214f15b0ae5

SHA1
7431150445cd13240e3b32ea558ed4573e8e0c10

SHA256
e30db80c45480b5c4b90992de7f656cc436daac301c6732e638bf0a97fa0fa34

SHA512
38cdc8a123110ef05b712954636ea3e0b634cb062528e3b80c096a974c366f8c7253b1c913ade27338323ca017b3b7894f93d0a841659f0ad2bac78f51f385af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
e36d3a1d7f52e782a481702f88f5b55e

SHA1
45ed3bfeb1914bc42acd6166a746d4beefebf052

SHA256
ceb816636884f4faaeab04c958c85ba12c867574b044278aa1a200dd408a0da8

SHA512
f7b9edda7c842acada3b9007431724ba7d1a418e81a747e3d72f2c011d0f2d3734ae4a431f3abfdf3a6bfed4b3090dd78861793a4fcb4eeec337e2f47de5073f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
d88916b6d566d9cb7940a4e35d9b0e00

SHA1
a7c96d50cf829f42042443dc43314a92c4a83274

SHA256
7c769bad42f4d76d003bfac9157519a884d41eb2490f56908951d214adf7518a

SHA512
5fedd76f609ac3db0201493bc4c96edd1d494b5559c267ad20bdc625fd2e3b2a0fe77d831f71f726e4cd629aebdc3b305733821b51814e124ca069fee9dbe907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
1a8a122f9a29c92a4b2cc6c9ff0a29f6

SHA1
25996ca9b026a57d711576ba079c2e5b43a7d397

SHA256
fe7750fe4e260e0984b26eb78cd0bcb64e57c679c1d316f4d3623cba94bce6b8

SHA512
e2e8d778065b8adfd81f40062dabf6d17ff9c567abbcc80dc586fc6986f15ce9e69ee08bb67be22391809f4a3a41dfe49b3cc1ab55063fc6601779b38fb98d70

Download Submit
memory/2160-18-0x00007FF9DDA40000-0x00007FF9DDA74000-memory.dmp

Filesize
208KB

Download
memory/2160-20-0x00007FF9CB890000-0x00007FF9CC940000-memory.dmp

Filesize
16.7MB

Download
memory/2160-19-0x00007FF9CC940000-0x00007FF9CCBF6000-memory.dmp

Filesize
2.7MB

Download
memory/2160-17-0x00007FF6358F0000-0x00007FF6359E8000-memory.dmp

Filesize
992KB

Download