hxxps://github[.]com/pankoza2-pl/svg[.]exe-Malware

Analysis

max time kernel
513s
max time network
495s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08/06/2024, 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/svg.exe-Malware

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2412	svg (x86).exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
38	raw.githubusercontent.com
39	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	svg (x86).exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133623560576230879"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
2116	chrome.exe
2116	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3692	chrome.exe
3692	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeRestorePrivilege	4256	7zG.exe
Token: 35	4256	7zG.exe
Token: SeSecurityPrivilege	4256	7zG.exe
Token: SeSecurityPrivilege	4256	7zG.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe
Token: SeShutdownPrivilege	3692	chrome.exe
Token: SeCreatePagefilePrivilege	3692	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
4256	7zG.exe
3692	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
3692	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe
4168	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 220	3692	chrome.exe	74
PID 3692 wrote to memory of 220	3692	chrome.exe	74
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 3748	3692	chrome.exe	76
PID 3692 wrote to memory of 4368	3692	chrome.exe	77
PID 3692 wrote to memory of 4368	3692	chrome.exe	77
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78
PID 3692 wrote to memory of 204	3692	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/svg.exe-Malware
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffca53b9758,0x7ffca53b9768,0x7ffca53b9778
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1860,i,9767163583563743144,1238263659158015371,131072 /prefetch:2
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1560 --field-trial-handle=1860,i,9767163583563743144,1238263659158015371,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1860,i,9767163583563743144,1238263659158015371,131072 /prefetch:8
  2⤵
  PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2812 --field-trial-handle=1860,i,9767163583563743144,1238263659158015371,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2820 --field-trial-handle=1860,i,9767163583563743144,1238263659158015371,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1860,i,9767163583563743144,1238263659158015371,131072 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1860,i,9767163583563743144,1238263659158015371,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1860,i,9767163583563743144,1238263659158015371,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 --field-trial-handle=1860,i,9767163583563743144,1238263659158015371,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 --field-trial-handle=1860,i,9767163583563743144,1238263659158015371,131072 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1860,i,9767163583563743144,1238263659158015371,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2116

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1904

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1256

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap10439:100:7zEvent20106
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4256

C:\Users\Admin\Downloads\svg (x86).exe
"C:\Users\Admin\Downloads\svg (x86).exe"
1⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2412

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3bc
1⤵
PID:2444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xe0,0xe4,0xe8,0xbc,0xec,0x7ffca53b9758,0x7ffca53b9768,0x7ffca53b9778
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4452 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5188 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3084 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3004 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2888 --field-trial-handle=1872,i,10787904661791252121,9464533944698051321,131072 /prefetch:8
  2⤵
  PID:1460

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
d9a49a7d6d5ca840cf0f0e937007e278

SHA1
90197e483cc1bf8970cb6012997b1968f43d8e78

SHA256
183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876

SHA512
142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
acdad9483d3f27ed7e86c7f0116d8ad9

SHA1
dd2cfd176ad33d12ba7e6d260e1069b1dd4490c4

SHA256
bff5b4fff4b34ed3ea2754985b5ba1a8d6921517b0fa370f71f37ee0845552ba

SHA512
6e3ab4b6cfa73a7ad3c36fa621b1d2817b26e8e3613b78a40df6691d65e1486e6c2281efa0f8d3f30d2c6647b7ba3430a8be77df770f1cc575e8db76be6836a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\168d8112-b149-40c1-9c1e-27ad24cdde08.tmp

Filesize
7KB

MD5
d268e927560043f2767ad92e0db0b903

SHA1
108519b04e71bf3116afa4b9f73387e51bbeacca

SHA256
d6e398fcf224b704d6e887d3fe4aac495043d8548fc6d321c5b765d9bff7d565

SHA512
73986758ddddb3567b259012e6b706a5d15eea39f9838e27507ea264adec5279f737a5ed60b40039bea81bee7d433e590eb96ccf1ae234d2937a2152fad8483d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
f2c844d28171cb29ebd01e7552167429

SHA1
5bde5ae94e0137671bc5ef0f48b16dd7f55a3cfc

SHA256
241c0da3384634404d1c8d2e22c02731172094506b429693deb8274183d3961e

SHA512
ba4152ccdd45eed4961536f43dbc61c827129ddbca31f5c44cd9872f32d8dfec34ca201dbc30a7565d7847cfde97226df500ff5719a1f2cabe56aefd9758c666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e03dfe4fc0f05fcca415a58affa27d74

SHA1
687a76250a809ff05a224e02b78ff5d82af983d3

SHA256
0ca4dffb3671e17cbf54114444f96aa9d829b6742e80b2071cb93bbbaf05e123

SHA512
d4180e11afcdba82493dc524a2207e8da215545685eb49a8d9f595a52c807f90f1db1937825971d6b5e9796a6ca6e81814810d4be29f8e9a9a761bc5e90eb956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
42be53946507387a2e57087a9d5bc9dc

SHA1
89a294b8314ccb8889e5c65af722558dd660caed

SHA256
8086773b65be9c09392b04fcf9fa1e5c09963be0fd206288d31478ca5c94cb9b

SHA512
4a7081f8264191d10b0e8f64bf1dddbde0ea25937e6c06a4358f868171194a31efde31cb813236f8e34b565b99d1c152f6f21dbaece8f61d915df1d30e4c176f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
d26b7ad1c0ff3ba93ba84119dc1e43ae

SHA1
b12f9eb4bb7da2121f1611074dc78dfbb7761a5c

SHA256
0f59eeaba0f867f57f612ce78b8b69434b07c451467953a080a28d01ff12e1fe

SHA512
ec46c3a779f3412b239927fd0ea83b8036e33d721244bfa63b4cc526dd2443b9f862408c026ba386035b9ef9362fc7d519c811afc65b4c639265e52c13dfb1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
60bf9214b3915d16bcf9ce6e4e292fbc

SHA1
9f25d9eb3399c7050634258715be8c4535d23f23

SHA256
8a0d596978ee064973c773e18e28f8f2266b75bf7642c94cef267c5385834d29

SHA512
7ed832febd249c2e64a5414044ccddb0fce6e183557bfcbdbb844c747892af933fcd624548e10fe8bb3c3c354175e7623e80a4a5d108ac0818e8d92b6c05fce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
39eef57def6714efbd7ded96861c0f81

SHA1
f9eb54108e987d89e0c354f8f483afed6e637546

SHA256
fa0fb6ad334209f02b40074eb50cc42886ee7f480992eb5cf3af604d5cd760ed

SHA512
65d889bc3775a47120fe9d5fcae990365748c1eef92d1499572cd934bc425306d74de06ab7e984e43e051feb2d4dec50cc8a113e6e1515625cdcddb933baa4dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
40f6ac3a05ec117aff327c722da300c6

SHA1
24c4f1e4b1dc710a459023a3a0bf8cbd233a7c05

SHA256
96f20039d89394a99a216eff4f52defe1c59fa466a6887e1962b0bfaf72cf052

SHA512
c0caee566417cc52d37d8f56803f39dc9082a0a712f097e7e7afb14bc2abd8e5eefd10fae7e1383d924a52f93535db71890f9e6c69bb6628101ff029ad44e91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
c8f547fa17c57ae07b3717303ebc5422

SHA1
9891075e68e6e83c7db16627ecd49951b05ce655

SHA256
9d42b0daa4922525b49d32590c2e2825e6e964995b20f4c1ec36ac76bd3607c2

SHA512
2dd3b9cf55f84bd56babd86f4ecc6d0be0fa5127c979c33f7a6e5111f61346cbff4b4b84e3034e462c6216b49abd9b3e679e213fe328c0aa5c684b8e9966602a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
dfcd19166a5fe247e0787fec54b12730

SHA1
0958b5b3e101348d650bec3bea00980ca10f4c4b

SHA256
28a641541b0201d2d8329cff41cdb09d9f043ecba4dfde814b7f4ab6ceb1d38b

SHA512
45d458c49d6d568692a6ddfcee26596f40800df586c2b340062f3761e5e0b1189a793fc941658ae7db3c6b8b73495932ef7054ec5d16861376524ca22bf45731

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
14KB

MD5
ea84e4a118f9a72b60bf8d05a33df3c5

SHA1
8915a87be489f88d0566fd6635a9ba4fb3863aa6

SHA256
fb9f21913ba1c0b678583724879f2079bbd5ba91779e26e57d454ef55555a1e8

SHA512
3acaa02ab29fb32bf89abbfad68e0d5a913c169dc7beef99eb56b22d3a00e1959a2f4beca972701194f7261aae07a721624ed943373c522c98fc800fb56c3daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
3445f2bf9fc4c2f445679ec45b238dd6

SHA1
fe21441d4fa61a47c945f55f5ea200685351b9f3

SHA256
15f4427f6a12991f65aacbea8f115db025be6b19088e24acc6b4df5777dc4412

SHA512
91390184ebcf9a43c705ba48f921d01ce5c6c3245f4e948b379c21702e4fb7b4fbf77e3c217ef453a832a9a0e195420bcb15f18235abad1356b7f7ad9ee2517c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
eb4ca212d3bb6cabd3f06e29f4158c3f

SHA1
d67425a16c794a5e96767a4479937926d536a160

SHA256
b9f6f186e10e8ecd94ecc5e6c5c643f71ed948ab240f3d60dead6cd3a3e1f6fb

SHA512
d11939511be181bf32e6da25a3cae971e8d22b314175430fbbcbc33d123534eb75e9a3f0a7739d6b2252f6229567b397bdbbd202355abc87b98d2a7d3002d578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
92f0fcc31488f36a4067ae470a85b9fc

SHA1
0835357e4ce52949574e220daa7f1324ff52b9ed

SHA256
9605b3a4061a66a74b30bc7c56bced20740c8bf07a47c6cd025cb7683a18ecd3

SHA512
cd4e9df32de69336cfb018629d0bf62a721555fa1083a3268de6418da804aa958ba8c1cd9f1179ba8cf74419b51787c2d9c6a8df8dd0ae8393774afdd21b163c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0da39b5b9e0a157050a72bd186e3d71a

SHA1
0f1daa494ede8718d12a58771aa3dd2b3a3e8e55

SHA256
9649c5460a4d4f756a298794a86acfca9e124f26acb8d25153d5cc8a77ae7091

SHA512
8dcd6f19f9931bf693171c0317193877a501b85e56d52eb6bb349c1919660f9c3bfe1093e5d8610c26848aa2746a83d2e9305df92a1c6683c69e687cd8256d24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0c91c9351e9f16a2ee1a90857c4932ad

SHA1
5da378954e8179cffd288df021aada2ecca3a6ef

SHA256
1844e86cd9c657998b94c2c9c21131c94d74054c3fabe354e69d6bdd5e180bba

SHA512
6a72fbddb6d297f810d8d28e67f538006d060006039cb26b490bec77e3a48b3d351709166cec0c4e355a192d6a84c06f85b5d1a3623ab59d115072434d971946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
63347d3797d054f98126b4794a76cfda

SHA1
46fa69c388342fe3767e56832f93629299e0315d

SHA256
e310dd62fcad4d378b196649761a60d9eb7ce497e306100a4b2f899b57a060f4

SHA512
31d43c59c4a4e3954404282bb42c0b9853bdf07e0b5e51a9829ec9fe70e6795397fc6b790a4c3895cb42cac667726f926893f56f5ebc8aeac6121dfabf2e6500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b6783aef27d6edac84a502a7d7c36188

SHA1
7ba10a305195987b33d850916ad0b0a73e57cabf

SHA256
a1af1b158d8ac41213348d72da16a45dec5cb3c9ff3e14d562fdae576179be6d

SHA512
0075c2bc8a4b47516a56506470115753d6ccf9c5f4f1d306cd61d1ab91816120bff768fe4daba5a96b44243fef398e35d2799df65dd9f7d383f726148245e1e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eaafd0a8334880b0340a1b17721056b3

SHA1
15c6b32b758333ea7e4cc7fd4e7ec61a225d3b4f

SHA256
1e9cb322831367c98eee1df1ed2bcb842355013b3dbdcc3fbefdafb34259134b

SHA512
828542ed10414c5d4f5c3b7e0a1a223a89561c78c670e546e206c688f1e2e276bf117812e37d7bc862e77d735f9a9d3ce6e7f23276270326fb6dd692aee58c8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7ed11ad451cf72b981c6929fe6f79057

SHA1
f5a5a7746d153f2e5e2714ff3fb7bdc0a315924e

SHA256
032440759fc103fc6f4b9a2970f5cf0b0a939258967741aef0152d12b6f1e5ae

SHA512
6f945c10273e0a8eaa08550f8c3543a8a034cf62e3e0b71c47674d0004f5ddba04eb50e2604aa05425c10348dc9c125cab69aa330e020bd1c4419c81b94e97d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cff80210b6542255b54f76121cb2a902

SHA1
5cfb115026f27539b1a7efb102e29a5970aa0226

SHA256
066ed8bc51fa0df4c444b7882965514bca0322217dac154c8dd6da6bcda9a9cd

SHA512
ce087a11daf0b7e67f0f57fbf7497fcb5e39616a6882111e3d1d3d585b691cbfb0489d468d2bf092a7e5e6248015495f1b9b18ac1824e43101cdb2f2c90cc6d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a59f11ea2baa108ee8412f8d458f2fc4

SHA1
292b4073b15c085970228d78ca4ddcebfdacf210

SHA256
cab0174f52d3c4609bc51c20b946feff9a34e301b043b6034b89ed7d3187dff0

SHA512
bf59aa7248fe149ea1d307ec435e3b938d8d618df8f916e8a18a092eb10496c4c8a3aca9f153bcb059baecd26cfc147c0a904a66a114a56d9397d93ab8e641df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2f88865e29291314e478394c3457e632

SHA1
d0d03b1afe2b85df5aa5f1d5fafb7cebbe986e59

SHA256
d31144eadba89ad6c06baa22973a9fa0f02d610e4fa78a981f29423d3b6f18c0

SHA512
0940f805ebc257cabae1a537f26f5f8d4d1e03d073c618d8658b7e08d535604af4937a369e512e9b950b98c668b1be4b444b71db725a4b6dd6a385312eff4af3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ce5d1452247394291d0769ded10860c2

SHA1
4c550a6b30ef52db2541f773db8381907b05b361

SHA256
c4360ff9e009753b8b22957062e709d2315033e82311c6f7c7199f35fdc08c7a

SHA512
7adcbb003b8d0892293d90ec2c52986d90a19ca248a189d0674c44d405001c72dc197247447aabd506fc0e1d13766eec817dc4fe8aa8afb6b7336415970ccb70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5ee8a8.TMP

Filesize
120B

MD5
818e28ebbf5566ba597b6b8110bf51f7

SHA1
72c922828a7b48fa4ed29f1ffb58c7eec89d9229

SHA256
be43c7e0a0ae4aae3dd9170d630af4fd2c6bbd30accc7a3cfd68f97b2a4b2ded

SHA512
a1dd40068ea9981febd764d9fb77685f741d73859db0e25d2d67efc1171e52f9fe699f0fabcd62b2184ea6a0d8b1e893a07f7518cc63a23bdb681fff50cbdf58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
256bb23d6f7ee4593d6733008a1409f7

SHA1
41c80ee0912115a8804087c99e19307f800a10fb

SHA256
c3e82815feff27f063fab9588e67f8d4499703f5393f32c05ef20a1eacce9328

SHA512
a1166136531f87ac97c40970fb08f273ac229ee1dd4df7bf3d50142f5a5b30ed69d7b58143ec3fbb2efbd0a639371640bf2e0d61e89d2370a7026a4ba265a5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
25d788f69a3843aea3109f190249f111

SHA1
9277dba99c9b1a1ce8703fc41a9e0228a8bb7d9a

SHA256
23751aba86484aa40c0907d9fbde64a8ff297abf08444949216aa2d67f9a4416

SHA512
b582e550c3aff37d29c083dff8628e6f40bc580fd64dee76ed5e5ad6b6dedd3a1a610728a27ad596907f8c94c0bd39f95bac1d47d3c111b7fddf3340c190616d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13362356285322957

Filesize
4KB

MD5
a80c2edcc5790073a730c25e8f12f58e

SHA1
3939460144a19b12f47e7a5dcae74991cf3ce823

SHA256
9132af6bd2cebe52b7c30e545db1c462976ca704f34855d0d8840ea2f28ff895

SHA512
edc25d2e26043e9d61da76f480795f6db26bcb54adf1e7b6724de4d4b0faaf68c722cced0e032b8c6288f45906ae95d5c220e3d175c6e681cd980a0d3e8301bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
863b7fd47859f042ca3675d1af518628

SHA1
5cb180f6fa17debfc5a87289811e502e13c18bff

SHA256
46f0064e8799aaca7522ac9ab62d67c184164eef7157d547dc564309ed05ae6a

SHA512
fd56cb87739f0bf85a8440ccc304dfea26ddc19f4c4845f717c0c3f6d38b983204dc608120d94ae2e01971564ca10603e3ff43225ae9af154e002244e160c163

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
907ae91480684baac6b1f8f1b0984086

SHA1
1d74305051ece873ffa56fafe14afdcf670cf289

SHA256
aa3bf1614c5e19de112fe3275a3ce8d5b5d3a725a5f90c7b7b6141d4bff60881

SHA512
e970c67453e3c6917a3444df07c6a8015984b89ffb680e021a659fc80573c6c9501e3d20134aaeb10007662710952218dcf5f3a6a0246c852b8dd8e7fd5c2003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
578724549bb2076484135b84ff0ab9f7

SHA1
da489e8912554593eb21f6ac2746fa3872bf79d8

SHA256
3c090e94a79c558555c953ab004be03f58143814e8b59ae79613f9c68e67220d

SHA512
9818ed23a21dda0a6dd24997a6d59f9b1bbd2c0d82a1eb4203db50a3249ff0d5f4c36bc7244184ec3a2ad022a9ed2de499d18ffcd357e298d745bf1ae3bf7442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
95c7dd8f3ad783210c570e7770406c7c

SHA1
f8341589efd4d5ed9113788ede73dffb7a69a0f9

SHA256
bacd88be61c35ae4600d417788492e5bcd07d27fc0d6fa3127748ba8e4fb220c

SHA512
39b525e421cdb7f6049871f8c91a2b27d4dbe687704b3e78d5bafe1cc38837c96d8bfe0cea70902e92a2bcbd364af39efcbcad5d5108adb5db88c5524a0cc7af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
4212eeca588213bd2a6c71ad5d84bd6a

SHA1
96419e8c9355a72a24d4318cec8354079258965a

SHA256
d3a26ffe15cce96d628400f8eaae0492821f6bf070e5e699d3e98c0e46a4429c

SHA512
951c71eb981647558815b05d473511fbc6fb577ef7e4eba9b152d23b6231f7333d04885e53be5333df4d6208fb5f77d2f8defbff2a4ff3a3e3330f7807464c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
3KB

MD5
98a2070532d68df791054979ac5f2d4e

SHA1
8e27d5619e384f4ad562c399e9f4646ea8837125

SHA256
f64f330bfb1fac5eff4e68d6a51b3396dd0f0ce485150b5c56cd35fbbfc32414

SHA512
fa61824a3ecf34d40987f3d6ed5193bf11016544422b36123fd43459125eb04e1859b589bb2724475b00afdbb4e5d819e89a3a558d3612a145794449d61bde9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
2fbc7d9dc0ba92b1c1343d7d5fa0fb55

SHA1
13d97a015f7759fab655c04f0f9b569c71eaebaf

SHA256
021df600fe98535855456a2ac45f72e8c568c7a4fa3ac3bdb580e8f445e2da5b

SHA512
1a4986d9119380ce830904f21c9d32f6196084f254f3181fe60502a6414f2d1e53a874b7aa70af025a97a172cccf8b1a0f7022fb7773df48c254bf33327ac3f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
918B

MD5
9f0ca9cc035b6fbbe33d15ddc36afc96

SHA1
3464e499305d4af72732d8548c6ce479c90c3884

SHA256
368cc5a43f1c15b935f384883db88f2cf6eb89d49f543428f4ec52cf914a1bd6

SHA512
c6e46948bec2faa5e71036c2279ebc314da8388e1ce71992bf3f9052b2ced5afa7ee06533e165f13eddf9203515915a858fe70c1e7e4f514b88ea107c018b1c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
e89ace04937ad6a2961af9a8588214dc

SHA1
d6a999eff5d192bd96b93ce326e7ae6e19eab184

SHA256
b40df9b3d06c7a6cf67e402a224b507c509993b86514d6f37bbfc54f42914c41

SHA512
2e306bef3bf3b6ca6a762fc6099c39111fe171c2c3592096f94b86fee404bb944296911ac9543c3ce3fbbf73569c641d1547b915a99ffe45a4d696155cc6a3e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
c1cabaa55edbc69f18d85ec1310d2a15

SHA1
43fe3eea635e04b5a157190aa5de7446211cf854

SHA256
33f03a57611cd467978e93795993ce14103076a6374ed4241eae3274b4e4dae5

SHA512
366a1925fd0d665d04f4354d2593ac88308665218810dabbacfebf76f3e8c60bc13e6b2bba74903b891ae4021c0a7f062fb49717b16dd2bf983e9f45a3ec1722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
9658cf29b39094d683c181c218e80900

SHA1
38230fd059f849fdee26d4c3e163f6b849c212d2

SHA256
0c003eaffa73aa71915b19ee15c4ef6a78eae7b991b92af1894adabbbc00254e

SHA512
48c453d31553eead459c1264a720e8d2cc7db659ae29f368ba19b0065c3d252037fcdc820dd41664ae5b38d0ba3c12f8b60ce87993a224b310049136b1d88e6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
7aa890c501d79f5aac419108485e737d

SHA1
3afe16e3af4bc23aa65b4c983d569d36d18b9aa2

SHA256
39eaaf2f75e00fbc99250d4f4ebb4401ab8f2cb0176d58a8e583310c8ff5bda5

SHA512
9a3304818e03ebc05b91d11ba1751099f2e226798ed648ddc0e1a2b43839801a94501153549fc42e7b967a327242c945b78a3df6b71ded11a06daf778d669781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000002

Filesize
17KB

MD5
a64d32d35f08881fc241e1a54b1d9c62

SHA1
2543fc5865e2d7458fc24d55e0743b9276598bcd

SHA256
b22fa8fa318db9254464b589950eb3508cd35a798eea2588f03dfc13d663388a

SHA512
cdcef8619607fe1d776fe7f1810cde7119b1e1c601e30c0324884027ecb1f1c243f07d7ab973630a9bc17eee4328fa2853cac86fbf369cf00922220cc8279563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000003

Filesize
20KB

MD5
17f638eb36d922ef8061fdfc3e0f4f7d

SHA1
2175b3208b26e069bddb286cc0622d97e19e65ff

SHA256
63fce204e1e854e0ae58828355ad32bddfc360f339fbd373f0450d730f64bedf

SHA512
8889af15189e169701700272a9d4d1b2007f41d6c08259a7200df7e04bc50df8d0e8cb70a014892b2811ba1c6ca80ffecbc0960c3dd15ecf222515c2e767655d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000004

Filesize
16KB

MD5
ba7dff0949245e64b2bafea2800848a6

SHA1
ef85a9796564b0cd90052f0145e1df12afdf5ce7

SHA256
9c5f811e3fc9c4744b4394128bf57e581cb9f7b17203cefcf8a099b39ee8e9a0

SHA512
bc301036228d59ce8bbeef49837c82146d3012f956a67751b1252efec9c675e5ac7fde7878a6e6218f21d3a6fe4cd4f4a2eb46c4847776cfcb87186e00252d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000005

Filesize
20KB

MD5
728ae1cac1901937bf1bfa697e6564d1

SHA1
41bb5df4bfdfd3eec4a70add93d584ac7b939488

SHA256
9ebacc96204854b34766374e0ca8cb838fec350b72b1b044b6c2c9554db30f34

SHA512
a90cc62a4fa42e6104b7e85c0e515e409cc8cf02faae773f93298e3b966c877eb5b2c15fa17b06d0c254690a2aa5a3af6d6f02e9f9add8456193ec990c8f684a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000006

Filesize
20KB

MD5
53179cfa9bf8486d72444dfca7a0ae82

SHA1
e509dbbb367eda74210e6a3565a7cbcac0d22969

SHA256
0afc9b9f917c36112aec1dfa511cc60a29866de8125ffeddd7da7edb9d3dc53e

SHA512
4db84694ec23bb86e34c422357f7e5cc443abcd9280236c78e11ce102bdfb15b4bf592809b9ee0ce682930f615c440e7bd1aa2191c25f1d588af4a417fe1b9d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
102324efc2941dfccf6b1dd624cf1812

SHA1
7cbaded4cd19daae9ec1bfb5f4b70512be7d4868

SHA256
f889a3ea00310dd99e992a0e6294a2f245c1618ea33abe16f5b4c023c26a6710

SHA512
b76ccd35207011f879bb0c336dbe02fc35a353c1b4c0d35423fc606c91f4316f097addeb76334961451c004a38f6756791e86cb29bcd99b01e590b37af4c6720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
e30a5004c0125b1806c47482ca9f231a

SHA1
c040dd0d0832ff71881efc53ff62be5281831395

SHA256
8f82f02424e2857782b9b14390d829e9185d992e4989b7267ce27ff0ee378224

SHA512
43d7575ad5f84f0e2877884ec8142ec18f3110741d795dcf0228f53afc2b32dec0c4dca432b3e3af87fdd8b439ce80bc46962b936ee706994f0b788532da316e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
d7ef63a19bb88e937550fdf002e5e173

SHA1
6f196113cab7ede7391422339b7b0b11cc528168

SHA256
b7542169a4e19860c267936174be34bf42ee851b363d7892e03cbbee15e12f4d

SHA512
42b61b2903693ba2f3fbb15cb9b3d5232a299dd38fe08604e2e0e120a1949e401a2a285d531cdd3b667cb94ca8cee1f5e70d0fd542c6d74195d279514ae4f799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
288KB

MD5
3361c8c8ec4b011a59dcb168907dfbc6

SHA1
945e76372feb4bc4e2ee5dcc50f47dd6b16802eb

SHA256
c56797537857a669b829017757dbbd4b228e96420eaa035fd39bd8a4044c75e4

SHA512
a9fe99fc95f0cb4cb96dd380cb306a8d0f82c654912a1226ca5a41e04043b88652ea9460cb4a3ec3a76baafef64dd7f075aa23d5d03493c807d0e88b4bd90533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
d022ac2c1ce2723def6c2a3124c3f2cc

SHA1
82bb22c57bd84d4d03b73c0d158c4cfe2130f6fc

SHA256
dcefc3ceabfc8976bfcbc3a0b83a0a11c472c0aa6746180b5663604c5f0dfce6

SHA512
b7de5efd242b413f321e97c49f22f515699488b4da501ceb1c4a5e8ec306be17b2538a7836c47fe86be91d0432918108757849f876ca257fe08f9e3bb8f6c4fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
78918aef55870f332e301ca7e15f3a14

SHA1
53314f452aeddf3e75af9030eee5876ab62cae90

SHA256
89af9cadcec8e4aecd6b3c2909d7a42a3bdbe4074859078f4e1bebc502766d4a

SHA512
c34086c9d3ea639add4141020e5666f9dde4a05a98504535e722ebd0ed078f429eb582a52aaee37def8737bfa627e3174ed381930d4c96fbb0436b61228445bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
a031b0e5aa8d9c9c8677253ba70ee3dd

SHA1
5281d278c2fe42f5c1f83c5fb70c2c40cde64c5d

SHA256
e3fe2eed40c9aacc353584cd6dfb8e2c718a5891c8ea955dd447b52ae45b1a7f

SHA512
973297d987c4c051cf974b49b3eed7e4ee5aa30644e2603321499f4a8459d774a4f69f212c3ce6ff2ecb00e28cef4ea719c59479649539e1772caae19cdde192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ad16a4bfd1d5c891c96bda4c2b94b813

SHA1
3d68006555e67a6c5724e965f85bb47b4c7d9c0f

SHA256
bd1e7c052278732bf8893d2b831c812aa12400cb64fa4e3638623c990babfa2d

SHA512
f28940d7c82b85e69acaf81d21da8c4dc08946444da945ca92c5f8b3f5f3ec358e40a4ecc1ab3e3419793bd16226dfaa315ada24dca250aaf348c270ca8b0f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\svg (x86).exe

Filesize
329KB

MD5
f40f72c946fbc60f438f3cdc82f145fa

SHA1
150571b7a9a5340c25e6326c77977db81e5e8ff4

SHA256
6290cb2438b2e9569e21da323a105ec96b77d541d66a2bcaf53431c2a102dc96

SHA512
cb6dbfbcd1b62c1fc4ac50c2fce1732567b6a9e2b6230475c6c5b91f49f4358f5fe650a20b6782921e609e0fad882d0e3517e3ceb3de18355614ca8897a188a3

Download Submit
C:\Users\Admin\Downloads\svg.exe (pass 1337).zip

Filesize
401KB

MD5
e7d96cac47727123edd31ad60f636f78

SHA1
a257dc553d53de600c272fc60ea85d3415a0e013

SHA256
7fedc7e70b6c28a6b9b0594666b3b12618ae17b8d3b80939b88a915855fb50b3

SHA512
b7a9303ff244782dee844bc70e8ce1e545f1668ac3e4a39f7b04fb74b75b8dea667659fac9b2b7d67cf2b25c26c75a282c294e6dd53b709252fcb0cda2952600

Download Submit