4932535e1109fad42425fc977e09c9743b5aa904a7161b8600b4a989532d3974

Resubmissions

13-08-2024 23:36

240813-3lyfgawdrr 5

13-08-2024 23:33

240813-3jvxka1fkh 10

Analysis

max time kernel
389s
max time network
391s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13-08-2024 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

byfron-01a570a3cd0a46f2.zip
Size

23.6MB
MD5

f37e9fe25f88bee86e868c8796ba7624
SHA1

b8b0f2969f70ac8656ca082cb4206fd1eb83ee9e
SHA256

4932535e1109fad42425fc977e09c9743b5aa904a7161b8600b4a989532d3974
SHA512

6b0238be58859276c1f3ad99e5b38642b0c5d92b4b86f6010c10590c568b5bc0b0559a8524993e587844d8f3652dbfdbf841039cc2f781905250b5d65acab5fe
SSDEEP

393216:MZwPobA50pfTb7dQyftimFEH9ALcVxq1+TtIiFg0VQxh6uUlI6uUlT:MZwPoXpfP7Gmtim62aq1QtI6yCICT

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680659935282762"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4608	chrome.exe
4608	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe
4488	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe
4608	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 1640	4608	chrome.exe	88
PID 4608 wrote to memory of 1640	4608	chrome.exe	88
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 3484	4608	chrome.exe	89
PID 4608 wrote to memory of 2164	4608	chrome.exe	90
PID 4608 wrote to memory of 2164	4608	chrome.exe	90
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91
PID 4608 wrote to memory of 4116	4608	chrome.exe	91

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\byfron-01a570a3cd0a46f2.zip
1⤵
PID:1516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa10fcc40,0x7ffaa10fcc4c,0x7ffaa10fcc58
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4884,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4468,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=212,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3420,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4584,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5172,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3252,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4996,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3412,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5328,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4428,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5540,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5668,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5080,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6080,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6180,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6332,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6488,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6652,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6820,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6336,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6972,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7276,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7280,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7548,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7728,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7744 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7864,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7896,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8164,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8280,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8296 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8172,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8464 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=5920,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6156,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7732,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6320,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7776,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7820,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=6232,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=3348,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8276 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=7032,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7180,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=6236,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=6356,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=5212,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=5624,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=6260,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=8276,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8424 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5764,i,5018411058156840010,1356151804954487497,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7804 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4488

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4812

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
292552de6b700978d2e9f250161f3b41

SHA1
5bf22857805cf313f99853119386635045ad498d

SHA256
c423328434b43359ddd25673e1da9377e46944d29277df8f048b3ba9de53e037

SHA512
5cec0a1b38f5f91f5c5fcb396e2a36222d8273075a8b884ff70b171f5cd6ce954130ca66acd3b408659f2a90a8272e70f941dfd8bcafa556c4229c5f0f719438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
17KB

MD5
61c3875201f82ea001ede669fa64098d

SHA1
5a7eb00833dbf045d4d41c6f68f4b70f1dc1fbe8

SHA256
3688981aa651fe3ef8d67b80e98de4f3338558f7705aa25e443e3018e78410f0

SHA512
78804c8013a9d7d951a2a545e8e73429d64c90cc3c50332f90b5ef9cee5cf401e92e55398ab12d295f456ba77ecbeca539b16a1dfe3de9284071a236a9ddf679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
19KB

MD5
dc4ff77457c56f89e6d365e43014cf83

SHA1
c29d4344ee3eebce1bead26785f68fb31479d6e0

SHA256
7551e19dbc5e51b876010d2e907cb393b27479d9dffb0459581b39918d60fa92

SHA512
6fe8838277037b32accb10f51f99afe148133f914ec3850b0b6ecbd95eebb80038c30d1f7c1f0155290e397913d361534acd077ae9a154abc3c1c75c6c1c8e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
71KB

MD5
0c123cb3b311f9d9b02e2b7180fc1fd7

SHA1
a2a139ff61933200a9dcf6bdd6391982acf1c386

SHA256
daae6e4502e705b6a861c862e86f8335d3dbc1d7c320fdedb61538f467a20ab8

SHA512
9548f5d4b869a19b0ee7c936f80022e307f0cc1e0164f0c83eb503ed83df0ff4048e757b10a4bb13069428458752990b96afc11e93174d635647b30c4c162c25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
21KB

MD5
c55dbb2a5e2048f8ac7b88cafbe13ab6

SHA1
6629572a0fd059184b4e5c57687fa414fa7283d3

SHA256
a82abfaf7dd683f673153324de1295a2a952e5b40fbbc581b5fc39603883f5cb

SHA512
61336d53f5f14636ad0552e92bafec6ab262faea08d28143dbe6f631bd6be86ed1b6b2dd5a2127cde53a1405ee4bc8384c3327521571917dc22c7fd553f108aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8747f2f90db6b68a01c84b06a686172f

SHA1
ea547bddbde8aa721cc31448bc83c167c47ab28b

SHA256
94ac6e17f85eaac06b6c0d00d148b4833f57cf18f7e1c297e4226739396c670a

SHA512
b47ba784705a888936a2ceae4c12a0e77aa627b17591b459b575f461b2f4b161d3a1d2568f51f7b8709fcb9ad7aa4ab72acf20702ee1f509c3fd6c5422d9088d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
7aa524d49b83fce592aa8a79badac882

SHA1
b73ee360fad5df96f52dcf824a63799f28d118e9

SHA256
21081b0b809c10821dc59566e7754c57f28ea988470e4c90a478c8a48836e4ab

SHA512
a6e49339e982e09c3859c605f9b8c0e71a93d4aa8210eadd509c559027a31206d6e77d774d0c6190f1b6da2bcf6c0125a4a1260dd23eb27b1dc6bd917054c6bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8dfde4ab689adbf1aa85cf9ea2ff792b

SHA1
c158eef74f02fdd9d625adb0fe45a7e462a11044

SHA256
e9b15e99538d71eed56d6b0e635a6ca5c587cedfce8b797e0087737cbfc56f99

SHA512
ba7a778800fd1db05a8436a8587d3531edbb4d8c13e83e9d6a3d798972362e1eb0501273b39dcbd1138c3b59141919727820c8d7946cd54373ecb3c280666056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e4126c8c1bb5638e35fcd684d49c3abd

SHA1
5de80fa9af80c9df96ae3204e422b07a684e73a3

SHA256
13871fa1e2038d58e9b4ef0aebe77e236888ecb3c6eadb021a45bdc1855cdd96

SHA512
e13d77bf3a14e55e9954e80bf2f4e232b68535776270d7ad65191751e3e68ad818b1e13effbf467b5866e76ada16f5b0d5d2bc37d8db9b2662a842cd2a891139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
25KB

MD5
28d2b8d352f9dac76d7fd9036bde414b

SHA1
e633aadb11cf6e9d57f7a521b33080cc4959bda4

SHA256
0698c0e5266b3cac5976cb7b94389b30f9a11d91d248cf756af27d3d848a2cc4

SHA512
c83305a1795b0ecefe4706811eda27ddf3472332122827c59328c8623ce9c10c33d9058a8ffae4094a0080ff7a30bc5dc51f56917cd5c032c7f7a6b954561fb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
27KB

MD5
63bc55a34ba222f7cc52bc6fb86c87ad

SHA1
1cba003f5859ca448bdaa13b5e351afe2f61ab87

SHA256
42952cc32c14066a9f02727c72733592c10353dc198b0d95911d97c7b687b3b7

SHA512
f673c6c7c80d7bc3d97b6c348023230df112526a28a034d6f4f50f12ee9cb148f2a0a7455d616094efbc13641d4ebe0ac0027fce0497343a0d6fd9cf1fa77e0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
094106b981147952724aca2f8f4fe6b0

SHA1
1286431d66ad32da9cceb1e00c51fe02f722c6ba

SHA256
5543c7b1c37be6a08652e9f475ca13766785df974135107b3b89f51d3b71cd2e

SHA512
ca71955a4a340c8e953d2cafa5b0a713ba5476a602c08eab80538a4f9b664b3ab48f77d188f22f98632108e4bf5dcad9e0d0c5de496cb6e7a3f5d987fc8079ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
edb77cdd9faf51624f9ef9dcf2464d53

SHA1
dc07e733ebbf822b67d9112d5b2c8a93685ddf91

SHA256
fc0202a711c2fdda2575e52b5f8e19ff5335d17c5fd0fb8b735be6a8510dbaaf

SHA512
fbb12921d667fc9485bcd5f5e3fe6bdac4bc37e3ca15fe684da152634be8e58b4deb0d0855503225f3363359c7efeced5bc1886a16cbb06094e4c371fceeaf2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
883267de587a0b449e6d45bae7999185

SHA1
3ed8701a45f93be31157247bd90461054a49167f

SHA256
9c2796b9900625c2cfb83c7836939b3fc22d358e430d5b1e2cdba73d3443f291

SHA512
6e7ae39dbf89c138677dd1296b27b24f7e3eb4004b7e5843b3fed59506e9fed03f59c935365dcb5b20a21732d01702a58155f855d7c8fb32259c66985bbf5694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a2d833fea63f2c3353b9a033116416c2

SHA1
a51adfefe874d6b085729ff26ef7b46ad685b03b

SHA256
57a12772dbd6362015442249f7a16238f18fb665e21829ac352ab6ebf9a02aa4

SHA512
1d5040d46260116051c945369b3745165e1378f1a85d8c2aa5212a3d2a3337b7a68e27ca2f71a5a32a27309b1f23e16268ff9c1d1003134e063b1e4855cc47e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a102216e19e3e5a8d7116365a92ed124

SHA1
268d23f3bca4abd7cf90bce0739ff4d80b703a05

SHA256
fe95eab88459a6fc37d8494c056278e7dbc65c22121fea5837c48b420360e4cc

SHA512
65a59b116aea5a24dec99074df849b6644077474d560dd7d1cda534f64805b2ab4091ac2f0489e543bfdc46f80eb109ffe31e61c06922892932f8da6b78caf79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b7764c5e819fe11b89a8b2b71097a65e

SHA1
eda3946253b8d8b480023c879d8f390de6d06b5d

SHA256
f355ddcf760cd89cc3bcd17c8f118d27e045b66f048457ae0e2a15b782a08349

SHA512
656d067cda8d638cae82cc811b4824a7f256225b945ff22c0d347909b62f6c5542da9da979e4fc19c413baf2903144bfc8406143c284b4c54e18b8d990e6428c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c30691d7002ce25a6f3b251f96b2d2a8

SHA1
0b850862c7c6d8e89bc1bd5290d303a687ad2b16

SHA256
59228cf62a0fc18741cfa85d95ab04f2604437cacbb4afe772a39ccf75f642a7

SHA512
c7435c9366fd29af188939c22095c0398b789429bc7cc3fab93d187dd06eb292b67aa9510828596ea7612fb585c5d65d6205271bdd789bc7246745f158cc46b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d14772df0979ac715f547ab95f4231be

SHA1
3fa3a3eff7c9e0e769ad871c1b99b05e39962006

SHA256
883b47dadd4c2edf04383d7ed0c00ca4dca920d5111f90fe992fe6d09181e3a5

SHA512
6df38fd0c479af6777802dedf4461b986bb679a4e0eafcac294418d804ba75fd8fa5d4902f2a8dbff973a0e699f04cfb94d0a3bd15c4b872ac70d9fef6895d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e1737c050fbdbd92c0fdc731c601029a

SHA1
c9499ac8d63b69e3fe66705973cc2f0d0de52124

SHA256
76415546943b98359bc7d32eda3a7baa796e7681a3b83b5498d81020b0cf440f

SHA512
f3bb60e1d5fe44dd24db59c8e2aade08b1eaeea9ef57f79d4000cfd0e00b2a2cbcf6e393cac347b6814d552dc61c0398a3c841b653afcaf7dd83f594d3a72485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0b6d89e755e107d16a011e63f6f8c0bb

SHA1
bea19ac5eaab6fb0eb022110f0c2419d80ebd537

SHA256
d9be13b67bd2c5d96e7ec91d912593cd58a6857650b0dbb265c9bf188dbdf68e

SHA512
6e547ee9933180dce0b0a0ae299f077587ff104001c82eab86b58b61eb52a09c247a40be57036065e05cee8ad7c987c1c55201031ec0b3f8e6f9ae8686f27400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
985c72b2ef384b9691fff029b46db29f

SHA1
6f5682db20e9f581897727bf2dca3f5bad8e394e

SHA256
54727f2c3c0d015edfbc065e7be5863a614055442d710bec23ef7360781d22c7

SHA512
b937bc44c802b644fb474d604bd6e42eebb27a2d91a0024931a221341a7c4128a93917ecc59acf5a506c50ee35f1b22ff48d35a9f644c28c1f2cd5782450ede0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f3d01edc705e700220c170cc69624b2

SHA1
4f9b2544acc7545d0717e44aa62eb3aa34a63526

SHA256
90f87d11ebac4a2f896be06b5b5233a86f96a0d8642e166806a2c84d9b1e8609

SHA512
e5c4eebc6d2f9bf2a8d03ce11e44a0fa97d22b2e81849a67399e56f43cc8cb9fb7e9a629fb829943efeec185fc8eef600a8a1395fd84b1b2e9ddd3fb3971f902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5b98275c831c94545d57116128428bda

SHA1
224f6299bc851b12b093a2a9d1bab3b6d75797c1

SHA256
df0be6bcf12cf929a892a6cfcce4f5d81867b8068ae750c6d8f87e8411d81cc3

SHA512
574bfb98463b65aad50c86498d1023e53d5ff7dd566c1fbb984e7eecb269c0c7c76d303055f07b0e370b5d74bdd17bae51030d731ec2020c66be613b2123cf5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4eb85128ce663738791dd279449b2370

SHA1
8dbfccb4127422fff3a1ffe9f66566dc0ce59124

SHA256
1b02f147854b32c71b50b4902d5771a32e08f3e3a2a91c35cc25880575531528

SHA512
4c154b19971c5fd7a6ef8e296c00011e740fe3113cf9d0ab947d84338ca9042c775503dc0af3360f1ae8035e98b5f96b63226681721e73d122e0f82a0b1574ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b8704e8bb83f5bf30937d9ac4d872127

SHA1
8482d23fd27cd2ebc3843e1109dd6b81acb452cf

SHA256
e393ff503a87cc67beb1d07fa8d669ccb4ddcb788a0bc6cf994e236df28a4029

SHA512
723bee9d19f0a90176aa694d46cd2a027c994ebf859cba53495d81ef8b0d8184c8ed6babd3a5f9c80972a480dbbdec540f9880d2b0cf2e3281efc282aa61512b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
904132c95d923d5f4477d8c0117569f3

SHA1
28ca075016dff28c78c193ee0a770718bfecafa5

SHA256
09ab1a48f0ceffdcdc993794915e284b4c8a95033f8d0be2defc579bf53fac52

SHA512
3a8d107e75fa5d9ebf60feaee9a89dd242446d6df818c8d53650d2b81bae28d5b8c1d88b3efd6e6f445a42d18859c2c46a92924fe77c4c0a62824059a11df586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
68170bfde6985b1449518fef18dd622e

SHA1
f379009e0b4b2794324a257311d596a0a771dcc6

SHA256
ede4b1aad2f2c5a1f508e43030e4d74fdd8e573fc769b3a90b28a303593273a6

SHA512
b3379f3db512441f526f9b76d40db1903df6fbc343035d50272422227b149f09bff86a7145d9250fa3af314b1a507f1ef074b156148ab4da55c3450310e0b32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7fdffcf4d744f16aee18983dfc365a57

SHA1
2e35417259489fd3e5d1b3b80def9acba8d518f7

SHA256
9303730cfd4b074a8adf574154af1c121f2d608f7347512ad3e0d6fe8e8f33b5

SHA512
57a1cf68dff4161f3bfac8442e52b3e79fe7aff540af0cec2464bba5327ab50892ccbe92dafee1aaeb6b60320d5f016faf1336ff6327d0982374d1fd7de30f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dd4e7ce3a5ece374ec0dd3f0af1cb24b

SHA1
aef407546f19719d63d1c870a55ffcbd776a7471

SHA256
9558e096534e17cc333287d0f6322b2f65c62e3b35034913e0b63c021adc6f53

SHA512
acb57594f4fd23f0c23c69dc97580a940844a40e6cee6f1f3a8ad162e3ac44b298b951a50959a28926b70b14723a7cb101b518b1619ade083bfe81140f7caccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2785d2864afc1e9f35c99a70e21d78d7

SHA1
a2880ba4bd6da99a17cea833fb8b32377a8ea995

SHA256
a0ef15ee0602de1b0583f7d520631268855b7afcb2cdb35ac1665121c1c95e8c

SHA512
17d34d8805f372e1e3739aa006c0993882e2c5b62436bcb4a85c489ea9a594ccfef375ecd7d6f2c649f8897aabdb0f6cbde93ba5e1a60fafe30630531401ddad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
915c4588f700c18a0d8aa4b3e556a92d

SHA1
8ef674aff2bcd3bf63f65eda1a08802f0d5c1f62

SHA256
ad2ef4bec0b640fe16864401f3828314e8bd4c06b503a186d1e16bbe79c2628f

SHA512
e582d48b568c5a95c8f3f0a039d8785d4fb57a9321fd6fbbc3f92878f881f5768f96927a57175d30449a68d5ec2c5c2aa28c0497c992d52cd335fdc64df05926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
eaf36f6855dc5048d2b63f65e4370038

SHA1
6459c657b967b2ba1a9bff53a99cc6a49c41e1ef

SHA256
c53647a123944bc4e02517831831dbc52913cbf05d67cad7a8f0a2f85a5ef80c

SHA512
45eda53499ce982af7b94eafe18a615c55e66de96de51081f140ea777cb4640e314124974a9de224fb1541c3b39d4bd7b6b30494c7925ea808470687b83f576b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24a81bac763f6255e224db795dc4a077

SHA1
fb580648da99dcb65f60aba1fc6ffefb5297ab42

SHA256
7e73135595789cbeb556d5884a6f175f6cea9ebecb9e2f61f7154449f7584bae

SHA512
70b49e0a42b9b35802cb624cf4a85187973453e42ea3bbd19be0026df07d15f17388cb2e7386b04aafd2274e2e95d684ae55820de17922d999aed1b4a6418ec4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a1e541ffcb79405bed50b79b72e6ea8a

SHA1
ec1d22cc3da1240fb11816b8b13b54c9fea7728b

SHA256
1da263bfb69095d114dab40006358dfe6a726c21b0b14b8b4239018a7d610ee1

SHA512
f9e2f7241d03abdaa8cc6eba81a3acd0754e66a8fa2a83eb9735dabac7b898a7482aa0485fb54a4f0b41c30a0bf7531e054bd2cf4c50fcd04e47ebd55b7315ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
8593f04fb8738813e2a7e2829bb56fde

SHA1
ed55b4da34d45ca2b58dbbd78b5472927724ae47

SHA256
d4a7ce1dede9cb57127683fba5801b834dc102596ffd6cebb01283153c5378f1

SHA512
dabbb4a24c2339978f15c1737b34c2fa956c5b7b16868723b851af057b94fb9eae71afc473e40be0477eff276b946981387237e6194dba0ba0c4370a9c776bfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
e66b8261f9fcace3d351f08c6d229aa4

SHA1
f1af410f8eb924e890d8374d5e5b70e0f7e8f5f3

SHA256
2c25fcfc523dc96afa5d41a3cb7fb108b4a2afb4a7c2ee678018406eddda7186

SHA512
a23e41bad979bebbd4e595178cf5dd8178cc2058b53b6473f72840601861895ce56c9c934502a16217e3ed474a24afcf4e1f007266250e47681035696553267b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit