8b0048ff984c7c16c79860c8e0f157ca3d22c14a9be306575ae5a0f597c1a35a

Analysis

max time kernel
215s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20240730-de
resource tags

arch:x64arch:x86image:win10v2004-20240730-delocale:de-deos:windows10-2004-x64systemwindows
submitted
01/08/2024, 23:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Desktop Goose v0.31.rar
Size

4.1MB
MD5

454553f45f11f2a3a21d2338740daead
SHA1

cf87573219acb96a56d040134608ea20d0612d8c
SHA256

8b0048ff984c7c16c79860c8e0f157ca3d22c14a9be306575ae5a0f597c1a35a
SHA512

9e28a53858b1cf52529c76feb48044ba3119cdc8dd49e590e82cd81ce1207a6f97f3ea25c59b59cce3f63ac06a0d9f47714130c64ce9a437e35b02a858d244ce
SSDEEP

49152:pwufJ5XtLnU5WXuQsheSZfqdn8dDktoKoCkw8dzFopo4CzvMU3pfrei5RNH4TL4:pwuhticX6ZdDkto/dlhzCiHNH4f4

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670303992118651"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3881032017-2947584075-2120384563-1000\{599F3D27-2899-4CAE-A17F-521F19FE6CCA}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3881032017-2947584075-2120384563-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3881032017-2947584075-2120384563-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1744	chrome.exe
1744	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5100	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe
Token: SeShutdownPrivilege	1744	chrome.exe
Token: SeCreatePagefilePrivilege	1744	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe
1744	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5100	OpenWith.exe
4460	CredentialUIBroker.exe
5108	CredentialUIBroker.exe
4844	CredentialUIBroker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 964	1744	chrome.exe	91
PID 1744 wrote to memory of 964	1744	chrome.exe	91
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 3484	1744	chrome.exe	92
PID 1744 wrote to memory of 4524	1744	chrome.exe	93
PID 1744 wrote to memory of 4524	1744	chrome.exe	93
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94
PID 1744 wrote to memory of 3516	1744	chrome.exe	94

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Desktop Goose v0.31.rar"
1⤵
- Modifies registry class
PID:60

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9cd59cc40,0x7ff9cd59cc4c,0x7ff9cd59cc58
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1684,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1680 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1844 /prefetch:3
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3272,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=240,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3496,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3368,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6056,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=6068 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6160,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6216,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6200,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6344,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=7060,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=7080 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6060,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6996,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=6840 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=7412,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5020,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=7828 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4760,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=7908 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6220,i,204390665140469154,12165786574793177847,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3500 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2968

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3860

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1328

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4d0 0x460
1⤵
PID:4856

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4460

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5108

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4844

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6f2a40eb1c34cca5b14bb4ec6efabff7

SHA1
2dd2c6438cbc6ace9d634a3aa3d5860b2b4c7c44

SHA256
7434d1edcdd6f1b127d9d51528d23438a086c725223171c8972bcf62b126d3ac

SHA512
c64bbe8bd38f499779469136902e80f0a985b89f1b91a0afe19133a619360ce08e9a10a3e62a1540fde6aa3fc7c0c556581b28e682ada58ece6125eff5e89714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
1024KB

MD5
cff8135fad32b2b8ebf76c0d89137194

SHA1
76fcfbd06b2649f5b7d6acaeae9894b163db6304

SHA256
7146d00f0ba23043a6da856326c710cc340e14c76f17fe5e36c3d3da5b92d315

SHA512
c0ed6d842e4bb7e19e04ec1be54e109822ca9e73a5e78c847b340cad0a182278966685c67161ecf82b3fdb79350085630694d2a6a07889c4e55a597b86a9f9b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
1024KB

MD5
66e8d3f233fbcef98b88e11acbcf6ba6

SHA1
2b8b441695468ffcceafc2c4820a64632a98ced3

SHA256
28e490622aa7aa0a7ca15f3b804ec193205908d99b1402594b08252d71e7c731

SHA512
d151aaa04e68f4f19fc403620eb68525bd3e064b298ac6482917908e14e28f7b9970e8651621c682ec8cd04bf963cd716a5decdc43234863415c9c753015ffdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
69KB

MD5
24a806fccb1d271a0e884e1897f2c1bc

SHA1
11bde7bb9cc39a5ef1bcddfc526f3083c9f2298a

SHA256
e83f90413d723b682d15972abeaaa71b9cead9b0c25bf8aac88485d4be46fb85

SHA512
33255665affcba0a0ada9cf3712ee237c92433a09cda894d63dd1384349e2159d0fe06fa09cca616668ef8fcbb8d0a73ef381d30702c20aad95fc5e9396101ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
43KB

MD5
586bc8c3e55d0cda0c86100582258740

SHA1
11e3ecb7e608f91a0b0e7615c57ab85c479427bf

SHA256
3ea058ff6c4cc8fc825f4af3a604a153ca99bc40803d180378fc6bf7f9ae4ef8

SHA512
80fa128224de44d7a4c19bef633d80d32a2c598cbc736686f1799626bc93f0b3d43bd78367eeb5c5dc46130bfe220a5adc2ee6fbcd6ceea2a1ab4860a63b1904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
1.2MB

MD5
74c0a9aceda2547c4b5554c0425b17ba

SHA1
d5d2355e5919dcf704192787f4b2fbb63b649b0f

SHA256
3b9e3adb939801b9ada1ce67afc7decef4538c016c78113697b89a35a295dd8d

SHA512
e178dce4a59cf184bcca3523e687092f4edc2a3c7af4eddf1ca1965ca06347eadf8901f851260264c14fa052331b2d1aeef2a6b9048b87758617285c9650b479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\980e9e337a216a31_0

Filesize
218B

MD5
245654f1f1124e9a8e7c9503d9223f60

SHA1
46d6864a6c1ab3ad20262da14cb51f9b91f26615

SHA256
5832cfcdab93445df65075b64b9f7f5ff9045b03857f2885955c510637e65514

SHA512
4d2c0d7583440151edd7a8aafd46d042d46769801111ec25ad6abc451371b326fe71c670432b098e01e6f115f614f97851c6927b4aea82657edf31ee09b4ddef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c4d0ba84c37a6f2c3a8f776e3aabd5cd

SHA1
6aa7323e02d84eeed1cfff92b250aa57681d74bf

SHA256
964ea12e104a71c774e004099d0a2e75a74c5ce32f5f5c12107249bd22427f56

SHA512
ce4fa37c2e52121af169bd770309d2fce77519d804a95f3277eb83ecb238784396c47b4b8b88fe89dc7b1d670fd08abf95b5a22a9be05841efff023c126929ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
d62037d779a2b8196f116e55f9e345d8

SHA1
bea3c27c30f388e2c0623ddf7920a057cf29d2b6

SHA256
a463f3176b575cfcc0fef26511cf98c698ba840d45c2899c5f1f97270a68134b

SHA512
0fdd66dc9de5b9365f122ac9ddb627116a9bf9ba12ba6176a8e7f002f0f1ee671b85b3b92404a45497925b766e47b6ef23357338688058724fdd8339f08c7f10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
ee7bf5aaaccb492cbd3a11830641b564

SHA1
f67f2a24ec95bd162de2469afec826a0b28b5ad7

SHA256
17b7126a235e060ebb130dbf81871f0e0fb5dfb381c00af0594f0e42d4cca731

SHA512
ddabb33463ebb6837ce4773a1f71e8ed77025aeb6e6f72001e2adff9ae5e569dbc3d974b14218256509993f52968fbc28df981996449589d440d1adf04f5f495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
832bf0b31c687a853a4925ebfd99a748

SHA1
b24c949f8a62ded5a05a831166e30d777576362a

SHA256
c60be39fee5ba486d7c5a0a1a9ea5b305c89cd4d93800497727e1b3ef417fb9c

SHA512
5fd1c4b3fd2fedec49b34216ccc97996645c873629d665e873da32cac682a55e515df091c63346faf4d4934864ead87a34d00a2d3496bca1b89018fc0db86749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
36d5ede3fc8a2121c5fcaa5981da1acd

SHA1
2120897f5693211a57edaea0197ccdd628149bc3

SHA256
27543e221dcec28b47ef8fb33befac5b1c898c438ffbc85dd74ddfa41335e6f7

SHA512
1dc080dd61f2403af1f3f5b36730abe1961ff4d283b7664761686a1abe833b80510f7a4bdfaf3bffc7983173b9e613b80545e255a4e7e8bde2674537b25676e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
90dc62099d44d256672c818349d8e613

SHA1
1ea541f220942d63436e50f721c2318a0f116249

SHA256
dda25b3e42ebd10e4cf337802938219c5f62fa03e75f6897330c56088cabf7b5

SHA512
14d6aa08df08e4eed76284dcd841311dda92d7de5dd9f550a8bcee0246362bea9f1d5ea1da8dfaa6d372e3b97359a53be8cc76162dcb756f58525becd20cb6aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6386b7ec6e7e2254da4d6052015f6d67

SHA1
a76875f9ed70f1455eda158957c781e7ac158aad

SHA256
ba86c9e8f2e09d027c1d792b8b89183512cd14196bf310b9a9917d19ad88b4c9

SHA512
51634bd4dba91fdb69597f95322f7b3f966a88b00470ba19db866abd37d7a40fd2c27db57ab6e711ff901da0c0c2ab54cf2fc1b415c1dbbe0613eff84ec47ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
778d51505fd5946fa3a6955a1108d3da

SHA1
27d762d8520246aec50032de2db4ee95f0ba35d4

SHA256
97df63fa89f9f2f6441d4841a428fae7bca3803743b1b7aacaeef40e2066fe3b

SHA512
0445df40469c47036edd8cfb81d4212deee57b3f52bb0742d8225ea25faa05919d7f6ac6390e0be58ae16706cfe7ddec70229000b92daf2579fc48d8d3a96334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
3593f9f08a9f70cadb42779a97ddd706

SHA1
5635ba2583e0db352e518454dcbf1fc60fe6d454

SHA256
8a0399139baeae6f188af0df17d5351a0090742145f567b8600d788a64dbb9ba

SHA512
06c088dccb89d726386c41725f1c2d1b02f73da3c115890bab3879134891312625a15495efe950a65cef517cac48febba8c4436dd9f98be803a1d809ff1eb8e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2f5cb2d479f269a997f92aa134059823

SHA1
0c9f730b2f5e6f3a35034a53216291413c77f62f

SHA256
dfb7256928db6e44c99a9e53baa3f7e3d030b554c657961c3d40980aaf194a0b

SHA512
5fe281de31970e193ccc0cd1e52b29ef4cb3957b99822f7454649d282050d70b009d08af2f1471f430248668cdc2b357d7961067afa02ad0a8d3804ce56b0518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
810ea70a793a204444674c7086155ac1

SHA1
947390ddac0e8b8d176f5ce13103db53d3be9ab7

SHA256
b29cd14d3f0cd2980a2fe63f0b00e9c781f5ca38808517077baeb818201e9901

SHA512
1e3ed928d327e477a53daac71349953029b2495d6a565216055d6a46126557a7a51f259cf8ec1355d63904adf585bf7ae381c262e7ea06639ac3f8ea8e88d249

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7534ab14f78cf6167038048779052126

SHA1
31addf7bd12167cdf6ba8153ad222de42ce81760

SHA256
2cb3f0b100609ec8daae4e5c54351b59db17457ef413c761e504ab481e1328aa

SHA512
4a13615203cf3362078e152c7be5eadd6f24cc093212946bc6156b9c5043c8b92c623247cfe379340fa2fcb821719439278e62ddb0f3d797044b598b78c0670b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c50ee11010fb7dde04ba318aa8219981

SHA1
d9d3cb0065b313a1976730b59e2a6f73c2bb711b

SHA256
c2088ed28c4069c7966dfa5a7bf667d285825c158f8334d0163f568491019245

SHA512
cfae9ecbc2c5abe5c88039ec271e13613fdb9fde39b61b51df06794080edc58cb2d930d9349e9901a794ccce08a3c42a7e845d33fee4a45a50006df2f0c8fdf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
80a6125798c4fdcefbdbf0a303715302

SHA1
6bd222dcc36822a931e873717c5d98e55d1ff957

SHA256
7af432166263abdf18c590bbc87e3e5dc67899c8e8c0e03ef96756f73365534a

SHA512
cd5e1de098c393e0c0eab2a983b3328bcd9c2148c0852eaf040169746bcdc6c126f5920450ea00e928d297851bf3c68e2de7bdbe840bb6089fa7ab246cc2dbd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2fca86f4bdb434bbe5ada4de3b423907

SHA1
188611c5ed46c9a39ba11e82d3d8d7c0de325882

SHA256
a81e0c8d0375383b1f5ae26ff8731232aa4e92711b76023828ffd0c63cd28539

SHA512
c1774a4afc3a6e90bca9d317223979ce52577e348c0fd5a00d7e3436a0e04cc4015099d3f1f84347fa3237980d0d45db6cf8295391df52f7e1e1cfe3b7611957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4499d9b779c53aeeeacc708cdba1c7b1

SHA1
5c287cb640c0ca8ccb821c2d2694af3c2b0e327d

SHA256
b6ceb72530ce2c2d6a83d180aa6a0f998567c4a75b3a65e38956de41222ecef9

SHA512
dedcef5539ef76513fd43aa25f58709eac8046b728ef7e46ccb2a40a6f63ce80f82acb631d504ad8700f7a61f759b602e8052c939efa49724a0baabc00f16576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2eda22aeddbd234be3d9e3dd0469a66

SHA1
9dbe23c9429d3e82278db4ac8dd36641d07d21a7

SHA256
1b39269af1a314ea6d0b51dabda53fafa8d01b2dc4a72395a5c1727e90ead603

SHA512
6d24655a4259c3ad02abe15c86b407f1b88868dafa66fdce615469ca4d87fa4129de407f01a0ad04df6ed3c7cfbbd83f9103e1e387f0fa716c3294701b015189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7efee1fdd05679b95e454b879b6a6a8e

SHA1
50b10c48842ca6641fd580e61793abaf75db2577

SHA256
563da8bb69d76a04b076b45ea5b657ff6a36c891eff1579380ef6ed5478968ec

SHA512
4b2508d854cb2915e779848be2099739e51024a57dec65c1acaa190e54872c9d966fec94c1445a797aae7d0f630dae911836cac7591bcdb968b2b48af7d4e1e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
37a14cb91d6853f698e4b5d81c0c8b70

SHA1
fabc3304b61ad2290a517583aed0426983709e57

SHA256
ff3682096228715028536b2fa5f0b7ad98a55f7d29f68588549aeb543f4fbd8f

SHA512
98005909a64477795f5b4806ce69f07b672259541c8d9581cfc2df9aab4f2c321d3b40b5aa046a1b9d03d6b1955686d28382ab21ba7372a821f7a68be08ba3dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
43cae47b1f8e3a95d72825db9177d151

SHA1
08cf793a8b1247b439707e85d8ad760dbc8f10bf

SHA256
ee5bdff1168e041644e32705153007bff4ffaf47f780b45068dbcddb3925d44e

SHA512
00f29ec0909243e4e9fd02dd549f91254035e370f1bd78ce6525b3343da7f08e9e70b149ae80c3185ac1df8950565dbc23751ef2595e90f75ec1a75175d6e729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
98f43d83b066a45922d238b27013f71e

SHA1
34c91a33ac70deac51eceebf16f5bdfdea292ab8

SHA256
6d1a77f0d6912db3e86a833ebadca210eab58183a6b215ee567b5ce253904552

SHA512
64597e6bd908579b28ef8520f5723770fd48798adfe877a80691fa710d2390dd5fe4f5e7212e0cd2fd21e65954ad7a9c866b9a76b7d8dc0e59bcebe00382f070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a5f88d6b543d85c2632a07e5be7244c9

SHA1
992c0afa3693a0bcb91db641657857a04377cf58

SHA256
4acc8c214c1671e41032011b0c75572b41ca5dc79635173fe91f9018208a2030

SHA512
a85536a33463f60ea2a16419efa9b8eefcc72ebe53507f88bd1f2a0e1019710e3e08a1d4a1d5085ac9c9a7cffd9a4f2a3db7b7d931746e7e9547db9c0d02759a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
2f186156671e00583dc466e0d90bbb90

SHA1
c164844c0805f71202f0bf2658708e178708f1b9

SHA256
273571c60c0b9fafd73f5da9e4b3914108906749c21b13caf0f9ce4298136e6a

SHA512
9cec6557fc8a38f43339dece5b96ee2386941d14c7b49ea21708d6c5d20835a0342d30b04d0f98e9076e0827fc5f11462a906718f3244a53fe916e6101b038e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
d324bd85ba420b1ac38ef3510d637afd

SHA1
84ab295c5c9e9ab22885020399166ffad600c2b5

SHA256
4e9c8916a528056bf416a1d04c6080fa9b05993fe6d6bc15afa83b975c35b058

SHA512
3902e1180b46c99ebb24b8bcddd5bf41c9a25b4f71e08f04514096b3ea2ab8ed52c2f48e494c0cff7954022d002dd2199a1c5a99bf8882ee5773d7826ab8fe43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
e11d35e3c5bcae5b862c89cc2d6a32c7

SHA1
00d7a43b1a16b10b56616c8755c8afc9aac27f0c

SHA256
891a64bfa364c52bc4a45085d7698de3153b1376cb2af1253bc606697049a69a

SHA512
109419bd194627c4d08fbac5c9a3d047dd762f95eb0b6b7335ff33ee90896bab3c78bb3d5209eb7cee070caa7dcbc7d87680aa70bfc86fb37a685f7c168fef44

Download Submit
C:\Users\Admin\Downloads\d0b956aa-2c7d-4d1e-9a2e-24685629defc.tmp

Filesize
92KB

MD5
7556d4000001faf4691fb2231c3759b4

SHA1
d2cb1c4a0b5a01521a8b19c8939a2694d7e3f105

SHA256
e53f7e60753ed99baaf3f08dd2f07d1d96fe43476059a1745f9b2f7ab81978b3

SHA512
40d5569fd6466a3b2396b4a3932ec6f31e01b21b5d8bf78b0a598439bf2e5579e60296702d0a98c251b443ab188d6b8cc62da358eab12309cb21051d27c3b653

Download Submit