Analysis Overview
SHA256
d16503617334e6e807e3559408a53ddcf26b8443bf088798acbcfdd711d26db3
Threat Level: Likely malicious
The file 36487a6a69dcff09b0e87072f3095c8a_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Possible privilege escalation attempt
Modifies file permissions
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Drops file in Windows directory
Browser Information Discovery
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates system info in registry
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Modifies registry class
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-11 18:51
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-11 18:51
Reported
2024-10-11 18:55
Platform
win11-20241007-en
Max time kernel
184s
Max time network
218s
Command Line
Signatures
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\takeown.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\Windows.ApplicationModel.Store.dll | C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64 (1)\M Centers.exe | N/A |
| File created | C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll | C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64 (1)\M Centers.exe | N/A |
| File created | C:\Windows\System32\Windows.ApplicationModel.Store.dll | C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64 (1)\M Centers.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\rundll32.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133731463227141430" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\MuiCache | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64 (1).zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36487a6a69dcff09b0e87072f3095c8a_JaffaCakes118.dll,#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36487a6a69dcff09b0e87072f3095c8a_JaffaCakes118.dll,#1
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb50dccc40,0x7ffb50dccc4c,0x7ffb50dccc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1776 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1964,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3552 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4652,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4664 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4980,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4624 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4780,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4612 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4880,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4672 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5244,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5468,i,18023016799503639693,1946431846599701145,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5448 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64 (1)\M Centers.exe
"C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64 (1)\M Centers.exe"
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\System32\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\System32\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
C:\Windows\SYSTEM32\takeown.exe
"takeown.exe" /f C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /A
C:\Windows\SYSTEM32\icacls.exe
"icacls.exe" C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll /grant *S-1-5-32-544:F
Network
| Country | Destination | Domain | Proto |
| GB | 2.18.66.65:443 | tcp | |
| GB | 92.123.128.191:443 | r.bing.com | tcp |
| GB | 92.123.128.191:443 | r.bing.com | tcp |
| GB | 92.123.128.191:443 | r.bing.com | tcp |
| GB | 92.123.128.191:443 | r.bing.com | tcp |
| GB | 92.123.128.191:443 | r.bing.com | tcp |
| GB | 92.123.128.191:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| GB | 92.123.128.161:443 | www.bing.com | tcp |
| GB | 142.250.200.36:443 | www.google.com | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 142.250.187.238:443 | play.google.com | udp |
| GB | 142.250.187.238:443 | play.google.com | tcp |
| GB | 142.250.200.14:443 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.187.238:443 | play.google.com | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| GB | 142.250.187.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
Files
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\4aa467d5-f73a-4c76-ae23-b1750689c06b.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
\??\pipe\crashpad_812_VRAISQCGDXPFBSJJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 79660864e482841fef7a44f557a25640 |
| SHA1 | b52899cb917f2a11916721399ab127758c43d8e6 |
| SHA256 | f3c9b74548ea9f117ea176046ad5a6f3e0203a83f73a970870c2fffa53ba7701 |
| SHA512 | fa291ffd759bee2cfce08659542f89e7f1886893bc90cdea64b91b4df2a74ccaada30431fb6dae0755d8e468f46be8354ef8166b79f3b9f04e863eab56d2fe05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f02b924b65c0945b17977814502b980d |
| SHA1 | 688546c71d21d27ac9b9b73ab48067bbc39c43b2 |
| SHA256 | 754db4a05d4e37bb290eeed61b2bdae41946846cabfd7529ba34dbf28d7b5790 |
| SHA512 | 97d7862286901560e320c0ebddbb29b5a3407ce01b0c9db226d14fdd94319f083f838d9b70ed98fb4530a466e97017d45211873f29abcdc71aabe22784d0dd86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 36ff24e6730f9d8ef0f38f787a57a1e5 |
| SHA1 | b64b0dc7f52704725e7c4ad5dc011c2f9acadb76 |
| SHA256 | e2cf77b385fcbef13a8b94ec6deb4b79b39b9c20448aee600311a71da47a3914 |
| SHA512 | d1e13b5cbb7892b25de129f7db0e18ad89315fa15500af6a382c2523aa48c2255f0d6b1f88f68636a5776bf4e5710a8739f8dea16aa28c4adf421d1275be693e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 445ab172b0ee25ce7240f4977141c15f |
| SHA1 | 102b680c9465f301208a8084cb334a2d2d670805 |
| SHA256 | e163f4ed426072a46fa2e81d44ea73846f00d2ee91fc7247b791762f77cfefe4 |
| SHA512 | c6b5a1f35c132f491856abd398c52fc238f24c1e7db5ba3a9bc4689dc450c31c53073a1f365002d82bd620ab4c025d824f393882e5883e34dfbfd43394d9dfff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 268f28b9e1f47e4d17dc550adaef9639 |
| SHA1 | 2d8a602eaf5dec10b1b9c90ddedd34b8e5ced7ae |
| SHA256 | 7f486aebb9feb5d151568a1061fae96c5bf22e0d05683af57a5d5cd268d83594 |
| SHA512 | dbbb95ab7f89d226b76c26aef033cd8fc9b55fe039c03dd325545235656208e7ba38714bcddb5ff12d06f48ff1a20d4a9f43d9227cd12f853aa337a02e4c9968 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a401691ab044e7f9da16b8eede469aa |
| SHA1 | 9b0497167e9a9e7ba923fcfd849d55ac1d453220 |
| SHA256 | f5f5d2565acf10a479457ca9d0226a44a8177873c785cffe2c8e4c54f3347a4e |
| SHA512 | 33cd402a634768ab500b300babd0c651f95f6e1a02e0a8db3fbf7f8fbcdbb7f261b687d4ff11c49488b5509d584233e94ede3529739bb5f8703a2df6e83f3d50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1a713114681d81ef4384f07c45136f9e |
| SHA1 | a3171991da5aadfe76a8aae20fcda32aa3757598 |
| SHA256 | b9f1bfc7ef5e9b88d379b09c37400f2ae96ee843b16fa5a126eac87d104d9f53 |
| SHA512 | fa6e30f245701afe1cd4a2cdc71af5d3f9f2e866318da91d1f14e20664ee66c8597affc2d91f951922ae4dca1d6988bf0093c4a27881557b48f56d1ef07c6316 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2ca662910e625465fed97abd97c07643 |
| SHA1 | ed24f6cacb8002a985c1e0efd816900b8465c004 |
| SHA256 | 179a59257979a4d15b0f6b58f8e7a20064480b59a0973d2718f8a62eea38784c |
| SHA512 | 69fa6bd7d0774e53ac585943d6b70c67996f18c0e62fad953b2dac6160f42813f191ad1a973f1a235d390c851be0e0ff223f47a3911c60af7370636df63b90eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 193e69a7c7639e16fcb3857c8607ce2c |
| SHA1 | c60af98b46a2d73ef872fb2bd9f154b39704a608 |
| SHA256 | 57b3d3e47b7aa9ebbd125c8f73748c3f56d489cf894d6e1f76ac7b32fe30da51 |
| SHA512 | 45878723e4e1dc2057a81a722d197ee81b25d12f2a66740580cc71447a04a942faf08ae47d46ff002768d1c63833ece8b3081df5a664c743f9db23a9d32d0ee4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b006fb0263dda35600214637574bb3e3 |
| SHA1 | ab34e66ad0172f55804a0c12953a6fea70f0d2f3 |
| SHA256 | 709a94004072fd5157800b48a05cf137a6d963caed925de8122f826f76981282 |
| SHA512 | d6b2ef6eea7753abce5c23a234907288928fb4cb9e9f5132cce5ee073151f8d730ec34d332cbf6783ea7713d17d77cab16377a455bcf31eabf792c6c7cc5ac73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 75fe95bfc7fcd0a0c7865534dbe0a1e3 |
| SHA1 | 7963feb3e6319c56f8f429d4d4f0003109fcf1c2 |
| SHA256 | 3c65b96e064ade815ab15814abbbc733facb2cdaea5d844bbe25d3e8cad8e432 |
| SHA512 | 9a7863f6d89c25efc4f19ee81d413ac4fd20099186b715ab654ae237e71a99ff949471749eef002bad6dbf07ef46807c7ff9bfb1f93ba38771359d6aa5497af5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a3ffb62196398b978402537642c7f7d6 |
| SHA1 | b74fdea6ccd98deefaaf91f4d4e6ec1c8e34a1bc |
| SHA256 | e50678db7dca5cb44d839cb538257e22f8b7f7bf1e4f20f68e9c2383bfd30ea3 |
| SHA512 | c0000f0ea69331814d247cfcb5e0c7aecd0dadf38958c47bcb8e340fa3192bc4f4e219aca7223015c6ae4fb4e1fb061ebeee82f6c046ccc81463f8dc33998b46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bce826950b7a50e4c645bf3dceae1999 |
| SHA1 | 7008463bcece4f6a7d47a9100f4dabc329b28412 |
| SHA256 | 5e93283913fee1aea97c564fc24dbfbf044ff6f659a52815fbeea72376195022 |
| SHA512 | 25d4c528b94eb0a67c05923b22ddc2f0a09d24a42698a16aa3980ba124265fce3e05577e0e4b870f37f894015bd1880fc59645427b190e7af6a4d5221387eac3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ac78323a0c2dad50bbf47c354863681d |
| SHA1 | c17c1fb0299e5153bc259e3b5e32c83a7426eff7 |
| SHA256 | 41d4fbed7b70279c74560cd1e652071b15c5d8f7700986b64294f18bcc87d451 |
| SHA512 | 7a2e56db2a128968a2222a2ba9e3cdba2e77024304c094ecd1614c5ba776bd529e689ab820333cb58095474a9254f6571e79244d0cc2e67575533ea565463d6f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a91b6e475b9ab869004046cf246e05f2 |
| SHA1 | 4facb92dd54870e4c89904e1b52e1159ad777681 |
| SHA256 | e14eb9deed922de5a44f0895a0c4b07c690d6947c95d38abec5ddcb45e0c3141 |
| SHA512 | b2546a52747b32ed50ba4e169d437bc9cfbf5c512bf2c4c76c379c7c18f1b1a117e3f8778af296a91f66728161347b5da95723c2441441f905396056502fb2ca |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022
| MD5 | 45e79c6885617d804b3cd32374b73c35 |
| SHA1 | 4fdbff28617c4a42df7584767bb55970cc071411 |
| SHA256 | fd7af6283feed5a93d769d404bfc3a6f1f8361823cbb51d12a9ee9a5640ae654 |
| SHA512 | 36ab5eb3f2feade7bc8245c9e02ab2885d89d1016667b296f1fb7c0b55ba8448a82a42a6ebe7bb19154e9f27008f1b1fb48d9571572f218714400c582489a772 |
C:\Users\Admin\Downloads\M_Centers_8th_Edition_8.0.1.3_x64.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8cb4907391ce6ddcbee51b1419783846 |
| SHA1 | 8aca00852c6c09557c2d2edfb3b2e4a5c8672e06 |
| SHA256 | 8337f0c5047be70d66d84a0e2b08eea815ea4d71586c6b8ad2d6e6c4d686eb3f |
| SHA512 | b2a58703210bf6ff69be96420bc4ac50a5619233d4cd119a90130d86bac8fbd86d62dcdf08c9d7aef869a64202ec269c7b19c8aa056893b8cf4807596f1449bc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 70e1dfdab536060ac56a488cc373d6a2 |
| SHA1 | 2d0300b2fb759fec060722c47c2658613bee6dcd |
| SHA256 | 61e8ff2de7d31438d2ec87c47bce512e1a79bce0accaa42762b814ebf566d6b1 |
| SHA512 | 09faad17706d399aaf06b762462d240782c2fe881b8d7dfe007f0c887469d21ff855efce3268b3744e571702bffdb53d6d8b4cccace9596a15a11c4b0f275ee7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1f66372e033e823c67a62e0bbc3c01b6 |
| SHA1 | ead147c087d03593225091c0cc8c251b17305515 |
| SHA256 | d64505bae2d13b2da5b44f48e5668cba06038199436eff47484a6e191ba17a34 |
| SHA512 | bb14606f74c5372223f45a5ef680e96199f26467b3010856ad3809fff91147a2e0e732ee0b52eb3d3ac74dc8a2b2b1104cfbc85c7d2c005678795425647d98b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | c917839bfb16e51d44b1a996ee2912b9 |
| SHA1 | 37e1783eb91ca8517a1d8402041245163f71dfb3 |
| SHA256 | 2e688505f1783288dee2a7aa3385b4c98fd50962370ee798b7630ab5415e7d35 |
| SHA512 | 27b23a361ae05a42442be1974c2bbd63ccba09336484917d343a47efce5d2c30b2a3ccd7ed47eec841af571aaf6cad13c86e9c53e7054cbc9fb441991f8f912b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 316dbee55f1503e7dfa2ae19eb13f205 |
| SHA1 | 82b20be8fae7e3d89634f4d98330b05e1da5fb77 |
| SHA256 | ccc9ce4deec97bbd80c1bdfcefcceec73cc38d28246ef3fcfcca074a4b4ed90e |
| SHA512 | 93a6e14dbbc7a546a6492fc1e0be16cbb5de607fdbe68572ae1453a0f8d74d0aaff2a292caca36df7100c96754258f3015948e16ca31771ae03f1815f0b61968 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | f59316ef503ff9498912a0771f9a2fc9 |
| SHA1 | 216cd1d6b6463ae2625a8d5201d2915f7b63c1b7 |
| SHA256 | 21016fc73f6124c1ff725aab288725b7e28b717ac7f46774cd1da427b5d263ec |
| SHA512 | 9c7ceedf7423d4e3e7d270b66fda970a3ea6f60f5cf9349946086311598121915054447e4f8513f49491309f7bd16129fbbf784b77bc822ca1627bc3e94aba0e |
memory/3472-495-0x0000019FC7700000-0x0000019FC78A4000-memory.dmp
memory/3472-496-0x0000019FE1EF0000-0x0000019FE1F2E000-memory.dmp
memory/3472-497-0x0000019FE29D0000-0x0000019FE3344000-memory.dmp
memory/3472-498-0x0000019FE20B0000-0x0000019FE2104000-memory.dmp
memory/3472-499-0x0000019FE22D0000-0x0000019FE238A000-memory.dmp
memory/3472-500-0x0000019FE58C0000-0x0000019FE58C8000-memory.dmp
memory/3472-502-0x0000019FE5940000-0x0000019FE594E000-memory.dmp
memory/3472-501-0x0000019FE5970000-0x0000019FE59A8000-memory.dmp
C:\ProgramData\MCenters\Methods\Dll\22000.348\x64\Windows.ApplicationModel.Store.dll
| MD5 | ea7d3effa3755dce712f27adff164c0a |
| SHA1 | b3fdb8f3ed4d5f9beec2661e59ea731a68524a68 |
| SHA256 | 2f25e695db2801b007fc98eec523661e6e44237b3b097601a7d64a67df4fb342 |
| SHA512 | 9f5dc04c567e76c3d4aff030f4968789ae0db95fc6f11dda30310df273471c18cd9b09fc1704156b5565330035e064cfb34d6874d05bddd1d51cf2bd95004388 |