hxxp://goggle[.]com

Resubmissions

22/07/2024, 01:21

240722-bqq4eathph 8

22/07/2024, 01:17

240722-bnwk4sthjd 5

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://goggle.com

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133660847275929195"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-464762018-485119342-1613148473-1000\{0B3C00C3-8D18-43E4-A2F3-BDB2DF9D28BE}	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1928	msedge.exe
1928	msedge.exe
1644	msedge.exe
1644	msedge.exe
4296	identity_helper.exe
4296	identity_helper.exe
4300	chrome.exe
4300	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe
Token: SeShutdownPrivilege	4300	chrome.exe
Token: SeCreatePagefilePrivilege	4300	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
1644	msedge.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe
4300	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 2324	1644	msedge.exe	84
PID 1644 wrote to memory of 2324	1644	msedge.exe	84
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 2656	1644	msedge.exe	86
PID 1644 wrote to memory of 1928	1644	msedge.exe	87
PID 1644 wrote to memory of 1928	1644	msedge.exe	87
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88
PID 1644 wrote to memory of 3244	1644	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://goggle.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfe2c46f8,0x7ffcfe2c4708,0x7ffcfe2c4718
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,15559203071108946880,13983151187461473147,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,15559203071108946880,13983151187461473147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,15559203071108946880,13983151187461473147,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15559203071108946880,13983151187461473147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15559203071108946880,13983151187461473147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15559203071108946880,13983151187461473147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,15559203071108946880,13983151187461473147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,15559203071108946880,13983151187461473147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,15559203071108946880,13983151187461473147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffceedecc40,0x7ffceedecc4c,0x7ffceedecc58
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1920,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3412,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3732,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4992,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4800,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4464,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4056 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3736,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3544,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=1144,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5432,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5472,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4436,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5752,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5772,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5616,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6064,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6352,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3524 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4748,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5632,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3720 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5748,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6156,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3720,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5700,i,7669901500507568055,3699995189687541787,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1748

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4236

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\97d26829-186a-4655-9c03-be0525a75e11.tmp

Filesize
15KB

MD5
52d48aa63291421d4fe7663464971fd9

SHA1
2d990cdc4933aa78dc2f8c1cac6f041aefb01a22

SHA256
810b320c34e3089c8c0d1e2fa7cbae2c96b6742719947c68ed389e15bb21a811

SHA512
8f37156887b40317198656cc2b497f803df780474f71600e24496e80a21a552db49f8276d0b6002034d1f69d1de4c800ef5c89306c494f2c36bbc369aaefe047

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1da5ed4f762d58d760044c45b7b4bbbc

SHA1
1fe56638a0ffeea6653b676f3d1fec74c7622d8e

SHA256
b6897dd2b1f6628ffa410f68dcb3fc47725fb724743d0fc8a36cbb7c35948779

SHA512
361b9e0aa1da544d6b0da80aa3828552e5cfd0f2d49cbd58584de4fd3c279a13b6ca2f8782428204772a2fe50726aaca584ae2ec657ca100b6e421e588486951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
121KB

MD5
36a32dec4a2c97cc885c8652413dc698

SHA1
3edebe651f91ee8ba1df95c976f59047ac13577a

SHA256
5a412e745c33c33c71051a8760bf0d0119fcdeef0e08195854d27cbf8cfbed1e

SHA512
017428cab1b879145b2b9c546d91c394eb1845dffc1d942f27caf6f7a7f746128f3f0893e9bd390971fb661b79ddb50d10baaf7a1c8596424e42ab32a4ee55a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3b6cb517576fb7552d292b9bf44a399a

SHA1
e4185ce84bc275cdfc41e4e5359eb1b0b28adf96

SHA256
9c3b7fd36b3269cc24dfaeea7f808c54b836c2e8dad0664bcab4369c31c11d7e

SHA512
f321b156f29198bf0c42bd8c7db4f11d4c3b37f45db9538735c18b3d758b7970d05ad9ae5736f4d2ef05a68b5739e94e5fc1a27b3b010f3769222ec8c3228d27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c25e60e8c7fdc474aa53eebfa6ba9913

SHA1
9ee71c1ffec37dc79c5f3e0d72c8bffc2150198f

SHA256
eb69aedd2f46ed7b4655dc621f7eca6ac2c44c5c911443734a8ed08297b16fae

SHA512
c9a53c98d9fa82bbfec0e21331563dcd04b9f1d2596b64e3969abd4227ff77aff95f9d64305c4d2910d13c2ed491d465ffed90f6e3ca5b2743ad2835415c11ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e2631cdfa77318986b01ffe20055545f

SHA1
d5b33c332b7c3dc8b7e2552c823f9a5234c832a7

SHA256
03fe24c717e3422dc7b361c73fa873641635b546ce3b37588f2d5e19008d155b

SHA512
c3821d6d8485bf3218bf1f8276a14ba57e5a0fef22d0418241f6baccaef4e6b707b8bbf14e3250b1da5236b21936704fa6b6a17c04dbca87bf851aa4b214a482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e7c97fe5631ff8ff538bac43ec39675c

SHA1
fba9c93044f0fe4a01250041a75cdf4cf4f2aa74

SHA256
fed5eab24384bfe229c0ea12cb4f97349f22a2b5642d2b8c6d31bc738c674c7f

SHA512
b36a5c3f34b16095079ba963811b29296e3feed25c27eb7a004f076e5cf27ea32a267e6ccdd1cb1ac194dd7a5c2ff602eef9d0491aa59628d3619581aca583b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
12a9039df1db8b614bc2d817b7235f0d

SHA1
68aa3a7e860914a56d5e9bf55caa659213e74cb3

SHA256
510a9f4f8260be28d47fe11f1ba79eaf60509476ed1b75e66fcc099ebe7a3f8a

SHA512
f9a9105843547b5b81229e972d016c510de8475bb9b36a7065db891e1c23ee8b1ab37d95256e5d40c835f6e48af3b30df459c5ec92cb7d8fade863fe547f2e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d11a5781d2a0c0d78699f2a354a54524

SHA1
ba76fb6372eddf4a0c59277163bf6e07ce8187b8

SHA256
b337a4de23103af44b3d4cae5dc10da72d49f0126ca8259bd9d1e544dc9dadbf

SHA512
65c844c04d27fd2778f7e7c963950d562b72dcc7d94a6819395f19f9ebb8717c8869dd0951a63f275a2ff171595598ab797fd7d1352859c8389f2a7f4ab27ed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a99942d4b321eab01772a32e893985a6

SHA1
3dbd485de3fbde519e5aa38ebfb60dbc5d229407

SHA256
7af33334321743063390e8fc275147bd131254861ad39c9eb71439858678eb7b

SHA512
0070c62748daa30628095d1db2b2e0dc11fe0b58972a9165601f9f138c85c691237bbeed7f21e7089d4335c01f626ed402aef67e666796743d8994d490c90064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b2478ab9c5f7ff9c6d241bd6030e7134

SHA1
e49c7a33df0c283bda1699242b74ae983b41cbdc

SHA256
85ac552675d3f9b7315e51da50412b6885a6f5a1e77428474f77f0d0f21f93ea

SHA512
841f9252fa0ef1bf50c207304fd25bd282b97a1f128e456b7fd7ddf690a0058401b53d7cc5f48dd6fef2f602633d40c204540929fe6352f2557e2d7ad726254a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
9c1d9a61453aa1ee8a5c822cf9e4c65d

SHA1
3183615de792301b7e749ba1d6565063a36c8e59

SHA256
a2e39ae25c68372cadca889b7337ef337c129859a176fafd6ff6e60a7eac0f59

SHA512
b315acedfadf18c4e4348097278354427a52f47a0703b72527d432c8a1e06b5a9b2cfcafad294312ddd9db4fb5f6bea29b462dbbd831623e71398ffdbbec4e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
caaedf816efa514d3b5af931dc5b4e8f

SHA1
5493ae787cf8558461427c497404ae3892d0342e

SHA256
ddd3fc2273fbef50f56a00c8962ce36358cf013e9f1f788d06f6c49ec58d0920

SHA512
faf2eb7ea94e75bf061367a8e8296396011f2a36257599bbe9176025e274571eea1e3099c56dbfa441b4b9df9a7f6ab6676c9c7b04a7b70075e293ceae84bc03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f7814b2e7801e638066d7c7b7a68b221

SHA1
4d851ed3d5a78ddbf41bbfe50569e692f775c078

SHA256
8fa4b7a5ae353bd3cc19ca7ce4f4ed219a2aafdd340415c0bec9647dedfd765b

SHA512
944b78ab1829e71c0960f7f66f3ffb93df101699041bde7f57ced93b6823230dd98c2b38f7eed1170e6c82ff755c55b2cae8b2344645beee50656e8cfbdaba61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2fcdf7b1424fc4de362a3245c5f4554e

SHA1
b107e09d2867f7733a8a274fcbd69d33832d82b2

SHA256
956b591278fba19db989173c069794585f27b5aed7c414a5537d49107bc47f2c

SHA512
d2a0554e43fd4df61201526a260e862598154267c5c0d6efa48b221ab4fbe1875896ecaa1653d6730ba01f052023752ac40878a87fa8d7b2916b2d8a0d9af9e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f0b744226cd112582be3c3378d7a0da8

SHA1
54ad34a457d28b12b1c0c1dac451997e8aeafb65

SHA256
85f397ca41cf26b48e59dc3a680a19eb99d28ad89e76a36978ff506f539bfc84

SHA512
561c266177ba4cfcd1e19653d97bdac822d9224d8659cad6fa92f24dba6a81527d2916ed68bf31c37693637dd4ee530bbfe06592d3b0a4a193e6abbea13a8f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4da8e338be3e9a6ec5b79545954eacd6

SHA1
2888df28b22bd16b19140ab9bef93e84c007b5dd

SHA256
eab8f72853daefaec211632ecf92149ade221edcd0145bd97603dec57a012c32

SHA512
2279d196cb801cf1001875567a3729e33a79d6953a6110d94462fc03c216a0ff3532f0155cb22e6ff2a67b9508685002053fec5796c65b8bebedcd8cfe30e15c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2199754f183dbbf340c21ec4203e17b4

SHA1
27c439b33c73328cdcf77bc8674600632c8085c9

SHA256
a5fe34320e9362d2f8ee8b4e25cdeb311782c7940c4937147caa87ede23e9224

SHA512
17cc28b46d9905e63dac2202a781d3553ac7f363865703b748841ed52106004a6283a592ba053ab020c5b661a1b5f96e4f33ecbc498066b6a425136f57649830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
310d65485d317500904a7fa96cc24c88

SHA1
b4008063ceb4d1c30f2e1c2689881c5401c780ef

SHA256
bf22a341efc0cf9cec3195220120ef0014e4aa1e1342ba991fa13cc504fcb097

SHA512
7bd9101189d3b8d38c683d7bfa1441da1f3056f5d0adc7f65104261baae4fa33dd308aaf2664a5d7b0ed433205839050cd1a66b63399836ffa3713664b95052a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
40729f1246d43754439fc0bc5d65c11c

SHA1
ebb10508e1b0c68fb61b9b02aecad3fa85b2e972

SHA256
11fc636cb4cb338d3902727cf101dc4d51412bf532bae855470210000a103ee5

SHA512
dbfeb49deca9e5899b8ba13c0eddd7420713749e0af8af31b440ed02ff1ec01a537d4179cbb873006b6f50945b5f9e92adadc7d4a0b7292149456e078824a21f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d6699dc348abb31345d3efce9a2b999a

SHA1
93c913f6b298a0113333f70701ff19558b8643bc

SHA256
8b2a93b413b8c582af3c03e45df3563e99c6ac2d7288b64be4f6654d3ee3c3be

SHA512
15e3fb38c229698e1644660e712dd761b53f29b5820ec4778cda459bc30acc21b0003c403f60d9db578fbdf43e4a54046c7a38810b0352e05bd13ab710275e41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
97f7915080d859f336d7b90eda9de1bf

SHA1
5752c2b59581af81dab518654a9bf74b718b774c

SHA256
e125e31a7606d6812901121a6b02d5738926c5e957c5b9d7e7d477771f479afa

SHA512
77c525d53b593544fd8351197dc72d204888d09df72aab12f94b960c069b13b0628515bbdc0c50af14f56618d40fd13d03573a13d732ba761524d92ef631cce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1c6bc588a189669f5f30c6c89bca4b73

SHA1
78549aa2ff8a197a500e058509606fa2ee02e3c4

SHA256
3dc6f77ee4c16a5c693e5e514bb9b70a62e6a82e4728445ce97dd08c7e85aa68

SHA512
c6445b73a68d4aef50c5b40d883be3a9d638039a9f44f632a80382e14ca484a6a7ab6388e922254c4d9b931fa7107ed05d71ae98a55427f85870ba270c750697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8114d45dd42c20f530009677a11e20e2

SHA1
ca84d629df48f723036e0a83b8750cf14587a3ba

SHA256
4589a6d313d6b8be117d224c2fcd9537f87f42cc7cb29216e9ceb357c094b19a

SHA512
abed93728da4e144b3d38429569d866bc000ceaef9c51e63bf3096c22718192602445d75e3c00443a679dbf203c5e13a94b60fce340674360e53ad693d6097d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
21d9a3e550969b70a3fd7e0d1fd0ed9b

SHA1
cfa404cdaacb758ef6b4a43d8049fceec74ccf14

SHA256
611683f9b02608defb612f253f586b7c22540cae833d97591011b48bb2e7eedc

SHA512
48aa86ab8b64adb40098040b5743ca78790621498ea59fd5da1965b5cdc1a080b8a29055b602c136f5f8db230ea5cfcbcc274a07df501966ee206ba892877bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba366539a2a705d3e14732d82c7d773e

SHA1
1fe40bb372ad6f7c3a7a2dfd44b6259af58bde3d

SHA256
ae3154d425111041657d88966373844c877ba4333bd149f038b08c31a0c7a7fe

SHA512
2fa1d27ea90390d481f0c2a16af8e44bc5c7159bfe6dde6835264afb81d6d9eb6f4987d1ecb74aadace896125d3fd4f1c0b7324146378278594372af74ffd384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
504c53f1477f6cc2290891df66f9071a

SHA1
694645e257e08dd0265cd5072be8c22809ede2b2

SHA256
6b20b60971d3b0d34e3df8f9074ea8b28ac8836b79da988cd9948459936a3c6f

SHA512
38aa395195c41a383f7125e4a0392491a3ca874afc988f33f7a6d806f415355e54f5fa4e2c7a5c0dc5bb06124adccef0e25533469d8caaec245b4b8b526a9310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
55b872cd298d0578277aa0a4034886d1

SHA1
fa55f6c9255fe0296b9666ad692a02587056e44f

SHA256
79f98a5deebd9dc68581029b76ee1cd796137113f7a2d68677b653a34a467a23

SHA512
30cc195509c38d64d14fccebee0ef254b1ed353de021fa98fde47bdcd8c84404d2ab3818069f31f2bb1581aac60d3210204f0dd41c47c036d572e2f014ffee3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
11a1be53e26a2c949604c610ab3cae5b

SHA1
d0de6a2907ac19313ce0d37b151aaa4797b37a59

SHA256
a84dc322f92111392a4589a5c4e08af2f6733757cffa076cdaff4a34c391a217

SHA512
46c3449873698eb47128457abea8987bc603a6a40cb4d3b91fe039a1d230a985320e53a263946a76e0969c34d06839da956ae4eddc7dd506a6d3aa8334fdea40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b1ba0b7807ce066cc129a1f8aa765dd

SHA1
0a79cc557e6cf0df1fd8b737d6120d8ab5c3763a

SHA256
d5adc7658ec4b5d6d32fc4384053ef7e3701a16a494a284dbb50db917c0d1f30

SHA512
e8a8448e3096730518ce3253582124d7434f816e8652d7217504e5f1d23d449ce16170a1635fe7f12eb8898a533b7f1354a55f6e9ce72ad23bc0e3bdb2bbceb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0900dcff56ca33132a7bc416e3c28b89

SHA1
8823d3b8fe5ea666c21c613f46e87ff52aaf2327

SHA256
11c94c34e16f623d419a5d1c36a8c14ea9b34ea7544477e03cb01f39278dea29

SHA512
81b8cee87bea8bd6eb030a0fdcecd07db2dade0632f87cbbb1fb897e886f4e889a044c09b939577d831f76bf33f3ea96f117c68331969d068e86ae9d2e6cc849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit