d72f9698b167953faba47d00d817412c212e39d2aca60dff25ec01e98f6081ea

Analysis

max time kernel
149s
max time network
161s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
29/02/2024, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

livebot-win32-x64/locales/pt-BR.ps1
Size

405KB
MD5

0d9dea9e24645c2a3f58e4511c564a36
SHA1

dcd2620a1935c667737eea46ca7bb2bdcb31f3a6
SHA256

ca7b880391fcd319e976fcc9b5780ea71de655492c4a52448c51ab2170eeef3b
SHA512

8fcf871f8be7727e2368df74c05ca927c5f0bc3484c4934f83c0abc98ecaf774ad7aba56e1bf17c92b1076c0b8eb9c076cc949cd5427efcade9ddf14f6b56bc5
SSDEEP

6144:Bm1HqF4Znh9GzBtNBXBLd1OUDcpryHF55NJND0bsRzlb2:UHrnhMzX5PJB4sRxC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536573821935415"	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4040	powershell.exe
4040	powershell.exe
4040	powershell.exe
5064	chrome.exe
5064	chrome.exe
796	chrome.exe
796	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4040	powershell.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 4084	5064	chrome.exe	77
PID 5064 wrote to memory of 4084	5064	chrome.exe	77
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 4388	5064	chrome.exe	81
PID 5064 wrote to memory of 1404	5064	chrome.exe	80
PID 5064 wrote to memory of 1404	5064	chrome.exe	80
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79
PID 5064 wrote to memory of 3292	5064	chrome.exe	79

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\livebot-win32-x64\locales\pt-BR.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff2b2a9758,0x7fff2b2a9768,0x7fff2b2a9778
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1864,i,17573421034042085493,6502237166408726123,131072 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1864,i,17573421034042085493,6502237166408726123,131072 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1864,i,17573421034042085493,6502237166408726123,131072 /prefetch:2
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1864,i,17573421034042085493,6502237166408726123,131072 /prefetch:1
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1864,i,17573421034042085493,6502237166408726123,131072 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1864,i,17573421034042085493,6502237166408726123,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1864,i,17573421034042085493,6502237166408726123,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1864,i,17573421034042085493,6502237166408726123,131072 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4924 --field-trial-handle=1864,i,17573421034042085493,6502237166408726123,131072 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5000 --field-trial-handle=1864,i,17573421034042085493,6502237166408726123,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 --field-trial-handle=1864,i,17573421034042085493,6502237166408726123,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:796

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2df1f9cfa99f60312e99c7f05c385cbc

SHA1
3c5169b2edbaf7558c812f62f9058c60ea19486c

SHA256
1dbac0acc109eb58f8da7b46d46be356d39201e45227237923fc800b28356274

SHA512
ed2c650ed9576834d4e6ed4704363f5e3376a66add807d23e7230626b42b52d17c9d88c03b9620eb1cb430e229c78ba94a82879bdbd89c0f803c4e6863d22dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
d4239a89f612f11cf8d0b61f8644e8f6

SHA1
80f8bdc17c3515aa09ca0d684df07ae10453e032

SHA256
5b38e018f8bab5d0ad4e7e36fa5e27f0aa9cc69c9e38543fe237ceca10c22ef7

SHA512
f86c1ec1aacd70d7979c1cf0830859932dba996f87e35ca814427ec6135391375da0dd5a7d9c11a0556092fd46ac57843f7e35be8c8df43de5da704eb5cb14a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2ec4a3dbe917006a3d564d287e0f64ca

SHA1
1b6e6a1a64a2e9ecbf97b77766c2a13f3a7d310f

SHA256
83a2963db75af71fe7390588806eff8198fde65d5151a78289ea87d2e0637a84

SHA512
23713d10082e509db788374e6ec12fe7a6bfbb6affded4ca3fa5dba967172bb8efb825405f0775f0e8e688f3fd8024353cce8c0d3c7659a6b1e2fb29cd6023a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7882d974d625d263a5361040ecb277e7

SHA1
1ed170c042734d0cbb92c7c909aa102d237f30d7

SHA256
e96347cc4034be4d11703f8d7f363711cc8bcd19894fe83b635b6e517ee5869d

SHA512
1647fe92de896001a7764cd6224ef3822a35224175a15f5665160d07cda53d17d0153ea662019b7780024ee67a7e785db1b673f324a0222dfacae5760d961ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
cc36769bb676bb53791524021ad3e540

SHA1
a0f70b05f18cdc7c7e7692598515793cdee23de1

SHA256
5e7fc8d7c5cf67127157b29ccda8cc7180102e0831139db0aaa38cd979e32381

SHA512
b78ff59387e3457f218682396df7606f2140b3ca8f3ba2a786ebd97dabf8c45530f48e793fb9cd7e2fb03578bae726e1b3afc27e925c5e8a3556205836b228df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
35399f6e18c9a259f7de0fb6f0fa0841

SHA1
40cefde74e0904b4ea4c53ef5f857e0cd086f271

SHA256
d227d337b04b54d20a23b34ef9d818b1db506fab5b2cbfc7ff898eb200c1ee34

SHA512
bbaf8aafde2695ffdefbda97d0623d4b74f1e9127806334e48eb16637da5fe227df5255fbed23e959313fa293596744b3eafd4a8e45af48e3aca240b6aedc691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4cac3de45f6418756596a43cba6436ca

SHA1
a198cb9010e983700c768f00beb3e760422c7e5d

SHA256
14924bc6c3d4373e44af7e67f2b248b098f56be93ec6e4272dd16e0928e8f8ba

SHA512
f3055339ef98c51ad26b6805681ed8f143ec2788ea5f044a3e4c3646edb8d29f24aef713aa299b31b1e4d1feb58365f1169a72419e58fbfee85b96839e6f1839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
88a4e90759b306bfb68498cdd5b11f37

SHA1
cf47f4ef4d9723c018b8c5b65fef84d6a15b360f

SHA256
666e06d37e7bdd894d064d7aa5b7cb6564109ca7818424391caa12f208c1cb40

SHA512
bbb60cad62decad6b2e001e6bd29c03af9a7c58ebb712e1487088bfeb6f3a93687e3258c7b51159e23860bc5fccdd71dcd7fbc4d377060c6d7b094bb8205a122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a045248d68c680cc7a12b9f4cfb25c05

SHA1
aa68e9d46a0c6734b16b4bb5217d6f08db6d77bf

SHA256
9964607e52253f17fe2cfc52e511d450fe1f6ccd5df6d39bd46067dc26ba6ea2

SHA512
749f2235e8fda1a7fa5461f32e401723c67164437b49def47820b090d7e19e63569204cf24083531791dbcef22ca8e5eebe629d8429aa0fc1dffc0e21b145976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dc6404ca9d8595a453b29da4b6729959

SHA1
785f16339e515b6264c3cf8db9196b58402f3afd

SHA256
13429392923717950cd0c32f2cf96b84506d1f98133f9f34b4d07938134c2356

SHA512
c66c8bce887587c05670b2145187284ad084f4e14fd19c76be6e2f6720c904971f17487e68c3e987cc54aa84cfb31228758bd876c6c78ae25c986655bcc52ed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
b6fd4e9304abe3e4a9387218d909b615

SHA1
808cce62566291173119ef9c81744dddc8c4e052

SHA256
0c6b8788725aeb42a644711a3c4230edecc846b7df4b8fa6589b60991857e43d

SHA512
9eed2959918f3f2ff8901e833e4ed101ba5831093e65db2e03f093b3e451e498726b722687761126003afda5f534cdd7180456ad09eccab9d9260f5cdaca78d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
17fa2e734993e2358d91fd076d8d1fb7

SHA1
69a3f0b18f46410a7726277492a08f3dbf2c8dc1

SHA256
b706b2e904629979988963c9ab43c76446e53ce5ed7d0ee8307373fd1f2c2be7

SHA512
012f7854a3d7bdbafb4ace166656bb02b6a54e4799a07ce4d5125c2c9d5f15a113229d5b94bd9fcc248376ca237e2a6cdcfff77e555ead49ae5ac6a9a0d815e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ev3ynnx1.ith.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
memory/4040-5-0x00007FFF1B800000-0x00007FFF1C1EC000-memory.dmp

Filesize
9.9MB

Download
memory/4040-35-0x00007FFF1B800000-0x00007FFF1C1EC000-memory.dmp

Filesize
9.9MB

Download
memory/4040-31-0x000001E177F20000-0x000001E177F30000-memory.dmp

Filesize
64KB

Download
memory/4040-10-0x000001E1780B0000-0x000001E178126000-memory.dmp

Filesize
472KB

Download
memory/4040-7-0x000001E177F20000-0x000001E177F30000-memory.dmp

Filesize
64KB

Download
memory/4040-6-0x000001E177F20000-0x000001E177F30000-memory.dmp

Filesize
64KB

Download
memory/4040-4-0x000001E177980000-0x000001E1779A2000-memory.dmp

Filesize
136KB

Download