994706b0a1a680c9b41cf78086dc74021f6cb8e67afc3c20a17e86ac26a11f92

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2025 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fda.txt
Size

161B
MD5

e9377fb3f88a02963a34ab41bc37014b
SHA1

06b9686dc580f89ff985c6e7e65b90c021cedb5f
SHA256

994706b0a1a680c9b41cf78086dc74021f6cb8e67afc3c20a17e86ac26a11f92
SHA512

87356f34609ff0430ce524fab58ffcdb506c4395ba4bb71a73f5251e2ab07da9c7544f1e15792592cf8445c921335b7d1f45200c0a50bc6e899ce2c1858d52b8

Score

7^/10

paypal discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand PAYPAL.
phishing paypal
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133802247644869400"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{3E5E60B0-90FD-4C27-B4CA-41EF2601E1E3}	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4300	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
6008	chrome.exe
6008	chrome.exe
6008	chrome.exe
6008	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe
Token: SeShutdownPrivilege	2608	chrome.exe
Token: SeCreatePagefilePrivilege	2608	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe
2608	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 3456	2608	chrome.exe	85
PID 2608 wrote to memory of 3456	2608	chrome.exe	85
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 468	2608	chrome.exe	87
PID 2608 wrote to memory of 4116	2608	chrome.exe	88
PID 2608 wrote to memory of 4116	2608	chrome.exe	88
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89
PID 2608 wrote to memory of 3336	2608	chrome.exe	89

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\fda.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa4cf0cc40,0x7ffa4cf0cc4c,0x7ffa4cf0cc58
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1988,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1664,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2056,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3716,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4488,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4904,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4512,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5412,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4516,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6280,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6288 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6368,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6376 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6472,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6308 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6328,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6308,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6304,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5816,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6480 /prefetch:2
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6768,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5380,i,9461695034945984766,9256589740079401165,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa4cf0cc40,0x7ffa4cf0cc4c,0x7ffa4cf0cc58
  2⤵
  PID:1696

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
980ebd34ef8cdfa9900dba4fe367d2f7

SHA1
35955645e6324fce99a971a5a80ecae0fc21d971

SHA256
d5384308d29f2f9478f0d1354e9f94053300496f3b7cd2f88f5f8d00dbe1482e

SHA512
470cce060f4dcca34b26c8c3b2d3d4024c12fb4631ed8251e942e7e992149a422f30526b27f9f55c13d5d9581f022d3b18439893c6b0455180ae70c0fb24430a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
40aa2e634dadc57c310f3199565bf58f

SHA1
5779c4f030ce96b9288e7aebe948935f1f984df4

SHA256
3a1b21c7e8bba74ed424a86e03d684127e3f36d2460ab45161e390fbb6f45b86

SHA512
c5e253ed287c5dc58b123c7f53cce0c94601ab809f9f9f6f10638f01754609cd485b0e7e593f0c0b3b99c52ec264812aaa10007308d9b70ab41ea3b118ad58a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
32KB

MD5
89752ce8682a74ed3932bb4b86f30d61

SHA1
b93e0960604962001f7ceaf9be3fd106e48b2f7c

SHA256
490275164d7fbc174d4ab60c3d10b163e0cdf4d680dbdd3e8ba1fc6bade88d5c

SHA512
1fbda7741a7b983690805f9199b642e02a2003417212d74f99a82818b5785588a16e3ef07f5df549d4dafab966e82e70c177338c0e10ea3d3e21feb659be87ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
27KB

MD5
b75c47df427d99315a6d14c95a115cb3

SHA1
5088db913eb6418977654e09809325eba169ab73

SHA256
6ab876c65929fee630d5e13c78332581d192d68922f3724a6473e6f9001ad59a

SHA512
4ea410154b1e6cc9fe969a9a51095255844a776b54c8dff9b0e07cc35bb528db5268ff7628d72fb513aad9173f0ad73835eb88309b43857a8720a35fdaf8a111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
24KB

MD5
b37a53936d7389f2a2e055ede0c3e5b2

SHA1
2afe81360be9872da3f6144927f4fab2141d9070

SHA256
eb4e27f9ccb1d9ced22f07b30aaaae2cf7c4f3f6968f9d2be4d75ae9ace68a34

SHA512
aff3a3d1096c5bda3ffdf6b7b64b9c65085c8866d5898f3af943a0a6237499a700800f122b867817ce9db637cd345a2cad66b97f4caacbbe93203dfd95c1679d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
27KB

MD5
ac20a1a0440df46cd39d5bb2862e4eb4

SHA1
8d4b213437e7810e249ebda6f18c207537f4f103

SHA256
818308dda5e665bea371cfc84976350cf8c847aae3ee8875a4e253752ffb0ef4

SHA512
f79e7f5e1fd8caa535f009757f0d8e78e12311259b3a76238805151889393d7ef746661f058ca3db6ff12d373a4161a8aa4c8249af4c8844f92fa1bb81294f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
58KB

MD5
0cb69cf017b035984cf34440d92a9fa5

SHA1
a1e776e8f650c6b67edb6f9018538eaccfe8bf0d

SHA256
bba2f8b6133c2f4524b47f473396a792ed3759c4106c96cfdd55205e7a1f3c9a

SHA512
5e34f05e396e57a71fa51c4f4a921f1d61defcd9290fdebe6568f7dad17712eb471694851b1f4518cd8d777bd47125d7054a4db7448934b87e061633135435a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
22KB

MD5
8355f283c8b5b0b6cf5af16685c6ed8e

SHA1
e1a88fd7e2776779a374ba4a81c0367082894675

SHA256
165d0214613ebc1f2a0ce484ebe2c9d45d5743dc6fd2726a3cbf11749e317e0e

SHA512
d2779461e7db166e218142f11d1dc16e3861558b26346f9fef383750a0633ac6fc96d4c8e047944dc125968c4b8140ab727df598a75693b716c3bade33ce8dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
1e7be6df7330a48d444283e44f0d7a4c

SHA1
81adbc62e40c32e55caa1e9d4c19d7e4bcc46f17

SHA256
a2215e3dff533c6cc4769f9913e59a141b5c5d1e13c70d883e267cda336fde26

SHA512
6d09c5f59972d6d46a0257bffb5e4872864a354e65d36d8e6e2f1b32f6da3464181fc3c36263a52b8854fc6fe6d334271bc3d82fad3fdb8213b28fd6d7353af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
cca313eed9c4a4acf41ad00d983e6f8b

SHA1
53df9f10cbe1fa1c1f305ef069cd39c0c5617d11

SHA256
a47a8d2959212294da6dcd08d61f0f7eea6a64e5f63c39b136a9bb366a8cfdec

SHA512
4348c0b43f239f0bbad9816c0077fa5bc68efcb0c43b386c80ec38ccac01b4ee045b34827f1abd50b108b723dee722f5dbe5b64bf956ba4e7f5e8e84b165ba70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.paypal.com_0.indexeddb.leveldb\LOG.old

Filesize
387B

MD5
527b49dc001c20b33e6040a96b25ead8

SHA1
4d1517ecc54d1ddd14e57427d264f420f57422d9

SHA256
5846808bcf981ad05fa8bb1edbfbd7bd359748a88c1c2dbf38a6447262e4b042

SHA512
c0cdfbd978ae2942a4f0c3d45211649143504f54aff1896932ffaafa1f62d1b9d96ccf4f0b74ccaa159b2138ec388fde8e6de375e0b9dd5ea0ec15c2fc32acb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.paypal.com_0.indexeddb.leveldb\LOG.old~RFe593723.TMP

Filesize
347B

MD5
d0ad7fe0428d556c2254aa62712e1c30

SHA1
d1a09ecd98032c6d2654d841005d37419bef41de

SHA256
b44ba993f485b9e29813f69dbffb5b0d97f1d9d81ccffdcd8be69efa45ad821d

SHA512
08db7b4ada974131efe57b99b48c3c9a8c25bc27f63283d0131058db2bfa1c4ed456539a5301349f2aabb13fd7391e16d4e9ddade0907010c8b713e7045552fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.paypal.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4900ac45-ed7e-492b-ae7d-7d2ea7b626f5.tmp

Filesize
5KB

MD5
0a36dec5c32b33d9d28f6aaaa721aa0e

SHA1
b672bf7f9ff6bb1277fca385df4303e202e56686

SHA256
19092bff97b0d9c41915dad40974406d1cf2de5af35609ad8e9967c8b853ffa9

SHA512
f5db28796b9e02d1308e6cb02341be4507e1584014d68d4e029b4fbcadc59c0fdd0428941f1ac4136169e2c614f7e9215a4dd8686e5fe159bf0199accf042577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9e1ecd53cee0dfc220141df82dcd1a16

SHA1
30b3b60e231bf841da6cb6793354128260dac8ce

SHA256
e774eee7972f33dd4054263db38ee99c6e996a45f08aba67837d182e88cc4781

SHA512
ac710c9624a194edc7474e0c6d4d8948ebd8de4d76f289e3f55dfa46730d753d8e94acdd7249fdd71d5c95a5217937dfbf6b18dbf49fdb9abb690a48077b8af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d4dec96ea139102b84920e7c5e2e106c

SHA1
ab7c185bbcbb74110cdc96d4173b4e7788bb7ee3

SHA256
ce9aea54c055baa8b354c48e08e946677fde084a6ec7a563e37e0968b99aa45c

SHA512
98984d5fa5f2f30213e857a22e0f581ba9e25e6861a222f5be9f5849185e8bdf75bc241f6ac2e6d96de748653804f523847e953e76c960206717315fdd5ed243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c189e5c5cc31440c5ec904f4364496ee

SHA1
33b38028105ffec6e61cf9448b5c5a44b2576f82

SHA256
8f3fd7094140feb7f28dffa0869a23980b529077b1702243d3ea8c49c1446a7f

SHA512
088c6be9ea1d10c5b3154968aca3ff5db5244675ced66ec0c1a578c9b4147965a8f80590143c5bb2403f16c2640719e4af75e1ab865dfccc5a3cb0bd95efeffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1a1afb77daa25a901d141abfa6d07548

SHA1
c89da0a48b3ccb5474a7d81715403a57f3ea819b

SHA256
a4320b6ee49b91f25994878117f408a444e655bec8c6ad345e41d0f50bcad807

SHA512
5b4d27bc085867298c2fd4e9345dcb02f45f8b061b43172c15d1a1db7c33f41ce60c395e4799ba72fa91a5ed5fb593cf22a80c07240cfe72df3d13e08248d8e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dc1becb04358488a52a99768890ab11d

SHA1
cee4d029a448718dc5800fcdb3adcde1badc969d

SHA256
c9fe419a9310ea83a59921c4461223ccdf381fc0ea8cf34209ddb2c2b6458edd

SHA512
36e99210cb6d25a9d91b9deb0b15e89b64f1ebeff4913dba03c3619cf5984b758d5cddb3915b16b93c91e872854e5f2bf07a71f474421038685b2cd83759b4b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c3a9c5d228f09cf8d39a40acd39f6ea3

SHA1
02b04b058915161388e48db983b43f1d4ceb23d7

SHA256
aff305bcd5487159e94b904afca0959846afe8b9d6d93ae6c98cc7492e335060

SHA512
ac2ee52787a25438f9a9012a793a07b4d2f711368739bc5133caab5b87d02af9a8a07bfe80de2f0c2b969cdaa99696b583013c2d6284b1bb8da72a866e2e8600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bc9e265452c6a998095d38e08366edf7

SHA1
15160aa44d9e85af4e575b8caa77eaafd9e76a04

SHA256
101642b81982a79afc01ea6b194f6a449c3880877b7ae17325263b9ddff547bd

SHA512
ac52f709fe6cbb1944e02263bb23f8c87ace3290e52248531097a19bcbc7f66bea9df3499659597b0e062bb8be998856b937bef971dff53f5b9d629a64d9b8af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47240ee1f82bf4e16ee54bbaee07001f

SHA1
50dcbe95c0d0ea45fba33894ec0fcf471dc83e5e

SHA256
7c4971eda5639376317e7ecdb6e788086a99c3fa6ded972958304c0364be90a9

SHA512
f3fe65f111a52a94f8567a3399183e08594beb5308378431cbbba0b5ea840fa370838c6e68d70441d5e4d90fb5f8147ff1565e1800c9865bd26e37e030fbf9b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a5d2d65f99f9853b0e039c29f17caf71

SHA1
7685319d277a5e7b81dd5d4baaa22bc6ba91e877

SHA256
de6972b6b22ce1b98cb937bea5fc3bf0676567101481efd113b990cea72e46b0

SHA512
906e0638f9c75c315e2517ee92a6b63b614431c83cb48db3d1faae5ce24f67d358b21f2616db58bba5f798540a2be6acb9d70396e0bf33f6b0b710199b4d5b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4e0f48bba34e9255ef8c570e90389730

SHA1
e380c204ceab8c37c34ccfdbd727af6363a6f0c4

SHA256
fc57ef32c4f1df68ab6e207fb6c8847d2e50417d2a6e4f0a6ecabc6939d9c03c

SHA512
5336141166fa293fe65fdeab9781a227e867bc25342cce767223345f276dd08921e7782d56d2619b3e82649c5a2787b111fa89662bbe538912292c96f4393bde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
936b3ad5dfd7c921b4bc3b7778f614c8

SHA1
a9ff6706ab601e675cf7696a058429ca02d4cb49

SHA256
bfc1f2044055f5cd4dfe706d7ef16f43718b09f621964d735b429e693911b5ec

SHA512
75383ec7d5def05ee6ee17c6cbe7d3af454f4c00135a1aeafd2c007de330ed18405ee9d334600459dd15a83ea1aea9b33ee4cc13112e4cd7040c7a92062c27c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
76b670257ff82dde67afff6ccaa8f267

SHA1
d6536f5043962176dc56d52a00cd3654bcae44da

SHA256
a9ac6d076cef8fcd2fc0e199ca40f122c43ec182f8e761a30b709eec82049730

SHA512
3dc9871321a80e832d206c404a67c47f2d4dffb0197ebb7fc49b9831cf2741b87dffa75a2f53d3e512aa6c294401cf7610dff851b2058a70257bc6dd2630b944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3c4bdc37b266e762327f0c26db613cd4

SHA1
c89e3ec98ce457f464987a8b37e74f7be38904f0

SHA256
567a75353825a9a0bf5545539b0e11c1f85e4bf758d0a4c628715a30137879d0

SHA512
5d01051a85ec3184a5ce5fb0b8ecdeecfcb15c8e85ff7809d62e90717506be741903f66980f5da04c2518a1ed9399d567b4b0b05308ac3071b52bd12f30642f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
244178d5188a982ff1118cc7f919f54a

SHA1
75ceddc3c684dda2548f6760dc782eff6767119e

SHA256
fc8e90cae2a2a2ffa9b1ba3caee335e7602f9a4e104bf3541b64a8dc8d445067

SHA512
1c8bed8c3dea9323c95edcd66c96ba481023255f5af3000e22b5c2a599fc76dff67cf4581e30c857b00a19b1934938c64aa386fdd42fe6226cdf878fdc8dc6b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
276ff7ae8550c3cfa000db62e01dacdb

SHA1
fdd53c639859820f92716d9762a076f77eabfd6d

SHA256
19e967988ac6ccd1c77159b45368ce6340dc3655b282192e11e14ba1ba39b301

SHA512
8439028445356016ba0fa3e33f2d70c5cb3e145f78bd510f9c2120c0f21472a65fbb499a44db52cfe9cc02890625b6a840dcc496dacd7161ceebe1c06d8832dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
745a11d6817a7f814eaa1d5b7ae35441

SHA1
c73af9ac8dae713248bf05500a5dbe761404df31

SHA256
01f440953efaf05303f47f74d2da60e9dcd4020aea3dd5d77b3cca837622b870

SHA512
098dc9d45bc71730b07dbbc6ff55c4538ff8c9e8e80204d778d1d5de272aaecd6dfce47545f8a92e73647bcfb5ff897cf551a1b428aa8ecfa5d79dd6e40d640d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
936dbb94f7658213607fc8c76b4bf125

SHA1
fd49b4678cfb6364445b9031656f27c5fd7090e2

SHA256
ee7314d5f8988976f9841dfa309d3df7f0ab3648ef6ced43e0a1e6818c46d740

SHA512
66b381e3751d48a07afa270469fc552d3fa4b4aea7a22e8c0c186b1995921efbdbafeca622231a79bf40c2e3fbde49caabfd358d0aec309425b2db06f7c9e46d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
61e2ade04387f8791592af046699bc84

SHA1
f848196c1db90ca606f0ce199be368b363c5dfec

SHA256
9115fcbd9afe905632c63808892c9f7072dee33340283be725d875f2cf685932

SHA512
648f9d7a8ff914d97dd5390214925ca76101978e410d2719dbf619184d71549d2cbaed768c7c0ed0ac7ae9977e768b07c559736781b24faba52d7f34a7044fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8b0c501cfb95adc509e168c813abb863

SHA1
7d58a15d8083d2461e79fb070a5ab2898e158cbb

SHA256
12f94318f47881b2726c18418adb7655c362f06bdc4f4b0ffb14d245980116f8

SHA512
908389c1b85fe6310a8f0cb6d1d006d014c468bb90f33f71cc2bbd96520aa50fc506f49e7686b892f65faf021c7c79ee999f1a46317beba3bd5ef4295d357ca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2d61c60c8b0fc7bc3f9ba554615340af

SHA1
4ca2f653921f96226c03f130b802fbec52af3111

SHA256
77737e1291195d97cac8826d1c8ff2f92bec9b1b9eb3fe2c6e0d9a3d733741ae

SHA512
d2b08df8cf69ac1d150ea6c41142961337387b62f02aaff31caee7b049bc6bcb7fe3d0b1b2574a043b8ca0e7a7ca92fdb754cc1599f90c40973c90f2c928c695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d40a364a-6eef-4601-8b1a-2ec5359f3e4c.tmp

Filesize
10KB

MD5
cd2291d64308ca15fae1acf2999d916a

SHA1
4b5a794f2ddea9af635ef609938bfa17570673c5

SHA256
f20ea9bd7a6e7eb03a55716d3180bb429496319264369ea6985e00873d6d66cc

SHA512
76dfddfeaf78b29c4dd3f715d3b41a7a9ba20b30fff6194b99c7c1cde3898de47e8564a078861ebcb1f5591bcc8745d1ebb214d11c0a69271e7b3bf7c649474b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
5b12888abdb796641ace7870ce92df38

SHA1
6527dd4e07f5921b85ca846b7fd53e4b66c7a4ef

SHA256
21c7ee0d02ca0029c548dae54592e8e507c94eee3dfadb1538bc503adb2a0705

SHA512
c3d07b8517e645b26c0e929c18742c2240f08f702cd82c3dbecf68e60df25da83c18fac4e379747b41ad1a9adc160f4be1fd5bf4b17caffa0fd7e3a8fa778ef0

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2608_1746565961\1f6eea9e-6d89-4bf8-98cf-91ae99c32783.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2608_1746565961\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit