fbb157f72f2a2ecd9c0736ef497923ade3f70fab55d27fc07e8c58be8422fcb3

Analysis

max time kernel
1049s
max time network
977s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09/10/2024, 20:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

curl.txt
Size

1KB
MD5

0debbd3d6ee8fe2b7498fa75d894a401
SHA1

fc248063cfec29d6d4482140b1a42c046e678195
SHA256

fbb157f72f2a2ecd9c0736ef497923ade3f70fab55d27fc07e8c58be8422fcb3
SHA512

0e08057e0d17c52893ad6d1a309b4f570b6d875ece02f0fc48d740e94ce02837fb9569bd55c8d9e7c7f34fde9fe0a949cb27e105048be4b536f04b03dcd5bc2c

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133729783226212143"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	cmd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2120	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe
Token: SeShutdownPrivilege	4548	chrome.exe
Token: SeCreatePagefilePrivilege	4548	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5788 wrote to memory of 2120	5788	cmd.exe	79
PID 5788 wrote to memory of 2120	5788	cmd.exe	79
PID 4548 wrote to memory of 2460	4548	chrome.exe	83
PID 4548 wrote to memory of 2460	4548	chrome.exe	83
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 2888	4548	chrome.exe	84
PID 4548 wrote to memory of 3148	4548	chrome.exe	85
PID 4548 wrote to memory of 3148	4548	chrome.exe	85
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86
PID 4548 wrote to memory of 5552	4548	chrome.exe	86

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\curl.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5788
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\curl.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fffc5becc40,0x7fffc5becc4c,0x7fffc5becc58
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4432,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4568,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4556,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5024,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4852,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5168,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5012,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4524,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4256,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3424,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5520,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4520,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5736,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5728,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5104,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3492,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5484,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4656,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5460,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5124,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5188,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3524,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4292,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5236,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5708,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5748,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5528,i,14251966504585705523,11071224291896682303,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:248

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1324

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4320

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:5176
- C:\Windows\system32\curl.exe
  curl -L https://github.com/yt-dlp/yt-dlp/raw/master/public.key
  2⤵
  PID:3584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
62KB

MD5
2a269f39d847da7bf9b5d6841726b888

SHA1
3e3fbcdcdff5d84a331c0ecb9106637137cd4847

SHA256
f9401bcef77841dc036b71ec058704f10dde85bcef9b7efc42a12fbd0d200515

SHA512
40e14c79501180e5d0a28099b6df83ebe37f8b043cdd9295bffef7c4a376a6226ff330f8a0a15189d361fef1ca2bc661907c0e7b141c72257dcfcecec22719c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
45803bde5426ad9405df0f91cfce3236

SHA1
559d89700584e3623c2aff768a69bc7f925cfee9

SHA256
4e14c35791d0dcc46503e121a81ee49256e7f98d67c008b0ca1f37f05091b7eb

SHA512
c40af08fb7c10de9af9b3f22e31f3426de546558ae1d7e9c8ff2c8b93bbb8b365fb8b20299ae4194bffab5503a7d57b5fdee24d21c64f577d5b9b847c65b0bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
82b0513991c8c8f6baa67a261cf10c72

SHA1
932bcc8e8980b0405a5526f791e5c015ec7b8e0a

SHA256
0e3776fbf390a81f2bbe1ced35ba8340a0f89e2a24de10b82a51b1ca730ee1d6

SHA512
9b7bf9a5d24728374da9cc22be40f80e2a8c9e6d5d115eaf9f5609dc7b76002870fa512d60c4c64f23d0303656fa0152b53a36daf8ce61fb8fab91ff109e4837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
51e8933c92bc0b72be173e71c5b8f770

SHA1
615ad85cdee5bb9d6b97cf686179b6e05b10a5f9

SHA256
31a712cbe41b4bb54a5036cf814da88a4cf020bbc7b97dfdd0156263dc8f1336

SHA512
b659e42331eb16d390dc4ff22fd35bc145b7285834b16b75679f2385a028de671c218fda85eec8ae106c55061da0e12e9397e5da75e9b55fbb09b969d98147be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
f17e731f1d720ed957033fdeb1bf84d8

SHA1
8c8a1b8796b368c97d78c82dc1c1b9bdc2e3f76b

SHA256
8a4330ace2611361af921b9e77a5f3b6976ebca0f3eb5f8743bdee91cec70a01

SHA512
097df8b0950cf77bc94c616ed9225c31178ca8b8f3f82a34f9080411116ec8c3ac8a4fde1fdda3157196ab2e70329d1ddd98e5f08add7f2b00a058a12f9545bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
c9aa6502fc7429c9d9cd4470d9446d3e

SHA1
14aea9a7b35f4690f92cd97c0b02596d626005e1

SHA256
1568052725fe543904fec8edd4f2099bc4be00a4bd68a2b3d8387e56d57ce799

SHA512
1ff46aff3db3ccb3392e08d8780aee4c048ec4c71341161293d07150a9ab907bc0d6a41dbb83f52300b8a7f88d2cd3b6f048c1fd436b02612ee5193a4e94e56f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a96ae67ea4d50b9bd74c6cac06762d9

SHA1
22fca38296227ff677719c0ddbe96dc59c788f55

SHA256
5a781efac773e7d6b2d79b8bb990b5142d0f6f6d418dd6c95bbefbd7ca08f15b

SHA512
c9550daa12668a800852ce14a44a20081f7830189963e8d5a642f342dcf17c269e4782a71ddc18c289393727d8510df116af8609aef46d6feeaffcdf1ff2801b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7ae3fab74d143f490124958092c4285a

SHA1
62747573971971525b80754c91b2731bf798763d

SHA256
81b8e8cba5e70065de6fa6dff023b87422fcb2a995008b0585162cf0495b0181

SHA512
af9cffbb8777c854f2407ab27e0a09278de0bdfaf0a03346f28dc772730640df897f56358996e726e0bf1d9de5eb98c0a974d51b907d325de9ba156cf39117ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f114509a039c3db47c1ba924691b58b2

SHA1
0a5b29aad45b968fc139a3dc71190e861c811510

SHA256
11bb27afdb3372aec3b9b09320028975716b373b029b148d9faec6bb6beb37ea

SHA512
cff9933244d19238910ac36049ed6cc5a41a2501d6598ee283bf3b7a5f28ac7e3d36c851d36a6c8eb1dca5436e13ef66accde87cf4de196d922722f2e49d5ee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b37096bef4584cf12736857da8340452

SHA1
d08a1a4da09d8dcb772021d4b24b7c0212fbc58c

SHA256
064440c173d4c3d97e090792affff985325591b61a15621c7db1d56cdb6dd6e0

SHA512
7c456897c5a5a61fcf0792beb0538c57ee1a239c4dda4dd64c39b73d3c5e2751cc1751ccf90157024cb9cf53e4a44280646b05ebc61d281d44319c01f6a6b29e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d264dc72a02e8ab9c10767d42126b53

SHA1
705584ada9250027344cdd28097bd9e146c1dcd3

SHA256
bcb91b65af0aa0681e3eba6ea3b124736e6ec7120dff1bd737f72cd5e1ce653b

SHA512
a497ac8196f6448d7a181e230effdcf03480415a24e30bcdd4945134056d68b6f81ce1beb870abefa514a366ed7ff29f9f8f9431b85d395e2d3f305726950dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2a8a23fc2fd9d733fbb3f420320b3434

SHA1
a850b7212c06eebba9156150888a28e81030ac53

SHA256
7810b7bac31ca7284d3d646710387078babc9f778854d061d27ec217019e8444

SHA512
baf53a1aa1075860737081a9062a03faa3f7eea2efc7a9407336bd50ce2c9b05c5113b37d07bc43674169214f400f31ce6d4d7d6e3fe8e02762dd88c7ccfdfbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0400eb8db5b4849e6f4681bc8a114ca8

SHA1
5d874bc7daf1a83e19d68369b132bbc6568d3ca5

SHA256
0b756ccbd5b0d2963b5c5ed6f4a3b8bddbf16c064fa63d4d4fa743ea08b8e06f

SHA512
bcdf6790deb8fa5737e73deaf0229712f7bae63c58cdd902ace90d845b48cae6f83ad2edc4ebee2c78cedbf7068310c03177e2d41d5a6b370a28a644d5a9a377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c87c7048d70a7a3084fee882eb7abf1

SHA1
3a62853c130c490b002e0131ba54d5dcb2ad7bd0

SHA256
7c4bdfcdb9edc12793d4c9b955e95a1e12b5cc00e44f00d0b24adf675548b106

SHA512
f12da14cd962c4065c6133a90c8d7c397b4c6729be6eb853e85c2c9fff005ee444fa6b3571962daeb34553463410ad8156bbfe47ff442edee5a98c16f355bd10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
837ae4d393d769daa7bdb3342e421e39

SHA1
eac5ed00d325a2e8385126e28478d2362162bc08

SHA256
2280aae9f73ff44aa3db02253822a423a7fcc90d150064e8be89e08226e7981a

SHA512
47f6d171f0e2816e04dc74c09fe6e55262ce69174a8a6e4a118ebcca843207a398a0d821c15e014578e13521c8205549af7631572e8dcc2457d2d9190b92b28d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
90de0654bee354a22367b2634adc3305

SHA1
071943baa5cb73392124f411a4d648bcb70ea163

SHA256
2abdcd1d0b5792996ed5c28c4314edf59678e677b61b370f21f950d954f2021d

SHA512
98fa3d7603d41fb19284cfeff57eb6ef5445b31797ef03c2242119da97aec5cc4ce8125aeee4d33f2f5e3a88e66a94bcd071b6fb46a548a792b57fc49fc024f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8a98938bd9ddf62d69d472943af9c2e6

SHA1
11c4d1ad777e560fe128fb4203ace43caca043e9

SHA256
224683e4beb8d378d3e24204e2a2a9d2232564032343f393b2096f7280588d0a

SHA512
d5507d3b443bd9a5caae3dbf623d50182640fface55d65450e9c346c690f4f1ec66bdbb0d8bd10c4abe674f783c02f04e0b8b0087639d5092f0696bfef9f14de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bacbcd7f83abe64e5eff6195e47a535c

SHA1
4c292bcadd7c1dcea47b784babee7e567abe785a

SHA256
04d8b8b1ced4551c1862ab6c56826acaa51b352ef93512d8397133f2589bcfa4

SHA512
c70aba4e5d629dfe0e80c5c3d72c47a2bbc6d3d14d34e23b036a99603bb15ef8168f458b1bc87ea1fcec534eca8273f05cdf2a425a0cbc81d60a52a603a04fff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b87bbfd17cc24a117ad14fb8f87e65b6

SHA1
062bf35cc2a958854a87872c913eb8cb97a765ed

SHA256
1efca2a3fdda38a41cda6f96353591401e0c06ad3ca8c6d3148d619684500522

SHA512
9bc56f44c15ccc470c21d84f6a02d58b548ff0fab8a198a5ce46d541db5390023733cff6be28c778a79fa0f135356f235554b284a17450c399dd5a429d0ba1a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a8df42925859b2b1884f1624f895d5ce

SHA1
ec78fbed60a55018df65755bb81dcfe4dd490505

SHA256
154b061c89636b84054beaf9b0353689ba0e928f237cc5f064b6955de3f4cac2

SHA512
48b4dd1c668a7d380d2475e13f40606c2565c55cea49edc130653dd2f4a9b42957ba8faa1b82a184c92c1f926d3bb9330c924f31dab02f333c6395b99d5718b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eabb1d0c4aeaca2f3e1d2d456c6d394d

SHA1
870ddb6264ed5e6bb5998f6957aebb7ff9a56c58

SHA256
13fef30d98de0e0537f4791a1f01a75b98b457c68dc2a38b26b937d096f2a6f2

SHA512
f93d6566f79ad673bde570bd89ba3dc339d6c406e0eaa7311dd99318fd4d00cf041045779dab2f95f96c47510f1ee675da6000a082aed0c9514de514d4c5b030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a42f96a8d808a3a933f3b2ba9ba8d67a

SHA1
1865531f7937fdc73ea6f739548a17c275c2da5a

SHA256
5fa017140c7dbb08d0237f8ccd79cebd2a46d20a56d5cfa678a312014e9ca62b

SHA512
210fdec0d92fb0d5fcefe51268272854a7530031d505584745ed97044cf65a76269f5104aa35b30705caad2639af97ece8ec0e1816087e385933507473e00ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6bd919229d8e453fbfb61a4d17f5523

SHA1
e6b932286a30d376a6f90e9d94f189ea5fc99fe4

SHA256
04dac92cf4490afabb8b6151c1f8ff88e326ce175b4b35b148a6b55008b811f6

SHA512
901cd741b88e9b6a65234e70f47ac1638d8202e5746d71cf5af051a97d0b01c8eb7799c13438636c0db86f46c6014f5d4b472ce141950953ca595c85b0fe4691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e6ccf586e2e9ba0afefb4c764d867ede

SHA1
53e9658f2a0d7e85e930697cc5946ff8774dc5e7

SHA256
b6f939470253086ad2f273f1f2c05a15db5e0ea1f97aceb5231fad7d3dd83039

SHA512
5d9d5449ffa1b924d92958047e24c6c2c85e9068e132542f635679051c5388163af7e0a2f879ec011ca63db8f61aeef2018b9f928db3085a9277599fe347341d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b8b39498a80467427d1b0946517309eb

SHA1
67235277d4a3336afd280f2ff65f740dd0a6a322

SHA256
7275eceaa9b58e01a3bf9c97549c03e2d7edfd6bb3997f5daf6396c491475938

SHA512
9df07d5f340465ebb53bd564f8c9f8d804296349c093bd27ff0bdcb3dac3a6be0d28e7e7b1d7200702d68b792755b55df35a4cb1cc849c6decdbe19998b5b2fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b6da334475fd42f66fba6a2e101c965

SHA1
3f3da1420fe247bf0a29c2c85ae74cb1743e55f9

SHA256
0e30a3c60b6ecd46ee009fa5c7d751bd80ef411f5a8bdb0e2bf661c5d91f06b8

SHA512
92d3afd7fc034663f8c8964ea415ccfbd0ee88137e67b8848f73b45d2ef8411b3ffd64c757abc7a59c199c3fe8909f647f807e99b0c6fd33ce35c41ce382660f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4ffc97b423ae1fa99163684811633cfc

SHA1
e90de8c014c057260f22890208b33a6933381e79

SHA256
f146a2f846193b0a5762db0ba7916ca4f79a5c058165849c128fa510902a022b

SHA512
84c8288d71acf722aaea2387e032d00c9b9f1a9e15a286548a4b11f748a063cafa8567e3bb25a79c03163e97c4d42a38e832e015c6287a1b0bd10ea3399aaf3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
96fcc5405c9b76cd435e44634f351b0b

SHA1
1969578c985ddf85550a416bd642e50dc8f9dfde

SHA256
dde333b74c19592d7f0e50f0d66eacf66b948d4aaa2d33e324d831964f5fae75

SHA512
4673f7e542f5d0b44676dbaa733222485fae71005e50ee4fdf995167394cca0fd3f228ffc4aa56d6919199b9e4ab4139e617a121e6788f278611f5fe325a226d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
302464b2dedc10fd4fe9de5db15eac9f

SHA1
ed6d4658625f13042771e26750c0e37b7fa41fa0

SHA256
62a635ac0da4aba2319ae561126c2f2e274e099538603b2dd2d1de0cfd3f7709

SHA512
d71e4302e663b19ed2d03ded73bb752ee43bcd78c5c42204265b808e5b66ca7dc6eb647acc41ea57d88680b90dafe0ba99520a582b1f03dda34092d24e3f92fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b64b4eb7381da3b3c3126071c070c8f

SHA1
5c7660bddcc194a2fe8591530ea1c504c935b12a

SHA256
05e1982cb45654d36ef8419a98483cb0a07ae29af0c27ba7cb57b4fef701e609

SHA512
4df640f12eef8b2e8b82a8d1475947150dcb5ac4b4f92ff3f73d854c5461adec0f2924a86c230c6767d8480db3bf15fe197f1673ecdb7557fdbad638ce165a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e255e09fb5ce30b7d92f55754bc73337

SHA1
6aa2147c50238a12000bc2beb9b0e21c830c3242

SHA256
d717d714b2093eda478c5e907400aa94373bbc5c4a9b5fc0ed3b46296ea31ab3

SHA512
f2341f7a5c4cc36283a9a89e4637bdc95766f259464007a78e08c803c780a122538e52fc98addb946357c9dddd1458d853492c38b4d2f8e131808f5cea8e20b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83378ea9984a695fcc26a8e12683652e

SHA1
87b3d5f17c1db842c573e4b267084fd4a812ab6b

SHA256
dc124bd657273037034a5d5c5ed203330939d3580ea5c9bf65abac9f3c0dca57

SHA512
d4ae66d696603e7f1dc019cee5bac5c252510fb10b040e79679ca64420b47a0113819c936f22f3e40f6de50d971563108dd57b5c0f2f400e849b2b58d703c348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12bd7dc23305c75ed2ef2d49ece89680

SHA1
ec6f2fdc3c4b8cbb85f67eb6334af735bae7b75d

SHA256
e78270fcf4948d5f44e3cfda88292a3fbcfc3db599808dae776798c45ab6358e

SHA512
a8aa19aff042ea82efc507f0b384b4f5e33173ff5875bc21e59ec0292ce710789a529df6ea7069c77ee7f3b475044b61ecb983a04bfcc5796317d57b17572f34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d58a3916da62ef8895550f4f1738b593

SHA1
3032427dc96c8071397c3b9fccb4b00b96b95857

SHA256
ac3efd54be4cae7c81c265ddad107effd8844c296cd00f16866315aa193f0aef

SHA512
87d33058f6682017b21b91d7eaf376d87d0dfb489fb001a3067adc0ec680c29f9dd92ba72d73131dbd72245316c140ed8250786a2e920baa7bb839c7d210079f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39a51399c76c573413cb8d92d946926b

SHA1
e1898cc748ff795795ff63f21b4d4f1b7ae5301b

SHA256
d589d646220fd094e1e29dc080b6bff290f70c526b094c86dba39168f3ed1288

SHA512
3cdfafde999cc449514f7b4803aafc3a72bafceeb68aeed29d2b1263db1946cf91990f9a28da517f2590c7e43b4a17dfb2472f1f6931ee4387772de29195e680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8d0ea8d8e1ff507dd3d4942bf1c84702

SHA1
8278205990f451e7e44ef25854f95f154993030f

SHA256
df27db5b20aaebe18aa0cae9df63411d87432f5380d5ce2400613d35fa1ce0b7

SHA512
e9cb7d1504f536250303de740477c2e60a3dded0ff03c544b6effb394f654606f0729c4cecd69aff7e46d042fdab00541e13eff866c6b6c5448faf6adbce5cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53f05a7ebee5dfd09e1530cacdc90265

SHA1
18c8488708ecff382391161035e9de1f8fb6f119

SHA256
f236639df5006e1ffc0d046e95d2537a33a14a1c37899652d9e1dba26358315f

SHA512
a0fecd52e2c78fd6fb357a7df500a9ca4d49433f053b7c4a8662f7cb3d73c1f3d49d428fa41ba8f94cc5b74a46d1fa74504b6ec59c481b9b7a6eb8416920ac31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b02cb6642517cbfead78cd3e4a55fdbd

SHA1
230ab1f3210037fa10280918991fd97ef2aadf73

SHA256
83bf3f1bbe146cf6a0a65cf4c0b67723bbdb17df73d31d5b4228f5f954a10142

SHA512
31fb1e763d4228476a891a7c70d082fc64aa22e8e05233c4bf28c06c3d96648b7a7740c9b4305d4f865eeb99a3b722b456110fae428e421fff5f37310227c474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f6ae1b9bca02bc62a35ad21841e8665

SHA1
a6e2a8d509db524660653076e5f3d433d0e0f1b8

SHA256
7926d367aec1295afe1d618e89e0d3b83e9d3c992187ffee7cc1e83db6323faf

SHA512
f64d963076477d7a5621f28a5e366203c4d9261c7b8dcd2cd2f4c804401b4ed4fb52d886f950ae83399b989f34103e3db897519a4407b1ffe4e455f4fabb0cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cbd67fde18ab83f1542bda4125a8f900

SHA1
1c266fa80bb38d55990e28abc161e239ace8271b

SHA256
9b6d747b1af2154ccda1d28ffad851f852e2c31049a9515d520dc94f5429c3c2

SHA512
6313989f234ffeddc7bfe4a69da6764a0e9f5ddb6265cdf925aad8bbcfdd19a463caf96317cfe2dc4c627acdbbb8e6050f3d0a2dc095d5988ce7358e7bfc8e6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d371d64817514da9f7dd4887d76250f6

SHA1
b0934cc483502260a29f403fa6101494bcd911f7

SHA256
8f44ee58320cd0be04677ce3400615e6df13c48b56e20c6e55d8f7fdc61e94cc

SHA512
cebf2d600943bbaf1cad54d967836fe5c91e5d6ec3a4e2f013f91f6eb0b666b58307120f2d0819c708791ce909e675cc3a9a79714e19a53eab825bd50cfd775b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27c392c838ad0eae10ab48d6dbe9b114

SHA1
c66112fa170f1b54e1a9074d1e3ee746d28f6e1a

SHA256
50751baedbb53f3ca0af343ae045c0684594b80ede6922325518a46d1cc0e9c6

SHA512
7f901e4f2dc2bcd3b2a83088d0b477c65cbdbb7e73a23bc092e872040c3d81b643ebf34b80c49107e8ce2ba25b68f8b79b754002f528c9b30edb467a8a3bd952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dca02ad318fda280e8867328bf206336

SHA1
f35614cf72d81eb5eef0df62f2e6883f19ef203f

SHA256
29928b612d7032e923fb41380b5ce6f79d77804744d0b74f43a1098bceaefcd9

SHA512
ec51f5d55615a9fea34f809f2585f3c14692adacdb88dcd93300682dc3685ceca45cf8ba8fc0d08a0385402cf61e5b91a2ce625126d1dcf42bd52adff03ee6bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
057c56f9d6e983aa3ec34f2662c85487

SHA1
126a5cd72e4b263dc74564b7aac85c871edaf2fb

SHA256
5381b3c7c4a5654578bcf7d9679be429c9338e809ebc73fabc191fb73395120c

SHA512
e2cd5192dd4df510bbe815a14cd470128f11a38d10533216093ff1d9d4c75fc3f172326e4d351754ce88acd7740a65f99c902887dca30d82e2ee9630fa593ecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce13685d9544a0d925f2b32e28d5bf45

SHA1
3955b3a5528bf2c414f68c5a1464a3ca47d81d3b

SHA256
b5072f0aafa3d20dbe21376fe046bfb9e9722c2478cded7b10192a2643999142

SHA512
f8cc04331855416d45fcebae6d71913016791c6f4cd2aa656e69aca076c149227db788b57f56d7ca9059d612a5588eb2d3c9e11f02fecb49ba088ba4340bd171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93b697fd26392b20bb77678f6327bd12

SHA1
4891f00b8a3255c7b2f9a22cf2fffd8f3c9fb314

SHA256
0c297a571128a26ca9e35bc5f258bb5cc089c1c15c4cd82815e1c603c9fd3892

SHA512
05ba0409893e3cf829d7da67fabfb2fc57397b3b652abc771a9bd5f1b4c82d473710f2a0363cff5d32306ca7f03c84d26660abe726c1cc9f1f414afed7f1983b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba215c6a98034f78901d46eee6283164

SHA1
386bb0ca91953f075b0744d1c4963d8d9272d89a

SHA256
8933f6adf85fc42cea978dd4d33edfbced73cf095cd974e6dde9c9895eb0b3d7

SHA512
bb8598102379ffdf30dee661e5bce969dd2d91bb39abd29a56551dde2f82c5285e478168fde2ee89b30633e089bce3b6d99645547d7b31fc6665a10f58cbe372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ddffacbfc7298901e009140129069b55

SHA1
306fda199bc7bf96b9a10dfb12882307ad0b2a9a

SHA256
9208de4349fd8f95de833c32ff2a5013dd7060c894cf03c09bd6e14cddb7a2ae

SHA512
8a66fa9bd1ccf8d1f502a4254bdd7db20edd0b76c56972b09968e04f63b5219ec41ba842106c633dc79a16669945466c0d45006f6ceb923207649150c9c64e51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7efc45903077ee344302c17523b8f42c

SHA1
eec19e5ae6bf366c5ca4ebad852c318e0c876b8e

SHA256
5050e719a59929f2f8e395c33c2271638a76b0f39fc6cef2ca739bbe0e70bb88

SHA512
f1ab2a836e86c72492e403dafb981aa42470dc3cd0e6fa71e8cd5901df24d7537d238750876dbf68a74b6934883e41d7d1ca96822db147b5d0a81563ada79365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70dc9fb601bda9ba331ae3bc6ad9f68e

SHA1
b99cd4644b7f15f74ca53df8ee4ede60769faff3

SHA256
4d01507955a973bda36faba7ea37219cb2a5ba30deb003a6b82c129b00059969

SHA512
8e7ea62005d3c42062d8dcc10e3e33c24a5f7b3124cea12b670f23595048edae4bb65d00acc3397a7402b125c6fa7cbb32186bb004c642c1eb2dc6c723c1a463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
531151fd8e1193c2cbd84cbdb2b8a66e

SHA1
195d2a71a62cb40ec8d78833e0b9feddfa883541

SHA256
b7cfc9f32bdc4b5346d5a39cefd94d066301b991da378e22a79ea57c29b101ac

SHA512
b97f303547c56fba574227b33a757fc7b2b584dad5bee03f8f86cd4189623da00f5866e0c7488eb8b7f9701356dfb45ef6a834d541f399d64fac922cb38e45a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f8dd3655e95981aac9cedaf0d9828be8

SHA1
f3baf5c4a52c0ae8099abe71d2e23e7d435fbb9b

SHA256
06f562f338ea3cd23304e09b7527ff535830b80ffe4b0aca039c015b49568ae2

SHA512
11450fd06b7d334c0b87f7241fe8af160d01c8f73f11fd1d212be50c5ed1bfdcc7f774761ec10d1e4d8f9bf01e776aac81cd45387d87a16d298b3dcede7eb435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo

Filesize
37KB

MD5
dc22b2142713590e38c3125ecaf8691e

SHA1
202f2e1b3ead53bdbbe85bb455fb3ac907f4ac21

SHA256
daf97e890462250124ce916d99abb9861b719519d0a41431d6ebfa090be07665

SHA512
bfcab6d49344f0ff8b45fd4533418ab27f5db9080b42a29fe308e8c8559a986c1107260dfa75204eddf9e1c6a4770c01784c0cb9eee21d5f4ac28a14da4e2dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a271dd8a0a762cbfe8c1f1e87ed08d9a

SHA1
e44479681a81f6a4457c6b25b4baed25c5f80531

SHA256
8f5bad02f2062489ca3b1d339cdaf70174380367b4037a5adeba12818da81def

SHA512
51bcf17f463f9486c8695143ee18dfd49886404a7a8f5fd188b6caf72f026dc7db1dbb8797f3f233410d0c29b215f8182bd0a5a3f718910a40b2856f23b0e274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
7f692ea4cdc10c24f2033e368f58764c

SHA1
5d044ccfaac2eb8d1382baadedd7ee00a04b6501

SHA256
acb571ad5b2ace955f24a8f3251cc93da2110711bd8c0872bec8a531f71aa149

SHA512
45fc1d8b1064a4dcd81808e41492abbc0162299ec40ed85011d86ef49f544c8cc0f7f7c1e44dac3a186fa4dd410a07aa29df9ed1858eb9afa5970380c43908d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
cd668df8c838bffea95d34e23247ff81

SHA1
8a8a1df17bc369c6383c44c048739db1e29d2fd1

SHA256
1f7c186b097dd2de216454f41202bad25bfcbceeadb1ef588484c337b3bac6c4

SHA512
d66cfa1fedecf30cdcbe2e73a82ca47c2c43689956fc139d37cc83fb6fdaca4216613ec5ccfcf65fb7429e9a216766d3787856dd221337c15224ff93e7d52dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
44e0b4a646836bf1164b109bdc9323d2

SHA1
26fdd5add85c9e76ff0ca0f24bb372b4ddca8a9a

SHA256
656fa78c6ec2f855378e39b70ed81baa29c5b0a2ea707138619995040909039f

SHA512
99c05d0d9296e7e6908bbf885019bf00d1aed04f50b79be44ce4a2286c6c60253bdc1da9c89346e23e4818e78d4f99c8d108802929b2e93e1942b33dbe43bfe1

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\93bbd404-24f2-40e6-906d-94523a47a2ff.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit