066ebb32c7b84f1e41469a11165e38bf90dce4e0a1c339dfa7158b1f8e959c14

Analysis

max time kernel
2219s
max time network
2134s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 04:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nfs_carbon_unlocker.zip
Size

125KB
MD5

97f58dd58009fca70c9b987cb2bec95d
SHA1

57109ad3f067e0dabc25b1da830a52499bd35dae
SHA256

066ebb32c7b84f1e41469a11165e38bf90dce4e0a1c339dfa7158b1f8e959c14
SHA512

4d9faa1f6198fb58c7a20228b7171979d118575219a5b92ee5caa97fa9a6e4bed2361ca87b9ff8d035a1c07ed378df2688c55f07095b327266ba1021298a636f
SSDEEP

3072:6O8jw2zW7g4U2G6yYg4P6B+cucRMplBc1sCH7jihAwTWXRTe0JBQh+:TCIKraiB+9c1fbj6zSXQ0g+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 20 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4144-171-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-172-0x0000000010000000-0x000000001000B000-memory.dmp	upx
behavioral1/memory/4144-173-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-174-0x0000000010000000-0x000000001000B000-memory.dmp	upx
behavioral1/memory/4144-175-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-177-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-178-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-180-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-185-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-187-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-189-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-195-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-197-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-199-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-201-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-203-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-205-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-209-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral1/memory/4144-214-0x0000000010000000-0x000000001000B000-memory.dmp	upx
behavioral1/memory/4144-213-0x0000000000400000-0x0000000000437000-memory.dmp	upx

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611724118037931"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{B96C37FF-CFCF-4588-A5C6-67B2B06BE3E9}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5400310000000000ba58bb2630004152617a6f7200003e0009000400efbeba580f26ba58bb262e000000f8330200000009000000000000000000000000000000920529004100520061007a006f007200000016000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000ac3bd29140a1da011069968146a1da016fc72ce428afda0114000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "8"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "7"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
2672	chrome.exe
2672	chrome.exe
2140	chrome.exe
2140	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
840	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe
2672	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4144	NFSCSaveEditor.exe
4144	NFSCSaveEditor.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe
840	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 1916	5088	chrome.exe	110
PID 5088 wrote to memory of 1916	5088	chrome.exe	110
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 2844	5088	chrome.exe	111
PID 5088 wrote to memory of 3012	5088	chrome.exe	112
PID 5088 wrote to memory of 3012	5088	chrome.exe	112
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113
PID 5088 wrote to memory of 2584	5088	chrome.exe	113

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\nfs_carbon_unlocker.zip
1⤵
PID:3176

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbf8c5ab58,0x7ffbf8c5ab68,0x7ffbf8c5ab78
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:2
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4360 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1632 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1924,i,11473626886243383783,14840390083796232890,131072 /prefetch:8
  2⤵
  PID:5012

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:332

C:\Users\Admin\Downloads\nfs_carbon_unlocker\Editor\NFSCSaveEditor.exe
"C:\Users\Admin\Downloads\nfs_carbon_unlocker\Editor\NFSCSaveEditor.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf8c5ab58,0x7ffbf8c5ab68,0x7ffbf8c5ab78
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:2
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4292 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4172 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4820 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4040 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4248 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5020 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5352 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:1
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4792 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1612 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3144 --field-trial-handle=1936,i,2067269893889910085,10284249714429008126,131072 /prefetch:1
  2⤵
  PID:4948

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
23e6ef5a90e33c22bae14f76f2684f3a

SHA1
77c72b67f257c2dde499789fd62a0dc0503f3f21

SHA256
62d7beeb501a1dcd8ce49a2f96b3346f4a7823c6f5c47dac0e6dc6e486801790

SHA512
23be0240146ba8d857fc8d37d77eb722066065877d1f698f0d3e185fcdae3daf9e1b2580a1db839c1356a45b599996d5acc83fda2af36840d3a8748684df5122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
08a0e2ad330a1e6d0732674cc1ecfdb6

SHA1
07e51adcb35242a46707c24fdff0f58329b62c4e

SHA256
8345f022cd9b49955a3364c6c6db8afe8e1cf04623d8307d6b5f2fcdf0807917

SHA512
0f44067386f7995bd3b7204e56e0759863d9147ea3d4d4d7f30a0e753ab3a37cec86c3271e398bc4a6e4921572a3545a1cd206d1591c1f1a1304ee0ccec88314

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
519d6e93377eb7b86bc651af9fe5dbf3

SHA1
f94e91cabedb2dd427c1fd83eb4a2f76b176dea1

SHA256
7b79ca646e3af7bd1105231f519e2f269ac356533c911fbfde06cdae456b7d2c

SHA512
a7e409897b7b5094a2ac5715e8ea66cf054b8044514e9fc7d3e77e1622737a56babcb9ad18a53dc5a09b00b61e0f47360c455eded97cda8b5d24b964bd11c7cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
aa4c792958a950578e82c50710f0fc55

SHA1
af2b7a6628e67e459549dcb88b6e06a847912b63

SHA256
0579a7d9b6bebdbd63dcfa32b26e78a10f72216bf3391a2a9d075279d5c12cca

SHA512
975745fdd9a5b13a32a839b31d3ab861657a38ec28ae4eb6f7fefd8096637d3008f98367a4b5cfb75748bfd28d1e0a349afaa5020a93c9fc33769cd81d17a44a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
80a4a5478edece1aa41e63afa617fe79

SHA1
5c4abce48f08cdb2294d8cdc8a1698a315980dd3

SHA256
d05f29509137dc622dab06efa7ca75553de24fd4f149c215c73e7ad83de5e8fb

SHA512
31a556ec3bdf01b81bff4386eb8722307528869ab954c9bfad69a13ecc50b349d05b1b00f652ace2348b9ccec775d0208365f080e3c01b6eda9d3c36e1ae3705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
34KB

MD5
7d1664b864b50b10637db87aba6f681d

SHA1
b229349b3c43e38e6f334e9c76c2a06c856ede5a

SHA256
0a6e31c7b115949d435d0520310470921e952eb7e3af45babf4a678ce6d85439

SHA512
0b086f3fa0301c3e46609c9ff6aff94dcf9f64845c6f2ac6deaf17e340096e9ad0ef8a18ee8bdf6c6804eff1529c5ccd92a2ce77260e9e4f75f714b041533951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
59KB

MD5
7626aade5004330bfb65f1e1f790df0c

SHA1
97dca3e04f19cfe55b010c13f10a81ffe8b8374b

SHA256
cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e

SHA512
f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
e02150b372f5fcd6eb03d769dfa4aac0

SHA1
5e6d5c3c9def7c3e718d70a428008f4b6b0dd8aa

SHA256
9e5c71a99d82044657001f79f7d7a156492868d6c3a28b154084f7d9dfeffb9b

SHA512
049907b95ef2fe755ca947edc7790c3e0e43ef0d5adc3d2fe6c6091d992aa28cf3fb9934f42e7c82bdd8fed49528b400628e5df7486025f1ace7112b8f6fa051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6ba50e0fae298e615498582f5d6baa2e

SHA1
447f0e472a61ca233c92da63d6bfe0440ccb8060

SHA256
871b33c168fa44b1cb8e2e08e00ea6daee384796b984f88b4f89e3c2c98fbcdd

SHA512
1c471fd8d6dc3edd06209710292c7ca2212ca71cef5216a07a90ff60705a79c1f1001d34fc9ec75b3e65ff5497abe472f4e8b61b08815c9d97a55ba51346c6d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
f4677705d180c74805225d9bf59c6e53

SHA1
4933a363567bfd4828a500c5e8475ac6d095b950

SHA256
2cf335e706af1bfd286f4b66f9234f1ca4154b81938ac0e8ef94bcc3cb39ecce

SHA512
2cc8bbf68c2ab8154f12980c76919e5c8694e92eabf13f4a63d2d438f69987c296d208a1b57b0a3ad7897e18be09e5f639a5b2e062f3afddb2d6d29d161cfa54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
330B

MD5
b4b95b1246086aa321e95caff67b433c

SHA1
032e0544e197dd1a553d7a294ed66751115fa9b0

SHA256
cdc6f599862e266d6e935aa91d36ac7e8c5daa752b863be0ad3fdd45acbcf09b

SHA512
c03f916d19d6c585de3fcaa1b1505b41dae1b49dcb9e3d6849654d38e134740639b8fa6d445468696cb2e64c8f8cf1d601fb217a90086c0540733693464c9747

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
bc458ee16c81e8c800851bd2e179181a

SHA1
f44a2439b973daeeccb042bf5baebf7eede6bb33

SHA256
30e3c820e186bb4500af6c0fdbba858319eab20d86a2864813af35fe5b8f03bb

SHA512
ae5947cbfae9d5fbecd2c196ae8c36244886a62f1fe923c8c212738a8a854bbea311c1be3ed494e92cd66e6f8ffc4ecbc953959026ae218c85d8c5797f5c2abe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
152KB

MD5
d3dd1f619768b6fbd04b5bdc4a266673

SHA1
bad5b84853f7cd8c9254fdc81f99c096db6f03a0

SHA256
23661441f9739aac5a4c661d37ef552adc06a9c1258f151a660a91516adfc182

SHA512
070434f6bb510b78500cc2f2085023ebf43a9193dc651b2011980f6be69f0b6fa47c0d0f9366ab1a40f66d49bcd3c32255dd3ccbc2e9008678a7a163b5d9bee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
2d0801bf7b558af7f8aa1cbb32ff8870

SHA1
0405ca61652c4f081e65b155e5dfeee4b8fb6aed

SHA256
7275979ce4c8a46a47533001338234d0f8c3ff2029d75b5d5703ff98d0d4efe4

SHA512
91ceaa185269622a12043a57de5b8d2e6bb08e233e9640221e62eb86052b3271ba04a15ee50c4f8779b84a2ed8dfc3bf46701deabd8aa5a20ee5e75b46c3c41e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor

Filesize
44KB

MD5
09b52f7ea274b1a314acd3a86aa03e2a

SHA1
2ce9da53bf6f10eeedb74bb37226708cf6bea987

SHA256
56bfaf2d088bc20e6dd3b8dbdec9f289b9a6cacd50349b0de93c998c8d28ea53

SHA512
bdd8dc2c4ec02263a27eaeb6376bdfad34a9b5d173e84e753a81fe08b77026bc2b654da8ceb60fe4fa4123d590619719f902b80ac27d8ca9c814576790b00dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\0521f1ac-1792-44e5-bac1-fd655d3e4790.tmp

Filesize
6KB

MD5
2b6479f825fc9c6a3fe88d7a3b199c91

SHA1
08407bfd01b3effe5c8d6e3d00be7385b49bf70f

SHA256
7006e444ef2c04d5a5c34848eb35c28c9f83dbf24470051f9514eb54d2f9d4f2

SHA512
fd1e4326e8c3b0cde3db72a4641f13f94c2f1c8e0186c11233f35ee199ed6b962f73dacec8bc19197a76f580b6066038023a5b16b58c6758c556628889b9f345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d488eca3ca5a1d54eb99eb5d311b7f61

SHA1
c89fc7285961620aa33cad8c4830c3df6a61e277

SHA256
bd2bdb3b1d9f257a288c1c2c84376f26b5e7e0331f7b27f1029a2d2d5d5fd998

SHA512
2ceebc3120b00d6f646e2baa1d7afd8722fb378b892d0ca8766b27be6243a58c19968f78d1ba98063fffdad00403fdafd72ae95ef979bd2d85e4fc0a001acf5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5246267cbd7d96dd0cb7b00921afb39d

SHA1
51061d72c420f92c5079175e635db46ad6e5abb0

SHA256
eab44b28cf781425c16033f599109923b7a7d29bca1d17beaeba55f7485a30e7

SHA512
8186e9b239b89ac120a204537ce2f044ba7874bb5e0cc778818443062cac42410d184ed7a41e1165866d1fe2087a206416e4cd4a2eea5ec833f916bcdcef22cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
e9b8c81890472e8bb915dc08eaa5dcf3

SHA1
8849c897810bdeabed3055869c6087af7fb8b346

SHA256
c1854a0266bb427f38cb7f3f622749a5d13e90923e150a9411a3693cf548eb90

SHA512
48592134245e763e27874402081b8ddd850fa07aea33c8d2d2114365d3a2026e883900187146ae909ed4a911472b35f8e790b46823748c93fa479203bc859c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
199ff6d0646124f705933e629f52365e

SHA1
bb23e19cb5ed303e35bdd1d6830ed01ab44f3101

SHA256
9dac46baf662e335fc7d0f28de14339e6d305560c1fa2b2ba6bd262339180a5b

SHA512
3aa154b156bde8320dbb63e62ebc792042b96108f242ba63e8b6af0c53db3687b6b592f29eb67068b8cac0a836c403495a7541acc88e9fcfec9e1684da4e0eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
77e1516c9dc31378b641edeb3c071250

SHA1
41d8032b72d1a4f870505c39f012e78175f12365

SHA256
963809586ba79c91ca55d27187b65241f9ad2ba921be3dfe5a701af62a7de474

SHA512
d9ba6a09b166f666d736aae0f7f5c162dbd07e72213fa2408ea0861fdcf2a5303b601a34d2083e528810db420584fe94a8134e5df8af51eee9a100efbb3ba820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
48510e5c38d3f6a6f14258d978b6722a

SHA1
4f6bb0e522e998ade3749365651570ce845cf352

SHA256
e8ec8a5fb452c076e697113376bbe11b265a3a81efb1505511489d702db2d85e

SHA512
3998f284ad01876879380cd0fd35195a1aa37e7b0a17427922025de582d76ea839b02928cdd556df246c368743b860e60f01513d494f2da0c5badbf43e587725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
53a97cbc257b5dac9728221b2392a191

SHA1
cb6a32bcfc83f3330d745e44e89d4d0e9267d362

SHA256
eae591dbb263597ce05e241ad01301877441bd4617b899b4b20a380561e5e07f

SHA512
b7076310a46958338151acd3a73c9f8f45f6b115e5afd2d5625daa0e519d02f1297d29fe4d537ef7cbbab0f5cfcd5add703d504654f30f84a3178ab753443431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ee24f8288458899f573c442c0b7dcea3

SHA1
1c613364363d2d356f4b98d6142b920b616cdbc9

SHA256
42afc886b3831950907a642acc1f3731d464a0e7c823ac0a9285adbef2631664

SHA512
f573785656e30987562462735689ffdbd19c6ccff38e7dac74652ae8dde984927da3da3ad04feb3ef4a705ff7b84ed8436dc026fd736c503e39d7468da86dc14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c2af8b948616a85ad1059ae0555165af

SHA1
e704dbff5c81102a68966ecb0044da1de3e09a4a

SHA256
f4bbc51eeb7f5a01dc282353242d4590cd1ffaac43cd15586a34416844f4f6ce

SHA512
51422b07315086969309732fee46dea486fbe6812ee85f4441253ef2afaf833db5d19bc2acdeff328bc050c38f65de9627e595baaf168f5d06f7fe6181377a02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
eeefdfb35cf08887fd5e1b6268a5be96

SHA1
aafc464e0565c7e72ffca2bb348a45242eb14f08

SHA256
c8183959cf47a251d1bb641fafc7e487b63f949ae95be39a96172884cb5f59f8

SHA512
b219ecc4e90da8261ca4504d7cce4ff5c5eed6ecf39fa36ae15c8bc6bbe898d22073690ee51dd73692df44c545d5381d6080ebbb97bf0d93e0cb3d2ed1392319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2cc8433514091a446513f298fdffd0ef

SHA1
59f0d8419967a676009b192dda2b66cbc954e5ce

SHA256
e179b27bb8156369722af7d33b860551e5611ee7beacbd348fe541e2520fff04

SHA512
add53be3ed23dee3294378b4dd83598be66281a353f26e3bc621a0e54e932ba1e6625ae7498b240bbac288b319a506597e0c60a721a063db13edd1bf39fb82dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6e64e5eb1aec55c26b910ffc23a870e7

SHA1
61c55032893d49a375fe16ff21fea52aa3c8b327

SHA256
bcf07b6e7a057b18cd38ccb5a23761479692d3c0cd9b0f66a4b69f0dd038ce1a

SHA512
8df8a83ec8cad0ece0aee808b6d645cdad3aea4eb9b5f6d2b67fd8c3c2d5b0138778bb565c4ad92a5836b3c99f2783fffc39df182b9de3e79c1376f2c6b1b96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
de1e584e6abbbaa4e014e73ab2b034c2

SHA1
4fcb38ebf8f7fdf18ed58d4059bb09a4fb09dc89

SHA256
bd53819b1c444bc105ce21e30690f97bc82d07b9ff09f9d40509dd882cc01cb7

SHA512
0854df54b9aa47c6c4abbbdd383a655d64902a2bccded591d6db8bd6196a8bbd9e34ee90a01ebafc2f30c0f08f46b15bb41de705ad0d91c49c0aabaa17a51866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cfada35c75ee28378a64182bbd38201f

SHA1
4b328b4bb80c3e23f455630a98fd1379b1e70709

SHA256
86acf836f96c9610d448e96edbfe22f9048ba6fc6aa491c74bc88efc9460988b

SHA512
c141e12453d057479eb312119f6f7f1d75b084e9ce01e3f0531ef78e1fe7c7af518b3416ce5e98c5913f03ad338169f9ebc6115b8e2236d33d1e1f1eef5c78df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
93ffe3e38eef914814e2742bb18913e3

SHA1
b94414a41853f113bdaf0b535d2cd2b0c278b47d

SHA256
c318f2c0829c0ce5f3ab389cf2f20f727fe7d63f4d59e2c94f85bb007a10d8be

SHA512
a9c225d86cb1de8d95e4239aacfe403982908c7603d3155067e1d829a9b8cf8980c6ee3c3f707163f0b3cc231d647ab0885632c410bb562ad003b7499c9f9b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
51521d2986308a347405d59fe1d403d9

SHA1
5d26f56cc29b4001a32722f7b52f240cace1991d

SHA256
35ac56f41ba58918ccdad0d509e6a8dc9145a01e8dd6303cefd52d5da348f995

SHA512
0affe9ef6d71ab7e096e0dc6c19fd28d30f762cdff8806022ba47a40ed477a786c0d596efbcf188c3f1e1b68e365eec12e9d08f050b9529b9a4f3f3279bc3c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4242a13d261252a7198d371c6db2951e

SHA1
3d8c34904aa1365642ae0fd202441827839a8d15

SHA256
b2642ae1be10dfd36c9aa7c062d95deb86c3e19bc5bdfae9b8c5c6f2063b3fb7

SHA512
9a5aa595cafcc41b9b92d3dfb0462b2f05fb9aade82c956b586c6fac84c52f44b21ae584340b6cd35ee15d52db294b81a6da58db22111ab680c55f8c0cc700ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fefa08633cc3a34da47338c1a2e05770

SHA1
219ee47194409138b835705688f797d9337caab8

SHA256
70ec4db86334a01284f74406a710b75387e89720598a539b82c2ac06ccf33c2a

SHA512
b762809c36d11fd563cebf2711330736a65fbda211cf65f53ebe5d54e30a34a159dc2fc587a2b976e791c9767d67135e2456aa1ae7b0a579638034348b7480ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a6f14ad7118b1cee3aeab383c42a89a4

SHA1
0252ef14369b4fefbff9ec6f4740fb3e212a3545

SHA256
c786db1be21b69b975768beec6c0ebea14e1d02bd1adc901f2b84016d4cabf6a

SHA512
c79de039662747b7ceb0afc213907d71ebabf6f07bdffbe3f71120e1d06f11385217c7223fa43b5c08cd122d4c2315fb454f23ad061ac575a26a8355fb76308e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d45e6dbe5aa4cb6e9e115518cbbf9f31

SHA1
e96214335d64ec6e62dce0ac21599b0c0848fd5c

SHA256
d377113a0e9350f839e734a8686f42adf9497c03b04e9f50439d1bcfb0937fd1

SHA512
6d7707e1a84ca56d15bd4408947e3782dce89777c54270ab325d7700449ce360affc7063b99dc8edd2d515ab967d65f4f750cdb684712b3167108ed6cc2a7595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
41eab6ced8bfb83baf25db8eb242e830

SHA1
13f84bccc9829c50dd20095cef0be3535ae5994e

SHA256
ff6d55a5f8b5e5d278a5844ce9e47f04a73b38925862ae5d37b2b736d2f465f6

SHA512
c7dd45c3428344cef07d5f610b90456ba57ca810678ce57125330525781477e9fea24c03eb47fabbe8c2debe10a21d3acee4a6b59ff62b883fa16ac7a93e656b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3b4893fde99c6a584e42d9effecb4758

SHA1
96e2a59bbd4386ec6e6df5bacc300a9d7c562353

SHA256
3c70ae7d5e41c4ec29c72958988f110a04c6e1a6c3e1aa28281d04cf155e503a

SHA512
98a226d35dd9f488cb8f54aa5c5a7dac503a4d490674e148d9f1267d3aac96b0a092cccd69577281e495af6ee7afeed5349ad5acb519369af0dfae08c5839090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
672230664e2ee9f4fa162a129214b11e

SHA1
26d814a088b401ec52dcb623d95036df3822c4a9

SHA256
29fb147998440f922a555a5ac5034cdfab2e428818fb79372781af8775817321

SHA512
bdcb68d74aaec8f88250f4495f9851811bde6ecfd442d3fe6cf3503a45c8371e7471a0a2678afac49e444bd8e309441e1980d29c22f66ec6da15451c9fb9dd1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1f4130bead8eaf3e88c3ac7f75bf1c30

SHA1
e9e8637323436f40be086a5043cbaaaf0b9da9fe

SHA256
6ce8cec290ba058a210ce97675fa1621401c044a729505905c5d2e5a511cf040

SHA512
a72878e07298a1f5aaf57676fea8c07f6d72cda25b81b26ee36857eae208bb6efea0f0cd282af200291bbfee5fd233d61d2cdbe975aa4a7988a82d12192ba854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
09ec8b8b47eaf4370e15e69bfb5bb121

SHA1
15824588c8a36c0102105c04727b2f4c8e53638d

SHA256
9a12f2b0cb71945cb2b04811da96f87a2fc3ee9796860927e38070e412655435

SHA512
5bda7078f547d3bf67413dae46090c4038a9cd2187c2e7d481f673bdd1026aa807d4903fc009ae141101348e6b2dce647361ed3b288a508664923fcb6580374d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
95d93526bf680a11dd86abfa9694b1e2

SHA1
e9c4ce14ed37665648ed290d6c1884cbf212bb7f

SHA256
095fae7623830a99944ca6c93c49b964d42e878d9825afe9973e5411394afcbb

SHA512
475c06a4bf5696b0241845fd669a22d609b63815989882d7fe6db620cba2fbc6a9157aded15f04592be26c31d39191b3b3af47a23ad8571a7c17bd04e23d15dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b62047387989899ea8c035831adce93

SHA1
825e33bf787a9137f802dc1d1fe5ff48fc8a0fb9

SHA256
5c4a7f6b28f4136d4e2bc16874a5fc0f0ab7454ab6c7572b1af1d600a855f8e8

SHA512
4f1a9e0e098fc41cb5aec393bac0f3801fa3fa1a6f0c6f7dd58e13625fb96512b4267a3ca87ac637c6648b3ca642d6f46b69d266bcfd30a2c02e98480274d98c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
657f82412b8e3adb088be4fe6e18667f

SHA1
23c1be90af36a385170edc7645e151d4bc3ce592

SHA256
82ce1733b9f4297dc64f51654898c61a9537f55135f995feadb249c05e847896

SHA512
e1a3e207b303b7c27a1009fbc267902ca5986a6d858d56041b61d95a6705423cf43c4c270d9f8b630ca32be2c215977a9edc8598b7449b50cad91340f6cfd7f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
49a7bd5942d95ff90cea8fd8c976a601

SHA1
94075366418cb32eff71f942999da05c8b32259c

SHA256
a2773a33c7ee11d7df8d8dc1b6df47d07648e430e9f3e86f038c891d0ff09f22

SHA512
995dc8f4826160f8a0fa4b51d941cb48dcd99287478ab5a93f087d74894b36ca43c753a8627ad08acf117611c978b93b933a2ad0a863699fae4f54138df3d091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
76fd0ca8db0c2dbe7606dcca82ebdc8b

SHA1
c36bf208058a6f1ca8aba2822e1bd691c20a03b4

SHA256
ce37a5ccbb6a1d733fe55e9f8dcd94b651dc554c4ab7859fde94c20dfaf00dfa

SHA512
7cca28d77bdf1570d36364749331d0c02cb3ea4c7817692d317d231b2b42d87f9d16358079fc535b503c739b2869f0e5952cc77674c052eb5ac5b1ac8a2a3efa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
80c622d8f514c537e42454510647fa46

SHA1
cdc070ed1f65b1f5e28490e0ef02594af5708a4a

SHA256
ab995126e2466ff23dd754ad2cd50daf5df8e3aea592bbb86e5f868aa02b082a

SHA512
dd18ed78dcb6e6465d000d2b112306fdb8a3eca9ff85eb150d218f84f1c18ed6e75f4c068fd1ed2564a63be76b84167032cc6b61a50e19ec337d05f74df481a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
93b6c0dd6709c4d6c41d13ef2da8b71e

SHA1
5bbe674ef863d49726c34e1d4443b8d242ab5f8f

SHA256
dfdbf7f7d3a7af13cfc4a7aa40b69a6c46c34813a5221d01a51b62e772868f7a

SHA512
a0010d341c31a48d8f89098d4b5eaa52aa2dd58cf81d8a04c1be72ab551fdaf4a75fc811bdb160c4f3adb43ba39106386a4cc1899a8e0cdd3d13a9d5f45be0bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
fbc331f73ea32c54862b4bb3023edfe1

SHA1
92216df9599aa901cfaa476e18ddcfad35042b3c

SHA256
e5508119ae9a1e7d11ea5fcb2dbbf10c869e89ac56f02999bcd991b3c8747a36

SHA512
08b3fc366935d6b63dc0f7cf0a1923a2a6b559fb424d59898561029d23e90e39c4158f98d99139dc9b8b01659b0f2328740aa4e8cbdaa0e30dfe0657d01558e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13361172410754879

Filesize
2KB

MD5
52440b8b8b195851d71cb9e83585d308

SHA1
bf3abc602f2780cf383d9517fa30d241267be9a1

SHA256
be576e80e5beecd615c1751123616d70c84b53c79bd3c0520be7da7f25438ac4

SHA512
dc8783bb5f1748a7b1738098f953588588e3250978c61f1acc59d1f669f58a1c159d046a052a42c79ff6de09af034634ee9876e20c868af3fdd9e0ebf4c5ee72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
3ed898f02ea72cf319091a0fa8fa5ea8

SHA1
b1ef099079a5b2b374fe88868e8b64de6f48796d

SHA256
9a350ad739d5265767132537695536a423cfaa89c65bc6896229b0b8d0e6bcdc

SHA512
22234349e570e4fb9251579016fb03c3673bf291e5b556cc9c439b3da8c54e543f3eba3f702f370edf0e1a6e4764326d5d5f2076342d3478834223ebb75ea200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
46d5023bdf6f561c5eed2cc80e162d69

SHA1
da238c8e289aa9c61e35ad3f83377a3a8ab6d6df

SHA256
030b7b4960e4f49bf5fef7c66dc6e7e2aef513a26fdff0e8a8f2f49f2e5c2bd1

SHA512
33af0ba459992e1098030867157bebdf626e23d28d68a4aa1c7737eeb0adcd484935e8d71676a6a8dce389ed6a66fbf465fbafb653cf8d7a6ca9f18666cd697d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
2c6b029be45f865371190096bcf8f96a

SHA1
ee18a842e1ebaea8e2825fd2c93b7e776139875b

SHA256
7ac8f87fd3f6e6b5187923084b2e3b3fe2d784748b2b644ff44034361737ac31

SHA512
8ec9eb5d095d36a8912333dbaa15e1e63853dd299c0c622f022de2dee81051767f81986ee93d77bde37f900265ab1165fd07812e874114f7d9b788568bc04f41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
cca42f71ba2c7fe7f1c8d62ca77c12cf

SHA1
d3085eb7172cd1e4ff83628998894f27b57ad4c9

SHA256
e6104586e6101c8d69ec89c64a09842e1d4318ccab008ef62cd70ab1f4d9a435

SHA512
883221c04194472de32bcbcc49f2172ffdcb34fa2f9a4ccee8be05af86664d561a555273af50ab49fc9a26f4adeefd31327a2e38eb48abbdde1652ec49826d0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
ccc65e4760065a0a8a10b58f0839bb7b

SHA1
9b560965d128bc1e46e928af6156e688c53e0a0f

SHA256
6118470a9ebbdf4d649568ce55614529428c274d112a897e5de01df7e5192cdd

SHA512
d3dd6c1d1373d4342a0ded057040910687eadae7bd03ecff63bfae2b5dad485f55ae73d4573f86c0e1c26f61455a1b6d43c4a0831dba0f13021b8a6329b5de00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
7bb6cca9ba8d96901001d0abc787a4f2

SHA1
9c8948ef3db0ad37a1b5348cfef25cdce9ba98a8

SHA256
43d0f1eb46ef5f707013e4701e88d55a14215a2e57a5302cd69f0f98529f7cc4

SHA512
3c4288c4b70fa6330b379e72d276c9d58cbddb12f077e0cf6bcff49d477ed5c777dabe9d9762cc3e729334ea33a864161c1ae4cff6bdb2f07890ef677b36b46c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
523808e2c564f4f55b58cd5fa952c44a

SHA1
0eb4ed803c39850d546f1ad08178ae238107366c

SHA256
e5f12ac71e03e010daae9fb85c1d8685c43d2d3ea6d5a4d57212a5580422e5ee

SHA512
ccec770c36982dc93ac1a9509697674a422f5bc24b04c44185490235ba1f98324abcd2aabecab78a1d01763bb45f24bf56e30d6a151c677f0e9f542bef91cc68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
e936e42ee37bdfd1c09643c31a03b200

SHA1
3b26c0956f59fe08b649c3817f10e8559fb0963d

SHA256
30b5a4717f916ef8d685806258669be9cfe1ed157c3b89840c9d137fd6f3a08b

SHA512
553e68b44134fe8f05a9c73256ef8d4ad20508c3d8c08eff4f3f500afc66f6959b86082c4993a6d0cfc1178d5172c30f17f9e2f0c4c8d27aaf3f467e52ded36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
04404fe55045af3042dff62c30c20c4a

SHA1
a80a2079c8128e04165b5968779e7f95d640971f

SHA256
05cc8b75523814f68b89d2ff15a2225d06ccf3b2b440384ff84271132ec1748f

SHA512
3676045e3aa720e4ea7774b5982cb29839f60164de8b539aa8c52352571172fd3ba4e4cd70a91d731294ca9250af8151f84d94cf0f4f12b142a4edae12e083ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
00d1858c06428be534ebe8c04b642536

SHA1
cd4fb8860d475ce916f19d00c7eceefd216a7031

SHA256
cb7f36d8bcadfaccde6407659f5bfb1cf39b198cef1e1f26d376fdc4934333ad

SHA512
628575d9cae17d7d1670fadba355fa7397dbc3abc3f05e25587e78ab9fc24d6077543c34697d6ee69c0565b7d53dcbed0b1d1c334505cc6e2a62191151b421f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
5d82d7273d938efd853c16401ea7c16e

SHA1
265e61795d5b055c7b001d3d7b2271e48abadeb2

SHA256
4d0f38403f53ecccbce2df77390bcae41f1479e6b681b3720df61273ad65f66e

SHA512
107b5b689b2089e1709b8be971f032cab0de16075c3b753cea91c0985179157ed35c790d6cfff7cd40a644e171b1ce5a8aaad6f876ff63b0a8e3b619477a3779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
134KB

MD5
fefc5354886838b9a6d445af76c5e099

SHA1
4d07563a23da8769aae3d8d6c28b416d5e40316b

SHA256
c41e4fcda533ed9c1d9fb900b8e78854d0d56924ad8d7a9cd45f8845dd9befdb

SHA512
14ce637bd7a71208ca17b9857a2eabc91e5e90ad53d367c410653ad4e76bf30778576712a8c859f7f30a7f3d15785da15c0b26bcf843a73d1e4bfc640a334636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
f4b7ce5e62322514ca2d8bab9b66cb15

SHA1
c1083974c9973a91db20328fc90d19cbbcb159c7

SHA256
d822e9a3c000aac5c5a9fd3dc1ed3f400ce89d914d49a69040df37b470d667d8

SHA512
c37247d676f28f238c66924cb5edeba3b7e9bac0aac05b64592db412aa32d32c35dad9d532a5def3817e0bdb467736ce639cf3e39e942096897875cb68fc4949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
04a8787e67e091d95b32eaf9f604d1f0

SHA1
5d0932820e916d38dbc46249b4e26ce6c6f17a65

SHA256
078a026d798db9ad8bdc9bb8b888805592e6a741cfcfc5fc7255349b22df3dbf

SHA512
921e44389e3632bda6a54baa1126f90ea0807f510d5fe4fecc804253f32b50c9968cbcc83f6b67e6b37401b50d29f22d252b9c5e0366a59ea55c2cfdb135789c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
674f9b2656e167726d7d9efd00f09d60

SHA1
776afa2f75236082a0734cdc006b8b92ba116e60

SHA256
2df8cea6cafbf0ce52ab0ef50f25827b725d835779a784f7b3136b0e0aa14c3c

SHA512
fa1f595a195c600d347042c4e602ef1685c02ec9ef0cacfbfd56cc969241421866e95023b6ff21807876c46fdfaa7fde43cc9d99cdac02efa427f7ab0082861d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
aefc235ebade1bc991ec740d772ca170

SHA1
2d587b7b65cecf47e5bcf5130ab3a6adc47ed21a

SHA256
cbfcb210e97ef4c7d5df63013d174f72795a9100fef91119b8141f28f45254de

SHA512
d53dac29c9d738054eb5a4731c02268bda5147ab299fb9d258a5146d7eec595c3636b233871085b0c6040499b05a40bf81e1d28234b3f31e6d094ee4143e2210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
1455528db212d02a5e6adc0c9078171d

SHA1
f8adcbb77ba53a3ffa41b00356f97d31862a98e4

SHA256
ffce2e01efb7792466e9af8a03f036ac72f75e781aa6925c0692b0f418e2c83d

SHA512
f4a1eef2f3a3d6886c170ebf0ef32fc8aee78a5d952013f0fd1843f534d068f48e6d02d3584917112739216583721735158cd9fb4253cc31cae3eb855e374e0b

Download Submit
C:\Users\Admin\Documents\NFS Carbon\ARazor\ARazor

Filesize
280KB

MD5
d530436f5e4a7f04ce062ba328bd77f5

SHA1
3e3037e6cdaf826558aae74ce8c0f9a152d1be85

SHA256
765798f168192d5e85b3f04150bcc91c47533e9949d93acd4456abbb793c984c

SHA512
aaea413945c8df0893d4728d755dc604c63cfe70e57986becec602c7cf1e3ce66cc0dcb6d186cac66fbf80a06d931c9b4d2d451d9bbe9031aad310cfcb1ac387

Download Submit
C:\Users\Admin\Downloads\nfs_carbon_unlocker.zip.crdownload

Filesize
125KB

MD5
97f58dd58009fca70c9b987cb2bec95d

SHA1
57109ad3f067e0dabc25b1da830a52499bd35dae

SHA256
066ebb32c7b84f1e41469a11165e38bf90dce4e0a1c339dfa7158b1f8e959c14

SHA512
4d9faa1f6198fb58c7a20228b7171979d118575219a5b92ee5caa97fa9a6e4bed2361ca87b9ff8d035a1c07ed378df2688c55f07095b327266ba1021298a636f

Download Submit
memory/4144-199-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-180-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-201-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-205-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-197-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-195-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-189-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-187-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-185-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-203-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-178-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-177-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-175-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-174-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download
memory/4144-173-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-172-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download
memory/4144-171-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-209-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4144-214-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download
memory/4144-213-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download