hxxps://www[.]logolynx[.]com/

Analysis

max time kernel
149s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
23-07-2024 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.logolynx.com/

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661776411118001"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\d10afc10ddb1f474994603cd350d76e0.png:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2808	chrome.exe
2808	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe
2520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe
Token: SeShutdownPrivilege	2808	chrome.exe
Token: SeCreatePagefilePrivilege	2808	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe
2808	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 5788	2808	chrome.exe	78
PID 2808 wrote to memory of 5788	2808	chrome.exe	78
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 5064	2808	chrome.exe	79
PID 2808 wrote to memory of 416	2808	chrome.exe	80
PID 2808 wrote to memory of 416	2808	chrome.exe	80
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81
PID 2808 wrote to memory of 6136	2808	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.logolynx.com/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd200bcc40,0x7ffd200bcc4c,0x7ffd200bcc58
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1632,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3064,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4364,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5076,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4896,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5228,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5200,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5388,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5644,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5812,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5804,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5820,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6236,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6544,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5528,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5844,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4408,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4428 /prefetch:8
  2⤵
  PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5656,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6248,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5972,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5484,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5444,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6116,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6216,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6132,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5648,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6268,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6484,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=968,i,6243194244996051792,14143946280085661767,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2520

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:5128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5076

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004F0 0x00000000000004D8
1⤵
PID:5060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
067f977ddf86e73481615c7f7a73ab43

SHA1
700df39a85ae2c8f0f79834f22a9707cb4422b87

SHA256
a953f33d19c20d2b31345d659b5fe99fe4cff40f71075c8958f6aa768692f455

SHA512
fc0adec56cc59e9e15c3a4422bf05982d57c001b1b652646d1e70e0b5e95cf913498f56cc5983f84b1cce2ad96cc9670552dfc535ee1fe5174cfb87fb9e537a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
137KB

MD5
3bb27ca4c106cc2aea0f90baaffad80d

SHA1
d8692307fe8c5c0fe1be62b2dbe6b17bbfeddf66

SHA256
6b64cd38f05da729e4c5e7223574814252ddeb14954db0de740698bb7dcc065e

SHA512
fe14dd45f07c9ab3ac44e96ef7176882e80c8a978579426c8d7a9cd23553776475730699844da2c1942cd96463701b5c49ade90a1c8922a34b92d97af4803775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
27KB

MD5
46e6043b3a70e5986f0b72a748d9e3e2

SHA1
5d3ac460401a49fb84286e0f8b9edf6167530fa6

SHA256
171b12a8c0900d5f0d9e700eb668c02f167ad6f7adce4b9c36201ee10aeae005

SHA512
c0f875ed0d9e05a7439ac9d160edf59ed3b1b384b87dca5b75de3ba11a47a94d543f108ee60aaf421c965c0635408003535795e0f6601afdef4010d982724385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
20KB

MD5
b3b71ef77841815c899ae8370085d7da

SHA1
f7362b36e1ffecc7f965d4eadf2fbb4cac25d9f6

SHA256
7ad1f40d9814673dc1e07f1517b9b535431fe9b028a6e9eecf650e0be2a03cbc

SHA512
f5c72cce1f7c5d5bc98573339e443e8089ab8c5d9a1826b1faccc3cbacce0011a1192cbdbbd26167b1e435212466bda2c64a9aabcd32b85aef3ea03035f7963d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
62KB

MD5
739a3bad63e7895812b530cf482c30ba

SHA1
170b209103976e6efbc1a0095c6ac9dc73484814

SHA256
4c57d7494d5b8253a9658375c59abef84a4dccc59c8c960b02a54746d65cc269

SHA512
6da60eabad2cfdee4dd102b089343b513afab6edff6751a3b7b6b98a9b7ddbf322aba710a0ce57b1da71d3037c048c3c445b133dd6e4925d24ced7c4bf39fe16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
27KB

MD5
4efb9aa5385421fc5899f9e7abf7e8cb

SHA1
2572cbd83a21ce01f315c126505f20f5e52da704

SHA256
1f9c006e426f89d13e2ad5550f1eb29e85fa4595b31086be29cd9adb3cbdc960

SHA512
e4ac6b0b72ffaab0dac276a764e6bfd7c78cb07024adfedaf0542a88515ca57bbcaa6c679dcf0f221f2da4840f25aedc08cb0a68146e181cf776b959b5463d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
34KB

MD5
cd28431242d66b4fc00615b887ac5805

SHA1
4c03d0ce1ddbd9e7e43be1a56149d0dbd0437ffc

SHA256
8eefb6c2900b6184c43c6844c1abcb416131953406d7e3077676b7c8a86009d6

SHA512
f59f4771144e39902a5af5aaad84865e2c946d1fe7d617190775ef136e8b9045ea1bc8754c78597e1809b75f74b6e7dd0f886299825aa80644bc6b7c7ffa3e4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
29KB

MD5
fcce92d8723d8504f0dc485dc576ce80

SHA1
f6317bdbc728eb2427eebca6c8de4c9c76bc4db3

SHA256
d1343de240f799d4335cba0cfec4230f0fb78a7ccae16fd6fb416b3639ecc04f

SHA512
086431d0313f6d647604f3e31bdb3c3648fb506f0f2f19efff8275273426a14cc7f7972c6755024e68beefe480948c64b717203e70ed494e261fb72e4f809fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
38KB

MD5
4a870d31a6ad24956f7361ee10d46637

SHA1
a3c34c61eeefb8afeba13badc153b9f0426cb61f

SHA256
dc457607e5d0944eeea39ad6e3a53bb418d3d3d322cbcbbcaeb6d1455e7dc3db

SHA512
d0b16e0cb9a6c682be4efcf27377995499faa1ab628217919e3ec07edc905f2548f010237e42893e6f1f6afe6a471d932b5b4171d6efcba2c7777d6a8bcdb818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000062

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
89155063921059ac49979a54978e43ee

SHA1
f23887c63111d0a0a4a8229db981c22a6812c60a

SHA256
a6a2a1f4152b1889f0986b3a45c967bbc9ac2d562c870028f1514240d0b33aec

SHA512
c076e68fda72ed34de36718d4d7a198327d8347622ecd0bc8e075d9080a860aa8222dc662a21d67150e4cf0c670b9e57f2f581379c877e21151ad78d157c1a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
4b7a2274ceb8f4069fa3fd8a758e1c28

SHA1
cee9908e67c0d310f57e8c206e64331e65de747f

SHA256
e8e8423413c92e1e6c16c8599d078d7ce681ea4909fc12fb6aabc65a0e4d2cd0

SHA512
3f84b6adcfea46a89c9033501220f5fd7d16abbfb1c8c2a9aa565aa22c00c6622c4177602464aafc273118d5e9e4e6255cb72895e0153916af7bd93756c63cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2ec8a46b88303da2e704508c54599807

SHA1
4f227f552066ae3bdc4f2dc66b2c12c7cc175a47

SHA256
c31cfe504c8979ab69d461b686c74a186d2da0ee5a0230a48ce3a01e7f83152c

SHA512
be110b368d3264f623082004484bf65147fb0613582f83824dbde8d8665fdc1b1f175bdae646d96b89020900e24ccedea4b19e76769fd78838ae7c6a3569c8ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
8d6a8d6b48af043f27970754178a90ee

SHA1
c7d994aa3b75774b9c4ef24e11f425f66891b6d4

SHA256
807a662cf3532d27b0659268fac7968fbee5cfb26fc6492af104d9ccc2e8dce8

SHA512
01e005c1849f0b51c944d6752b1d657a4f28f06d731a53b217e464e72f671016af7ea4682e86387a1080d1ddefdb3f0271c76097050b77a5c6a0795310d1d573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
70de09c8be1ad7f179c47ef27ace2777

SHA1
7f4fc1f782c8acc094dbfcc228b2597fe6ee30ac

SHA256
550380a0307fd12e3ecc62116f72a86c4a0f3d6a2504314f2b28529b399b6611

SHA512
fc5cfa5ccfafa223e9b9ce49916a08ac13b3db9f813718d958279a25712a7a2b2d773b5a6e9e823932fbd6f2036302fcacc6ea31fac301e9ea6dd886eef394fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
cdf2e8f48b1b0d24b6f87c126e75499e

SHA1
e1edda460e748bb4c1d535703080f02cdcff18d7

SHA256
6de4e2fd8c4bfa21676c779b3df0eb84a401c5250721b5cb19b2a8335157fddd

SHA512
1a7c9eaa36e9dfc1ab255fb3b076d1056d1c7d4f62a9294bb4db3f002af8ed0a558a6999533faece188bdddf7c2d0034e26cf0c1a3a1213b96d96023e6ca412f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
02ac7fd489b53d742480a607835f325e

SHA1
6a16d88be644d6a6806f3a86631aa1916d715e1f

SHA256
46c179b57f21d3d0704035247b9a120683f02661b1276acef69a8f773fe23daa

SHA512
f07390a8ac8b3b3c5c785e1cbfa602b8581efeb20a5295d612ccbcd9ec34ab8fddd9f1e6a95ff95e81aeb202a1bc07c1514cf0cc21834a311235420621a9977b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7028bd9ef1291fd67abf7697f1260f99

SHA1
a72ed679f2ea2a9445353fd4554481b4092461f0

SHA256
7d65ea95a6fc041b119355531e8321773906d8296ac00937c335f28fbffdcff9

SHA512
56840b06267e70f7b9c6553d824129c2532e9efe1075f70b7a94b97a442b76a7b9d0a5e724873e515336f15177ef02137ba33107c198b4a91d2970dbb62eea3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2eef6fdf8eb2c7caa98b60842ff9ce1d

SHA1
d21df43cc45856f65323c381894c8b9aa95b42c6

SHA256
6e377f4b8657b386cfd2f56203daee567f52b03ede0262dcbbc984591b66dbf9

SHA512
1e841c470826f8e5753a372efa35c26be3b732d5159a73d724098c5a71c2d299a8717d12077ffb17e332beedc2c5d37719c20d2f53eb74fdbaf9ba907554bafe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5ed1e60bd96ead58f0658bfd5b89d8f8

SHA1
afdc0939241f32c91e80a620d4a1eba1e5c95987

SHA256
b31b76c9774e986cd55f279053c29a29832c75f59fc7939fa90d449a8fbef3af

SHA512
4350144c276364eb140fa2b3b2f07b743086d55531590de4a3006231bfac928af80c218c2a814969bd66c88ef8d653d6abe505e2e9ecbc0a1116ddad02ba05bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
583edf7f2175c66eb43f6969b663735c

SHA1
a9b23f3fc45daebf4d10959b4870f019314d04f8

SHA256
8cb31926b6d69415d94aea72417812a8bfc553c2f79ee364279c05318313d686

SHA512
85c1e06cb728202efd53f563c99fedadd3458697b64b236b0148dd49e330726538fa922a5238a540812b6551efbbfd99d07ea79a205155309e99adc85bd38a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
870d7e095467106d512d6153f03b4011

SHA1
65dea2eb33f65670cc817611aa30c7b029420376

SHA256
ea5cfd51d77a7393f814720ea61d824fd4380e13cbd1b460ffb58fd10291c88c

SHA512
5cfc82d866dc8dfa5ce73ce28e2ceef2b2a398eb0c8e361265412b63489e73ef0e3ca9a175819e495b86088b021d574593e30d5eae8c9ae254649670a593e0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f1041753483dd2f182d27fc32742da2

SHA1
dee99709bcbddd36a55362b6dae4062e2fb9526b

SHA256
a9e418ec47704b01de108984573cade93297b2e8026000ae240a7e085605f7a3

SHA512
9f634ee4dc65dad6044b9647c91bdfc0ebafa5df0334d40d4ec9fbfef322e83573419080904aa85332dc1f8bc466ffc0543309c367fc7af3953885c64072334e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df1af81253d16b9bfa333859d74d549c

SHA1
7c7bda006ca96d325d02effef79bc54a057aa97c

SHA256
c93fac446c82486cb0c2b44fad9bd91c0fe9eed34129a1680f9eb1364a3db159

SHA512
c510d056a22258e6dc1da4ac1b5f1087f0aa307c813390e3eca4f7338d540a8c78f9858205e86dfb08e7c84a7c706b801d3d30a117b627c1701081ae0f027002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a7022a3657f2b820e583b1e41d430567

SHA1
a5d268182eb5c5cdac1ad6c66dcb85871889e3ac

SHA256
c2c73c450da65312ac4d91a77ec1704a467d6d7d8aee0a15a33f979a970e6d2e

SHA512
c2a931ccc5ad76020107f053e920e4472b5cb23a5cf4021bfa0b7b51c2991e03740635a10a6f931b72fd3e8d09422f2497b5f0c22bfa47280492bfcd757e3cff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e5d26e936b9313c56a37589a5cd55bd

SHA1
1ceb5759fb6346b547e1cb8fa018e33369c0a316

SHA256
f5f708ab7b0662847282466cef945571274b06b562322fad41926a311d558a3a

SHA512
3d668f0da41709a0a1f5cdd0e3e3f0bf0bdcfe3817c14c9e6ee24a7bb3fafcd1f0a65919f9b551e356bfd1c9978fb68e844c8a48f452b7827b5e0592599359bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
172e951ece77aa3c7aa08dc1d9bb958d

SHA1
3a1b69174a8e3ec34d595e1dce8fabc2b96055fc

SHA256
0e81fd51d81ba6436713e4e0859e915e81a11d41db1aaef01a05bc0fdcc00f87

SHA512
92363092dd2a9f0a3d290309342232fcbc2f6e516205dc7ec938180e887727a51bfcb6581ae1c0f7aa0de9862251fe6ba234f5d17d9e59f3b7e64840a525fb5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b874f1fe1e33908edbeaf71cd1224ff

SHA1
a85cbab63ef34be09068dd7418b8aa8ff92ed406

SHA256
c5355b342fbe02f6ca2906710beede722db6a1869637c0ec40ce87ca4ac570e1

SHA512
00054d8e560bc0f5fb0b244e334c5d709fb0dd662296538a9bf3ad25d3dd383dadfb44ea7c6cced2d969101bec34e5c514c0623b471fbfec8f44538019662baa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
851affe3b6059c036adeae1cc6362b14

SHA1
b1d287e129d0a1755b4b96f5a3c46faaf0b2063c

SHA256
7ad0b9bd57aac82cbaaff73f5d5a91f1f51d412461eb175f37ba744bf30f9a40

SHA512
3cd092d2931e67499613247229826cc9504b3d1cc0c497796768ef5aac9e5d5f7b9a6658b4b460d7c2b3274285e582ccb9b26ca9a884666e607585107fca61c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
461b8952059579e531748cecff52db71

SHA1
5d89746282796ccca94d03cf7e7fa55b9e11bd6a

SHA256
bae4ff8292899783b40952ab201937fdf1ccfa5e158f85b20df53aa9cec9a9ae

SHA512
bd2adf67d6b634be6e970d45c848cc76294cedab4e33d122b37da7ea96ba01316f61daf6a3a5971a9d18c7dbd753bfd914735edb36fb6052381778467e02cf1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e02d1beb-c765-4b87-867b-2e76f2a76983.tmp

Filesize
9KB

MD5
5b4aba91b1dd5d1c1235968fbe9d3417

SHA1
e9c8dded021851912b43efdbddbb879ee6514f1d

SHA256
70b6f94229daf8edb95adc2542afb12479df904627c48125b9727a755ab9c8b4

SHA512
1c1a8b800f45b544dc5e6f11b39c5f7c457ac941063bee05df19e45a575aa1375e3e3ab2e39c4c2e30f1b9b985db33edba7333bea74006c57f8b897061459cb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
2162ef842069e58b0670919adb0f65fe

SHA1
72afb7c6ce699ceba9602b03474a5da621b370e1

SHA256
660656e19593c0fb38965bafcd915dd45e2a13ed1099db411784cfdfcad075b4

SHA512
b6c589edb23ba6d0344eab853dc760543424f5c529c5197d63e14ac15c656035629fe665bf77fca30533c09a1d61b66ad502a8149851ef25778739fa1973d551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
ab1d3dab8a22de384deb227d965e755c

SHA1
13684bcd88ed60c4fd99b862496de87bc1328294

SHA256
93486c8e9321f1b8a3afd26d6183afb8cbbcfc3c1c704eb978ad854644503d52

SHA512
f5997f7a878db52d95caac400a8d1e8f8aea3c3de3f44edc6edf722f960893d27a5db69b035071109c1dda672505cff62b3173828014d0ca2770506e67c865db

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\d10afc10ddb1f474994603cd350d76e0.png.crdownload

Filesize
337KB

MD5
b5b7ead8c4466d42b319e6af016596c9

SHA1
d62b33e7cf4d28326435eba90a36f98d852a7530

SHA256
abedca202df0d99e37f4d9fb7b85bae30f71fd1c07629c12ba13e88fbb56d883

SHA512
822bbb834de5a57a04cc8e71b2d93510fd923f4f2349410538ee553747f6483c5f0ba37ebd843918b6776734ed834135afbb31b1e702e355f09ec41121884764

Download Submit
C:\Users\Admin\Downloads\d10afc10ddb1f474994603cd350d76e0.png:Zone.Identifier

Filesize
171B

MD5
f2dcda19b4f492dfad1e149b66c5e354

SHA1
a7862fb46c6a7a631fab9fac121a14107ff93fed

SHA256
215fd1c79171f485d6719b90df3882b5004a50f722615c348f278b0277c27989

SHA512
1d8b2a76a476f9c8a10bba4f134e071106bcab4540bd6814f97c93d127acdf4ee2988ff4d04ca4ff6eef645865ec9f52ae6f4254e6e74166f6ac78206a77f673

Download Submit