06ddc77b49aeb6463876fe61d9a6984144eed475e660f42a2bf2ed86107d7f30

Resubmissions

01/05/2024, 05:45

240501-gfvlqshd5s 5

01/05/2024, 05:41

240501-gdkczshc91 3

Analysis

max time kernel
222s
max time network
221s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
01/05/2024, 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PVBLOODSTRIKE.exe
Size

19.1MB
MD5

ea9d540b5b598cfe39c485f7b9024428
SHA1

ab3417043beb894a81c554c3a98db4ffb1842d04
SHA256

06ddc77b49aeb6463876fe61d9a6984144eed475e660f42a2bf2ed86107d7f30
SHA512

f140958194eb721491479166c01ec34944612758406077a37c066acf44b458c80d2f6501f50865cc226a65dce0967bbb0ebda835d71e419cc9f1caba19c0d08b
SSDEEP

393216:hDw+VVoZPWZQ0oNEc+t4xxJ6bX8X7JIBiDQd6lfFAHb:dhoZ+ZXoNP+t0AbX8X7qcQd

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590159656938770"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
432	chrome.exe
432	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	3212	chrome.exe
Token: SeCreatePagefilePrivilege	3212	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe
Token: SeShutdownPrivilege	432	chrome.exe
Token: SeCreatePagefilePrivilege	432	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
3212	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe
432	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3212 wrote to memory of 1336	3212	chrome.exe	84
PID 3212 wrote to memory of 1336	3212	chrome.exe	84
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 2100	3212	chrome.exe	85
PID 3212 wrote to memory of 3712	3212	chrome.exe	86
PID 3212 wrote to memory of 3712	3212	chrome.exe	86
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87
PID 3212 wrote to memory of 4880	3212	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\PVBLOODSTRIKE.exe
"C:\Users\Admin\AppData\Local\Temp\PVBLOODSTRIKE.exe"
1⤵
PID:388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafd03cc40,0x7ffafd03cc4c,0x7ffafd03cc58
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,14808281058722570063,8608578227428535870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,14808281058722570063,8608578227428535870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,14808281058722570063,8608578227428535870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,14808281058722570063,8608578227428535870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,14808281058722570063,8608578227428535870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3108,i,14808281058722570063,8608578227428535870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,14808281058722570063,8608578227428535870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4504,i,14808281058722570063,8608578227428535870,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3532

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4996

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3056

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffafd03cc40,0x7ffafd03cc4c,0x7ffafd03cc58
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2036,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1836,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2276 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3112,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4972,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4420,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4820,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5048,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5008,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3364,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3524,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3292,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3452,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5144,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3488,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5284,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4956,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4760,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4572,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4432 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4432,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5324,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3356,i,3885275596352441475,6493514804159671048,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3816 /prefetch:1
  2⤵
  PID:944

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
28ba20b20ca1c456d31d9d2ea559f7be

SHA1
ea7716ba0ffc9c16e45fb429c015665721b7a6ea

SHA256
a950559606eae8f9d226871c25aaa3aaf28390e69608044aa1fa2a9a0aceafaf

SHA512
2ff32047b708c5d0ed7e297431c4e1887e16d7b6234ca8ac50bbac5be64c73182cb3f422ace7efee310db34e4bd4ff047e70c93363ef670abc1b93d992c83b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0af34dd43893b315338cc4e1996665ba

SHA1
9a5ed271c8e0d8901a62ac693ab0196c82b7ad85

SHA256
df702e0f4b70384c56bf818505ad803350e5491a6a78282c70cf1ed346bdabea

SHA512
7e25dbeb4488dc4fae16ee9cb120172e7d57440328078ad577d2369d1e7ecd9624fc14344804e799b65602f9c41d87eacbce64a5ff9adec7aa4b798c971081e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
6023f989fa908679254611b2181ca51f

SHA1
7330e77559d626be4a6c165e2e30e73cacea8180

SHA256
e8ae29578e97a3606a9869d700dc6cd28f0398a895bb2e208193bee802c9d391

SHA512
ba84356ff9c0bfef257a25f0d6425e5321bc8eea921bc9443c4c662e85ff9b44b7841a10c6082ee71aaa18a70e01bc992d1bcdeef332fe96fce040d598ebebc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
743866fa539197f24444b84d92c9ce49

SHA1
d755e119f1ee56cb5862aa9236c6d9d421bfa0b4

SHA256
26a673e1221bb736657ccc8098120eab444cd416a3be0ed06a4a80dc1ca24025

SHA512
80ba6e9d961b957f8122bfdc9ad48643b59e4d95245e075cf6d8bf1ceebb8977c130d3d8d97aced4f8d58a2253b3ba08202b2e9ffbd497b62ebeecbb26ae7a07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
4a571f33475edff9d07c441f25e3136f

SHA1
c638612a1f5c9ea917cfe44117eaaa432c24aeca

SHA256
deced18f05ca32738d4cccbd4f98f78819a0010c3956b33f246e3124dcb3c4df

SHA512
a20c4d95cc654f4f34c716c3a74deea60c62af73259872b68331a178c77cd6984ecb06bb2efbd4e4de55fa1213a71bd7dedf5e4656ca7721835b7b6c5b0d16f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
899f3c77910afec3ebaaa048641c7e51

SHA1
10d87fdc288af669a910f3cbbcb166b2cab6132f

SHA256
2181c835b5b5b1c920c301722a39f03dad1d1ee46155b4097b9bf41baf595aeb

SHA512
b1562f3b6c2eaca1e81162ddc8e1e179692f7a26668b909bc0f726253a6411bfbb08de8078572144be6c1fccd347228b8caa58e6a7cc859e10428af8ae67fcca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
330B

MD5
da16ff3d207730db2967860666b053a9

SHA1
06a8d2c19b3ff61fe343c98e351137a693fc8530

SHA256
d86237deb52a1159a68d7a4ee6730d83eece75ee2b98e3ff7cd6e0b9591fcdb5

SHA512
6b9796241010bd8861c6eb7928c8c5d0cf4c47c8267e981bc25c3c8b4c261f4a7b19d40b762e9dba15a2733ddfa9d3d5082f1b4a8073ef3fc65acceb4fa7388a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
2c05a861f97080f5d011b778f546b1b0

SHA1
f6a4579864e6e794d304374962e824ca5632ca31

SHA256
fdbe2e884550f3ee8b93c2af163a2a817ae8d03c05ae049cd154f59a7becc3e1

SHA512
c8c67e8ac155fb636063c6f163f436ba28797a7d37a0280d56fbd1c4e4c592b569a7cd885bd63a4b0ec2fa872a1ace795d2a28776d35c33e8d651b7651aabf87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
b4eeed8398cbc28708e8ac1a8664a69d

SHA1
1ce7aa59b2f4405999458ae69fd1d7f611fa839c

SHA256
a31c2476d51937782e5e95b08fcc1a6f6b5b41dbe2dfe03a9fb9f4f5031c9687

SHA512
8f35b43c41442e7471a36b51bdf7831b4dc897684e824a91b314231a3f7d93a9edf381e2a9893b0ce89d964cbdf8daed576b9d09deb7d8a50f2c3a4cc7cbd6ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
b1e9426960c2f70061d9e4b17eaeab9a

SHA1
8c37c3d8863f3b3d41e9bda7aeba614f364a6208

SHA256
d45c74719691e965645ccf3bca391f09fc35469d396e05ffab5b79b4176b20c2

SHA512
1e8ec2c978ff0a4b3e22f45403cc1f6b0ca43467c0e6bfba73bdd7e89764110d58cd235758a3a05fc94d406a972650979ed3c783189c78c0907ca5ab0106be6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
498bf7da05af81fcb9272b338ae6ccdf

SHA1
feaa676d444c1fba8b2a2e8c156639c70d8db6ae

SHA256
29aa318b342e022660e1a8ce298e526ecbb6015e0b586f85791477a0a338acec

SHA512
c91d389a9701564c12ebe565b3310ce8215a2e8b3a6eb72cf2e33c942357a6ea61548dfcbdcb28b7263418b27a1c5b28a136179e3bd17078ca845b44ee6152aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
d35239dc6e51762f6f1f16c35dceb8a3

SHA1
f10223b1560ad37b9f1adf7bf31260f9cbb7615c

SHA256
3514c66fe040c49893e54bb9b7eb8efd95b5b8d705cdfb6d42284001f295551f

SHA512
ce31e958c33a3c71487b10227456ae108de83b8c9980b2b69a0cdf5634c2d29560fe3f5907cb94b7fe228fbd9eb3dbbe6efedcb54ec38a1995da09f036dea414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c7caf9ac-3522-4e85-aacd-9e8126b907ad.tmp

Filesize
1KB

MD5
bc6a79174d5e3e52181ec9cbeacae4d7

SHA1
36761568b858a60ed1db5cb0dd49c5fa5b606a0d

SHA256
061c373a2a0bbbcb21870a8c96b36772ae0366efb13f42d29fe64677f4554fe9

SHA512
f61ec8ae321d61084bfbd1a7cb8f8946c3da44a6a557cb634bf08a68bf2b0bb0224dca2fd4079e7400bbdd39229921f14d2b56a09edac0fb989147c5f7b06ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a043aa032e785034a6f337f465e1c548

SHA1
00bc312053a57b25e4c4b8f9a7f53d5837109502

SHA256
29f6eb05c0bc2332a083fcfeb44df69f296c226bdf24507b2d1bb62815af6023

SHA512
c6446053ac3cb799f9e531e461ebfbd54ab27e17ea952d81144c717f535b90a5539185aad488fc7bf6a98d9eb543fb168a577617d895a5b832856c48508ddcd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28548553830d93035d9c1b5d46e59271

SHA1
1e3b76c412de054af4ad1de4e31d72d71dd900f7

SHA256
5e84f3f15a133be0ed7423eecc54923b63111edb1232bb9a21abe1ffc2c5513a

SHA512
913e1b98a31f5a72dabc8e5e657c419c716c80b773cdc8f9c1d0499000a0a302db6d4655a8ed520aaedc5be8cf28634d65033b005fd1943e719c5c834b265d1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0825d5c6782dc663c4bdc719fdc76893

SHA1
a27d1045bd1258f5f6b8b4e80069c6c235446509

SHA256
6e67c77e0c402160061ba34ab6909d4b0e5f1b352e1e074576d6773c208f964c

SHA512
f5c7c2402c56057fa1a4cb91c7fb1b2dc4499949d860ef90945a91d00a002171a54fdb0995305c39e57c2e93c1197b262af81e3901a0dcc054e09901b76ad44f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9efb8fe85b4148757c5d143f2b001b7

SHA1
f2e038ad00bc77bba9cc96515839dd59a495dbc8

SHA256
8a3df7c7dc481f522425acdc49fa41d72c83d61fe91452f527a3621f0b4d9acb

SHA512
4596e88830b8a8661f2ccf73dbeb7893fd634b63d1c9f1fc8138aedc792a6178c8bc0f68f5b95755e42ca34297b91ae45d2dcf1055ccca695c20a81a9e9ba3a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a8d989afee797fda431d3c2a3824adb7

SHA1
5a529f890e6683c41c06cfc9368104441aa999e3

SHA256
6fa1ce1947f18d0304aeef46e4e4ccb98c379924e5dcb6fb3d9129693fed845b

SHA512
ff843dcc06b219af08ccf6b559c7b7854ce43dba125da45cec631f0e4b18d6b2ff83c19c31d627fca2b787e7de9d4469d69dc26dd4b42733d6c63159f3f8c062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3eec504a4962c482031fb8f477b09acf

SHA1
2261e060073e94b98216c6f682282fc5b74234ba

SHA256
a20f259d30458fcbf47cfb46667a974b670790ab0a48b5643b417f1fe55e925d

SHA512
cbea320eb5703147a10b6bce0861f12c68985988ba7913ba4e7a415d10a20c515f094466a8f4aadff9e47e5f9c981c7a9c56ef36d60ef2b733ec00085ffa0af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0756749a9f8cfcd45776b010ab0746a4

SHA1
0797547c34f9a14552625ae5a4bcc783a57ce9a2

SHA256
af26c34dfd0ed7d24e07c9956af3120d3f588a06b397253d7d97a51a941ecf7f

SHA512
c0fb2423b0ac7104b15b625137be3a2f9613b7502ca5c54f9d79a2b556fb0a75062acf2713421b608005f9704e6b36cc9628422470a49cd4be15321ce79c6639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b600e9fd85d32f451955745457cdeea

SHA1
719a1e2afb8bada1940a76df2cd4ffb35f4232a6

SHA256
f00a123dc34b3ed6ad0f891ed08e53e14587dabeda903881ec3c718ce9a54aca

SHA512
da826c2c9e3620b6bf901497192af84624e61ef772827d8430c354dcc0d315545a3de4978af24fb13d60876c29a8c72e1bf985d512649b769848d798a43347c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7abe97c879967ecb8eda225b697e6a5

SHA1
b4bfd213327bfd79387bc0a8e93e2cb33bfa358c

SHA256
644f1c145e10b5ca4548c03a165ae5280a8ea9c12282a98ff9963961556e0699

SHA512
b1a5642b8cdc51fb841a87145eb6555c92d6df72e8a4cf582966cbbb60c6b0dd2aa1569b1a4569e63cef3831dd2beafb46369b929980fc20c6aaba818a4c3820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
64e95e771f77c2785917e440b66ecad2

SHA1
5f96aa2a059f60619b5e44d08d73197e4b3d80f9

SHA256
2d742c28b36851dc90c26b034bb215859e673e0d69a7b77ed1813cdab950bbfe

SHA512
2e019412b5f06f688dcfd8ea629c43983f371bdee24978352eb2a97d9c42f25eaa45f875bd29de646f1ef6404a68def33e1d2ecbec125939136cfd43fdeeeff5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
b049caa02cb9ac8fb09041fa8aba680f

SHA1
9c6d50979a5581f5ebea2811b5f76539e417f889

SHA256
cb3d3668abce2c223dc2062ca924fbacbaa213e0675a79260e59f5ca3c04569b

SHA512
3099cd34c97cdf3e255a63d2bb4d074473138207b69132343a4b66df826577422235f4d6f142b59c23780bfa1d864347ac0871aadbb9cfbadfd49e930a6d0b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
327B

MD5
a66efaa590a0d16b1874a35836ba0a4b

SHA1
bb750c61e162420271f89a90f2b58f43587680e1

SHA256
b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654

SHA512
2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
1827b99cfd3853d85ad0113b97b93fa6

SHA1
2dc2c8237ba6d628b80b64a459a3a0006ae05f4e

SHA256
d2faf7ae2b1742e73c7b9354946790ebcd7935ae99b62448dd5fa5d45516e99f

SHA512
2c988255b4c63ae18ba9fa1f631d18b762ec4cbb14b3f57bdd869d6fa8eacf2d607cca1647d5ac5abca739300974a55dcfe364c99bdbb9efbdf0ace07c41eb79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13359015964935940

Filesize
1KB

MD5
1ae0153713d14922092b2e738fd359cb

SHA1
1da83a778f81b28cbabaf7d610c60a89d4f4cbb9

SHA256
f2cc532d8084e172fb5b68bf89abfb1289d5ceb5308892cac57c2ed3e8f7cc57

SHA512
18f0d124431367a4ddc8b67b09294174ebbe8ab9a351cbd8028325c2fac3963b3999aca6351d3ff83135efa6dce355aa85ce7e36aeb090e0cb37e70975c00517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
0cf30b13b345035226cc353d4f0986da

SHA1
f6f9daa1a3b97bb04e59e164fcfad6469d648633

SHA256
e33ebb157f4693da186171b3ec5ebf40bf97f515d0456cff9f50e37d19c1840e

SHA512
c60b7a3d00f4a76f20f9f57541e3f09483e5174eb1ee9ea444e5138d55499e0c5f34b24912618500b8835e089206d15ef309f924def5bd5fb56bde2b5d4ec8db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
9974249f59394e01c1722c70ff026a65

SHA1
e370480513f91bd494abf3f014d6d14a95304ba1

SHA256
4e7f0cf1099069965101df130eedcc8d04d512e28de32bc5c2e8e40281ae328a

SHA512
fb19be47afd8b0e7bf1ca2547c71f10866bdb24e410c2b1b2ed9ea32dfbfa04e5855c618cb77ae91d3088c313eedf099548bbf696967a213b5de550b38cb5d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
d7320f4cfa2882dfd258a06641d7ce43

SHA1
8d13c546420b9025dd8e67b6b76bbc9352a8f5bb

SHA256
990c0c0b17636cef5ad41736e4d5aa397e7368271706e58bdcdb9e63a76dbcc3

SHA512
1d291a5bc513fbef753bdb602295ddc5d88df31b1562e4d3af2a03ac7615f4ccb68237e973ff97cf38d2b9040a890e51e2744b81f95567ad53660463d656d516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
7eea607b9eeb5c992322c4ad21b3249f

SHA1
4f2d681100971491fce80517b70c8dd71fac388a

SHA256
4363993f10c5ae1f15ab9773ef6e3ab5ee51b82237291ce9591d3156fe8b42fd

SHA512
3a64d69c940cd4ec47814de056817f4bb1d252006a78b0809bbbbf15e8a0159cea8c0b163a12901ac571e3304d32ea9e44e29a4ac68e5c65b23bb718bc34f6e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
18KB

MD5
2bab98621aca6681d0883cde1d227530

SHA1
384516168fe72367717ee557788776751443c853

SHA256
bcf497910d50c4933d8deeb7119dfaf8e9a1b287f8dd925ac78a7a6bcf206c70

SHA512
ad8da964d0fcfbb786e3c37eb179ed1cf0d74629ea7b02aa270b532e6c21eec68483bf3c04930e483b86b9572c02980b6d5c5f4826d6695b407480a1a1cc9b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
c445538a53f881cf38e4e0bda942fbc8

SHA1
662e1b9645b46f488a94ea137d69424fa5f92e74

SHA256
58d966eb740eedee3cecee50c72de85bdb91a8a59f9f028dddbee507675340f5

SHA512
9d86cc1b496fcb28cbb4dd5666e5843a863abbb1deec21a10947ee9eed2198e18ff3c897948ea05eb88dd3b7eeaa758fe5d09bb63e2addd926108d16fe4dbe74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
e73a81705db9741ca284187bc3b4c2f2

SHA1
b9cf5388f0cd18659fefc971c4d5b3e63c604480

SHA256
cf98812722824a97fc89cb41f00a2e023f8d887b006c20327b024a11c54f2998

SHA512
6bef1090088037e558a8fdbd640b1eb1b2d1b8d568c7f8f362ec3b90f883290aee512c6213b9570ad866e5d20c57c7f79f19c00ec98bf880b3ba4fa7bac73d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
f1de51384e20a500b0e93497eca2ef3c

SHA1
097bed34a49f2960f5e90fdef2c5b3a31a494263

SHA256
44af244e01efd0ed828f3bbe077ba5a9572dfcd5c9d8a54bf05e4e125dbba5c8

SHA512
69c6ba24c2d9437b29941d20a166bbf47681ef11941271012ad936871490998b1ad0cd525af1a52ce75550ad52b512d08f74b0ec44c105f17ad9ae54f2de6b36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
184d01a0d6f89013d6a391452e7bfe68

SHA1
c4dc94bc00292e27669199441dc0017566b808c3

SHA256
8c3f8b50f6cc6d0cfb38ac0c254b52eedcc0d20735e5b89a64b9ff193637a545

SHA512
eb2808bd035734b7ba3060e64034e5da0e01bb2eddbbd81919cc73c938ddea56de25fc154a776e20dd74674b394983c6269643368b4041485cd83245b3eb7005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
ff37749242ba9c4f9a14dea0a88cf4ab

SHA1
ccafa4e8aa9fcebc91a40db771d7b3cde9e8aee0

SHA256
4f1f3e181fa152d898ecf929c9e2b2fca35960f24290d18b46c47ed32520e003

SHA512
d9d8f4656f35c8889ac43ddfe552cac72b04b4d9924cd351a015ab4830efd54f4c3912587c1f18e44938d6329b7cc062bbc6a2fa4a223cca671b05f0b0341f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
3d8276675f0769004266a6cddf5c93f1

SHA1
429707017d00c5e426f174333aff3b754c9bcbf2

SHA256
0c7df23b48ea455dfcba1f29ff107a44c477f0dbb4351e1aa004c4ba09f56f5c

SHA512
72aa47225f6bbbacc8d9dc98a32d5139ca954c0e0a9993630f9c0488f05585b263a3f091608b900517fcb88a490bef71896c8d243b78da7e45ed3d20e264c9b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
aaa1d3398c11429309df446cc70a4b24

SHA1
426037d880450cfe67c0db4e8836d8cf67c3af33

SHA256
d3c5bb416732a0643cb435ce980e4cf7ed0d96375d6d1d866565ffa4cf5f4e31

SHA512
5400a74ad59ee80e11b97e884bedee53af567520b807e4c3c43b68446bb495a967e22838aeee4bfbf02486ec5abfb2e821c5165ab2b894a54e0d7eb70c7355a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
93149f413f41d89e4fb4a960058756a3

SHA1
8d7c9114cd5b7c2f7ba619420885d22ff79e1eab

SHA256
ac8626cdf0eae5324ab66c20692bdb35bddd9e19c6dead44256fc1ed6ff53367

SHA512
b00f291f3290ac3cb53c2b0d5dc97ebaf8302b5a00fd69f9d482742bcd76d67ebeb18af32e2f460745a974fc35c06f10b25462deae91e5fd17fdf02a72e1a380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
84b14905c9856171a1b050337f8fb4d2

SHA1
fb2b1bd0f0562c383e6dce49aa16aa49cc79fd1e

SHA256
292eff5b9e47b3886267d54c81ada1503faaf67baf6b0fee4f33ab3fd8c5a08b

SHA512
2b370ac6b9e6d1f18d22ef1105d75118be090bfd71295149260165be54da86f5472116aae40a2926055254319f3426960229f1c21be43e467a674daebee10613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
43746d765a1be5792e5ff03a74ff7e63

SHA1
c57a88ccb2b9f00fd3aafb7e3f126baf6974b6d9

SHA256
8f42ece7236cca6f038a2024a6fc60461afaa5840eadf973876d358e9a57b499

SHA512
751ee31cecd5ef3b4b3c65ec01418d7ae0df31366005421009f9b69b3ad0a903636a82169f1a68c287d4caf730101ce4279a25094e0e35dcf3143c9394a97633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db

Filesize
48KB

MD5
5a1706ef2fb06594e5ec3a3f15fb89e2

SHA1
983042bba239018b3dced4b56491a90d38ba084a

SHA256
87d62d8837ef9e6ab288f75f207ffa761e90a626a115a0b811ae6357bb7a59dd

SHA512
c56a8b94d62b12af6bd86f392faa7c3b9f257bd2fad69c5fa2d5e6345640fe4576fac629ed070b65ebce237759d30da0c0a62a8a21a0b5ef6b09581d91d0aa16

Download Submit