hxxp://Accounts[.]google[.]com

Resubmissions

08/10/2024, 15:39

241008-s3nbqaxbjd 6

04/10/2024, 20:49

241004-zl1ztazenf 4

04/10/2024, 17:53

241004-wgp5zaxfpj 3

14/09/2024, 01:56

240914-ccskra1cnr 6

Analysis

max time kernel
606s
max time network
609s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04/10/2024, 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Accounts.google.com

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725485744774399"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1140	msedge.exe
1140	msedge.exe
2896	msedge.exe
2896	msedge.exe
4068	chrome.exe
4068	chrome.exe
4384	chrome.exe
4384	chrome.exe
4384	chrome.exe
4384	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe
Token: SeShutdownPrivilege	4068	chrome.exe
Token: SeCreatePagefilePrivilege	4068	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe
4068	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 3812	2896	msedge.exe	78
PID 2896 wrote to memory of 3812	2896	msedge.exe	78
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 652	2896	msedge.exe	79
PID 2896 wrote to memory of 1140	2896	msedge.exe	80
PID 2896 wrote to memory of 1140	2896	msedge.exe	80
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81
PID 2896 wrote to memory of 3144	2896	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Accounts.google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb50193cb8,0x7ffb50193cc8,0x7ffb50193cd8
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,530954663786828096,17960964950254086158,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,530954663786828096,17960964950254086158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,530954663786828096,17960964950254086158,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,530954663786828096,17960964950254086158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,530954663786828096,17960964950254086158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,530954663786828096,17960964950254086158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:3852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3abacc40,0x7ffb3abacc4c,0x7ffb3abacc58
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1700,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1972 /prefetch:3
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2132,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4540,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4536,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4600,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4988,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4584,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4844,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3104,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3764 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3152,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4832,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5016,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5416,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4928,i,3300452311680635727,15539786384211831780,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7738b5e2-f60e-43d4-ae91-28c009b0653d.tmp

Filesize
10KB

MD5
612e059c4dcaad0a23f9fb4e696210be

SHA1
b1be0f1fd4b5a9c23534ada626ff1e308cb5b553

SHA256
e266efbc6a78e681e591cb1a4d42003e32d61dfd379204d4dc6cfbf862a70b60

SHA512
eb91c4f3b72843650a195d70ae385cc2fa514536107ed1bdd20a549860fdfbbbdb9d1025b92291579ce2ce060090527b35f930ff0bdb90a9960f65e059b6412f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
bb7e46c7741af20039dfccb801752c61

SHA1
6b9555811c94fd59020afc839af84a22f4fd8728

SHA256
43a57dada9b6b02eea261d20e8f4b4c9090c0e89f12c3accf446d320211a971f

SHA512
49ea6c602dc189e9faf7d1dbfd5ac1f24f4947d2e90d80fb01020b188a1fdf225be63b7371ef83be43c5e82a5089223fdb1fbddcb14c3978eb2af42092d01211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
109KB

MD5
8354249a52de108a0e1e4dba57bdb865

SHA1
f6de6520cbdf363f4ad00501e56e7b162164a0b4

SHA256
7af4110ab66064313829166bda677b435e70ed65e5a2f870656362ec13094eb5

SHA512
3cb5ba4469478cb0fdfed17c9ce1549cacbf623690a48d328376d7e3bdaac8cb31a89b9035c97fcf873ec03e9bb544d9d3eb6010654643237e71e2fa6bbc5d1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b12180c2f4773c0db39a4d7bc8e31b66

SHA1
308ee1e80dec5333d1e3f3e8130ff24ba7a7e068

SHA256
3e7ba04a5a643ed75994c9137f43aa54e8d8152e627519fb89d9bb023683dcb1

SHA512
eac5de6b089938f72a014023392781abd915f31993149571e0ddf712ee56bec3b375d96b4651a69326b689ed11a7aa39d00459600fb7111265b87d7848f33ba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
b60f7abf02c63897a46728357deffac8

SHA1
cd140845f676659301fdcec9a0b84b686d528eb4

SHA256
3c82658bf8b89a20c493663a3a62aac90611c5913d8fd7b7bb345b0a023363fb

SHA512
96cd99c38790b6bd8c62bc71988b32c54acae2cab0a3019baf54b516089c3827c89e6274c7f107e294923e4da06a9bf48c39d2a4b665799bf7a66a36a7f6ba20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
80fa782a4836575d31b1c93a133642df

SHA1
4d29cf2f6a42aa74ddb879e4ae964d3a76756e39

SHA256
bb26397184db4b975f26298bfd801d0dffa1c7a4ace2ca2a24dccb25f2a6d79d

SHA512
efba8ea785515e11d8e1de9838189cf14f5d8c2845d57f03e8be3831fca1ebc26a25021193567ee751587767ebb3cb23b6f0d12a62c3db7aebd247c42a4a9476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
1e941b094a77db98ec3babb5f62e0357

SHA1
b4b3648f48f55ac569be63c775618ec03c43f8ab

SHA256
870e8f3d4495309147274550c4e1074b7888155d0f988c644df926e6ae7d2287

SHA512
bd0878adc17d841dbdc3a79becc3e294546b49b335ae9640a3b6fad7405fe5056fc06ef11da6e76021c97a63db456da78c5096c6ad8007485e307b0ff2982f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f1e8b2edace48b4b07d3e28aed44f809

SHA1
3e2ee77f657a17322e00423a4ea4fa496cfbf34f

SHA256
f01d90b4e42ab438ceb2a2afc923a480737538139c8fad7ebfbb6dcd5c896b1c

SHA512
c5d6e23974c616bec160f612951f7211105744373dfb85652319333292b64f8f6ab7448ed1b4b7f3687ef128ebfe0cba53f9c9bf86332f888225135d28b3b62e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bb3d5114e24c6d31b677fa9892db0550

SHA1
9d3415581ca1867085d3ee685fc4e8cd5d9f202f

SHA256
c7849915541d8cc45d1a2c4857bc0d04dbaabf59eff0b9c6e818570e76f175be

SHA512
42c6dc719366df076a605c321ba19cd6a09a4f9388be72b1bf66eb9d0bab69c4f0320b80782ecd35b02c9f3f83225d7f8e978d6c3ddda6b2ea16cceb519fef43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
57bb369fd657b354c4848643c03b285e

SHA1
2ea5179043e6f20854acda7dc4ce046fd2b4c8ea

SHA256
0e24741fa3329b455d24372f2e6a3f8614f46c86e3f9da656814b6d90de8a673

SHA512
b22f2a128ef3785b621931fa81e8aa0d2ce676769ea241c01d198543ebcf4aa76fae12df752399791a6f2d95846e80bfdde85bdcca9780537696c71bec22e114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9e6ddbb1c364548c0eaafdc52cc69617

SHA1
09f770bdc719299d920016ee92c61e67f87523f1

SHA256
074a7e6cbcdc557f3ab54e59d0fb4a5d2badbc8cf46901cb50bb0d07416e7202

SHA512
23fd95699ff1268d99d74160c5e3464e118172087e7cc4f1a0f9dc6422c80294b578d845510633a2e7907aa324883c711c3a24f337f1fc79aeacb479fe2d3418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9f6b9a0d58e9572a39f8717276781d13

SHA1
87800486a9189dd7bf47ede2d4af1a1f54eb5433

SHA256
54e9f9b22e873b22e5e66ff0069a5166f48780b7e581bcb8bd09a17bb88605a0

SHA512
13f6bb5f69e3312aa451a85d616f1184cfc8c998d633ddab7f37389a87b374ce49fa83952c051d56e6dccd7fe632655e1daef90911495be71d9fd3f10a29b92e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1bac99610dc20f6acbe202300f6b30fa

SHA1
5bae792f80854b984e89ea913f3c17df94f5443e

SHA256
b50d1464e2b07b144bcea2a32e2efb3defc2f5628d99ee3a2b18fac640c1332f

SHA512
fdf758f9c74803082dd0f41d76c330a46410825d83172a9e9a36e2646cdaace04b225f208044e6a10e7812080a5697f0e0299e8dd00c7ef04960bfbd6e472472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fd5330ac39890a8d7d881db266c405ee

SHA1
bb78f43f0af9c119d87251c670e1fb6d9d365536

SHA256
149bb94cdab90b3a8afd92e4525acc906accaef727d6a6e6c45c11361a1cddd2

SHA512
99b126fe00d79f5deed9f7cd11cda05de1d7e074deef24396d38850676f7ca1c006521d2a98aa55abf2e5084aa32287bfee29ff1b2612124b73a3839aa0a7837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
803090c05286a8fbf290548dcb52b37a

SHA1
7665cb509e536adc895b689d82d70ce817bc6586

SHA256
d68460c1dee3609c7c9324359c7f0eb8df4cefe1fd1b09e6ac738c5d63132180

SHA512
eea53d58c8c78be4dd90f176dce217d45bd4743c6a904f10cc5e5641649bf7278a1a68464e0bbb0302e1f6c34e8a7114574a7dd5d7b2c288f04d9806fa6cdd53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
154a89a8ffe54dcd7de49a28816bfa35

SHA1
9c0fe85f6ca03d3a90f763517fdbcb27676f9b13

SHA256
af63ea1ce0d5961fd2bd55a6f3a99bf09740a480b04e3286161af08154880053

SHA512
129e5bb5adc97e74618d66d0533ceecace747e688024f0ff0eacd780211a5fdd3286ab240da4f16c7d7d4f9bbc80129a167d7ce2df81c5455ad49c6ffd768449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
68b6e8e50ca496b7daff5eaac7f93706

SHA1
aca0033676b6e98a62cdc532c7d858965efdadbd

SHA256
c5a0d91d235297d8eda763282d5d3de75d34ec337ccd735b055872ede26a796b

SHA512
b83acdfe3f1e163eeff10b321a44ee19f995c1fada6fb5534cafde368116c60a969fda37f33f6a7ab929b8ed1e09c1094f1e989d0202a3f3533fb1d91c6577d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e93e9f96643f8f47213be2ee27f16b55

SHA1
efe110c88aae06eda5a532814d4b9331512bac90

SHA256
5bd485543fcfcbe0750ab6f113bdfe6ed232e8f787e9f868af4a519fb83abc7d

SHA512
072fba5aafe21717007a61e873a1e53f1dad09fd73020ac1a29f5de8acc85b8dd48c4222cc082bc91e05e31ccc2110e4ec11004859d29394965e350a5dc2f29d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10a1d79fd69d72b1c8be37361124ca98

SHA1
6d1c7e7caa5186053caabe6042bced35b7608c2f

SHA256
d4dfbd1e677ad04e6be786d48f0c92e2e151e6f3d6f65b99e976eab3909dbecb

SHA512
8910c82ac1cf233fea7a0ddbae6b6b954b0c9722792367096fb6e9276355773783a50937df431f04628913c2071a8b5d9db6e80abdbeae2221657caab82b2026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
83f883992d2794c0e7a2e4549f7eab18

SHA1
ecef0bb88aafdb3952ce5672e79079d5ac3a533f

SHA256
b096e5d0b31f17bbee80daf632f02d320505f995336128ff5ce9497d581dbe95

SHA512
ad16a1f1a8121aa0c39ba3cfc958fb089a4095f9a50cab7f78bc54e78994a093b8fdc72c7556698a46835205a8000a74bd59bdcd67d737b3e06ea7358a50e44d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dcafce7d1ca3e9f5445ceb36c7946459

SHA1
841ce60371e3739c3360aada8f80b87ce171a760

SHA256
454eef19c0262d8f19d0dbce06d1dd82d12fb22f180089768317c84a7d2afda8

SHA512
0ee9126b9f22125ee83d27b28776d053501b1b9d21642d7a0f6183a7b94cfd4e67375ae7d4c3285c8ad5c364295452609d672ee08737bad859663dc7d8b5807d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
69455a6e99952fc3c7bb22551c9ce94c

SHA1
8a964dfd4b9203da10bd2e9a3f26d10fee7565a7

SHA256
a200fdaa4d41b5f6767f201ef72cc0f57813a7a42120a04d0afb2a915295368a

SHA512
eea94746a5707dc211ebea5cad8ef0612aa8c7ec77dc0db4388128050d6c6a6d42926e762dcf9641c67222a76725314a11ffc8480ffea915d3c0045c2155c700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3b3f56a9cf13c829f15c8dc5bf814708

SHA1
c11968f5785b17dc5e3e8be861eb71e6503d154f

SHA256
04fc824e100a74523b3fc8e9aa934d2d8d3a276970be5aa33f15a01427c58c43

SHA512
f49a2c8fcf9043246a8994f5a09ddc2a557404b9a282edc735dbcdba48b643889f23b636ffdc7c10270cc15775f52038560138001a6c7629ec2c1f0a3451dcd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6332e7c33607943ebf98e64f1129a489

SHA1
6fbfff79e95ff4017ef6fca48affb1d5357eac2e

SHA256
0bb297a6938a4bae6ecb9ac881c75cd351056ffa53313d8a23e784a6faf225ed

SHA512
be691e2e8c92e77408a384a321ad01d3683f73a44d16e56f2d778025ead23c937d9fb27485a08f4a1b52fd633048cf28ae3a57ba15a4bf05e93507a5be79c061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f9853eab66c728b5ddd9acaa6883421c

SHA1
0d93852a70d7bff4b1cc74b2c8185362b6e72775

SHA256
e5535a7b897e4c439a357ee16af0a06c898c23d2f99b8295b61365ca798e2c43

SHA512
495203ac2cec0bf8ebe9750ef19d6e36cea37410bcec58b1b1e712ee372a65d3758ccbb9a090d351a158be570932262ea94a18648cf9dcde24fb457276e1eafd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cdda87df0261d456180c303167e79cb0

SHA1
c337da003814f20e2ddcbe07434baa0c23196f4d

SHA256
bd8a0cf0555749b96cdebd2b3043ff968e69ee53888edf1a7c365d821aa46615

SHA512
97e04d64c6f04cf59a0ee8005de79bea32579cca18e80ad79db861fee2b6965d66a696d690985ea09a96effe72fabde9cc3169aed3bf7135f93bf5d2659fbb50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
43b9a7b9390af0add5e9cdd1a8d30df6

SHA1
a95c9fb10d83d285af4f317c7c8fc2e7d34bc60d

SHA256
e6fe1b9d3aecf40b69168ac455f87c2bd53ac98d22f5fc8e97634caec8f0d7e7

SHA512
99a8a7a2d676e4358572e1bcaed87bc05fca859091c99d7f97540f9798c9791dd33527e913370e645377fa936ba41dbfa0e60de1180ee23ad461e6b4a4888aea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f089ae85d2d94d9a945b10a619ed0252

SHA1
e5a4c86a8441c4c55ec0c49cf723cabd4a219530

SHA256
b3667b88b6bd1856cf563c70097c4d7b5589afdbb75e5c375afc1697f003645d

SHA512
f83102eafbc5c735b69dad0c9abebc0e88229888a444258fb6f9fd6abd4a46d5b938baa098c6b781e325441c1410d91334c52586d1109058c04022baba16df60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
53441ababf742d6d9ef0b9692e9eab9a

SHA1
f0f31981b673f934a676f029641e70d771eaf82d

SHA256
9a9d4d79c720dfc962291bac4dd969dd85e79685c54ffb42fad80d6a646fe54f

SHA512
572409749de6a3fbc03c08559d88c56155b393b646cf598f7bf10b3657b63265d66074ca78759e5706d6f6bd2593f31ffb6017fe5d2bc5873bf4127027d460ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca458b681e3b86ac7796987db56153aa

SHA1
9debd8ec34010e000f9ffa8ba5416361185728a2

SHA256
1c2507207ee423ff8aea05e4bbc36a82da7bf3e8a1158398c4910b6a33466c92

SHA512
f6216f740c7b7512d684fc835ec4f45050bb386934b6d5b2c59c4da3f98000dfc1b0642ca2a76906d77cb78c167421076cc5147796cdc99d2016b84087ac2b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
68e1c54d7d1335d12b503eb52fdddbdd

SHA1
7b425d210fb5fb17d7392770ba4532914d52fdec

SHA256
a32fcc620189660b46b9d8b16a1c682ffc6d403ca4a42c26f56b0aa1f7391cee

SHA512
874fbbb186b4a6ba9918f9bbb52147bc67d6cea55a5ae2aa0e4fc0be2e95ffdae7197252962fad9b9080ae46339f05311b9874b25db8b01a81acc97261df9e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3f8c45445c2476dec5e8d5b404fefdc9

SHA1
040cf5e086d5573072c0691ca3d0998916cefded

SHA256
bc8097525a72452aca0fcc8dd99babd89fa3f86c277208dbe91ab828f57ccebb

SHA512
d7064662c405a5e321cd9f925b0d90d62e2ff54b415d0fe5fc95dfea9f7c2290a6bfb08e5fee9bb0be9ec691f8ba207b70714764531d21e94ade7b084510eaa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
82c3960483eb54521be09757d1d60de4

SHA1
f3d15a6e491e26bc6716aecc7d76b7f90787a96f

SHA256
7386adcad104dbcae396f3c36e0dd5d1b0344a110c88ab7fb0a19d4c02a4676f

SHA512
b034b03d356732d4b9f075e214af4947a08934202f78c8bb936a30888db80a76a8be17c7483e9e79018f3491545786530385955a8b0aa19ee6f6ef143e5005fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3c2d95e447d3b25f9b55fe9f70f3fda9

SHA1
183a08340d1c2245fee672f2da7e9d5e8f32acf1

SHA256
82e3b6bff4432845903385ca987c08cd18add31b01dcb9b8d7798ebb68efc4a6

SHA512
5ba49cba2a51769d3abaafbd3a959449127ae3604d908588a447fead944480faa007fada276709b967366bc5bddba39d05d8837f6732ccea3dd8ca1942fe03e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b23d50babebc2d46c5796c17c9033de3

SHA1
a2dd09d51b3515a7d0a9bcc56c502b2395ccb2e2

SHA256
8ef1a52b1fe9eb5b64162efedb8a26f23d18ea809980df011b8ac4409ed95ec2

SHA512
42c9b435cfc60ce2e23f584d65bef76959368d1a2f0dec6d171dc8234c1dc2879b390c42a022c25bdec23a805e9d0a5e25f038be33994e22c5b9a5176f25d16b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0e5d0d397eb2ef095eac1ebd0b250af2

SHA1
ad9ad23d6484fb47cb2fd8995b96cc17012f8f13

SHA256
d235d6abf4caf0ab0ac02b97723450ef5e005c90afc94c2d11e71abf7ca5d074

SHA512
1273c715a0b565402733019c353a074d208e6561cc4d577f0c42b13657ef8d7947b2c6098c47efef85359c01b512c5f70f32b9dc1bbc3657d37547586b48f413

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c50fbe8b5fb2ef25a6dd329057cf0b44

SHA1
04b9f4b0e9fa8ceb30238d7489bbd7c636a93e60

SHA256
52bc5badf8467efdd42d71aaf60d86a5c1588595f1242d8db362cb385c49d62a

SHA512
59024d1317fdf662424e89818473d308283d6aaf84266bbbaeed14d60d3eb175424e6072f46762066846b1c1d8fc3c89270550c45a31cb72b69c4eba42712ef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
db78e1c61b723326f9c6a5c7717fec68

SHA1
39c2b9707e128de3ac42a30341f783bb3779529d

SHA256
79f98f6034a7f93737f71d4b0a011e521c1c6582110a3767f7acc80e96ec3245

SHA512
9eefc69a032ac5403e59d7f6a4d09262e3c4f3d0b89138d8107c6e992c552624df8505ba581d12bdd66a62098ce88d11134898760d39c90d3dbff8cf28f1ddc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
23f53ccd0fa26655e6029c598007a7cb

SHA1
543e141b5a3f2a3618ef3895bbd4bf24f68da40b

SHA256
0fb10420e89b77b794b3282cd3757adc7fd1b8aa224608bc4d2c4b52abd2e675

SHA512
ebf9eb971043a15d51faf499e73cd705cebfd423c64dc550711645b0853df5c8325ca5c9499098edeff9359bbb70b0929bf4faa3daa164bed03c89d61fe3bcd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b5f32b2e5bb5a0bdff67d858894f618

SHA1
b505663d6191742d23364f5de012e889abfdda9c

SHA256
0090a0be0f837b2fde9d3146768be7cb62b3bfad7b4596b7edb287b9b60076c7

SHA512
37c514d189a357380826fae1c9458f27335244aabbab4a78e74fcfa1dceeca08a2032c54e9309e129c58c8714c8308db4de45675d9682ec9c50903e77a685948

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4be933f4057ec49790cbab8ad7b30a90

SHA1
90dcbf7cb5c59531ddaff0e3c5beb54012a001b8

SHA256
c47b33a63c3625f8daa1ec3131194f7b969115b92c4fc29dbfd2ef09882c2554

SHA512
799687041cd0c62794f96d12d5f4fadfc5608a05d4b63448f5ddaf40b82d9f882b29b8512bb22a4896bc60063df5b780e9879c2d090eb8af22308e1866b949ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
56e53070ea3008a4e874744563fe082e

SHA1
cb1aabfd68eba0ee08105281f8db66354617b198

SHA256
12ff4da3118ccf5538bc5be6c3d86b17e1b971b33573df50c02c0a3dd8124939

SHA512
af472143d9e1adec1fbecc01475f420cde741d7bef626b14ec3a8cb403a57c04dbe3effb4d78525370c53c2b4782cd76f0d24b2baf378ccc76b0a7a4fe29bb6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
deec7bd3473db63a8c88e5d778aac8fa

SHA1
168e1bb504992682f4daf223b3d8f3a8c2c09672

SHA256
855592d2b26fb9707a930a9fd05e693e4679e877d7906e435791dd06db48da36

SHA512
05fbf4b2bcf592ff30374a11395ad8fde3cc102efd261557e1134f77b3873154e2217c67cd9b78841d2eaf63073d46955eda5184cb8f0774ba2eb189010975d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2f601583d23da6b341875242f9035e58

SHA1
62918c0355874c8a4680d04344d708e5e48abc80

SHA256
f0380ffe85c8023622ea97f4bc69fc3e7a63afe87b4359069c1d2bad64223b77

SHA512
0b454bc8ef4163e14a456ca5c79e8b140ae08eaa85bd170afc357f2bd36b58d9cf502a6d36e67ada914131528b7cdf0fde5caf28d3cbae33c2aef20f6e0b194c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
87dc621accbdb1db38236aca364d4f9b

SHA1
0568d38f4b060a95ec0080d683fe18bad30d8ad5

SHA256
aa64f1b416b790da3fe4a934fb1c0730ca7fd43cdb0cab83fb563d9c3798ba26

SHA512
30d3a1f7c9d99228d455ed0e379d9c59f4b7a047a07b2836b959d4c7e80060030b2ffe7619d394e67cce5e99ca77bb5596297cf1aea274c0bd5220cecc153fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6749976d76d9557b5317ce9ffd2f8926

SHA1
16ae245b399f27ad7ffaa7b0fa520fc6e79dece3

SHA256
2ff38fbdd3f0b8c97e884c14709470b6869457552de57b14304239a2735198b7

SHA512
e5ddca4750a0b3a4c343f4be860b1c4fb3eaafc0761ba6bdc2c7cbc1bae25f3d368b44636a146a1f0493bc14738ba900dbba126ea65eabf6b13956256ec32a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6bd591385b315a9e8bf83dd4d6436cbb

SHA1
4d96f3430b3df7f940f367f9df07ba7c42c65db3

SHA256
db1fe398a4c3518dae094cbf0b5628f2db4137f5aea23a1c085b8a706d785b85

SHA512
62156b4a9f55e9ae6fba3a7da56a1c3395614554cd43c56bf7d2ff3a2f918e0eae52ce1bbe8f8b22a85088614a0f2ae77d5c3d8d7a9991fa04c6a8a5faa2cb7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
55dcf5af75dc1df3a53b703a26cc2b41

SHA1
c7f20d53db1d927c576de155a4802b12e2aba472

SHA256
8e44b80019a9bf96a5ecc8a08f5442e3cecdb73f640c8a0d6732afa90177131e

SHA512
a43aad569fa67649c3f0f50004dacff611577215f6c5724edadf00f6c2014e1016630efbfc6df9e3f7e76fc8c27d024a97d1e930f9d214dceee5a0154d8ba7e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c4da610f1ab39bc0cf860893652fa0f3

SHA1
b2eaff12add059190d13dc3e173e3c175995a4bf

SHA256
f5035de6f7c5ce40345d52ef95878abf25d4ec3622fdc647ce6467bccca50c1b

SHA512
fc348239317f940cb9059dfa3bfbb66d7181f0fba7d99b32d09be4507c19585fb4c3a3c498dfe4fd1499e60054386bc852c763dc52709348dd73afb35be04d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e9d9acad-8be1-48e7-b205-8bb99247a8b8.tmp

Filesize
10KB

MD5
13e3056573bc37d78134ab3b55f46253

SHA1
9f5ad5a53961df585a5ddc76bdcf5cd8b5c1c1b5

SHA256
9085f582026dabcc658c85d1095a98fce2a2b15ef60f7321344084fa0ef42627

SHA512
7803f0321b2df0d5413ee0a501ec8ccb2cb95bcf1493f43755848758fe03743d8db8c5ca364a5a10b148b7b221dd47bbe5b1223a035341bb427c834ad1671ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
026517a59f5b12bd289225bddc125a93

SHA1
a1a080bc9937bd7f94e7a5c3054bcce20a538239

SHA256
992d2d3b05456a04599c2b9bad59f4149336e73cd1e0b20ed94c4077f4f2258d

SHA512
32aed714678afdf28f039b883e9ebbf7a89f26d6887d64dae528489e759942576f1c9c0fa27c9bf37314b58f591ced8461567a1fd8cee7338906b53c1d0c0645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
0e136475d7124d11894fd06c583c7ed6

SHA1
0dffa68b108ec230005fbb0211475a6569db560d

SHA256
3cf1bb1b0688ecc46a5ad7d949db05b52c56b435ee3cd116c275f78f6382f0a3

SHA512
57075e49408ee8a9554065fce88df3b12fe7d7b7d5a9a22930b146125caa1b79eae853890aa9ac03ad140c3a58932a53092156bb3b4faf831370c94c84ed3d7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
fdc90a3ead75a737b3bbb919fffa2599

SHA1
6f132908cdf7d62375ca92fa711492da4d408cab

SHA256
a822001bbce97d089d820e214db9405bc659a4d4cffd9a3424787df9e4fae8bf

SHA512
e5508204584a8a9d103e6127125fb81c058545c374f302df25c41b820fd5de2abb926acb3f9b815bc47fddd16138eb84fa131bfaab5f51ae86b2bd1bb9e6e017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
820B

MD5
80f2de071cc951cc178ae87114fb3883

SHA1
5033df06a44455e4472da24e089fb872568a0581

SHA256
e8cc5e12a7988c4acbd022ae3369576f29c1feea25bfc4da24d552207f8b635a

SHA512
d44364ddcf10eea1a45f7e0ffc01566ed727696b8c49137777688b7ba6b33a7b99cdfc295acf47336fffb09fdab7ae6d08ae35dbf81caaa5bf9242fb6277f679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
828181fa4668bb6a5f92148d5ddeb862

SHA1
a99e3a2f1857107c7ed81b881ef8e24b92c390c3

SHA256
ad85ae7cf722820f9364e67401495e04b45199c7c20784eae3e62c9d37afb921

SHA512
8ac275ecfffee15fac4d33162b324edbeb90fe8804ed2bc4c32c13665f5c1769464f8d69cca44ad6ffdda28449ff961bac0fd7c8f4576f0c41f1b051cda971ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8a925e781abd1385ab699df3c0d5a99

SHA1
8088325225cf37a286e9074cbf0ca99f96084a66

SHA256
5f6a0e51269a9ea0c14af3b7101de7e30b7f0304d952c118e0304f3ed2b83eef

SHA512
da418acaf61975f5dd633fa033553430d54b6b89386d870788d6109ba9c0f5d38b3e9ae2b18da95029376e39c6ef4acfbf811b62bb9727a1e784b5025875e79a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
06dfef8900e51d7e471703a8bd655f4d

SHA1
9b9c7c4f1d0482c32d8f22317b522ba201af864d

SHA256
6dcde261880a1ab8e9f3e8b5ada2656d18fe7f27972351a027d7226ed6db5be0

SHA512
60cb7d5f6147f99d374b339e54211e460f6bb02675beb397e59db42cd47c093ecb392e7de33f610b7e7ab8d7e60a33c5dd05dbc671210347338ee303386ba728

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1124-497-0x00007FFB5B200000-0x00007FFB5B29E000-memory.dmp

Filesize
632KB

Download
memory/1124-495-0x00007FFB5AF10000-0x00007FFB5AF39000-memory.dmp

Filesize
164KB

Download
memory/1124-496-0x00007FFB59CA0000-0x00007FFB59DB2000-memory.dmp

Filesize
1.1MB

Download
memory/1124-494-0x00007FFB5B300000-0x00007FFB5B4AC000-memory.dmp

Filesize
1.7MB

Download
memory/1124-493-0x00007FFB59E80000-0x00007FFB59EFF000-memory.dmp

Filesize
508KB

Download