70e2816adf9a2b2ebed12e9a4898a98d8de14fb747b58f6004a99af96d10bc58

Analysis

max time kernel
209s
max time network
202s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
23-11-2024 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FluxTeam.exe
Size

312KB
MD5

0a091a4bf71a4a29addc1fd1d8fdc8da
SHA1

24dc61f515e5a2bf2dc3a2556aafb9cb95dcc109
SHA256

70e2816adf9a2b2ebed12e9a4898a98d8de14fb747b58f6004a99af96d10bc58
SHA512

061abe6791472f35e70919dd39b881666eb3b03b2c7f33eae3a83eaf17de4e42cef8ee6fbdb75986cc426f056564867c19d371948525e8fb1d611558e409403d
SSDEEP

3072:4hK4Uay3XrQ8habqgp9pC9Z6p5uf3C6k0xuZ04ntfxrhBu4Rpw9kQ/KpppRPtx:4hK4XycqgpfCup5sVxuZ04ThA8Pv

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133767990214585739"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

Processes:

BackgroundTransferHost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3964 chrome.exe
3964 chrome.exe
2828 chrome.exe
2828 chrome.exe
2828 chrome.exe
2828 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

3964 chrome.exe
3964 chrome.exe
3964 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe
Token: SeShutdownPrivilege	3964	chrome.exe
Token: SeCreatePagefilePrivilege	3964	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

chrome.exe

pid	process
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe
3964	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3964 wrote to memory of 4324	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 4324	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2196	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 4172	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 4172	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe
PID 3964 wrote to memory of 2948	3964	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\FluxTeam.exe
"C:\Users\Admin\AppData\Local\Temp\FluxTeam.exe"
1⤵
PID:740

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1496

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:1196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff97042cc40,0x7ff97042cc4c,0x7ff97042cc58
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,9849218002974506887,11109672927089526802,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,9849218002974506887,11109672927089526802,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,9849218002974506887,11109672927089526802,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,9849218002974506887,11109672927089526802,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,9849218002974506887,11109672927089526802,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3768,i,9849218002974506887,11109672927089526802,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4356 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4756,i,9849218002974506887,11109672927089526802,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,9849218002974506887,11109672927089526802,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4848,i,9849218002974506887,11109672927089526802,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
72cf051df552395c48e95993b55bf36c

SHA1
b70e638497aa3a7a39a614ea7bc9bb32b8f2f205

SHA256
cd0250c8b7adc08df3c881b169184c1acc980735d6203b5e589433b62cc2dd32

SHA512
2e56e88da2a3ecc0235874ccfd85cfdfce05fea01bdfd2650f24e374711f7fff810563b3fb6ea0cd5d11e096df9635861b47118766179931ddb304c82eb50679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2c34f7e54c9d59959ee1439915fd86fe

SHA1
e8a3aa2c10a421fb3047880d12e950be2115b5ed

SHA256
bb7052c8e6d9d793c4b7ef00dec12d58dc68882f31f3ff6ea681e7990f30d7cd

SHA512
31e9bcab365228ea4c543c106601a7dea8ab88f80761988a04c7dc3190270ddfa5852cd1208718cddb51f2af89cb11030dbb5f8122368de24670aa2d4257e164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3dd3b08d01fcf9532261feb0f892d1b8

SHA1
3c336eb88d51cd9a6cd0d67384c23ab1422676da

SHA256
b4ae11f5b8f1c049eb1f226c72767313df0c7a91584d09c37383b8d9b0281cc9

SHA512
086ab41e52331e0fef3f0c717fcc58bfd4174b5ef2cf7b8db322ca8b2ae9b22b8bcc4e9e7f5d7d8c95c7560ca9499bb0e9b563a6b913ee193ffdf5059151ad4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ac2ea676ab3485b3a6c866616961a74

SHA1
e284ae89ab4cb472999a70f8919c9ad98ec5acef

SHA256
18acde9d8430400793d7ac2c57dab29030976f21a0f7c178e252950da218f93b

SHA512
5814e7f4a0a4cc4899e2c64839e9a5d6c8a5afa0762ef0a3d49f22a6a107264595b44c56cc165ae016bef18c7704e134d777c03dd987ba0b9cc9a8aed88f3137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aeb84580502bd80bc747b01be4984fda

SHA1
3578fede23fe1a154ac996dd5871bda4258baa56

SHA256
9dde98719a8f7a25a099d57a91bac2d44ff49d4554624e4a4b2c356f2146a69c

SHA512
3e2129c15a876e1157206285a2b8698f51fddb5dd2fb49d467b86903e61caadc90fe1abb75747d5028fcce3c82490788daa6d7cf8544702687ad024716fd1b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c1034bb957724698145ee77240aaad9

SHA1
c056953fb0d8ac29ffd591ce668cad214e7500ed

SHA256
311d3de8a4f28d78b645d6c3030cd5cbf15bc986b1e25ede790027b8f57aaac8

SHA512
2f159d4d8f26add22b90643edadaa6dac1b0339d063416bb929f7ee1d02b38de93dd63034cb28bfa2e8bc040b25f3eed4e6782c4083739712d2890517efb6341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5beb71c85ff757e0416edc7875eb81f8

SHA1
634d5cd66c96e0ac26ce434d0e8c22d3b610fe4d

SHA256
044266158d74ebf3a4be84832e0b03a27e140b210c0a3b8418aab56f0ef2db9a

SHA512
bc9a6838e2e871669c69025b732da68dbc641c270d924ed37bc53d20e9c6435d8e4ed4164c0a0e028d641f7ea47f0df1ca589014d270d25c10922d9f451b9737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f8e607ceef5d1e6ed6b56a3be11ae58

SHA1
f7a13ca710fc7e05ada2c055ba812fd6ce3cbb1c

SHA256
2f03cdcc354ce3a6122ea3dd7368154a9f27c9062599cdc4f8fb90b97072a6ec

SHA512
a70fbcb367d8599628cf39cc654eb9f7e9b9b31a59e49d71c43039b1dfbc474ea3a6f61f0de842e48e9f37b4d177bfa2a6cc35a7fa23bfadfd75f34fe2873f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d66cf6558b3e26d0102778e29e96e7c8

SHA1
1a3c383155d40ec4915211a5658f6c59e370166e

SHA256
94b2c4ce605f5c123527d667a44599f8134c395058c17483c88d024c2611daa0

SHA512
d4d7889ff7f18efdc47143ad8b15a2159cf6c8ef26f797c95c4dad745258052f1f29f9ce7b27a507485631729a48844dc16bbead34e8f0da6decc747e5f1e63e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0fdf8aaaa380f22f91c61e5837f92f63

SHA1
e952c4f38625d1319e3b7a9172725544c1d7bee8

SHA256
a4b5c867ac6311cae0c9989b7bed4c39f8fadecc88b4c0a4f7f4fe947a18acd8

SHA512
d4cd2f026534065a126ef5c3fd77b9b8f00667fa137d6f1d374468e23a1bd8d0af80e89f2c31bbd6ed2fa72b8bde3b400195b8aba78b28e61728cccd71446718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
dda48eeddd58b5660a4bf6d18478d928

SHA1
ef9caf3de845e7cf6f74e80b6d778425a637cf57

SHA256
dc690b9ae6f1ee60855348317aeb870443c0c5bdf130c6fb794ca59861def82a

SHA512
ae33b267a923b7c7ce0d6445363985abcd48f8f3596656038169864542ac5e20b2341887de75c93e2c2564b389973fce79f65cec4bbccd8cbf153950cf8f4593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
6086ded5b7ce058be28dcda6e2714ed3

SHA1
3c5667586bd2c7c379a79e95de5381f2593b9b88

SHA256
89c65e6d5b312a556b2404947419481e3bd2585bcdae97d919f7481834afeed8

SHA512
320432590847da7df04418dc9b5f785cbdea9d1563aff9be0ceafc954b7849b8c060326df109ff858e97dd9b09bb3f4b2b7d0f1399e7dd15951eb78882122980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
328b5a42f15fe64b89cc821d88f54739

SHA1
6078e9188eb69272b050539734fd5fab2de342bf

SHA256
aeadb6e36fde7f40e19383d062697fc8ee5649bda4314a30412ddb34bbd47008

SHA512
f6bb9cc2b307df20d836d1129be8f3c761346ce62c5b8d3b8dd43a5a04e0552b8d77bbe22c0f10577ae4ed1470d20759f2fa4f60bd058f9d7ae1244a4c8db6ca

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\b4b1efb1-389a-4211-8a70-32ef2d7b0eb8.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
\??\pipe\crashpad_3964_EEXCEQRDHXEZQOYQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit