81039e94ee2d51fb142722e5e82e8994e1336dafabdb01c8ed516633ee10d098

Analysis

max time kernel
1825s
max time network
2589s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
02/12/2024, 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

savefile.xdn
Size

38B
MD5

dd8f6f97ab113f28666ef966174963f8
SHA1

5c10744a37437a465fd728d489e83c070558b851
SHA256

81039e94ee2d51fb142722e5e82e8994e1336dafabdb01c8ed516633ee10d098
SHA512

5656ec2d13ac85f2865f5c73e84318216bafca63c3fe8b19f1dc9892d6185fb4bcedd5cd2c7f3c25ed10e18e2d1c2c6d29b3292f0515553b51759cd9c466e8a1

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133775742218201531"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-556537508-2730415644-482548075-1000\{FFFD32DC-17A8-4140-842F-E774EA4A8F94}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe
Token: SeShutdownPrivilege	2752	chrome.exe
Token: SeCreatePagefilePrivilege	2752	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe
2752	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5912	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 6092	2752	chrome.exe	82
PID 2752 wrote to memory of 6092	2752	chrome.exe	82
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 1892	2752	chrome.exe	83
PID 2752 wrote to memory of 2344	2752	chrome.exe	84
PID 2752 wrote to memory of 2344	2752	chrome.exe	84
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85
PID 2752 wrote to memory of 1564	2752	chrome.exe	85

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\savefile.xdn
1⤵
- Modifies registry class
PID:3172

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93180cc40,0x7ff93180cc4c,0x7ff93180cc58
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5080,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4308,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3484,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3460,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3380,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3316,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5044,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5392,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3896,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5552,i,3755275363470992922,7952296858209014798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4396

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5728

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5680

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F0
1⤵
PID:5820

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8b51d5ae7b60ff2498e3a2c43557a00a

SHA1
4514f5560b3ee0199749d9a3b9290bc41f4eb2cc

SHA256
8e9557ec162ce624ae800041285b80e033bdbd5e9f9e5291a697f045a5d5032e

SHA512
616630be1e940baae0bd5ed5b74ce0119d066487b3a297d23d716116ec9fb2d57792ff6be965c5e8fcf73f9d4b9a499827bb63f6ea67286041167333ec4bcbf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
35a47ffa940df4c402cfa00955a70be1

SHA1
c8f399f12911c83a35a2c8e733e756fe8cc37051

SHA256
50b8d178cefbde157dd290aed882ebe0e1e411051a8362e3faf041448b358590

SHA512
feda3713e3e56cd61befabc7802210b08b4fcebcda111a7799d8bb8184857bdcba0399956d5fd830283402f19498843b21f68462809b87cf660bad306e6e5888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
aac85d6b7a7725b58e567966a75df442

SHA1
59234f05201126b0d592d08b75f6e996354cb576

SHA256
549c3143f6c15263dd6383785e6761b4fb6c0f5a97d80278a0ade26d8084c1e0

SHA512
9eb751f3324a574fefcd4a8d47d77d2413c2b58b5f2bc5794d93267a1fe3fb5035f9cb35ff488c1318434785fbd11164023d1abd999ca2ad5afa6c8f09d1a57a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0a6ce974e24b1e747948f814004b88bf

SHA1
dbbe235548894ba38bcbb907c04a4c546d109e4a

SHA256
2f3401493b9927e98380bd631c529c2b08562aeca700be6e3428de7f837c8598

SHA512
db5541b805d0a17e9ab0228817b7b488250d25506ccf963fdf51aa03ecb175dddb9c6697de06faf09a6a9c081761430dc3eb7c1c4a81f76870f2ba6f470da66c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f4f475057d95698d35661eaa7d6bdc4f

SHA1
87547a07d386db03b5fc371ff51493b288409ba3

SHA256
e4ac9225f23147fc0976473019ef7b91d48128ca272f8cc13bff55dea978cbb8

SHA512
ac298bb6e7a4a09f26f2a6a0797d47b472b5cedbf6f55d98b10eaf80413ddd23a8a26541cba4ab1e7ded81117301cdfa0bfef30ec1fc0d3734f3d4412373c74d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
20edc2b9a806a0d77785e9f6e9e65304

SHA1
d945e77213abc31b87d90a21a00b027796575c47

SHA256
e1f86f70e3e70aa6521a45effbee4fdf92339f3f0085dec11ef238bce7305a47

SHA512
35866e7dcb8a1678dd9141fc57ba74a327a89a6bdda25af13ceb0f93d217dee7c7250f05ce7828b7166ed6e012ca747c509033ad4bd7b7640fa1b7a44ef38a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0d7e94426a1943ff11594b016ce7552f

SHA1
007edda47cea0a91d221210a4f28c57e0fbad950

SHA256
db1d08bf5ff7b97e41a31691462292acbb33c54116b703a15f0a9c18195f9b73

SHA512
b2a41f9fb07274d2215ccc127b5b68cecd0aabbe1bcb18ab401e9ed9ac029646e719e4ac19500fd7ad9741aeb3f0e1f764d822353cfd5a3beb16fb2c5c48ec72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a034741b3d8dae2c82d49b7caca187fc

SHA1
46cc873eef3a03cfe38aa82c5ada10d99537713a

SHA256
d48d2a2e7448adf881df0c4717f51ebeb10691babbbb9a242830a5a15d7bf0a8

SHA512
b52244544677ac0eeec4dd8bb971477229b8de33b5cb4308a911290b2600793d630c7ce40cda5c13955a40df2e307262352ae2d9a803f1f3282c8023a41d4219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
83ead8777ed41a6efb950831fdd0bbea

SHA1
bcf2fbbe2398263ffb52d9631607b28528638af3

SHA256
aa3869ed489ca3c8b589e0e11feca6e39fbace566b05b285f181b40e83045a53

SHA512
78603972e25bb798e3995157ad8c809cf27ab102a4624f91b21fe0b1086bfbfd6dedd7cca9430b413b8f5ee916d679d3300bf63897d1bbe5cf211bbf99322602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
608abac1bcb2f4a4cf800c4c1678abe1

SHA1
c510d551e020f7ac3df5913d505dbb605f794330

SHA256
30debbc48b6b7811a644e48fe0cdea6b4f176bea4c4104f99e22ecc0e1ad715b

SHA512
30bcf877a8f30d371ec84a74161212579571b404cba2fe7bf2daadea27142089ae7ba9288bb2b23e7c9427f32fb27d1bafd2bdd5e5d30769d332765c3bff7f16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
137112e06201209249d2cf5c5d74ba27

SHA1
5417e865bd38470e4f2c30df72bb19e7e10fe8c7

SHA256
d228785f436e574e5330135954aaf9dad5b4cc11ea8640563c9c65140b232a80

SHA512
6dea17f0cc86a8699636627d20a3db86c71f2fd12dfa972bda138cc460ca2201475de002718f2ea3a50f097908267063496832deaa1d64c3c279b95e17ca0cf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7cd36b809978bd33413173afefe265a0

SHA1
7b612bffd223975d8d45c6f6dd749471c8b1e011

SHA256
8584f2a32f639ed2879a9d5589b3d065a993846451ab6c3408fbf5dfc0e5b15e

SHA512
7d1ac68825fae2bd2939b4e6e31584d5e9780ade4c56628b47e5173e5bdf1035f60847408dfd7c8620b432725c60b2c8a9f35f77a416a1e4dec20e130d6ab68c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f277d9a5ac79288d99eae5d77d195525

SHA1
8d897c675952026e9774ecac85093d2fe9455454

SHA256
9b7b9ba1f3fd170d24ccc6f10cbbad92fe86f1fbb4a7d800a85e1c8581e31fb0

SHA512
ad11e1c9cccd68f120444dd4fbc721193056d38826352589a87af5ba46552d68deb96334b12275ba885ae4e8c0957cfdd2636b2c4b51d2e2490fea7f04d8eb40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c0404c96a335bceca48102ef418781e6

SHA1
66fc3d32bf8e81449e2769708367456c5cd9c25d

SHA256
a2c951fa550b0fef83d8de4466cbea62e63b9ad39e9de5e14be148a20f290bdb

SHA512
6cde4801bff51469cd6f5d3dd585f390b5f737f3f6af82a3ee9a894fba24722b29b26c1ce8505da5c81105355a365a08a1ceb8c5ecad9689cd229cdbc954d275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b21e896204574a52a1fed1f76c9c0af6

SHA1
b668995ec17e879ab7e49c544667d4906ffd868f

SHA256
117894678e7dcd951ba0589812f3db8f3e41d5f0e4eb5a5ba338bd4314ff3f2e

SHA512
72d1bca87702b8e71ca758c9af1746423671a483dbcb21927fad931d76da24cb79978678325a536d0bc109c25cb27b272676c2484e699bb1e863e454fa8e025c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
04ddb5c5cd168ab08369115edd083ebb

SHA1
1609669491df851b632132702ee06abefaca4901

SHA256
e23686b39e1453388c742ec838e9529a32b196167bf272b6c86c621139c86d59

SHA512
5b7d2b1e679fa93e8fcf831d74fb578b78d79a875c941990af11e8d089fcd2da6a808eedff1dc338e275dcb901451cd8f88f079830d2f1b72a02a2370416d98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
380c0f553ff42ed0d68bd1a1c9ff307b

SHA1
190006b16d61d0ad830a4a53c72820deb710c4e2

SHA256
46e98a52fb8a5cf53bde8e30a40c02ae0edc68af6d8c2e9f4253022e309b79d8

SHA512
2317fadc1c726bc41322290633521bf147df4295a2862417c0494e21e04c67aa2fd0a70d88c75cbfa5f55f9e201b0e71099272fb1c246dfb27d0fdfbcae18134

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4cfa890fe545f7db885ce8fac0d0266e

SHA1
8d9088405506e44cb22473f7924c4768db941eb9

SHA256
956f08e135ec4644b47dadb04c0227f7fe982c5dcd9b368cf2aff52e77a989d9

SHA512
c614876e5db19f824b49a8202d9bcad9d4abd81793d37ee3989d806564e9a2c0c4a0388e924555d356db02eac91c6230c1492a7f512561a9c775eefdf808d6d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7884bac1e01a12f7e020e9cb1ea6d140

SHA1
e2fcc5a4981f5c196e553f1f1f37dc17938bcc9a

SHA256
758da6768a1f90beb13eed5f1625eb8c23e725408cfded9a7885e71fd0ba28dc

SHA512
9facd7aaa33cff8de462d8d59ee8cec35f50d799911bd30f0e9f2b9bf6fa4581779bdd5d8678da5032ac8ff3129f49f4e60ffab17562cce8acf4941ab47644e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
20897bf68a0c637985ad8b48fbc705bf

SHA1
9367269b54820e4863949be71b261b3b31e18aa9

SHA256
08ab523c669fb5b9dc03c2745013abd02effceddc9d957da2d7e2af914ac79a9

SHA512
35bc088bfcd233454f7bb5f54f01f7665713ba7dc8506fe24e87870a8ade8880b8b82519a6808e469129ac74f25570e7d1c3774e0097c8e28278828577f148dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5e18982c2dbc1ab2a010b9fcf91f7641

SHA1
fbbf52438588643ccb040f1d6fdf1961583093ff

SHA256
ab1e4d3c34347f81fbd8a39a93fb13b971697c8b98696baa02f1de3e238b24cb

SHA512
af49c0680698751ee438b93362400f0783970127fd608184b4a500289d93a6c17cc18780ad3d8e2c97d8df923fa6639e0aece5c6d4f381779e8656448bfa50e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9794e80e1bc2e16de0e802a63d6d33ad

SHA1
5c255102e52cc5cde346ce3cdbba884ec145f0de

SHA256
f423baecf0429124760830b83769d23191099ba1b498382de1f15d01604de734

SHA512
fc96c084fc3459df522bac5ecad294de2c4d1d608d0e69a6ec0dbca9a63145bc823153480917e4dec0f03e49030e63e2df97642611db83a60af6e073734c72c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8dffa50f511d029e7bb2ab1663c38cae

SHA1
6a42d8e06c3d3818b9f767f4134d368f475646c7

SHA256
313168d04c70efe00bfc7bbd773bc1cc0f0271d96a84db4ee6aca482931c443e

SHA512
9a6084b2bf9a30eea739c7d73ced23138d5edc4b0335561db0a7f168573c3eb113725fd7e06c8083e35dc031fdfeec20fca9564c74f77f8251be774e90dab78f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9879b7bcca793e319771d5788de89fa7

SHA1
267cfa813aa502f3d41b2915536760fab2b8485e

SHA256
ee56492c05b6fcd399b0b524cea54fc5b37f2ed63bc0779ef45d50e6d55fcd72

SHA512
222a64fb0fb2958a91c3b05be18b3ced1838a16b29c1de01abb1ca307ef946792670e563b9b7868586696dd6201f5ca24d82126d1733dbb1b3779ab29747d2f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1c3d96007dcd35f5605edf9d16b5fa25

SHA1
42a0aa96fcb9937db66909e461b6d4da47282d84

SHA256
5a5dddfb08d84139884ec662f3a44364f78f8087a7e26b7bc636c3c809d5247c

SHA512
4721ba8fc7ad8563f18a14b11220cf8138f10ab311e38021b4339405a4fadae0539213d6b49bc18b2d22cc50d55ddaa16576db87e75cf4665777b47a20df65cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d3277dabed51c4a14ead243a627997ce

SHA1
15526fda036a3773df9d97bbf6f6c189ec1ffd3c

SHA256
a4c1cceb99a6fc5b94c61e6f97c4d92381e5caddf75a9962e6a3859674baa80b

SHA512
e798e22ecf9ab30ef2f627a38d3c64afd716ce242eaa35d51120594b6bd06c0b50b68a193bb65e7afbb72e1284d5b74ead000ceceadba23b335ca598107d42a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
38329080bcad5a3099ce32eb0b4bd5f3

SHA1
1ad8c7500dd18d83247c4ee4612e91c93e5f8757

SHA256
6ef6c6bd8cca3265ca1e54fde40e1dcbd08bfb1c50ec7ade8616375833feb378

SHA512
7ead81d4eba73b0575ec6e44819d13cd1f73039521724b9696ee0cfade188661453a0f7ed86f73c095f066f1b5d174a60471dc29ee8e2f940ca200a05f5abdaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4d089b3374d4a99b3ed3781f12faebf

SHA1
5203204e5c02758ce24482d25fe1f605274a8fcb

SHA256
f86bbf498d3d609a2b7e75604fd370c0bfc4d94828fb2acd76c45c2a02044a09

SHA512
b9f0776f6b3e66a3febc6e3862a5df7d739a705673e1f1d7e4530e89ca260e2278c9f8f106b99279f00323f62cad4bf99c6d1064d21918bc14c697edf2811793

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19e6432e1062632ddef30b853aabfa65

SHA1
e8d81e92191fe3784e25559c551321d6e18bbefb

SHA256
77987fa65943342c4b05f73c71282535857066449974dc80b6ff584867f4fe7d

SHA512
dd6fb01f2f2999c6772d45738609fb21c3511bbc313329ed8ed77fbb51be15a340dc83ee73558ffdbd391787475de98c090b67b59fce489afc85cd914e253b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10c34c4ffddac416973cdc89c0f6efd1

SHA1
a96f18ca19c0486fb771673b824e02a8cca323a5

SHA256
b000775d2a9b39a01573a4818d0bfcba95fe55c59e0eb90848e115fbf3b4478a

SHA512
a78adfec44b578fcbba30510e701c1d41e5e10c8a28960ccefae6ceb64bdd1a68a0ce1ce3161e7c58d3b9215d00011c61c0a9d8cccd7b95af89d80589d32f3c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
142a20c4119c8931c2d96fd30e0f3279

SHA1
72e630f17fed6b5a103ead1f74d1fd7044da9a14

SHA256
94535294a08199c21395f4ef0e4868834f5ad4157edd799922ad137846179ff8

SHA512
7a277b98a663d50a0c9d72442446a0c993acc8265aa249806a5d875549b7208bd4b13ca5cf49c640dddbe4fa4a167c8a407c26442d052686d834b6c126772b8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4fe241ab15bf7ce306c8f50e7bd1989b

SHA1
d6507eb7d57c77d327ccf06c2185ed0a4b8776d6

SHA256
52283344f24033fbc89a084f04a755ef82e0eddbb0631c1452c50c490fdfd095

SHA512
c113286c4da8339b6dd92e9f256af42bb99572ca7e6cbea9de8c6bb854ee286b664c2f520fda780ee5d17d80e313bf137aa1c973e1002f50bea67d3c37377ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
4693c7ff98f2f2ea8662c21fa6db6542

SHA1
2211d12ed8f6781d7e683927ae2f92e8be2feb40

SHA256
8f1a704e45d9a676f3564fb4a2f2da10a57c5467e65dfcd952c68b50b31b08d9

SHA512
f3ae4f1255c754c99598977479bb8410242987f9073d11f001e9894227555f40d855393d54ff1e42ee6808324926ffff3b45532fcb186df1fbe3522570c567ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
f4c559cf1312d4b40fdf9253c8b4e9a7

SHA1
cb46110190d2f120e0d270d0e1a389aea13c2479

SHA256
d385557988dff8583f9cfa1076f8011bd78901cdd16b75f45a03e5120365eebd

SHA512
4e53ebd8aa1e9b2e072adcb1b52a547fec0a16deb641c8c89475768217d7586d9d0d0c1e77cd5c5cef76cf2005f11f56906ee50834bde63f4e3acf7e9db2f1d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
d9ee766bc26a857640cd5fe9a05c8c2c

SHA1
17425f4a42a03806ecc8852a36b76b928d878332

SHA256
deec670d36e6584a4b966c942a9aaeebe61a5d7451167f42f5828c8c6238b8b0

SHA512
2ec4aa19c1ecc12a847f8aa3e910e3ba0fce5e14e4f47578da3bd4c5a8add6ea6d7c6bd3bcf047147d641c16a940428c714180bd2290c57f7aa168791fe58865

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
571a54066a2bb36a2d52581fe57348b9

SHA1
5294f8c7107f9f9e926e972e0e4bf1b92939958b

SHA256
16a9c5e78806103d782e40c426e317d8ed9479a942eac297d2d6cc01f5089c9b

SHA512
d0562ae7a73b88a08512588c936f30f74003d0572de9de42efe8677e7f5dca1d1e68695f17f77485c08fdbeb58deb437f0717270624e9f074828d65b17ac67c1

Download Submit