52f04b0fa4e2aa0fbedbdbdc8e20f25e9de7a172eafb172480854ef47ddc4418

Analysis

max time kernel
316s
max time network
274s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Saturn Free.exe
Size

4.7MB
MD5

5ebbff32cd271248f587899164286671
SHA1

b206a1f2a2e369102b596f41beba835ec1d9d6a8
SHA256

52f04b0fa4e2aa0fbedbdbdc8e20f25e9de7a172eafb172480854ef47ddc4418
SHA512

419b03eeabf7194dd7aa9956ba82b37e946c778f6f17f15fb16c924c847c40f16e9e820e2221941256823b474bdfc34ca6088e4f1b30878eba12b4e0ec1f620e
SSDEEP

49152:Ht2jMxErQwtL7eDn2Dv7p9VgzcoIQdasS+nPCgCV6FZUFMOVr5SOlzddrI2Ye6Xq:ZxdYv7pbgPCKFZtOZ5SWdd1R6Ym8q3N

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611164171629937"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
5004	chrome.exe
5004	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe
Token: SeShutdownPrivilege	1816	chrome.exe
Token: SeCreatePagefilePrivilege	1816	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe
1816	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1816 wrote to memory of 724	1816	chrome.exe	110
PID 1816 wrote to memory of 724	1816	chrome.exe	110
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2804	1816	chrome.exe	112
PID 1816 wrote to memory of 2320	1816	chrome.exe	113
PID 1816 wrote to memory of 2320	1816	chrome.exe	113
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114
PID 1816 wrote to memory of 4264	1816	chrome.exe	114

C:\Users\Admin\AppData\Local\Temp\Saturn Free.exe
"C:\Users\Admin\AppData\Local\Temp\Saturn Free.exe"
1⤵
PID:2388

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\Saturn Free.exe
"C:\Users\Admin\AppData\Local\Temp\Saturn Free.exe"
1⤵
PID:3632

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:3692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0x9c,0x128,0x7ffa4a47ab58,0x7ffa4a47ab68,0x7ffa4a47ab78
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:2
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3244 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4252 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1736 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4844 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3096 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3392 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2148 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=872 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4980 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5016 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5488 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5164 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5340 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4564 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5908 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6164 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6396 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6660 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4416 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5876 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4756 --field-trial-handle=1888,i,5642447899074065896,8463917001001090941,131072 /prefetch:1
  2⤵
  PID:5368

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Saturn Free.exe
"C:\Users\Admin\AppData\Local\Temp\Saturn Free.exe"
1⤵
PID:3128

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e4 0x468
1⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\Saturn Free.exe
"C:\Users\Admin\AppData\Local\Temp\Saturn Free.exe"
1⤵
PID:5916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\36a1955a-2073-4cb2-9592-e8ff366c692a.tmp

Filesize
6KB

MD5
b6be2d184d7b4b0e076e5b7abe96710d

SHA1
3375590142f0bb5358ca62892cfa6a0141fe4071

SHA256
740678c860606361cb39469bc7329b43ff5aa3b0e09309fc1f7b1ecf8e2dae98

SHA512
2c34179ce72bb307166201ebba42da634869650ed9fc2c2fb90bfaa4ef1ffbb0e12639b18fbe43d34d4122cb7771f0387d757b7c742c75ecf5d2f976b67d3dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
28KB

MD5
2e023a843ea2f5b2040177e389a852f9

SHA1
71d94ce3f9164ceab5bf7236ef71d527ddcee100

SHA256
63cde3a79566b37a672fde354b720d899536ab8269d7afb2ae2fe60179509e0b

SHA512
e7667a4d46a41332aba1ea4d5867143ac6d43be54532ff009a8a7d8bdc8e284488657619fed6db9f9c03b15e955eab53066350114f1db0b34be830d3fd4e3786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
54KB

MD5
806d1273f2a7702b8be593e82a71ee39

SHA1
189c8aac0f5c610949d81cc1f6e9ab72d47d36f4

SHA256
9e064a173bbfa4092fea520c8f39cba4767336400388792d52ea2d2084020b39

SHA512
14605c165d26e1a58dfb23aa1c59455e235d0d59b0cd3b8be2157962e364c4211e296c203ba19ac520df62b86f3a6c2822d828bf9dde090b8888dd43aa74a548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
250KB

MD5
cfba6ecf9db4655112cc400a9dada870

SHA1
b0e414bec21599505988b601c24427ba7b271d43

SHA256
090ef5053db9952f8a42eda3cdaea90a5e80966a41dbc2e6f39d95176b6f6f74

SHA512
63b7dbfbf409e67cd11d5c5cc2570d7006eafbb28b0cdba0ba4c432984ad3183575dbe2bb88c6708d537ae2e27f4e957600601d40debd95a8ea911198ba59772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
54KB

MD5
276bb88feb592f50e932df99f88920b6

SHA1
b07069dea37166a547c7ccf0961a16e3123b347a

SHA256
39f541fb37fd969705a5c75ef40767c23dd7a211b43445b525323449c22b0e87

SHA512
0cba951de19544e9e8896ba4b1d93454904af4259a4bd7fa6d7f988c9793de4deb6eb7610779439eec4f80a96d621a0d985b2794a076007059336ef3561e5e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
28KB

MD5
59f8eff1ffeb4078a4062754a681c32e

SHA1
304619e65e17f2d645ada5becfd3a811d462a5ac

SHA256
d1337cb00374453833e64cce10b1ad5a3c5b65aca5df4183aeed933032a1853b

SHA512
c63eba826088fab758dddc43e48e060cac8e256858db32a179fdae3c12c0faf21f7d681f01e06b7ace634642641cbdec4636fe8d01b52625c2b714ca8614a74e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1e73f572c7d4cd83eebf8eff1ed8776b

SHA1
dbee9f483dcfa6d0ebc45286f114e705f55475f0

SHA256
1aae7ac4a717c336af962a6bbe3f38d6886a7a1abce42d80cd458431f32c247c

SHA512
9cd30124f5a5a40a111a33d0f843f6fd63bb11ffa85093de6975463213618234dda61003f68bc88b78fbbaafd48d72d98a6a7bf905f3ae43e2ea2ade501ea77d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
0405c30b818e8995238f2a447bbdcbc1

SHA1
8caf24de8b4defee861014aedc988a136600b86c

SHA256
4807383e88e7cf140e666fee4a77cb0c3d55bb2c302f318d0abe5659868e70e7

SHA512
b83474a6a356a3611285ff6ff7c98da4367f371d87722dd29bc5d7103a4c34efd7ac29fa6a3bde2763831cfd122df4db230b098a291b9bfb30280efdd70d881e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8e4cbf54362d83d23ad238ab8642a94f

SHA1
27f4e8b6280396c66552178a53d60622822dfadd

SHA256
540f2f9109ff9d94342f5876b5fdf1bb0f06ee4daf22c7b777083c542a59734a

SHA512
1cf4bec3e3c8a94ec1fd7937d71cf691d213c0546ce1d31d6a826d6b8d8c664b091cea7ee61fcf30234bf4e50d2ac7d3f8f2cb3078332e571f769f289f29d31e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
f2328d9c163da4d254c52144670bc14a

SHA1
31c549753a06b2d38ae6b0ed88dc28cba4122d0a

SHA256
0da22387af10203f8f9c5b7714dbd922706273bdec23fb9320b79a789cf6bc4d

SHA512
383ab44f3779563e02d83f5479e659c1a7f900712f1e6415a3f5775f161fb046d05b1e5e55a68642524e76d2f14aff6a368ff447c7239ef86e32dc406d04780c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4fa8d47cf90c45198f1ec6ea27e8e8a7

SHA1
ea5b377091c1a1b5f072fe1b0ce2678178160886

SHA256
b154e878a944d05b22580ca17770a0c1992cae6d27e829c83d7cff2c84f10523

SHA512
432007172a14b40f9f8bd02871b5e2e2c08a3af50027c764f112229f3e2a29f8fbc5333bd46b4472fd1321ba3341296f5b787157a0f8e6ca48dd5c3bb09eaf1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
f11b8542de04ff956c485ebcf14e28d9

SHA1
88c29b28ece3a7e454738a4019674217b6803c46

SHA256
fdd64998d58f2952171d97ce4cde4944d536a322a76252fd4088462abfaa9b1d

SHA512
073a0b6b6a79ec5a5885cfb48a08a69e0796e3ac114204795ebb006eb64ec0bf8ccd509e197a1c1a2eda1da13f81d212169abd5e4798d421b30449d0f623bc84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
a07b331c4f6f4127314c1fdf1097df00

SHA1
d9dc4d1b51b4f13ba3fcec0c44b43616855438c1

SHA256
3186bac88475cbb213380a34d952491fa4aa27bf3deb241f9f9c508f63a9e6c5

SHA512
27eda1c78f71d487951c5f117635d746e2ab7f535151b81c5d9a6a1e38455eca4eec8473e7e006f2ea123d8517ad6130c3db5c7eab73070c312413681dafaa99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
67d5c6e639425207161c1114837d9056

SHA1
97816ddd904cc917a36ef8dcdab9b03eb2530509

SHA256
21f38e84768f438a171be07e356b9e2e2afaf2328c32f42b64716b73f5eb2560

SHA512
b5da59d4fa5b3b36f775e7aeb79da5b4e70f05ddbfccf009cb6c0469b224e731d14777a168341baf7df577efc74f2decbcaa17025ea8369761218b3b33a1abdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
38dd8497232749b0a9e33a8fc5d80212

SHA1
c0930422fe71baaace5e3837f35bdba274de8e78

SHA256
3f60eecf981d79cdf530d640ca754e281173a1b936bb416811c56dc79a19a6ff

SHA512
5f09fd405ee0f2d29e3a3c19b3e77023dd1655d3b0b7373840ef8e116c71601b2d148600d6f75a320ed0ac5380345df7acfd1bff9692f96ce119766b9d3703b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
79349b263d5960f72ce719079c1e363e

SHA1
f3b964076b1a2daa5387ed63f36881e569aadaef

SHA256
cc540726bd31b8ccd6fce5097edf28a23b4d0bcb8e8ae59ea68d9579b5110a37

SHA512
39ad77f61e3a2766c57094785df5e43d01dca5fb00ca9f5a245f0ac78dd2e6674119ff4d6bb880dde91ea1100b99a83969b56077a5a8c4162ca05af6adab1876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3bafc0eb6234d97782658d9fe2f6a0ac

SHA1
44537070c20e7e52656646212f2711ec2bebe5ed

SHA256
4d12c1fbe6ff631bdceec493d52d50b653488666c92062148b2cfda51751f086

SHA512
b31d29247fb7440cf4cfc0ac5baf9805596a96f3b76b9da52f76ff9ab01637acd560c7d38f5d512ceca3e131cd1719f84fe63cc2df070576dd5f3f37d4e2d714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5a7d51fefd7a2e24fee860cdcbb755fd

SHA1
2bcbda16b00d424402655d478b200260ec1ae341

SHA256
374e388e31273502908fa5a0b65038ea6e05b0474c51b684708502a63320edeb

SHA512
228a7b14399869f0b15d6c2c1f7f1eb92201727350fed5b98ebf63320aee924260aa4cba70d17bf7a004b81cdcceeb0dd99eeb4b88ca22b4932eebb262da926f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4ff050abe3059ccf91d4e169f673c60b

SHA1
eccd729a576368fd6342d0e0fe810b79158c24a2

SHA256
4d8be54a398d18f04f36b3d810f6c27ac66aca419bd3aab22d6fce850c58f333

SHA512
895d7db05da2ea254262850dd639af75e50aff13927b92c3f48a4d22e409b4a9f3b52b114fa358ec20d1dc0992e524db8aa6ddb2dd52de9b644714e9c9d733b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a74044763549c6697d5c4c0630076ed8

SHA1
35f1a3af0c5b5c69514f759f5ee277366213df4a

SHA256
10a13933bc1e9503aefb7d262efd9e3bacd47075282ad11a3ea91cc61cde590d

SHA512
e61f29d65eadf6f1709ca3a0734316f6443a43fe8d01d234e7b0598a221c807d5bcd177e0fcd5887b742f78870fd52cd5e601f74e3a90a2c22a11062875fb9c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
0024cdd48487e1659dcb00abde2f73a7

SHA1
9fdc2095019070bdb10f2cb408f90805b3b8f258

SHA256
5e2425dbd98345d4b1ea605e689729c605f917017b58e2e28c932c9a39c7fb68

SHA512
353e9f03d0b73112c2f75d182303c759325681843b6c310f7108f5854dc106bdd244724b4db781979c6e660a8eae1a3ff3e95fa0cdf01245df5a2ba0a343fcf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
b4e5699b68843247f847fb319db14f60

SHA1
cf9f5094e595b87dc1b4097198a86a17b8d9f76f

SHA256
fc5b275de934906077da465a5354d1dca50806562e3cb793be4e289090303de3

SHA512
968a29db1a605ec3227cfe0599e3b0227b37fe6e5cbb4c9403dee89c6498e0939c9e26126bef6eb86af9eb975beec9a25058e724cb6d6e0789e187c571dfefaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
e64684155b05784c5b343efb5c650ac7

SHA1
d5b0c24c2be19f6009562f4343b6422bd80fd7bc

SHA256
03b70d3a7ed55709a4ff6028b8a9c2e7b703903e5b50abd2ffa4c68c34c72a2e

SHA512
234cb194f2e0e92fbe7be235b947bf5d9d6c5fffd5c3617d7d9d88b267d3756c1dadf59be59c9438c64895e352f321c1083dec59d706ba76b75d9641da905bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
282KB

MD5
50c44105b605289d99923a2ded4dfd49

SHA1
80e2df67973b1c23c947d1745b155d5c51d7eba6

SHA256
3563bfe34a007b1879e2f5f30c3b8903c097c96a27df67a325c034cfe35766c7

SHA512
223584279d755d2c363724b8e8e39dda68413f985c1c612c6c6c89bf3ca0643d01c1d24e50dfc11230ba5a09ba21cad9f2183f6c2a6699aa7c3b2262f5ba90d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
17172b3a9b39fb40e58937b497c8bc59

SHA1
163ad661a0c5562dd41381054a29463c9c652140

SHA256
7828fbb7b0f0c1551b7be1bd645f2d66964faabee5819f300aab71e522572bd4

SHA512
35c90a13ebc5da74fa3c5747e129c92709e7af24b0db8566c0c1ac63eeb4531b16e85b61792d0aa0ddd6d493f00c2f81fc653e76fc76c3e304d352d5ce4cab72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
249100a606be614ddb097568cd8b8175

SHA1
7ecb4a3ad76563aa354b006fc7c018cf64658487

SHA256
23ef14546142dc54d0bea625f8361530503637b11f0375dfa6add4a6b6e9d201

SHA512
c1e6b79698e3c3c41c062eb261a44a5d39d49df68f5df5bd88530f632bf7fd363df3960c2e9fc2107d42aa0f706b3b264a0521ce12726e63f21224fb9d067d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
ff888d55f927580606e98ddc05fae186

SHA1
efc34f79bcdddc18b63b4597612ed187210d6932

SHA256
c19876a80b8527fc0bd266bebdda9573f2b17f16c36d5d9f48ccae0ecb5a0b67

SHA512
5f6f1d256b5ea8c762462a22e8dd97d1f50278704ba0ae5fc69e61192698e47262493aefd0b10307dc2fd9daf1bed4002863d34ba1a881391aac5127b26684fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
d8d1a0ee9a8fafc30d32f19215b7fb3b

SHA1
eaeaa4d28a8e1ab518638013b6a457226362509a

SHA256
ed185ee39cee8ad5e76ed02a8a25ba7a48e1380976ae74d28290af838f9dd7bd

SHA512
298a9eca3bac76527883df8ea5e596639ca9582d7e2713588c6c261ca4cfc99bd2721d66e7c116cbc11c896b8909fb572692ad5f40672f42c6c253eda2c71bfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
301KB

MD5
678f2ae4ddccbf3f1772106c992fbede

SHA1
ceea9d24c18dceec8e54e7ce5cd2a54b43f347bd

SHA256
6be752a756a5a0b16f79ec48b082a3d638d8f15eaed05101f497cf4e4c35a089

SHA512
845e866a63e495b1010d03cde7b021ba43c84e5f966be215044f4676c8ed7d8ec624e900bcb8ffcb4bfd8b97319c173dd147e0e895aa88292e2ae3717ee45f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
3d909160838f7927dfd3e23ca333b948

SHA1
fe27a50183a22ff1107688caebf61190b19ef5e0

SHA256
a02fe041e77f6d9cf8b0ffccf14052f16d717c01e386430fdfbf34e5ec91a766

SHA512
05dd47f41102366c63f2d56b6e23e0036ac6b119e9623fb0e05fe87121849ed163e25702982665fac4fe6cf34480ef13acb518481483e5f24c864d811ffc11b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
8d5a1baf32baf5920e6b50fbe1349bf1

SHA1
a760df4c0f46a4180791ab263d7c9e38b35d1cd1

SHA256
a28861cd0af1fbb3d3d69b92b0c7a8834d8e3205fc67f932364c52a551f3645f

SHA512
78dc4aa7eea6e21353ffde97c36ce9c9b659447ade8b36cd55e431953298fafd457ba75c4764fc6b2c3f6b6deb67ba5c943ac3ee6f4cfdc1a02a425f69f5fe35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
03b73a866aa57c28abc298eeb579eb50

SHA1
9104cb0d395c4046e3cc0e443f0bdaf84364339c

SHA256
9dc69a3c1097828045ac21626b41514f85f4c8dd843ad18430381c35e17238de

SHA512
b705b7be42f9b25d3ee262b66e91e0c4fd97ec65ae73b203b9a212e83477ccdcfc6aa029c52157fb3d963ed379590a43dbce7055f8516148e5384f3d01df511b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
760ff317aa827fd342b91ff089e9345a

SHA1
4f578ba8700561583a5089e4340e71eacb918b07

SHA256
1a1bf457d1313b8702979e794031a1b83e89e5505ea382f93f75f4d795cdc71a

SHA512
6d5e3338d9f5c152b820522c011b46c4ca4254b4c08a1712cecd2df06bcdd73302f85d8e319c281dc989b3d3926b85a8ba3d0308e7aa5839c1335959d56b6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58ff79.TMP

Filesize
89KB

MD5
9e1fd5b96efb572f8e3d4f5b19c9f738

SHA1
1eccaf78ded3e50444357be9c296d9b0a5cebfdb

SHA256
c802eae62b984a983b0e8b52ce4997674bae09a59cdc6655681cfc973e25db0a

SHA512
325453c03d58f95c6d0d74b948773d0044dbab0fc632c97fc82f334197f007db2658de13fec9d2b0e827efa0d0e491d51829655ab830f8a974cfe5f1ce573616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
71ea4df8d67b523f435135b7c171c041

SHA1
74cefdbbdfdbc169d993123e69f3b7419ee890c2

SHA256
41c7580a316f3dcc11b23d6f9d81e6d790dee73f02780e1bd6f07e830541ead8

SHA512
206bbb5bb0524ccb176ca8ea5868cebff309b74eb6e8a1aa3629d6d5afe970268d507f2034bdcf92d317274b6612c3f4633eb7cd244b79ae2f45ab870b655f84

Download Submit
C:\Users\Admin\Downloads\d3d11.zip

Filesize
770KB

MD5
066f447f3eb52133aa124a78c41d1852

SHA1
0acf1b3525c8433b43aa11aa1377a167e862a8ba

SHA256
3fb1579c6851ecb9c4d01b3b310d754832d5a67ace2ad36495a742ac3b001381

SHA512
83624c1b443b86acd549738daa1ab1a87b3853bf2947c289c55783dd532c095d74372b43107e21581c83a225ab2dba04d05a46f9ef0af6ba81156a8a81083c6f

Download Submit