ddbf5a9e67fa807ee7537d367e1c4023113d6f0097d981b0a49200ac33f8ded0

Resubmissions

03-12-2024 21:36

241203-1f8m5s1ldn 6

03-12-2024 21:33

241203-1egs2avpg1 6

Analysis

max time kernel
1151s
max time network
1146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WebView2Loader.dll
Size

107KB
MD5

48f540c05200c510303475e4cf95b557
SHA1

c814cef05c39abcbc398f4e83bc120ff012dc803
SHA256

1cae7b9ad51235ca43e86f561f4d4968ee81541aee9f759e24359ebd69ea6ec9
SHA512

3c05bc448430b17acac02f89ca8a8619e220c53640e7d9b9a10cffdcbce0ca9558acbbda4db1e6ad946a3891fff49c3eba9cf2d619255d8c6d11d4feff1a2e9e
SSDEEP

3072:dfaNmI0CA8jgW7WXKn8uP7gst+/Nv2DqEtSinM381b0h:dacI0CSXK8uP7K/EtNnN1g

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2940	1928	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133777354168882359"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4492	chrome.exe
4492	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe
3856	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe
Token: SeShutdownPrivilege	4492	chrome.exe
Token: SeCreatePagefilePrivilege	4492	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe
4492	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4492	chrome.exe
4492	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3644 wrote to memory of 1928	3644	rundll32.exe	83
PID 3644 wrote to memory of 1928	3644	rundll32.exe	83
PID 3644 wrote to memory of 1928	3644	rundll32.exe	83
PID 4492 wrote to memory of 632	4492	chrome.exe	90
PID 4492 wrote to memory of 632	4492	chrome.exe	90
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 1900	4492	chrome.exe	91
PID 4492 wrote to memory of 3404	4492	chrome.exe	92
PID 4492 wrote to memory of 3404	4492	chrome.exe	92
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93
PID 4492 wrote to memory of 3448	4492	chrome.exe	93

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\WebView2Loader.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\WebView2Loader.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1928
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 600
    3⤵
    - Program crash
    PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1928 -ip 1928
1⤵
PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa471acc40,0x7ffa471acc4c,0x7ffa471acc58
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2024,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2028,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2496 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3196,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4632,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5180,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5164,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5204,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4940,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5424,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3248,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3288,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4624,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4904,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3384,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5192,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4888,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5488,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=860,i,431149684213917955,5022537825790770961,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1532 /prefetch:1
  2⤵
  PID:4440

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4500

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
0cbe49c501b96422e1f72227d7f5c947

SHA1
4b0be378d516669ef2b5028a0b867e23f5641808

SHA256
750530732cba446649e872839c11e7b2a44e9fb5e053fc3b444678a5a8b262ac

SHA512
984ea25c89baf0eb1d9f905841bda39813a94e2d1923dfb42d7165f15c589bd7ff864040ec8f3f682f3c57702498efff15a499f7dc077dd722d84b47cf895931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0e8c573c4dec2b5012841d994cf3299c

SHA1
709405bb0d5429e0f2ee3fd6f1da793d47fe767c

SHA256
281cc27aa4119090c3781ea2d95c8ea8091c7db91a3a12fc7455bfdc249aca37

SHA512
6e855b4e2edd69c67ebf73eb323bc2a57316c5a830e2b9220f9a1e19f19db89fc3afd96048749dceb02b872ccdc457445ebea863b87dd6ad2507738c5c71ba5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1008B

MD5
41c66fe97b61bca7d3e1eee8c7b1c4b2

SHA1
e85fd89881a4cef86e5834621bbe380a14aa232f

SHA256
0091cf9c05f5c93fc303cc29654138c6aecc04a0def224cf019fcec7f8962642

SHA512
eaf6180f94498d9dd5f2f1a45ee719278ef7c71ebd2ad22b24a75c8ce4edd61833e313268a1a28679d1c046d46340841a449236ac0e535f781538bd44ac228fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
07e09e3ecfa284819ca43c1624ae4f24

SHA1
5ceeba78734956dcee762e7d77bddbdf908bfde1

SHA256
6af27b365073c63ad99765b6e796d5c0f0a5667169a266038c7e2e8b3e62ee75

SHA512
05d7aef72831aa347cbe47ea1e0fb0b0ddfef3506dd399de6200a832cd5ab202ad62441b6286e2d9ac2edb139879ca0beedde31ed13da42f27b782712174213f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
0762b61865cb1c49506a8d49b2dac5b6

SHA1
dc4a755f5d47cf58f02ec74770f4736f21cdf048

SHA256
11af0ffad6fadda2fb6c4c159e9b9f840e8a69664a757f63405e1b67d0ae3d07

SHA512
ff3e230250a32546cf7f56a5776dffd2b964d754998a307d77186e397953b877cc62e7c9741c1c81e16f0a63d1b8d2e9e5ae4c65b7b1fc181ad0f335a9ece04d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c2cc2d52cb1f553e6408f6cc581ac8b5

SHA1
45df0fa746c01c1a1dadfab073f1f0e8f3eb5da7

SHA256
460a3f23f3ef813eed5fff845e1a27dabc0596383fe9cbeb2bebaea2de7ac1fe

SHA512
be6a03a1ad083381a3583eed08849493b8b57cbca8451599452597eb07976c6556c50fc564f74a522be881273b8e97bcb9711d3c1a979bf37b0dfc23099476c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1b6f86e30081a6e8a75f9abe157308b2

SHA1
827cab47b2d5d4305567bdd6469fa8e348388351

SHA256
00b4df4c80fcfdeac7e9de76f7845b7778acf99e7f023d76b92e5d7fd4367ad3

SHA512
0d801b7ee189465d9a97476e6c8ac407e2f74aeda8a01631774c74724c68d0d55ec297e0e8a1d55634c18847adcd143cd9b1546b3ba8ba6270f4b131e76af728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
20c78cbaa07696ed96d5939d16f06374

SHA1
c52f0db01b635339cec6da002a9ff0c6b28c41aa

SHA256
5db4c51283a85018913ee08904317cc368f219511309303b81634e83fe55947c

SHA512
639f69ab7b7647eb85e0c7a91b32bd7709f31c6b9b1e2824bfca606bfc38a8666799634bb3a27f9d42aa50204c93b26272604679af42f5dd131ca06e7af38fa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
fcd1370569db284bc8c1b22da4f171c1

SHA1
10b05e94abf141db8226b1bc623d981e11ef0893

SHA256
24eff127b582d142bb867188b6125607f5d32df239fd366e398449563a450069

SHA512
d86c0e18bf56698279e65f0bddb442c632e346e0c8443c174ffa78c06b3872d5c99c030d8bc1b5a78a4113d89213769383569183b919622597ffc9b3da1b4e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6ab9e998d4da919d3c35e7a3fc640e82

SHA1
91fd89191a22f66d77d0fb3368b1e8342b0eaf32

SHA256
e23fc54a4916797c9f12cae93caee907c6e65f0e033418fc94fe9ef4d283b8ba

SHA512
641a3408d9f4666fade0fa48280841a7d65122a68a547d024e0a7a6d4b6dba99b27f5815ec4de4aad11bf8aef37d0fd17c999b038564a0f4fdd413ebd2f1a194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
8e670ab4fac4863b79df6138930b066c

SHA1
bbdff5e4ecaded557fad8648da10b9f61ed66e50

SHA256
2df5cd85b19b236a9b0ab6204b64fffe67f7cadd9269dc0dd1ede94eabc3f486

SHA512
e10355f97484c399d1766112f6a6749712be9cc64f1cffce362809eb718a6b2877e5b4916796a2343f5305e13c2cecf05d0972f1e30997d7076047b3ef613d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2ffeab148996143aebb1e0e9fc1f66ce

SHA1
0d4674bf046d935934f68859ecf587b9fa6faa04

SHA256
a360744ffeefeb0087585c94198866ec63321d60af2c82ba7bac256468ff671f

SHA512
66493d14de91be8acead8e9991ccdd8771125f8c16a01e342199de2b36d456463f8802b83e60cab803df5093a9f33518f83e5fbca5a5d8266f2bcaca3f27caf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
fd16c91a1f77b19c5447e6f9c02ac17b

SHA1
53e966f4f11494e5c89bea16acbd4032f9615ef5

SHA256
a1f7c113da820c7b5c33713e845aa7e30238dba416e0990b85777db0655a6923

SHA512
ba19d524baae84c9ad660e5cd8943bb5aa0203c326b3c5a2b6e6ead1196bf7382dbbf16cd92327651c6e47bafd59ada25b9400209574ea4750d611d660324671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
de7387c2132dfa7b764cfb492f5959cc

SHA1
a627121878f345086ebb5b6195d0dedd905129d7

SHA256
f52e244a1c0f19d1437e43a295ae48566ceccebdde9c2cc76840c2258615b66e

SHA512
8975b87322602c064e0bdb22ce0719955b4f503f53951dba59cc06d9b3ffcc7aba4ee2be3dbba519e058414fe5e03c70fe465cf6fcdab42c2b2a45e84da6523c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d82c85d49d136192a42ba60e9db22b98

SHA1
6f13e50dc1d041f645fb32a3dc13b9c6744844e1

SHA256
a3db41af892779fd78af23e326af097682ca28d60f6d38333a6cacd4e70b371a

SHA512
c6829ff1bc5477b7ab0db655bddd625f87d6252e935f0ec21f58c04b5ffe4aeea2e3a4e8d1a45529d2a87cd3edac4142bfe0f3eb0e7f821aa301dcb811be8c03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f7055a61b98c20a31549cd3d563b4da

SHA1
3c99ba71965b4925b41e9e93c33d7ab2fc206c17

SHA256
ab04ef986b9c502509baa3140206feca5bb26b2163e15267849e9a8b07ca5d71

SHA512
cdced8f020c1a9abe356b0e06f614985f5a72b5dbb5db723e5d1c0c28cb5bf3ac4d4301715ac6c7d6d25db49e040c2d68a6c3f6d5f5ae3333fc480a33e98e50b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6e21d3abaa3e2710cbecec93f5680309

SHA1
2dcf27e1255cbdce40b9dbcefd09a767e610650a

SHA256
2107ab187aa7a5528849e6ded8754df0345c1366d1feb2d6453dd928730992ae

SHA512
ae0e24937b5285fd656270ec0db9f575e4554d34ccfcbc8ed50e778d6f1cf4b72a8bbbc42433fe8aaf8c1bac41cee7cb489a368b61f90050b6cf5090c717fa4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8fb703b649f90f5e2c3aa2a09757a1b3

SHA1
b6ca4152be02e415ae87285d4277010670df76c9

SHA256
73ac1cdccf210a99f1a58612a2d5b381af054dcf3197adadd0863ec68c014011

SHA512
345e2c3a27acf451adf96171915bd86272c622626794647f1f9f31fccd0bf8aabdcab5eeaf48eb1426b33c59407b790cc444cd4536d5db28332d92de1f07a8a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
42d5b0d9cd4314a3fd7754b9c3dfb872

SHA1
f4c17f2ffe193e4b2985e270c445724f1a0972df

SHA256
6f2d261d7e7555e0fb0e050ec26f219897b534bb8163def1ab877005c80e98ab

SHA512
7d390b759777194bee1c92705d5811d30fb17a6b334e8543122b7333d41dcb404ecc155136389986e2dcfb355ed6b23b7d4dfc8bfcb7d320f593bc4c25171919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b29ed37c0d9ea5bde3f558f436928c63

SHA1
b380c9c499e1008a73f9f3285812bdb334efcba1

SHA256
83d354e17dae80f5e86a4fd15006dac2c947b7fd0f91ce19969ad80623228e4f

SHA512
afe20465e6099f2b4146b2076bdbe35da1ccb592549028a943a7c231e9c0876a20f4af56d3d9c01abc68c17e013b2c7504acbf432995b5291fd7587b410f4259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f50eb87496b5fef7de50b9fa189e3e8f

SHA1
3a836a3f2fba1e7c9c677b86874dd408fc3ef6a6

SHA256
00614089e69f2026578d02fbab0644f78bca548456698be8a01abc1a3a555a7d

SHA512
cc06032bf9b5ae72c05b0a949fd483be197e44724e6ef09871e741b85645da812d02084f047cf1bfd38920a227747a5bc7e6823ae389c1e994858c82ea3b4943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1524e3bbe02e8b710c637d0b18a51ef

SHA1
c5074cd2564f46c1d4d756bf2860ae07dcaf4118

SHA256
51a6e5a2dd0c72a08a9631ad2de9f6beea518191b0206f81813c4f01d3da5a1e

SHA512
6d59e101ae9405d4d967840e5f1928d00d1c6b2e5efbc5d0768cf0a80724b4fc793644511c563c641be9725f3f74063ad26dbada47d06e00c4d37d938fdb024e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b62f8342dd4e7d976e96f014310f9e68

SHA1
b44e6104966c3ccc59b667d2860be332aea54f93

SHA256
bd7efcfafeec76c56d5e3962f52d8111213d0b8bd521c6bbefd19a9e82665b7a

SHA512
8587bc45750e3bf39c2856197ba85e35e1f7d6d236f3a48cfc8da07618462391748643a70ea460964311f3383056e3898852a384263ad54796f6af0e7ec40a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4cb19c245bc2d795a744135c16c43527

SHA1
066bc3708f7b7ce8ab636b6b7cba39fef8e90494

SHA256
89083999ce9637cc86d19228393af9fb8320c2e10a795249bb3c79c0e5c6e9de

SHA512
fafc2da35406f363cc5bcb61576824d1f75d81405c6847d21f064ae7c075b220352a5ea452efbd239c1aebd79687e499195a88278f5f7662dacfe8c04f4d576d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
92280dc872e7cf5fa51a5aaa06739817

SHA1
0005421f81b0810ff59d513e6e1ab3ad2c63d3be

SHA256
456a6f1f2e3ec153a25d79c5a93c342a8086934e0389d12768428c2754abef2d

SHA512
0f2120a47ca3211365fddd92ad7dcd2e24dca52e6017c7ca43ca1fab2cb614b88ede1a6bdee90b560d4f2b88ab3699ac63f9bfb2185915c8fff7852775ec3103

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cfe5c8e0696afca13a681759a3b0e054

SHA1
8a6bec28cc9a83f0776f3896ea2c73dd57cc7397

SHA256
b8d8e2ddeaa121e9b3e71afbd6113012fd93507637d06dad73370f7b23a3446e

SHA512
498a42241ea14e8f6fc814a617277cc853435f24d95dbb2af14ec9d9acdcaa492cb260c809393e788a687bf305074425a777dd1cfd88071fb1fc2cec41649739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
28cae3e9082d169267c30774e72324f6

SHA1
7bedddfe916549d6b5cbd66b3edef8612bed6663

SHA256
44727a7613746d17ca1a52d9d48853642fdd2d925c80057bd9823fa032662d56

SHA512
19640b30717e0abe59e661aff3863ca89d9b6889b07126eb77e31a12404869e8b2f8f049b63a65bb3d7318e42ca5d323c6889f5f71e37a0f0d4ad9143fc0c360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8d1ce1e61ff8e601c95cdb103293431a

SHA1
ac3f5802f3540d9910061d348305e13f8f0cae01

SHA256
09505cfb815795a4bf0ff62c59710d6cb70523ce595c6807662941aa3d20dc19

SHA512
527100e5eaa91a75058dde04dc9532626a9182e2a3af1e308d19b7f90a0a4355d17ca9273a31747519153b54d5a22dddcd0632915b3b015fb749054fa6837514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cc9f3033da46ae9519f0075921683969

SHA1
fbf613d5618083fcd0874b9eb29f3536b5134e15

SHA256
6bc14da3324f1dabf9658b789c0612082bcaa9a787a16716a345f8a9a469e1a7

SHA512
0deeda8dddc6890e3ff5cc9eca2f8dd613515a42faa460167d44a177deb16f36e6eef2fb9cfb9e8fa6dccbc3c0c7810e9bee498f7b5785e6a407b39c2725e5b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
aa367b7a5b2b17f9f6dc8f1ec3e4b57c

SHA1
f25b364354b10d92a3e9454fc9f312d29afb65f8

SHA256
c6c726c24e40c4fd03535ce471a4434f8ebadbb170e97d1b3e1e95d7af0d8dc3

SHA512
f73fd86e34a8ce00a95797e724ae99202a07f9a31865b1eaf096e44f08851270b1eb631c0239e665c229e1f2d665988b5a0690b4bcb50587832f67db775ef403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
2fc5459d86c074a07cbce185994e5c57

SHA1
904744d578c5cffc8db452a10d54d5cd422e8206

SHA256
7204494a00e5249af47594852719c2946ea15bc20a9f45ad5e7280f1e5438121

SHA512
4c15a29c05ff9a51108033e71135c576b809c957a08636dc002eb910856087f5b2981c946037e18ef506123a64d1254771b6fc1aca12b3a9e7f22cc41997ab33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
17d7434f56078eefe3a5708cfb9451bf

SHA1
f431d4a56b028077f90f69b0894e55dc41983baf

SHA256
bd4bf74af1b7f1b91ca0a1426c63b47bca2dfbe7077377bda6cc72215e5a7c12

SHA512
5a78774b01c9b8dbab920668b358b345b2d8a3f51499b0fed87a2f6757e77afc004be20989c438eb44204982accc720091ea6287a0d736c50724ba9134a214df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
71bca4d93f925e2b33708a50a5029383

SHA1
b4a9253835cb6b9052c21985f29ac4a2eea9c173

SHA256
84454001508cdbf6691badd98aadaa011debc2785a80af719ea78b238a1bebf0

SHA512
21059a4663d24b811abcd489cb59115dc382edef1e0e55218a67e3200ab2247e325d9ac3a72286297e5ab057c414b3a67e7b3729e74e77724b46615f6acb902b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
2b651f9ee13d7f61a1254147eda6253e

SHA1
7af205ab66e990c82acb8b0711d6bb00f023ee53

SHA256
200a883c57cd923e4392a4a91c30a2b6fb2523f7ac32aedc0412dc25957c1bd3

SHA512
c32849cef11de28f1723a979004f6b05493a8bf9b3f030118e0f0ce8cc5809d700f3dbb5a945ae0e9a2b0a045464ee3e4349d272f766668258c1e973ac765487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
115b3375fce90e3695c7be0b54ccfb78

SHA1
4c70c91ce9246e244ef63209649577a3dd29bf94

SHA256
7694f8646e4ff69681d35de2f1d8e86fff370ea3c44d7700058818e8b3aad9d7

SHA512
ce8bef669de496805c773472c39f3b9c69fb74613e8ed5cd8359779c8ef52050cb1acbf37d4b64216358d389785ceed001799296ed53045f8050fe2bdd142319

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4492_1963733188\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4492_1963733188\d1146bb9-0a07-47b1-93e5-c8c072bce11e.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit