4d4c98d32ca844411505bf77ae60ace2db4199c3709496e55bd0374c62cbbbae

Analysis

max time kernel
290s
max time network
297s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19/11/2024, 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-11-15 8.41.06 AM.png
Size

50KB
MD5

8679013ab477687566d3307d2bfb4989
SHA1

4b80a4ebe530a5ef0a6bc901344915dd03f8ad13
SHA256

4d4c98d32ca844411505bf77ae60ace2db4199c3709496e55bd0374c62cbbbae
SHA512

ea3be1f0c6c71f2974257febd994d45bc9ab923045bbba2f4b554c92977f1fa092709d9d83dbcde999362ce1741294dfc0d476e331b774924ff945735b5dace0
SSDEEP

1536:NxQFNrZxT7rmIDUfFuPWXrSKz6PdqSKe+L:N6TEIqFeWbVPvem

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133764973819819992"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3587106988-279496464-3440778474-1000\{AEEFDB80-6B93-40AC-A9B8-65DEF64E9CC8}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe
1780	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe
Token: SeShutdownPrivilege	4084	chrome.exe
Token: SeCreatePagefilePrivilege	4084	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe
4084	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 3472	4084	chrome.exe	81
PID 4084 wrote to memory of 3472	4084	chrome.exe	81
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 3092	4084	chrome.exe	82
PID 4084 wrote to memory of 4592	4084	chrome.exe	83
PID 4084 wrote to memory of 4592	4084	chrome.exe	83
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84
PID 4084 wrote to memory of 892	4084	chrome.exe	84

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-11-15 8.41.06 AM.png"
1⤵
PID:3164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe86c9cc40,0x7ffe86c9cc4c,0x7ffe86c9cc58
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1736,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3568,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4428,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4620,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5052,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:2
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5304,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4972,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5420,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5116,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3784,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5236,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5168,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4800,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3764 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5412,i,17864125573079840603,4870220940248017762,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:1448

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4400

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3960

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E8
1⤵
PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
097eda078f62790d32fc7c5f40cd8859

SHA1
49cc693601487d11095166b82ef1f3fa754514f8

SHA256
e5993675982346db963d63bf40601928b673f27a6540c18657df88cbc1d59f8e

SHA512
2f877aa3840a63ef0d9747321210dd42df17124dc8c75a2a07ca4d4135cc44a1be1dbbd8b3650a27f2cfc760f19a3863f0bf5f03068c3f43bc27ebc082550019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
233KB

MD5
e21e1c5d267c7141fd3709f6e68e4f7c

SHA1
63dc49f8a0bc7eda46588972558b118898a11b98

SHA256
5c073779daba3739f20b07242784b76320dd3c5488d6066fc507dc8af2debb18

SHA512
0835289b4f527d9603cc1c1fc549bd87df3e276f3374aecdb16dcaeb39461dbd09e18526e9ae5c5885258589b45ab6c570c018b910d3e2481d981657eedbc449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
48KB

MD5
baa9f9df378773cb28884dedeb3808f6

SHA1
9a43932d23ff5a9d449c6e85f6bc28f2fc221c64

SHA256
515270605d5a6ebee61b69bde18c4fa049479d99578524b17049cad5b481559d

SHA512
62ba4994b070564955b5df3775de2216f17ae2deeaa9441fe9c2cacca9c04b8f4b9690ce84ad6e4d4ae4bd794a8686773b0d9361dfcb38c9beef1cffbbc2b6e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
dc70c915b90c4dbd5f07da5d1e330df2

SHA1
b19cfd9892d874e26c8f4f70a0f4b336394e5f29

SHA256
5cd0019edaa23b0e8a90c6722f5101b4258bfd9dcd0b98805e8dff1bfce994e8

SHA512
38db2ae930f65eac127fa67995bcaf5738a917684504449d30d2d23f1115727ac3e99c649e1cfd43e2251a15ea6be3322e32c144ac9cbd4be4c9e94d1dc1e059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
1cbff15b785922ab2e8ddb34cc2b3fc1

SHA1
8a3628901f721f9b686118fb15f5115091f71917

SHA256
4b383dbbabca953d983b5ea193046c6fbb4719e4409f7b97204d9a75acec447d

SHA512
48a70e18fb001a1308ae794c2f9760d0b2a2cbecd8df797831d9bd3e1810d1a85baf7881c4eb2a8d5de3f9f6acd39bd592bdf73b100c00fee025e2d05a70922c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c45531e01d3baff074732ed5aaa83271

SHA1
3cb1050434d423db0a6b9788eb5d99d9aeac8f38

SHA256
2c7b902f12915a6f2dbe8549f9bccb4e230f73dbaded448c8db31ee4346cbf59

SHA512
04e0dad7bd4aa5fb000659f03906ce7b5330df5cd6a1ee39f1555201eae390b8948fd2438130c17035a16a59842a943a7384d4655d8048595fe8fcf2bb73bb9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a721ce56c55fac4dc71ab6da65ccb38d

SHA1
db0c0fe29e25086a311850d448466cfa3d9a82fe

SHA256
a4d8a3c5580f62a72eb32178d88632678b666341c8cf9d3bf51903e7e31c2e27

SHA512
90fd445c3a6df42b9fcf1bb9c533c5f937ba386e104d5f827b94459675d9c07621b917ca5d2906b3ca0b3736ac810288b0eb10948155c65b71fe05c9e854d8e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5cb6ff2c9a0fe739d54750b0fbbb9dec

SHA1
8471ba9d716fd1f47603c88b7edd44fabcb1d7ed

SHA256
0b70fbc2e999dcc2cd77971c1f60a96fb0d483f179efe6a2f6041946733df9fa

SHA512
102f70a671a717f3bfa8e1e882a2afddcd25043f53b51c0f3686586545a7bc66af9667ca8a40623d384427b340b5d71a3501e3fe6baf9c846a83b808a6ede789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
69d8b5b8bfa48043651bf00d7b108b6e

SHA1
2fd1b6b7654a6faacd3983b9f4e2dea754deccb3

SHA256
667fd6bc4e9d7b3abc815bf5de157f739a315bbed94b8859d34393bc232cb4a1

SHA512
9c6f6e7803c44de739db4c27c6aa8257db913b07e5b715c9e75f9aa228538547e2184ced07ea502c45a8091dd291ca0a22c7a7e04d5a42890a1119f413aa46b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
b2f8d3f115cb6fdaae5d6f5499a92812

SHA1
18012599da06fb060b0dd9d559c2f9d691ea1e46

SHA256
2070edc76196c9419169a3306c4cb1d56cf8f90895e289685b4772a8ce53d4c1

SHA512
a4d661228e7f37bbaa41e55d253ca07dba0301b164b2f6462b8642f6febc8a845c8c8f6494fcd0854cdc5001a18ffc9eb1c7e6c9f976a9525e86f2a520e97e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
51c02a60d64ecc4eb3efe7216b37608c

SHA1
c404eaae59a3cf0092f6f690f4845101edc0b76c

SHA256
26141e5f4844b6114bcd845f491c5b101bbcce8e4ef032314f4c22d37726676d

SHA512
72c3c77dc083367d67a37b901012a5bb9c49112afe8f067e2a624169c1041a9bd95289fc5887e249d8e141a8d0b83fb7477c6403bc90364fadf064e47da5b86e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
5e64d022c06bbc3904333973021adf95

SHA1
6dfc45a429df798d85be483d022123ac619075ab

SHA256
591c9ea2843c2d5f85e468028b16ab10d472965c131d04f3128460fb35581fde

SHA512
909b8da9add3b37a75255bca80c7c36f59554d22438caf7ee3b3c061cfe90ae66e1f6f016894a4437187e71cb39242c4dcef2ecb66ff5c61dde9e490082fb289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6932406d184c5bd9dd400138abee020f

SHA1
29f3fc2ee350c6f9cf2e8a921e22a58073ace582

SHA256
3a838c7ed53f894839c1f98fc51687fa2d64d19cd3e7e93010a4c0364289dba8

SHA512
51c10c22d1c96b42403838f3082f18964b35212a8cda1b4624cf69baf8300c2b2c7340501f766f6f836b7e63ab75e2a52b9195f879df0afd968b0adead173072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba3ca2bfd7db60f65058d8f2eec4556c

SHA1
6d79760f45325316f61946790d7e214626c25984

SHA256
d1df31a6b092ff2b5cc9a4ad44c3b7245301980bb9b3d426e7941b2d91d07ed9

SHA512
1c752c8fedf4251c30ce9e2ffd61137dc9c27b10f6bea0f3b2943603efbb0399498ca4ce11e11513cc2f7bc73bcf53ba87ee0448bdb9bbb247349a5132a37727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7e4bec66c9bcce736198f396a603040

SHA1
c9c45a3c819d180bee6e21d83a9e68a08c1949ac

SHA256
06f00f3d91a9bbbe71bdb7f72625403bbca070a75dad22e81026234777c97df3

SHA512
b5e4de6fe8215e542736da824b4712aa91834bc50079307316deba89ac8d315f3250a0cb1da41ab76dee95b2269cce998fa1e49987d98d357b6a3252c79f935c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e1739c97e4db8dbf77e35bbb66c16919

SHA1
c12f3bee4d3a81ef62999c532809eeb46f621b54

SHA256
3fedcc01478a439b69bfb085b1f36bba4f72ca960b195bdce1d4e23480562c53

SHA512
9e7fce6c294e2a948154781433b397447326a6352dc27ea0a1230ca92b1c5fe81e2ce00dac5bad4af20525ccdb4eb8e425ae6213379e8702ce20e98ceb604008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba01d30e89531f3f0a19034a26eacd03

SHA1
0fb67e256196faa110b4f7c300ab1a9085107f2a

SHA256
1c669a4416e0d8a0bc416a41bfa72c60474f45538f2d52c7f4af50e8e898ad67

SHA512
16814604229d67df6cbec3c833587511f1fcfe9a9a4be05d213fa4c815bced42f8fbca6c2b0b5224c6b6a93642276868e97b4c9114edbc0768ceda4a7db66a7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d28d35ce958ad0fed2903a81bec9bb39

SHA1
a47ea63d5a58ead504cbf8fa95e148ed4c6bfb00

SHA256
20ff626f51712e93043b4299296be28ce1c501efb7b19cf5dd6373b531e86ac4

SHA512
91b5769f98fc88d14a997554db7a8613e1a70ebf8756193eace2ddad06fc681742d0cc671ccc29b9818a93fba06ac5e1b8501688ea1cc518d04d308c99c09ce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab88ac980a76d0b68008fe3c92d5389d

SHA1
3f5e748b8e093b1b68b39d4c2c64f60630d8d765

SHA256
86680ecc28ec3cc75bd0f3564ad9c323c74edb88aedc9c57012603a001333f8f

SHA512
729688ff0856f7a7142b02468b9414e9c6f43e771957587946300db08c5236e58c73279ef12b3f41e00fe798d212d71871bfc86d28a138da0c51867ff6533b9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75c02baa6cffb9301310bdbfbcc4fca0

SHA1
f97577d6ffcc0ed4714deda908348d8ce2a25607

SHA256
d86c403aeaa768ce89a447a0129c392d744a501e8659b78dff6b4f52b82f77b7

SHA512
6488070208bf628a137e3900a8b7487b724bcec197d892df2ec9c1aebeff2a366056263c55b21c3ce42bb6705edf9ecd86295930885283eb3e31c5d437a1de3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
af49f0efc56c300095938e10df979916

SHA1
57063918acb5b2f06ba0e5894888b9008d740c6e

SHA256
bed3e7a82e71ebd596ec2f8e72da8abaf514a1f235e426ac13aa9f531485c196

SHA512
86f19eaf011d8e763174fd46733ea2814ae761cc0b11480d2f679e46104b8693ba5f33154c33962619dc298e7d3b6cbb0a42935030b3c46579312ccaecf76855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2fd2f63ef7fc7a568c8f0607c5c6c235

SHA1
9ab1a38f17dbe19ffe2c970677cd0630d78d14b7

SHA256
b120b7e6095c0548dfd32d6ee7302690ab7e821de19818f354b286471e6ee998

SHA512
3bb316a5970f45a7ff79e4ea56440b77a3eb4a85cf01ed6f9921c7d157ca79f4312b3f6ed097afb1192b080f948dd947a10ae9c9c49f0fb9eaf44854f593f8a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ed96dccf2ff3e32223af728afaa98d3b

SHA1
443fd1d72dc8f0879627b943d3d68c1d32f91fd0

SHA256
0089233aae91cbeb23b1f28ef741a45ad9acb8aedd3e9201e4149a34463a628a

SHA512
e850f39c449fdcf1e80355fe00cc5e573bbbef8812e1270c750c26278de3f79ea392b35b281a9232198d36e2f690445e35f8b5ca756d0ecdb227e2a767efab86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7b993c4753b27e1293e21e694560b5a4

SHA1
6bd8d41f4d299c7603ca26d1a8a6cb601d23af57

SHA256
be356d0f903bb16bddcc0bfab6a98468ad033b246bedd5420165793ce27bee49

SHA512
863b1bcaaf584871199ea37b6f2c5ccca8ae0dfa37cd4f63286bcaa28f78f34fc22acac4293521779aedbb2e78509a4dac6fa0f4b12c215bb87546f0f2897743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
97abdf32842ad7c58b70b65f0074203b

SHA1
17782d61068f9b6b8619245cda45dac5bfe4f449

SHA256
a67469e71d6670891296231670e32bf85a7df9f18dd768bc7357f828bb724713

SHA512
b7ee643263dc17f55659ce7829e20f8ecb84c684dbd99ebec8ec9c6902a0392bf8eb36dd9d7c445d265357a9e9bfde1c27a149c6c122c3663693863732de440a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf96b027f0b899e043ed2ecb78a8da7a

SHA1
9d37334cdca1c66609d56483948c7801d586b5c2

SHA256
8ab65de83ec047548e53d85f5c219255efd8c875e2e116a6017000ddaf066675

SHA512
b6dc59971601195997c3d0538f68b57e4812d754f10625165c8c560dd8070c72594104a450b95b606731bbd0c1ecb6bc07ac065b1fdc7e51c78889c6c1272c3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
477efd4774cc61f144720afdc38ccec4

SHA1
7bda32be31114d127233ede001c8bbfcc1d5a449

SHA256
fcafa675223740809c698daf7e5d8bcc72d71705e4f8803391abd1e32098894e

SHA512
f9ed216331548ab220b8538a083070bea08eedec2c4727b192dfdfea1a4b44a8b0c71e9c8395f0e317d8767eebb4673bfebb4d45c1717b458c13b8e090d39692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
65558ce2fea1411d141f427a1f68d2c0

SHA1
462ef70486c9421f9a16ca7d73159462ceae35a0

SHA256
a694e8f2eae4e8fbf51255e0f8b99adcfab3a9ea976a1de92b6f2002be012552

SHA512
bd99eb3ab51f2c35fb332bd24cbee3514d9cb231b5d85be7eaebf55cb929cecceef65f566f7977ce5d0f6d9830e07d61087d9877fe635b187916a0d4e53f6613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bba10370cde605fe5f7cae21f144ac0a

SHA1
feed931f959753e07eea8223bd0ac7a569297c6f

SHA256
044a6ef66000cce55f1c0a22733881433573323b0a981268c17da8b290292d71

SHA512
651b0917111639e0631ee34e54d88a916059411c5c4c5417d7fefb8322905c63165862936d1d8dd9d4d3c4c961e8149a94c87a0dee2dba74331402f87e8aac3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d96afaf0ba1314f8be9cefcce48a4f96

SHA1
0cb6c7abca3868a6264165ed3bd77df9166ac54a

SHA256
1f22b64bd8ee114dcdeb0711fc5b7b2bcdf69f51946f666456e1bee4c10122c8

SHA512
67ac32b7a6297fef0b0739bdf208b98ff0f74231193af3beb4e034776ed8e74aafc334cd750f4db3697730d4a1a75b7daa979f4f1acd462adfe33120a41fc69d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
92a6df97a84c3294c442e7e141a17189

SHA1
5a9465ae235370dd6bcf96bc711b7dcf2ba210c3

SHA256
ca6c9426d71b45e6f3767e350a7366e9c1d54d0c249de6596a0828fa701b66f2

SHA512
324b51be69587a91caadb31656f9485c381590e7c5f158116a630a0183f0b1609e0856265f81b2e72519cee013239fc5a6b8485d8af71cc0986e3c1750721e7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7a27138c4e4e07ede7fcf6d64212488f

SHA1
75566df74090edf8c7007c4a6dfff6a4dd7dc529

SHA256
ce1204aef8bede0ad6ecd597f2ef2afa4396df90b722ebbca4a90e644687f9e2

SHA512
31736a3eb00661b6a3ff1b2d5815ffb289f60ef1d88acde8d4bfa1ba8556d59fc90c52d5c0c5f08eb7bbc2e221ab484bc9fac04c3ddaa7dbb26e52122a32e112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\95462b59-19cd-4431-b006-59061f72caed\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\95462b59-19cd-4431-b006-59061f72caed\index-dir\the-real-index

Filesize
624B

MD5
15ea762a07ce75441939275e550bf927

SHA1
0cabf80adb4b4d4f18f740b5a9b62284a880b170

SHA256
4d1f024968eb9a85dfeef527113ce0a1825c3d72a156e4cc8de4548eaafdbcab

SHA512
e8fd6a1671fa0b5767f6b8447d08d55dd1e1ebd8dcdb9818558c2fbf245032e5fc78e5c1b9623c2a75c9f4e0022766d09e8b6f2d08d28eb9313e4784563d771c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\95462b59-19cd-4431-b006-59061f72caed\index-dir\the-real-index~RFe5a4930.TMP

Filesize
48B

MD5
01af378f9e3d2b305401c036dc1fe29e

SHA1
d33feef87f6e5a22b095c286cb73439051046366

SHA256
a5548d333e4792caa644d7b15cbd04b9fac487621757c562156a357723381884

SHA512
4a5722660d60d04b77917d5f38106c72aa84cb6356dd3ad4c75710b77e1f4714ded73497a82de3b4764c86daf47e3f8cafc820bb8b64282e05784c83d18e33cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c7dd902a-a6d5-47ae-8a03-884270674908\index-dir\the-real-index

Filesize
2KB

MD5
6f390cc7a416df3563af37c06ff5080f

SHA1
e918e6edc25906a12916749e0b214d4cc85f4b57

SHA256
a3ae2a0eed20c048b8c981f78d261e432df22ad2b017ff2d70f2fbdb7dc57790

SHA512
e3d7f4718c9fdd7248e5fa2aff400153323454af3d571869aa41bd74272d2e88da7d600418c31f40b3f107ec51cdb2462e6ef21c1aec0ffb1cacd79468290d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c7dd902a-a6d5-47ae-8a03-884270674908\index-dir\the-real-index

Filesize
2KB

MD5
230c93ffbe7abd15b89210744f22e97a

SHA1
414d78b18a8a315869c8c4d2014933c81ff9305c

SHA256
1fd142fca874de0bfbccac5b6aa9cbf096c17a47ee95be4a0f75e4520f5f960a

SHA512
3c131bc7e88dd97b9d89be6424e2e1310a9066afe783e3f6065273daf1ed04ea0b0ed9fe9e2dcb58e87d9a3e521bbee07043e20c434f03ba03058ded183c83c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c7dd902a-a6d5-47ae-8a03-884270674908\index-dir\the-real-index

Filesize
2KB

MD5
9a78ab7898e73bf8ff83674dc5c558b6

SHA1
536db9fa1d815dcc8965c58e4997e804d94c4036

SHA256
fdb9b0a64cae6148cb7f028c83508f0748e2045fb6c5b4af43c0a3b64b0d7374

SHA512
a66367d128e73650702c5e69ab306327faa1ba10a1ade07b8065e51f3b1d2b9b4fb09ea1786232be4bbb612ffaad64be1212f40d99c26934d107a1529e925054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c7dd902a-a6d5-47ae-8a03-884270674908\index-dir\the-real-index

Filesize
2KB

MD5
5a569b6ab927e45bb66ceff7ff966605

SHA1
e2160fe6d44288d44b2354b5152af736939cfa48

SHA256
610e10a3ce6d7266bbccd6e1add20d10ed9d3ec2cc053c9b590e3c7b624be551

SHA512
21aacc1d7c6d14acec33bcfeceb30d1f30acd2b2f0ac5f4ce3af745dd9f8d6a243018a6bfc7289511168497459ce1920b055439a8e62ae467db04df57b484ec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c7dd902a-a6d5-47ae-8a03-884270674908\index-dir\the-real-index~RFe59e92d.TMP

Filesize
48B

MD5
623366c080277966c629d1b11550ec72

SHA1
0a5bcd57629476f6a2dfdacb00f3855e8d56685d

SHA256
40d8893c6fa82bbb625b87d91bba2c34a73fef1e5ead1f5887a9ac065e1fe29d

SHA512
4ebc30e6b043a015f3c81e82be0426359af91a4c6b2288fdddec3c3a8dbabc9621c01faf4906686743a41e255a2ce51a324c4bfa5d1a8f77a221bf1160649228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
dbc3d5dfc45ebe1523ceecaa28112ac2

SHA1
8e9687f91ff7ec6682bec33f4268f8049790d40a

SHA256
9debcc49231056ea4f23387bcbc7d9012e54ff129083a683eb65cf26bc525655

SHA512
d015b21b3e274f50ee196fd59233a3aea70cc128f4b20932ee2c594fe592defce8d170d209eb8d836dbec965e39a38771e4cff38a1b80f9b7cc7fa6f54f8ba7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
05b7ed8e0eabc5581869f3c0f2ed192d

SHA1
0330aa77a1a219d69fe720927be70052003fc033

SHA256
6e26df800439b19d2bef091ce20564bbb5ab978f63a6ad56ab82ca9001616f15

SHA512
437482498b81430bae1cc44d827aa97147eea973ef81ce445499fbd22c977e93cc85f9ffdcaf5fd7534d151f0b3ca0436bb1cc26b3bddb5a3910348e6226b9da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
feb27819744f4cb65e6feb39a3470308

SHA1
9dfcc6de8e1393149759acf57b05a7e3e461b64a

SHA256
ecd16d79231b5ab1253546ee73622771d3c7be72bd5c5e80c351748fc5a41296

SHA512
b760bb9d44b683d6551a8d04e798ad66abf1d2fff8e5f61a1ee56577f04d90fad3c02168fb2ec156b9fe1620341db69c3ff39dbd024b8f4f5ffd63079c819a94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
12fddc6d58c8a3415042603ccd83a910

SHA1
0d762ae4311177a10d597bce7b7a3855c421f39f

SHA256
d44ad1dc588efb90ae6f600bac3d5ae9ff1657fa8229f8e15ff61ae0e5bbf8b2

SHA512
b0878900605e36db46ad26739a8503510dcdb17790bef52ee4d3e88da5121b7fbaafcb7ea0850381be59721b047d602f94cc543a6430e8692346d8d6d477cad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
99cf77d2483da1f230b0468305871ef1

SHA1
d1e58cdd62e74b511810a4427d4727cb0245105b

SHA256
637edc143a2d8d04fff048bbe3754d381cf771f000e7212437fb441d5b089d22

SHA512
74df74e0938ca5de3b24611512fe13ee420244d24812ad0072039126d27a4aec8fc279f6d6be71a532093d1dd6a8a0bdf18fe7d03836e08da48b7ba82c9eba12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
16dcfea63b31d699b633cd2e4f02d34c

SHA1
1b212fc6196dcc6133af646f01b6ae5ee76a407f

SHA256
cb17565b3490634543fceff027e86867863ec0b103f4191dd77cab60cb5fe4c1

SHA512
2fe74830d659af809c8d1df08a1f952120b8064af37b01b95235f9aa5bad7b7d450f9e489f5870704a4ac5ba283210cb8ecb482a660d9deec0d7f69812d2619e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
5d7edb1f20d2b36acafe406c2389fef9

SHA1
25155e913e01056b527ef5b8da0bf120c509cac0

SHA256
68d0c2a758bb128c2d93d20fa79d3f8c55a3204cb8d9a97aa3d2b04130aeb197

SHA512
ac2356772b519245840137f7a11d453633b84aad6994cdd60cd4f17dcf44c6b5ec6d9b99a99760499e49001aa7f25e650bd663656925b6ee9c853019bdee9c71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
1389b6d44a9d4801ab886b1731c9e9ad

SHA1
5a36d913c9e9842e904ae9b68450581743b8f541

SHA256
f66e5884ec7b649a40c8824272f35da7e23441a58e985d49c955466ad9aea1ee

SHA512
c82b92afb0193cd6421171a8566c1f94c67d2be9e0c667abbba8dec7ce23f5ff64b7bc498022ce5e7ee7ccb0b826e152ae427362f0e6f52353fde27323073820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59d5a5.TMP

Filesize
119B

MD5
df3faba3dcee7356100480b2b8a8e6dd

SHA1
b036f72cfc160f3ca9be3ef44730533f76eb8121

SHA256
35423f3088377a1afbeb510b2560fba5c8ce4d9112241b9955f42f25592d46b7

SHA512
feaeba23df86932b04e2ec7b6e4d906058f7c262248bc36e9a1f67886be156dbfaeea8c15fb6965543df8bd97370d9ec734f58957103fa0b6fcf58e93f0bd889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6dda6d3e80605bd81ba5b0107eb00b33

SHA1
ab836d4e662270ff034e0006a99627bcddaf1963

SHA256
ea9e4fe44af8f49b6fde3c733964cfcc7adc6a373053428ef1c03faea83db178

SHA512
265615740ab12a7eeb4ac511b854db8c8e433fd5ff65c7a31d7414a99f6f7b7f1e1b63a6c0771dcde0ba71efc247006702c0b5f503857f36ad0cff29fa515415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
83b2cc5f7d3c0ac9ec0f90cfac9def16

SHA1
8c4b790f753651716a87c9b93fc59cdad61b98e7

SHA256
854f00f172d60d6149b591bb7f39b5993d8fd39bcaf523fe5aebb7b3897ac3f9

SHA512
8f07bb3fed05f9e43f3dc16a8534b19388c50341cb5063a4001ee318fc3d517b4b1900efd0864519cbe9ca79562ce8b022f05c4e326f90f6e763c9fa90d377d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
b9dc11ff44b6ac5b6b399c3b11f596cf

SHA1
9b4a29b7ffca9d43cc0c3c314ceda202bb0c0668

SHA256
e480e5d72639b030106c3eca487a9c0beff1b02a0d8625859231a7995b81fb09

SHA512
d6eac07886e794a84fa6b099823551c509522d3a071e835d9a4b1817c7e9f915ffff3faa0d5d722232c41c094f5cfa7d54cb04358e74c3ad616e99fc71cf3734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
6eb6fa9440a4fbac1bdbf065b7f1a972

SHA1
7045435721a146d2dee6370c82ee8efbae28f524

SHA256
2fb3c267e8605ab5002e2abe74a067f3c23af3ade36b0fe0e1eca0eaf83f4dbc

SHA512
ef9996e43081417ad0c92711f3d691da8c451745316a770f4f00b04b6bcc8eb82d36623784b5f82e5124734bda7556302df09b7a9f89e760abae1ede325f380c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
204999ad21a3d05d3e99aad617397b49

SHA1
162fd7e0c338210b0330ee152ef8273a418dd97d

SHA256
ae83b732f77610df45f21fb593bad5b24cabc09476bb379d11fe81382bf43e57

SHA512
c7bc126957d5a353bcb484819634245254535b34a5eddd7ad2e2c16b1452ce6fbe0dd296d1fc8508cf13d2adefbc0cf3197136d0ff1542402a7f2225477ca1b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4084_1986330759\3587617c-a767-4c5e-ae4e-6cde59d0eac6.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4084_1986330759\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit