2e82a97d5d66d5ad76ab52e8cc583bb3c33997207220e815de29637d5a74f18b

Resubmissions

13-08-2024 22:21

240813-19156ayhrh 3

13-08-2024 22:16

240813-16tlxatemj 5

Analysis

max time kernel
269s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-08-2024 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dotnet/System.Collections.dll
Size

238KB
MD5

8c7cf260eba50454653ce44becad81a4
SHA1

e5ef3a2162a6df79e904fb82781f8fdaafed9ac0
SHA256

879d73082e641e5f4feb86d5ad02c4bf6f78edc88a0a1b2b4b9e886274cd3cee
SHA512

2a613269b1d22aba40f689ed729f669417012f451ebe0d0907d99bfbc8b7158cdc0f53447a1db93fe4b50b6a67c4ce4079beb87c8ed0c184af495053bb4cca79
SSDEEP

3072:iwksAJb4iJWBlPsXOL5Ts3yfgL40Y7PVvmtfYw1CqFAGCLpv4/7e2lHNNcQGD0PM:Wchs45TjM56pAje2lHM9CIJ9lbk6

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680610498995609"	chrome.exe

Modifies registry class 27 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
5724	chrome.exe
5724	chrome.exe
5724	chrome.exe
5724	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe
Token: SeShutdownPrivilege	736	chrome.exe
Token: SeCreatePagefilePrivilege	736	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe
736	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4100	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 3160	2372	rundll32.exe	84
PID 2372 wrote to memory of 3160	2372	rundll32.exe	84
PID 2372 wrote to memory of 3160	2372	rundll32.exe	84
PID 736 wrote to memory of 4700	736	chrome.exe	97
PID 736 wrote to memory of 4700	736	chrome.exe	97
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 4916	736	chrome.exe	98
PID 736 wrote to memory of 3656	736	chrome.exe	99
PID 736 wrote to memory of 3656	736	chrome.exe	99
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100
PID 736 wrote to memory of 1664	736	chrome.exe	100

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dotnet\System.Collections.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dotnet\System.Collections.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3160

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdf197cc40,0x7ffdf197cc4c,0x7ffdf197cc58
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,1703712309442610808,18230902097296399041,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,1703712309442610808,18230902097296399041,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,1703712309442610808,18230902097296399041,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,1703712309442610808,18230902097296399041,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3328,i,1703712309442610808,18230902097296399041,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3732,i,1703712309442610808,18230902097296399041,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,1703712309442610808,18230902097296399041,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,1703712309442610808,18230902097296399041,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4952,i,1703712309442610808,18230902097296399041,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4832,i,1703712309442610808,18230902097296399041,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5356,i,1703712309442610808,18230902097296399041,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5692,i,1703712309442610808,18230902097296399041,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4436 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5568,i,1703712309442610808,18230902097296399041,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:5648

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4708

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
10a0b4b2ed3e77f2ca4827a8fbb51efc

SHA1
99a1512fc919b73719058ec69927fa558530b693

SHA256
4a0344a0903a57ef65c5bae180ad51309a8ee1de2866dc9c35193a2747dd2ad0

SHA512
b45f6951688c97984e6261039d003567903b98e8c34e66c5ee42b5e392332de46dc5a23d92e08dbea6d6e0c55f3dac654ac5ad138e82ae6f799ecf4145b3fd69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0dba0bc11de173f1_0

Filesize
280B

MD5
1d43a5949cccc63ff62c70c81aa6bcd3

SHA1
4c441f8b367b348464b7010275e9ee1aefb237c5

SHA256
ef05cce07e9d9d6eb7e0334ca2271d63c2e055bc05270e5ef4a23993a7284dee

SHA512
70c9593b9c5f02f9030d6dd4387474baeeef007a5442c75ef45c525acd72a508f357e022365751e2f06245a293cd9b327e77d6ee45359ddca0891ad2befa5ce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\540e59bcf4844a1d_0

Filesize
19KB

MD5
0eaa29ea9c9387e91abc946948e5f73e

SHA1
181e54635bc9f4cb8d81691a40bd84004de362f1

SHA256
d87eef8cff624f622d0cecb21bc3606481d282dce890eb20ac4e616428ec92ce

SHA512
bc2c36854e34cdb3e7971ba25aac782da8cecee690933c2def4273d965b24b0b898707148e46a2547dbf96bff22d6a0e3d73769afc4ab61dbc9cd7e16c64bc44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
f159626afbbc2efe465fa4f92d146980

SHA1
9ad5e27419954841db1b08b1f66cf0335b8bf4bc

SHA256
46c7dae69450e240c2c58df16fdaaa691d98ad09f13dbe7f4afb4c7d3173db92

SHA512
85d57396a2bf563a736bd1b3fe8977388a54966725dc5de80ef4a708001ac6b965bc81dddad1a02d07eed0fdb4dff62b3e3f2e31463f0a51c97530d6a82e3109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
18098e0cde17c65ac9c120131e6d9117

SHA1
f49d5eddfe93268fbeb2a7b0775c900b10a60113

SHA256
7ffefbb0b6ebaa24c14aac889098a2b29bceefd1837f2892f79fdb1375cc3cbe

SHA512
5f5ff7646ad00b213d77f978f0d472200985b79b0c0b0566cec615acd34a2897a7c48f59a84a72bf699ecf76b7618b420935c25e47691b47174783159b7b40e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
cbfd346fc91e835d372a465a8ad966e0

SHA1
a7b63a75719e5aa2d8212cabdf712ad8d90094fd

SHA256
622d669fc207cf10da28d5b4e8acd4886d72ecb7b4efb12788717256e742a437

SHA512
033f73f89051625173c0177d8ce2d3bb063a1e2c8b882bcd4779c211427bcc7d576c2bb07fdd547e70eaa52b53636193a3a280ebb3e46ebb56e2830431f1ab1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3eac1f663e3291eaacd6840bf894f5eb

SHA1
3ed7908fac882c3799d00935589457a4fd4e6916

SHA256
e7907afa1509732f69d81de10ced04076b255c094d14cd5b07d29a90392068d9

SHA512
11bd3bef5b4d6ce9b976557d02d5bdf66cd552ebdbbbc9da7ac0b5ab944387124a2f909fb57fb51c0f2488f15c15f836bd3607d6ee1981ba2db39563426212e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4dcb664bea58bd3335bb21491243bc15

SHA1
c8a49ad45e31368e601060d91c624b1924bf25d8

SHA256
2affc9e417393cf63b558aca013b737c8f71f701164e73ac057e1f24b3920291

SHA512
a0d680813316079a7fbbcb81869b96eb64ebef288f8b373f314df59031953d6c30b926ea04a9e7a6795afa03419e24a197fd7cb5b9017ad315c93f0d26282f0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b58a7226352bec0c37e58ea9c0d9e8ac

SHA1
28b42098f7c3d92cd24716f3d620f54084b79b68

SHA256
73ee98004074196232a27403ca5d0803f84f5551a74ac8e12d4ec013a9724b3d

SHA512
f9491e60e39cc42fcc8fa9832edff70a4661cf67f686a82cd4fa39a864787203cb001581f13a547867234229ba08218da9259432fe141df314c5e6c0a5abd73a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9aca786ba73be2a44442ffe27499836c

SHA1
1e63388fb143638b01cfe478b036adccef4bd04f

SHA256
40e60841f0b69f9885a529bd0e219174af7e70dc5861c52ec99e15be9f79d981

SHA512
8ddf00043dc93de3aecac1c59c21e8b7a42a4d9966255277c80455dff9a3eb8bfdd26480d32bd40b33a4d3e78035eaa1408f9727fba1262f8150ed18185b0b6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
169504edd99abe6291eabf77b66471e3

SHA1
e52f394f2add98d9a80cce165c1c5bf7575a152b

SHA256
c0e499f2dbef86766b08a9e3a23d80c05740f8dc06942c3ba9f6896dc44cb0d1

SHA512
1aaff5cf952b441c1a763315052509631e4f8b84f18dc55e52268179d526443591801651289bd468339270f666a9a3c39bdc3f2851dffad200e15ce10441cf00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
380296fbdac889bf217bcca8f8abc5a0

SHA1
d1d60fbb7acd9f894552adf2bf34d0e6df95f473

SHA256
e11b0b498f364c59c6e008bb97b246ce383793abc124fd11eedf73d4f3c0ebcd

SHA512
79aec2d0a6a5442aed83b5d0db94d99c6c7f6e072de050cdf20f4b956dcc709621e40b5acac683fcd4a2788765fd876647972c6fb8dc9fceaae3628aac639880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cb3e4195c2672ab7ce107332f2bdad2b

SHA1
bad3158f2e640102143a4fc2432095631147bc72

SHA256
9dc0edd48d2c81d1772ddf1dcc58f4fb45ebf71689bc4c4044af21211a65de1f

SHA512
e8fde85c9ebbbb2c497374d63b8ca74e5fdc66f742e150d00bdb49064bea31576940d4f555610499197cab23235d12a3aefc95b0b3648a99e364d5ed72ccc242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d2b609b2d499d0d8c285d0828f76da60

SHA1
2838512df37f66b8ea7663de89650e38bd6e432c

SHA256
a3860ef1445e85c2bb60870f52e925122ecbc81a0f74117be8c1759a974e67a2

SHA512
3517d113e95fb7d5f9619fab5d3763d0b600ce66fa1f83337bdc6092e6a28d17a09fa2dffcef9cd07b99a9bfcf96128781ceec859df4851908ca65132d5ccc45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5018e1dd50f2b0207d6940c8f95be793

SHA1
dbb4a13355335b0902a8b9155e1dcdde526c1c18

SHA256
fb8b7057571c61056c13ebb71124290c9a8c0941207b363a1c9334f23f60f5b0

SHA512
57b0a640bbb756d74dd76537c86d93636144f0f2fbb2a5ec79f3d75d0165ddfb8bab3967f952f78891f4f8a227556e98dcf2e21f367d672fe21d390838898518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
92a5a1699deb9f0ea72a73b16e9bdcbe

SHA1
9b03b8258ed136541e07516836b59c6f50402f59

SHA256
a313aa0c3a54d7aaf8a0cfd319fe31aba7d0790a4a1fe5b4a0baed78f6b04e15

SHA512
9b4fc8bb0d8adeb4d92ac6b14c377a8364ac19731b0245e018d74b83839de0a9357f8abec8c1c7892af14b0a02d9710d7d747d2b26d34a0f8fd754f31ee50a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cee00e32ec8389cddccede7f563c99af

SHA1
4431a6fe70e6cf67b093024a562a8b9ca54354c4

SHA256
b48cbb9388c28c19e6e6c78983683ed01ecdb077e5de7c66a2fee57ee6ba03fd

SHA512
6ed199a2c12b1d7fdb0a4a5d434b367accce8ba89678b29b573424dd0965322d290e6b4d82e6d5326755ff3cd67e6911c4a2b6d16f84cde4f216550fa092cf95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28c86d487a5ded9e7d925ede127314a3

SHA1
8751c2475d772f61f9c3f2db03da8655fc4c71bc

SHA256
be051ae0df48b21ec959fdec136fe8211b9c021ddeec7c961668557b966ce4c7

SHA512
a9de5d11639dca46c05ae04080859176d64a8571796e893e845e57c97c8300194a4225e72bf713f489beee45ec8c07d4ccd21984e5ba02cede1fe3bab9e607ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ae39fce974788ed20090f50dc05a1ff7

SHA1
b72ad36c919749951e1c2ab88823f54f53398101

SHA256
24023cb88f037500c2f49fe7ad4f4c4fc9cf9ef10c8670cb17d6817c7fd992c3

SHA512
af8a6d57ec28f172933202bd1b13a26d8e3cf6df2150225c1cbb6e4535d4da7451a2f848d71362f923e75e4554746c7b96735f29cc3cd6f5d179fa1976764c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c6c1b0a0a121412d3d677aef32cfb1eb

SHA1
e84f9e7a75049265f2eac548f36741909b3d6f9e

SHA256
638ae34390da9dd811e70b06854a86d48935485c52bfa7ec61a0a9bf731b8f64

SHA512
3a77ef9deeca2c28e61fec4fdb2e171d9c2afff249d7bfc827a2ba79184c84399bd0a13a2d39adc3bcc523c58560078a99b9681bc37904cf1e948485cba23093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e7cdaa5f920cb7fc6691a2d8ffc6b5c

SHA1
002abb3fd2929df2e159dd6ad9ff20c5d7ef3f9d

SHA256
64c42d12972625578cf4dd9b695122d4364ffd236b310fe8ff7c459bba9b9ee5

SHA512
e547f5fc76cab7faa4952b1a8623f1c9c57397c123fdf9a7b80d2fdaf34be08817b68579c3f17a67e9cea70f0be6a43753db0cf3e953d821ff7bd7eaaff2ef69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72b46b73362abfcf8c274b3788504c82

SHA1
839b956b43346d665e122be044816d4b15cc5983

SHA256
5122f0de9e58d935412665987d69f8c2d2fae0cb9bc0170f9ac6ee33ba70890c

SHA512
6ed2f6b386b3d1d2bcf0c2dd8b1184980b58b3af57d6127d1230f0e8b4b24a680226ae8e098a2a03251515e13d6d30c7355e30ffa13a7e5cb4eaccf09a7dff9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4e49cc7b1cd738b28744e3e9a84b914

SHA1
4f23dd1032b18f4969b87417c758da2378447e3d

SHA256
04ba72137e0e9296e54525f59ae09eedfb6910d7172c8ed6c50f3297ecb67e12

SHA512
6b38e6eb894ea6b6985e54e5fe60b7035f793aa10e373fb52b831624348d3afb72809233c7e32138c43eb4507cd4f945563e2a5bd24c30fcc8ccfa8ff035fc10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4aed52d36f5d9dc4e4d844b9cf5c8d7

SHA1
08c375315cdff7e216369c2e3f137f86e1d12a34

SHA256
50a746d2209bf24b4f7136dc9f9d80b2b9df8fd713e0cb54c77ad1bd0f908e52

SHA512
c71f0d39d60dfd5700b48f15ea8b76eb73817d581453e7f4d09180a2edf068952ccec15eb7a52724035056fc08e8a06f34f7a45ba0bf03a339404bd7e834c18a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
20e7f3b2a83fdae90fee84f9b8e74cbd

SHA1
33ebe5606ce575442970e0b3621d3c13e1e4e118

SHA256
5a45b27500f111093d58500ada4a7ca2e6c1018aa3c7394f43146c62cdd8466f

SHA512
accc4650404be808484a1227bebf73b3d2afdd4b3af5aef774fad1779cb0bafece1743ea2dbce951a7fc9151deeea1955ee97f395c6d60568b36536972ca9466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f2ecddc857dd05e9be1d127652b1ae8

SHA1
81c0b535b91c2dcac6161d382d88e5b27e231b82

SHA256
4fc2139d73a7890a7bb81deb741ae9dc9eba276811890e128bc43204c9abef00

SHA512
f9d2f82cd3f9d721acc2335e105c5643495928094ab7d6e33c293f1ba150654876ff8bb8c0f36dd72d34fdbd3f6786287ad5cd484a8d4e3fb1dcf52bb864f00f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1f15dd013f10d2cf56d6ebdabdd325be

SHA1
8976731f7f89cc44805f0c5bc7140fcd5f6e5b93

SHA256
2bde891248731ae774b367d966bf1f1fa6c5b60640cbb93979de1e2d8c55fb48

SHA512
8360bb94997129f7e9269d67297f812735860fe1e480ac3de4d94f227022bc17a76998c5f96767b5743b1cd0b942d0d55627674547407aa4d68dbfe0836a363c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c9e16e5aa655a67c92ccd95d7e09f0f

SHA1
1d989e33dd71dfc5c0132e7e1314533a6d164078

SHA256
e8e492d53e4c144da4e4d89a45af0fdd81fed859131436ca0395c7dceb115475

SHA512
eb0b5de09ce65f36d1d2789be27b7a183bdbcb0d230747ff2393150951b939863db3933e410ec5fbe549488629c71479261b285c88e45d853cdbce58d3f1492c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86eb9c75518f6c07e8dd16eca53a9e3d

SHA1
373c873c912e6d72e2669f904a47c3c2739c4968

SHA256
43d6cc1e028c9dbdcd8a41471d8c05ed1c726cd6692995c2988b719881c6ef63

SHA512
ec6fbbfbc53bb5836616cd907b68091033e2c66eda1d8150997cd336f68a14633b4e8753b3251add102d1fea0bebadc05138ff8e845b850a2144568ee65ca936

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54668e81b7b45baca38d497ccd245d04

SHA1
87589ad6a9803cec73263167221482f0107e8635

SHA256
9a56c53ab297cd0eefbacf838084ec6fd8752eb23262bfc2c18c9cdd682122e1

SHA512
03d216e6229e6990378844fa867ec3f87dd473bdac43c4e88dad3b4a550ff99893e27a8b4121cf34d248e9e0292593482e87bf346448bf45c97e51be02625368

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e4f3d0b59543c19307a1314565e2ae00

SHA1
63b3281ab2b35c1ae7d12dfa5d70fe4a903a2edd

SHA256
ca404a89eac71827b16fa46bd894f88854a38761f791d305d06840862aa38f95

SHA512
b839461cd1437e6f219ce3aa110be600f5c3ef511db8f998c8fafedc0195d6a962d8b1007ff00a675a4e53c11b5edf978dd477086e99af7888c9314ab6d9e337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cabc54ca97fc4ec6b2d87ee11502f60d

SHA1
e50832f61602275d2d109635895828d9f2017fbe

SHA256
19f016de66eb176a9ae6ea71bf7cf114379017392aee141370974597c6b3d985

SHA512
16c60f6cb9b11ff1c80ad998610ca6bd1eaa03de19331e70146edae5ddee0133347699b5aa777c3c8b6dc52eabc12d9a0f81d7e677b586c23ef3aafc5c23a021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
e7e12f1a70ddab5d02d6183d25e208f8

SHA1
42f69da3937a63a69843c0f514e42f2f552b82c3

SHA256
87b031b31e3e43dc0673f8385be4dbd9e44ca6a1445507362d734263bdf16836

SHA512
868c0d9f40b69bff29d382ac8405c01801281777ca00bd2cfe6409b965a5f8ae75745e36a1fb8f76805c7848465a55d805b789528a18a8c7d17c0cfc9bf83fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
f1b5c875592bb675763ad66c31dfff07

SHA1
dc451247b884146d5b38183bc915e1dffb79a02b

SHA256
e670eb1097562edf561513b07b78e3a49f4fc43d6529ad3ab8b2bbe938baae8c

SHA512
7242f8d8db94a43d3f3456d3843a5ff92886ecd0a87a9e0684f512e9eb9e5799c034f5e9bf21bbbc73e7a9fa03d51e3e3138f4ef458ac45591e6c8acdd377379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
19a3504bb290b05d58e01ccc6fa23e4d

SHA1
29ad857b40e40250f1cfec4c0f446d994689a93b

SHA256
b60e72ee17688d7a0b5c604a02fecd5950817044188dd021cee283cb2d220d41

SHA512
7ef24cb1fe9d1ce87be9dd9e8a73e3298b574fbcdaeb349e3f79a686624a6e3919e4ce4b5113c09d428af4b836cfbff6b6bbd47fb731a0f7699a51687d188dc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
a2e53ee5606a5a09ea6ed022c6500d0e

SHA1
cc0553fb48a5b94a247dd9f0c2fdbeb91f94f74d

SHA256
b9316601ce8e2a2de4b85e2fa87b66a6e65c5edb5bbfadec99abc3d53588e887

SHA512
a2d764c4d55e12a9c7a69d6ddb5fea6e4777e652b45f9cb4315de0ead2e50f040f580974accea890c758038480e798f7ba9d20363c0cc4fcfa04f8b8393e1a26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
b03ab804b967244186df9425bd5f31bf

SHA1
a267dde5c8a61b66f0b2d6954795d7445688118a

SHA256
a9614783e09a4b772a85caca04077976c388d28dc61198b5e45c04dceed2884e

SHA512
fc4f9b138538aaf6a2012a63ae64a2c76e055c5998b6548aca08d284ee4e0a9e8daaf021daaee06ba029b82ecc6e81456b227a63021af30d758f5119364299f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
f1f29383f53ee512d913396f5a8c693f

SHA1
6a753fc49cd679994f201e3ec64bb0bd58d6d07e

SHA256
bec1adb4a499012cd5c72e3ed68af8bb2ecbdf3ccc0ca6af1a902360aadd564b

SHA512
097034a914f6562cacec6254ae39becd9947869cb899f57880462c443d31ec9744f8358b395f2dcba7cba636b6718e00b20d544d0a74f0a7cbeb365be1d554d8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit