b2e3b3edf52c7b02b128beba207344ac58d9045076a3c3bab471a4b1e0a7b5cc

max time kernel
256s
max time network
259s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20/09/2024, 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-04-11 12.37.45 PM.png
Size

25KB
MD5

6b7dc856f8c243f6f19b6919f9c3a1ce
SHA1

8b652199f0126eee7c36304046510f4b8b544f5d
SHA256

b2e3b3edf52c7b02b128beba207344ac58d9045076a3c3bab471a4b1e0a7b5cc
SHA512

68528343cd7bccf0ec068afae317ac0201d2556f7aabf7fbf6a4e843669289c4de1115910af54d3c9cc3e806104efbf1c552ea8a2ac9195bb86eae7917a2fced
SSDEEP

384:Tjze0/+KycJrKUZggOdglJeysrE6tuY0ek2YB+iLIJlph:vzB/VPZ/lOuY0V93LIJlph

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
41	raw.githubusercontent.com
129	raw.githubusercontent.com
130	raw.githubusercontent.com
131	raw.githubusercontent.com
132	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133713179868468808"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1735401866-3802634615-1355934272-1000\{518FD429-1B71-4367-907C-696104F6E136}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
108	chrome.exe
108	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe
Token: SeShutdownPrivilege	108	chrome.exe
Token: SeCreatePagefilePrivilege	108	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe
108	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5040	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 108 wrote to memory of 4320	108	chrome.exe	86
PID 108 wrote to memory of 4320	108	chrome.exe	86
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 3100	108	chrome.exe	87
PID 108 wrote to memory of 880	108	chrome.exe	88
PID 108 wrote to memory of 880	108	chrome.exe	88
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89
PID 108 wrote to memory of 1172	108	chrome.exe	89

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-04-11 12.37.45 PM.png"
1⤵
PID:4900

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffe78aecc40,0x7ffe78aecc4c,0x7ffe78aecc58
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1840,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2168 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3580,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4380,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4820,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3256,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4416,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5044,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3260 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3216,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5580,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5648,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3220,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5352,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5364,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3344,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5340,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1160,i,12663914066538538016,6907194462389748696,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:924

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4936

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3728

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E0
1⤵
PID:1444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8c70a081513b9b6b57176170ad4631f2

SHA1
1fef79c42e99fcdb28e4032cc189ae07a043bf23

SHA256
da3d4c9598cc59f71715904a8aae6fe3caf08f8e6230e086e6a63d7c44036c85

SHA512
14a64ad5052b86ec163da43beb47044818da8742db259eccbdb2b98f9bdd211717bd73367dba1f5c229f6470c67d3af191ebbd63767d045a3eca446a7a25a478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f85c286382b591887976123f60ec50a5

SHA1
97ca75f003fbdefb76b683ecd9b1929c62162d01

SHA256
e0e90a43b375eb384723edcc33a9ba8848e7b279a519098ca4e9c14f1b4f14df

SHA512
5185d79dfc6355b418b005d68f5eac8c7c787520bb9cf030b9ebf28ae35c04a292132b140885a07f7b1fd39fd7f7d102fe72cd049d4f5564f2cb1e2834c003da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
1024KB

MD5
27ffb870bbb090d6023451e2293dd56e

SHA1
7ea2de7c5e997e0d67fafa09b06dda96c70ce16a

SHA256
2195411990dd0961afb846e7393d6925d1d548a71e969d160511db603b5cdc5f

SHA512
ece5c3f59edc01aa3ccb3b98072e6d6df3279d9617a1359b2e8ad3aacc4755455c1d1df087c975901135c368cff427e2d86258791dadfb67cfa905f2bdbe3b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
47KB

MD5
166272be2a096d91ca063d2a2b8a5109

SHA1
e6368f257a883a4425b38c480d942c3c71c238d8

SHA256
b468a14db93d196fbfb11ad23bd5a5024e5413b32ed08469dea21e037c8e1384

SHA512
c84d1eeba00598cff55a6cb2bbdc7a9de7875b4a342a9353736104a9577bb48bcc2520724ef89b48482808491142fc88cca6352a4bba9b8545238b4b6d555b04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004b

Filesize
20KB

MD5
69dee9a38ac61c4d69dbbd30d74f6e58

SHA1
9c6f5382c325c4b2ba346de7adccc50c55774272

SHA256
fae7cb6b17b46ea6e362c63dec610820674e0bca75099f71e6dd3b99724c8302

SHA512
fd053b6c0b5da50c4a0ce4542b5363bc988a7b66ac74a1665d2cc4f071ec3bd68e5f23ba08909fcc5f1b62135c52651b7b2e9cbb419be22abda44f6c50013b74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
20KB

MD5
cf4e779eef89d9c5fb496d22e0d7098c

SHA1
7018fbb9203c7ab378834761fec9c68fdf818367

SHA256
c5920310b9d34641d4295b62783c0aaa4e351860bdbe5b832d558621a78e9e62

SHA512
97cda67c42b7e890388925d7fbcf375d42561fb70f2a4590fc8e4885363b8ee520d6a346d63309c2038b048abc37634962e925b1d4578fa8ebe9ab7ff72afedd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
98KB

MD5
e73c5513003136a961b87f74a0a5f462

SHA1
6a7e8d9e367d302ba29c9c4fad64e0d13911fa6e

SHA256
88604ab2286c38f28d0ff65109b2b750bd748b9c6966f136549aee785fe3ab19

SHA512
454881ead701e9e7c0b6fe06612079a028846a3d013d6c7725b37c2a347e0cf067b234db217a213d80962664b83a1aa1fe002cac93fcbe566e655bbe3e5ea189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
603KB

MD5
26938e3c4de42c72a093843b11bc0ce0

SHA1
f6d93038faa2d6ed5cc1a75f7c31f2afa18b4f11

SHA256
d6b0c90791fc0bd8daf4adc7c62ec97fac2af74e4e5bc4d14624bcb672d30a1b

SHA512
e69b8abccf5a205048adcf70c6c4a3f14be6d2bdf35515be8abd8c291f45e8ab5266e23555be7d8eb5a79ffa935d5aae0d4e541367cdafabafa19c064335caa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e15e1414e0aa090465f3467f74f91d9e

SHA1
03ba53e9ab2e57949c202ffbaf58ec995cfed2df

SHA256
b18b5495f85d1a575ec1ee970334e605723b639623175c0bffa38a0814bad666

SHA512
f4e8d85002dc98c36ff9a4c4c6166939ca0051777b7fe0d19dad7c45622b385314c23ba5955c9e21858d5238c8a6d591dfd73fbb435229396395336b616aa425

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
4a09b52a082392019b6426fe2c52f0a5

SHA1
00e3114d6c34a26582ae15fad4ec00aed9a20d9b

SHA256
ff25ed071dd793e11c4a674fd5f78e018ff6ab9df2818e2a6e534f067244fa0d

SHA512
8f124e62e2408869d15122202d221bb7b67d948383cbd9eb6b09f1b502b647119932cc81d3faf22b7517d09e0a2b1769b27161b47023df06d3fcb7561bd74292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
1200fdc0de617e9d701ad4560c1028fc

SHA1
577f6563aacd84af3d0d228f529bbd0f14731531

SHA256
42542cdd51f5a2f2b95722f698b4f7674d2862a49a335a56750c6cff3ed97333

SHA512
b3addcf5cc4d19bba4e23f40e483a68e891adc3b655e6c1a25bc4f84bc4598b2aaef191ec6fe1781ff7ec9918c450826739139d7d8d70626141265a1e681e1ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
f7a29a31d7ebb801f0261e95b50e1af6

SHA1
8a8d33d62a0f8396b0b25e2c1809edbf643b4735

SHA256
22c7345cb5be168ed48b5c073327428d8f81e3b6f404cc5b657ef44de7c02679

SHA512
9c1007858e097051c508db0d8125732d18ac04b8afda2fd0b45c6dcf16be86fdddc04ad30e481fb9340ad83e7ba96889b3399c0bd9386b6fec304a5f70a8d4c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7d0eddb824ee8818ba98b1967b36636a

SHA1
1315088c1178d229df25d95e80d677dd1ca0c2cb

SHA256
83982761de73d824f8bcf0950dbe8c61e5578a8b142e928b16492504906796bd

SHA512
749ebf28bc0b99d4be27601e07b7947990035f5f1388dd92fca36f3bac37adaefca45388a1069e87e13d685d2e76494ab275c01b4152686a27a2141d412428f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
761b4c3d93f2a85fb4bc52e12988292b

SHA1
31bbdd6a204d18adccffd7d815ead441842d2134

SHA256
7f1359cfa37ced9af36fff610722285e79acf56b0d66c8af8d3bde8c27f312b0

SHA512
c49874acb275b1ccd5fd4512cb6e74ed112c5c38b5af3d081390563d5a0451f20c618df2d4870621914f288d60cd5f3c495b9d24b6c75f2773ae2e35270459e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
22fdb3ee0996adaea175d5733dfdcdd6

SHA1
cf9a49168273fef8bded96def0ffe665e0674f40

SHA256
61b8a74984547a4b4d18ed739390a6e3c444a0a7f522ad4cf019550662e20593

SHA512
10254f0ff99893fcadc6037fcfa98e5c8d3e03d97df9225bd17b575171bd196ec5784af2580b3e5eb502b4014c6ac9ca67830d99539d522b417539f7a9c76393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b2197ccee496840b3353e9ecc25572d1

SHA1
4cbf6f81dedf0d70783cb28a12ee12688a4a7679

SHA256
1e4e7f13e08e23dbdee6c071dc9d828f4e3d139965895cf754fef5bc345cc9f1

SHA512
69d2fcc47ad574b2016d19591dca71871f38cdd305b686078bafd174a2cf327d5f53d1e31b89f43287f3d60f60bbb6ecc15a1df44283f6a4a601703dbaa3053d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
111c35282fc6f3c1d6d7aa6439a4f551

SHA1
f8e27541fd1a0222d0fb381b693b53a3963ded4c

SHA256
667dde9375bae15d8215df805d1b3222827cb2db4150a58dd117e779f58b97ba

SHA512
c87b5a1ea242ffbea5ad253c0033310e5b350628d3dea4f5e0627f96fa0c8b9b39f17df625a41f02d005faf2e3f94f0707a0de73941a1e3e835454ee1125bd29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8bf0a45143b21cb543a75ad6dcbe904a

SHA1
9ad4b04961243b6d227f0f4ba14f51e0dd125e41

SHA256
1805bce4d7003837a4042d94680cec89650b7ff279983a20871f20875181d091

SHA512
094319a9b78e9611dfa8cf1af2397755372d197a18c4df3714c644fa972a83f0107db33b72e7ae811bf77925cd1c18b5ab0524ee4c23b30eadedda8566758101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ccc2d30ef6c055e13b4b171dcc2f7d31

SHA1
05c116d5bd971871daf4a935943467e35e193e30

SHA256
99fb6a5cb9a4ceaa46020e49136c90f6c770cee18026b9977aca4a751c9ccd10

SHA512
9819d102ffb5b88539249ce4f8b7ba9d4586eb348085db45e5660f488fb2d4796ad6ad7159870cc204d13f701af5e612a0795a04df4e49e3705f7f5cbf0edbbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
daa0dc42c9132507770e80649ff0a53c

SHA1
b128bae6c92d06d9986f0da15b39d37388a2bc86

SHA256
407f9af896f229c2dd2a180e0bec80611d74579a4c73ee5aefa69eaf84c334b4

SHA512
44b8fef74cec325c627d07c57527ff5c2ac57c7fa34051f0cf0f024b0fb053f22abfaa02e803c6bcb621d6cde884393ea000f7e4079a307732f06d695331c4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
50d5496648596e8fc4f9a946519e4bd6

SHA1
a149230b66192d5f96b458e7bc9c03531332e3a4

SHA256
e40154f705918c3a1f8ddd0360ca420b27923e47f32203c9fbbf8da0366e886b

SHA512
8a080755844fce34b26e8415fb0dd193db4be065bd620a79c4ba479480ad3594bf1ce379c5d0ce54d173c42b5d065066f0004ab184188e540652d52e0c30a0a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e6422747d8dcdb567173c8e1ca5895a9

SHA1
e4dfd0442111f40b491adbc8ceaa1f700fb3c4c7

SHA256
3107752c182fb35b30dd79b8f91aebb833565a8e0ed4849d7e016cdd7a4dbb70

SHA512
e388cd4f01e1559c5ba578a8d61c7e9a850d16061e478f1bfbfdd5a0ee8f2e61296fc5615aa30b4200015cd3ea9a748e42e26118820e8be1ec9f76c1712bd72f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d7158b2e7d3f642e090680c7f24f2997

SHA1
1955dcd3e29c8e487a4e91211484445fa5ab00ab

SHA256
d82df86321421e695a9d5350a09eb1986089fbcd4e0f21f102b7331f0aae014e

SHA512
0e3a310c7ffe6bd7c6d1d0ef3e987c743ffcb1c1f044dfde72c6e815fe3cb86bea6001dd1da9bdd2174ef2f4b7f28f465b5bdb18262a691d4db78e254407a0e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
b9f16b67902a5518dfb18060fd785baa

SHA1
88915fa410c5446582c42673415e39b912b0b44f

SHA256
08e98387f2362ecc116ba2ec2393e379a83bb098a49c9d4e9a46873c27410dcf

SHA512
fcfd780ce05a199eedd4a58417a25d14ec6c755bbd8e4dc508041bfd142cc8dc385c9cff2987e1f6dd307331ffc00e6daacc5c409a77028ccac7c3255bdb9f80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c3066304282e75d3186abc02c7b273b7

SHA1
55b4b1d83975f5927fc058c7c7ef05f00eb9b1a3

SHA256
39cd610ed64046cafcf436cfc43239411a07c6c72418406da69644abc801b187

SHA512
23f4f3c1a8c65c4efe4367097e358a836c3772871ba2c589fec1a09a4cccd6e09b8eada330bffd76d48ba6c9ba29e588b026b36f64019cedba8d09506682ae5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4d82b726c6a640bc2947e38d61b02c6e

SHA1
63a0492258dd91602d926e9a07a4d4c5bdf98372

SHA256
01b04eba91ea9f7819c049574bc3ab5d2dc8237966af0bf8571067ca9d5aefe0

SHA512
6987a5f912d9d1d66c38214f6902a0474b0050e237d84a29347b15ddc96c229ec8e6b889e55c5972bc3b406856c51c1f3a36197dbd654031d60b651dcca7703b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9ee3737c55cc8cadbc76c32c333ae9cd

SHA1
354a7daeb6241dea09c02e8d5341b8eebe3d65b8

SHA256
2045688ccca62c69785dcc735d1f7926a698f28b7227ab32ca2f1cee6a2ea946

SHA512
939ca659414552befaea38959ba655061b2cb3d1c8d1f0878c52256e143d36786d9ed9a225817bb27e123477fe712cd4dabab77c5d74382608b5dffd3d80a012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9caef9b50f8c77df47dd34425c0e22f7

SHA1
4a814d4c1712102b7a15f36745157b78dabc08e7

SHA256
25c5121364358df376311d76d9ce9d5c03127035252d1b240fd78618610e2534

SHA512
0eb195b12e8e8d6d1f2ac94efc90736795016bef25249ab6476774ef62f5144d6deab72a20cfe491b593e72964e28362022175c3316f077d2494d83339ffc494

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8b8de1a98edd46a6e0668cb03c0ff84d

SHA1
a6c407cf4fecfeadc4e13ed5d6a9f354e152db96

SHA256
9f4937fc3e8cfada3096a2d8c88ea8ab1e7f239423ad5d5104b4454f0f04ddf6

SHA512
4096bc354865fb6857ae8b21984e410ef7b91bef2e47d44f2e84910cad630bd6aedc7d4f4b074f6988a6feaa8f97d0f18cd041011db7b7f26917f33946c53c7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
dac29d0ebb455f131fffce40e0318fd5

SHA1
536183c14343af829c6febb1e4be7cacdefad137

SHA256
a2a7c34c43d9b389bafdd990f79851a4cf8faf122037cbb4be4e52db29fffcf3

SHA512
6c70e9f8f1388cf48acfd150847caaec4dabc0157f33194cd458d27a818cdc1a3b835ac654cc0325f537985c948a438673d97135e811063b60824922aaad47ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1711032e0d492e3f7c3aacc0bd30c6b7

SHA1
bcb459a8df78e174ccb4f81bb7f0c49aad9d507d

SHA256
2f05e86c9f7359dd56fb6538d2e1c58edeb83b6769d2885ba13f97d6c48cc074

SHA512
14fb837df2d53257deebcae036a4175e470f7f6de8bbd10b015e7bb323d75e7df866f8a3893f16d9284a3ff21a672ac46bb10a33497052b43e457db657776b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e00b0f34e80971daff8fb721ec147812

SHA1
7e2d77b4f5ce6dd051a21c0e0bcee1355a1baae6

SHA256
29fce7dc6af14fd0002cfe90e6cff58752b91229d857b1338e5f9140c7dc5aac

SHA512
2833bad88bad44b0577b2912c0e3821e7f89c8bb568d8730097151809b5c5e845ecac322669c827e9902c7116548268d1571578e63a5c2a9e4acb994e5a1c6e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
886d0f3ec24572c8ca78c86525d1da16

SHA1
edbfe2fbe90f6d8bc95260b41d2941f37311dcf2

SHA256
be460fa7aaae75f0ce5b6dfef5013d2970ca57a7e473d0d3e7c127719bdd0419

SHA512
531843f04aaca0a37f1786102707f41690949a4fd8fa0fc913eb7543869af2f9face3343e81a31bfde76a97d5cb7e5a978b409ef1fae1f25e23e04a7e99bc90c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b2b938e4e526b2937dfc0c4c98201ed0

SHA1
0095f395f2a11af2c49b2e5aecce2ad444324970

SHA256
e649151333ff0179fcc36d5664c8c4a278ad951f93658bcac31bc7d7b66c1d4a

SHA512
d900a1e4a15bfc96e2ea0a0911709c23a04f0a0574ffc2b537ecf12b4a8f7a8f4c2ae8be8eeed9906d2956ca86c8e49770bcfec3caabc04e91c93fd9cdeac2ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2e405b3e416d863391a675c0e6cd5d07

SHA1
8e8610a44c45b1f632c7bddc471dc17468618500

SHA256
6bd8c5004792672d93f951549749102a5e576df14baa973c60d374437d6e1c61

SHA512
a906ffc9b8d7f34059075b783f1b2145f5f1439eaa5645568e0b681bd4fdc93000c72174f0dd6326498da6cf191350a844995461402521f1186bc488998fea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
02805fc79d7810fe3c271aee20dd063f

SHA1
b18911792068c9abcf8cac40163e19a65370d0d6

SHA256
c541c65e20595556358542510baf608e879f27f4e8adabda22842eff8ac1fb1d

SHA512
ab6938f790d1907ae8f47e625e95dda9d7f5076d30345f80d8a7a0b08618548617578c187c5221c74325847192f38ab9117793c214682e5af3597d11f6a66ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
be2145c00f096a036f2dd4157be42d37

SHA1
78c5d50eed67873eae375f3a6b197e0f7fe99076

SHA256
b3be9aa07f0dc891bd3b15d80808fd4a60c1960fa478fb09c6b91f327be9ecd1

SHA512
a40ea11c0ef24a515f9de0ae886761fc5bb27203fe9e50fb9a9783901df9d16abe4442ca1dfe295113bddc9671a94a754d84f6cfe99a82ee448f0a8f76e8549a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
acfa02cb7d7a9716f2a7a20c059bbcfc

SHA1
7262b911b701a8aa46c6e8352abea31cd9d4ea51

SHA256
a3b938da4c8ee096ec35b5089d32a8d027d96a0ca04520e0c8e3eefc7e1a8a33

SHA512
8dd46b26b7fe48bc1f80c50875d21054c0d59fd8979c2a2be31d31dc99c6e1c75f75c257aff97d4951d471f968dbbba43c21907aeea2bbd045c454b7f6005bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e42e13fc0f1fb63971915044336f5ece

SHA1
c7867a51f6ed867cac8276bd994f671612032807

SHA256
3d7f7345ba1bae7c89068f3dd624f9a3838efb17c9ca31605777152c65c3d57e

SHA512
daf0ade3d2d99d49d9be42e000741ea786d45a4f91721f2155fd99c2ee15abd421d7fd0880f9a2d63d815e157aabed936fc1dc1684c99cfbb81aaae6ab132464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
748d8d9345cf9bea5e553154760427d8

SHA1
ff3ea521e6fd38ec4853d32411c663f39c08a68a

SHA256
9183262bda5a8847203782454cfa3688a7daf22d2b3d1f5ac322be02c2c2ebf3

SHA512
d90081b1ae82c706ef4db1c9e1f70bff9d6c22cccff7c6c738a07278c41eb43d12a8aa3dd6b885213980fe539d2af3e535f4a3075cb5310663b36dbad6b7dbff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ce38609f31caab00ab8a26b4059f68f

SHA1
fed1066dce4c08acea51182d9ed88c205bbd90b3

SHA256
6c3eb413c3d4cebaf6e214d3e5f7f65332c47a3e4b5e495a19e686c52785d9b7

SHA512
fa35bd2e05abafa8da9c36f274bdd169675350e410bd5851e6ce732f32f3e8733f513103d85a31a910598560340ce44a10b2a9d781e0a54540b96ea672ec0a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bb76a96b281f6212057014ddbced3c6f

SHA1
ff90a5bd92b032e9663bfda0db45073406da7300

SHA256
8cda67026bb7ec797f2623d188f99d20f43abb344da6e029b44f4a4137209356

SHA512
95b8537dc175871fad5f3befa8f712b28712882666c179af98eebb38c206f5e6494b6da9be26e956ecf360afb1808c8944f108ba6aab4f8f65248c365ce35f77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
96B

MD5
f7335e63afb0a92a62fcc77537c60327

SHA1
2959e2d861d9eda0aa6931d6ff028530d10e2699

SHA256
66435d6e8a76891987bc320a22b8f6c31ea6a98d30425a8b341e7bfda98c3d15

SHA512
8a55b69a3f17c3fbe6c5697c52c15f5e1898e0455d2e14b8bdb016f4108a66b3ad5ceb2f1b0f7f581f7244041254987737ae820f2310140b16488ec6634ed3d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
160B

MD5
2208517df82ca0c8ea9c59728bb4d5d7

SHA1
2e49b063d704dc754beba28e539aa4724c95295f

SHA256
19a48a98c4a97892e1d0ce2dbe433197d497c058ccd605d801f7b94926b9add4

SHA512
c611967c049c7d8574396f3b4eca6069eff0abc4855b83ed6459fe785511540d7f8e7534074c748d840d2c777d2cc63ff1149da33e1193e110d8802f4cfc682b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe58d1b3.TMP

Filesize
160B

MD5
ba2cb80986b42033a0ae34f529754730

SHA1
50759fd83474f90aa2ee66e3f4f19e052fff9d6e

SHA256
929ea4d1fc5c59823609397a6a43943374f39f8fe772c80d5f139392a5ea8c3a

SHA512
739ddcae06095b38ef87eb278deb401a1e3e25a10a0e2baa20d42251a002998b4b001dd7df90a1089ca0084d977b7deda2dd664e5e94d7d3b12353a950df1d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
96B

MD5
171ccc1e49ce9f088e67f5064b5ae7ed

SHA1
888291b2ba8a5192916bb0e3e87cabb5e1017d23

SHA256
ca103bdfe3cab645d9fae586d13e3722253595d272664a1d5f8796d4cc5bd19d

SHA512
dfb9c858a35d6c548a6d44df84d416aab474f578391b0abac072ad2297add3e1747b3c1c460cf52340f5de7591b5997a01fe653e8b623aa843a0eaf8bc349331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe590ad4.TMP

Filesize
160B

MD5
a8835af7482cbb0ed53fdce43fcc56ba

SHA1
7f9378b201d4ddef3c56046257c9205ab1b0b516

SHA256
8134687d6d48752bff0a906300bdf61b7679e28ed785cb4c4f81487582f0c2da

SHA512
184dbf7f6d5a688756882d36768a423e4d836400a918501d535ebf466f6852311a405361eefa3b0cc0b79c3187d60fa5b87b20c2a0198fb86606fb3f57c9a470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt

Filesize
78B

MD5
0586cb779d001fd8dc757a39a48ffa05

SHA1
fe719e424e600a60348a2eba9ee454062f19122b

SHA256
2bd004e48fa63e74a5f8e6b642c4eb988369de61967b716f4f394b18275a24cd

SHA512
67e1d24d3b6a1a9a6eb3f844db2342558fd778b5a82db5b5baed31547fe20f3196cd7876fdfb851abf6402fd09b03acdfcd7951a1b291151d051ac868a2b8093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt~RFe591a93.TMP

Filesize
142B

MD5
01f5f9a89015e04be9a390d766b6163b

SHA1
b0f65f1c15c9754882804631c5c010cf128d0d66

SHA256
ddf7f788043481f3eb271a7854b6c8c27335d5de126e6d6d0ca956d103710be6

SHA512
7a2e5fe29d712024494d0da216b1cbbedb20b3a7cd1f953fd0bfd388780c052337ce7f29ea573725dbfe4feed939a6460c2f3e002a7baa963614ca66b05f27b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
f9f23614e0620956202da266e0044ad3

SHA1
0e9fbfbcee52444035029649948d798c61a75bbb

SHA256
10baf33fc77ae749763af71fd7ed1d08a9550036bbb0f6113c7f1ceae502ebcf

SHA512
5d173a47bdba26b8b687e0aed53e91fd3d67060632b9b286660711cada3baf0e7de3bf947264931c938d6466136c514a90903449232428bb42dc98c48afe995d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
6cf9f66ed3d8444bcf0771795c8c51bf

SHA1
a06f36c970aca286e40e2786823517c1acb4c40c

SHA256
ee601cd8d07492708110f2c49e6e6ebb2d3ecea65efbd0c72b7025d768244aa9

SHA512
a3677c7909598e27e5cf80757186b3ec6d587f3d4f9ffbfaddd2270ac90b89882c143e2cccae719aa75489ab1154e349003d1c8b20f1202641f04e503c25d458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
eb0a1c03c1ad34f9fda64f22821db605

SHA1
0470273ca62748a0c889a10157ce6a2e22516f9b

SHA256
9d57c649282e3a7b8fe1f265b39159e59ac409e0c5870a3a952052d6f8ed8e5a

SHA512
f05b9c90449f40a9e0acbd346de8878bb5c0aa1892d749b81c77507c7aacc3080dc5104fb71f76caddc37ac084891bcf3c64a62ca3b6f7b4764a55290d1d18b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
8249dd84c1b08712a72f8afc37660829

SHA1
243e6c2e77f0bfe9420342b051217249826ab933

SHA256
febfb2cd49ab1bed701e5fdcad11ef1cfc153d39fefcba6b36a9860abe435e23

SHA512
1a1a12c5dd4fc133dc175c93abeb8a8411e2ecefbb92d702a752d4fdf9deb2deca4c943a79588a0cb1e93346b3bb4c006776955006c36f4e4d082233fa1cbc2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
13b228e8cea4073d096cf760ce1f3c87

SHA1
e437c7cf8c263d0fb57532e50cb30ff5c775ad53

SHA256
e50bc12ec512ea3d1ced50d1d75bc40dafd4b3028f629751963769d5972a6d65

SHA512
ced80ed6fc5fc95fdb51ea0d18f901197570c9965378829afcc6b70c61bde71ea9ff14a7aa6d7b0f08d9fede7445a15b97c3743fbba738e46897a1a5d0ea8d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
38cf4ec9c5471d85ca2c7f6d9714e8e7

SHA1
c3618b8b9838ff38f52ec0b26412c1897ffe426f

SHA256
5a58080a8455267169b8eef3c22ae2ff2749a4840760867974d960383858c8b8

SHA512
78ee29357f4201e75fa42c8b6a112195b56b16bf8068dab3e7867b86142bef13a5f889deb85c00e66049c4f7468b72199740309dfacc7649b1427fbd8ac27c90

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
4d52399020a24c1f6b4254cc7252504b

SHA1
2afe0c8994c64898d5fe16ca68811438ef19b0ee

SHA256
e75a14ce8abaea1788c4361552ef9ef2b86ea02485eb4ad5f8c22c9c49ece3e7

SHA512
a481726d4ef1dfd67a86ae79e16abda87a0f370310758cc8a1bb2516a69557129e9612b9430c0ae11d7ddf72e1afc3375f5649a09bb53febe5cc16718ba976b4

Download Submit