hxxps://www[.]constructionweekonline[.]com/

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22/07/2024, 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.constructionweekonline.com/

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661436843999193"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-95457810-830748662-4054918673-1000\{5D57F271-F5BB-47B0-8A9D-1065BBC92B22}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2720	chrome.exe
2720	chrome.exe
1824	chrome.exe
1824	chrome.exe
1824	chrome.exe
1824	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe
Token: SeShutdownPrivilege	2720	chrome.exe
Token: SeCreatePagefilePrivilege	2720	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe
2720	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 4364	2720	chrome.exe	81
PID 2720 wrote to memory of 4364	2720	chrome.exe	81
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 5008	2720	chrome.exe	82
PID 2720 wrote to memory of 1424	2720	chrome.exe	83
PID 2720 wrote to memory of 1424	2720	chrome.exe	83
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84
PID 2720 wrote to memory of 460	2720	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.constructionweekonline.com/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93556cc40,0x7ff93556cc4c,0x7ff93556cc58
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1700,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1696 /prefetch:2
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4480,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4272 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4488,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4612,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4776,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4940,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5080,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5216,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5664,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5700,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5764,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:72
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5880,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5672,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6224,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6348,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6528,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6692,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6532,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6608,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6624,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5468,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4312 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5812,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5864,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7040,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7128,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7144,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6800,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5688,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7340,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7372,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7384,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=7392 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7564,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7556,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=5224,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6860,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=7568 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3192,i,4978021923576476538,4215051595923101068,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3244 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1824

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b66556390289dd76919b24ca716cd417

SHA1
eb3122ce50e995ff24e97451c15928592a5f3c0a

SHA256
eb792582f8116efb7b5b6902a95cc2c4f0b52bfb6384a8288fe0cefbaec3bfae

SHA512
2d268424527cbafabc83071e76437c56e5771661969e996eb75a3a636768a193e0b59197e742c52d52408d532918d113bb19cbe91c040d2b2187cf50e01a09f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
683KB

MD5
b64d923b3573fe2df893d6d5f549d079

SHA1
bddf64ea2e8d20d70838d84d179806c1e5e8294d

SHA256
45ad510ff2452d581cbf10d9e5e622c8470d5a614b692ddd425d9b9bf55af75d

SHA512
7c47729b7a02213cd1db6dc3613e0caf761cd91a26e13fbafff456d22db2cbb0b401d4b70e79bdb45d0497e081eb0a012e0f5a4a6bf50c99202b71d6067e0c92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8b9e5665d6be56d2ab6322d7f48c239d

SHA1
acecb6df09e29257d3a431b6a320025da6a44a04

SHA256
e7b445e2bcc18e517521ae34b4b8f1f4e93e38b5e822d3f17baad7c3eda30634

SHA512
2285cfed893c204d6e530985c87c1caa2f9d53713e3278f88fe40055c6d44a08936dc98301b95eb3b07f2d73dc2694237947c30575832ea041d63dbc2992ff72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0b9da5afa0bf85c5034b63e4a68efcf5

SHA1
36dbbac87527fceca5f9a6698bed689d6d50fdc9

SHA256
fa563af3653e8f54a7f39993f32dfd37bf88e4dc6fdf5c8f09e49ee1baa67a73

SHA512
ecb7b20316155b0025a0d0d7b9119131cbd23d632cf08a5943c722d3d9f56376931fe3f3843999d9dd955f620ffa8df090239a2c5b33a59cb02684bcc42b5bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
34135eb80b9eb5bf508d043d15353593

SHA1
e398230be6c7dc83dd491a72b964e0ca76655813

SHA256
dc672f92c866e012e751f7a97457c2a8d2e1b2404063be15509010fae1be0bc8

SHA512
d3aed09749168475462307c61803c2b92bdfb8e9323d62875b498745210eedabbdb274a8ef1c1e1b9f4879efa8e770a7f725ee293922bce8e463f3ebb0a88659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
5110c0fd1254a54659bd8cfffc1d2bf5

SHA1
9f61b16680b5cc9c9d8ccbda6a4753247bce22fd

SHA256
02ed90aa2be27d31bd282155c8b3b81e9fc6a9648ed25ebfd4167cb5eccdf9b8

SHA512
97c1da5f4c3400ef6c88b4cdcc4646befe4237f68587f2658a0a1fb3f03c6686d6f5a60dc98b2f70d14c861ed45887bd838b53be4ce8cf78b9ae7db891618972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
39a510b3b8bffb68cbfca1464895fb93

SHA1
40fdf6be22a4870f6a9f7acdc0e08d0312a4067f

SHA256
dc5ffd60a1f7bfaaa30f3a41be926de568752ab092483d06725eb7a1b65ec594

SHA512
8b592f0eaf5b45588ac098dbfe523f0e0f68ac56ccbe985123c17d14cb92ba86dc922f95ca88542d756511d384a75d989bf1ac8dc254d4db282a7c3b0f4285a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
010370f0b657ce15d060cfe687a0e039

SHA1
a3254d4819fede1f45846a0f21fc5081d14d0ed4

SHA256
1aebae59a06a341f26957e6012e6a0b42c9e824d0c750a5d4b6589ade1085a14

SHA512
9361a08b272f9ed01833ca4297e6ebd72f5d3fc58d33d58d3819502f19e0cb408f2c2e9e93afdec78a4da30fc6f233f217ad18b514fac3ae9e78993207241636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7123fb84f46b7529630c0f2cf48ac41c

SHA1
29e0c0d2159b9a960da103d822cbe8da8b2bf443

SHA256
01508ff5638d65579ffec3a6005df4ee8d24018f9ecd34df40f6625a2b8af122

SHA512
44f2c05e2c8b3abdbe57942b1b83dafce5293cd4294f30dfb942798521bffe047c50e80aa89cb11f960c6b4cdb4c191b474c2eb44f67d01821d6bc022d81f3f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
bafff5dc7b95a16949c5918ca4fc9e9a

SHA1
9c6ffbebc0de162545565b72ff506471dff47002

SHA256
b787fb38cd09585ac69a9af1d2e3daf5bb32042ea92f10683b62aa1930d84615

SHA512
7192ecc7a751f7640ec889876a3ff7c6699146148533eec2f2ae177a84d231072288f7189882d023fecaa62904ccf635db1e4920e7cde2cf4ef65d6d0515a4fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
87046f93d15f8baa33b688e52e77a016

SHA1
cdc0e727e4f2ff2df29d3b3b86128ea2e9b5812d

SHA256
8a7a6715d3bc5f924d24e547261c654c9c57072b59c6a5259f7cc1fb2c0d4f13

SHA512
bca5f875024564fab2a947bb86f54a0ab4888db74b6f9677dd1c58dc383327e956ca76d96895cdaffb7e7e0a1e53e9c16b3bd40ae5f2dd08f5768ff84dbe881d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8b27af7e9e1b14395c39729bba2932ef

SHA1
894c8b053daa70c04581913b15053b7b1634edd3

SHA256
7aabf3a3468e0bbadd73a79224e73e4f07bb7e182697330b3b6118345cf545c6

SHA512
9de5e179fa2362235e6ceac87963e429591d2e4dc16d95562022aabb0e71b43e2efc309097d9613b51d55e4f325e0eac55a4c12f25df27160e0be5589daa3f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48af6724b8bef85339f48670624bb3af

SHA1
c701cb837be4ceec62cc9ef4df1471794bee9d99

SHA256
f08941b7873a96738c11f06e9716272c58a9d87fb2e7492628318cb7efa376b4

SHA512
a8668738bab266cf9942f07b2fb811bc24c630bceb344a4d62ff6ddfeadc220a59c9a3d46a431ac7fa0dc6b7e64c35f6ea8474737e93c3a20fbd4595e5b418a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59b6a0288a73d0a7876ee91325269851

SHA1
c21414bfadb54b202752e6253319b0cdad10e168

SHA256
aee4c2031ee40dc796dea9b6f2c41697739823ebb2ca55c143cdc89921bf9712

SHA512
355343b4e323c86204856d9894184fc1800433c6645e3084c0a30f2c23e90033a5e4434f4ce2425abec326e50ecf8a7eb6f742d0afd8b743d85730ad8cac5d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
b4578013eefbbf7c65cb5f216ebc8c99

SHA1
714e2ce48c7b6a1242b0d0500cf3cbc30c0d4a84

SHA256
1dcdd8de06f52d9ee65b5a552ab7b3d3c695d57c775a7b9c891c7b5b2e276bf5

SHA512
7e5c9f8141112b841c9c3d446581e8131d0fda8621b49bf06650a5aa53e0d960bc7fdd39cb96e996583b040f892ae06f32d1eb7d0163127ef4c96ff1755e2757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30b98c958dcdffb27b00501c08d0c3ba

SHA1
d4aa7a0aa75f53d6323cdb65d922be6d23ff9379

SHA256
19f1bcd3da816eced072b09d67770337f158f2a16755567d7410ddfa880da6b8

SHA512
63b0dc2de7b6cecfdec86da07d33d4f550a0348eb7a87f3c1983679363e1192aa04d84ea635cfde0d885dba7380f86307e13a337ec55e9dda8fd847e89148055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
595b70cff60a9e1f6ccbb370008f9de2

SHA1
2b7dc7354c741a7340b913bdc9ff9912eeb5b575

SHA256
4cf55211e519ce130c24e381fa8b94b9c4abb68aaac8c0ed4aca3f410af254ad

SHA512
0929b33582fd53264e0d292392d5f4b66d3d0c0717006543355dddce5fbf360532c693a64f0954f7debb1a1122d6a8335bc12f2bcaa94e3f5a3cdea872bd798b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
672136b554b8aada311891f47784eced

SHA1
d39fd243bf835d0c33940bfe7a65b2cd7855062c

SHA256
6b60b8734e58303788989acb3e0fd657c007be996b208cc637b2b597f33074fd

SHA512
e63184c3eb2fadba08e946537fc286dd83bb5fe855bb6f6bc8bfdd41355fbc892a90810f803c46f9a60569cb0a47286175e70d5e29f73b315f5335037cf87745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
a9765a91e203c3cd76f4b82889b6c3ba

SHA1
922e30d76a497e3951f237243a1d79d4d7edc182

SHA256
6939271ab462bd7c6c69ac80995791d006561fcbf4cfb5ee3c0862921481a4b3

SHA512
fd616fd83f17a499ddffaa5f84cd204bf20a1ad76ce33dd518e17b3e6aba381b44eba59799422ed64c9713d5f7f284bd552bfb9ffef7e8dd1eff489050a4707e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
d9700f8a385c75c30b44bde68afde550

SHA1
2f5f4dbca5632d5080af10f74967757ef521fc59

SHA256
22fa72531fe3a435e535b19b31a903cf1a3d2244a159df3ebad67c6d3899c667

SHA512
8db82ac07b423dd17bb56193bb86a28b0f4b99a4d6dea18245a348386158f77f96aa645a52333e44f5a359241565f8f54d38647747e38f872e9fed37373fbc43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
1a4313b320835f6be319c3b0cc484356

SHA1
a2135e40c7b21fbd01c6e4db0f467e9d5efd2dff

SHA256
8470faea806419cbb785f1335c760e56ce1022a614ec46f003406d1a97e41b10

SHA512
06a3f7aa43880bd3a888a266e8d9d88586874009c32fb120b6f457a47ca59f68a62ce9e4c88a5f8b1f7e0acc2abf8d36a5a2ae59b72d8c79c9d611b6ae5b56fc

Download Submit