hxxps://Google[.]com

Resubmissions

28/03/2025, 15:21

250328-srvawsxycw 8

28/03/2025, 15:14

250328-smsw9sxxgv 7

27/03/2025, 18:21

250327-wztwwayj19 8

Analysis

max time kernel
900s
max time network
899s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
27/03/2025, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://Google.com

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
60	3788	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875733597030688"	chrome.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3920535620-1286624088-2946613906-1000\{446B84A1-4845-4864-A7BD-3966CF640E76}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3920535620-1286624088-2946613906-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
6044	chrome.exe
6044	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe
Token: SeShutdownPrivilege	5632	chrome.exe
Token: SeCreatePagefilePrivilege	5632	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe
5632	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5632 wrote to memory of 1384	5632	chrome.exe	78
PID 5632 wrote to memory of 1384	5632	chrome.exe	78
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3244	5632	chrome.exe	79
PID 5632 wrote to memory of 3788	5632	chrome.exe	81
PID 5632 wrote to memory of 3788	5632	chrome.exe	81
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82
PID 5632 wrote to memory of 1408	5632	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://Google.com
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc75f6dcf8,0x7ffc75f6dd04,0x7ffc75f6dd10
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2004,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1432,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2548 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2340,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=2584 /prefetch:13
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4216,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4240 /prefetch:9
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3180,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5428,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5308 /prefetch:14
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5476,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4844 /prefetch:14
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5032,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5308 /prefetch:14
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5524,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4952 /prefetch:14
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5048,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4240,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4356 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5036,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5792 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5352,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5348 /prefetch:14
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6072,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5696,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4684,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4956,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=4308 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3820,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6272,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6580,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6636 /prefetch:14
  2⤵
  - Modifies registry class
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6504,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6512 /prefetch:12
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6204,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6936,i,8700749547193063748,13933693940490855618,262144 --variations-seed-version=20250314-050508.937000 --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:6120

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4400

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4408

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2104

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004AC
1⤵
PID:1188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7194b91f62c7190b8480ff1ee9e01846

SHA1
b4297717379c9f897db4e5f480fed9b395174e74

SHA256
3679c9de0f0980db14124cc6059f3ad3c04f41fe85948b3c3b916ebb665d3ade

SHA512
ae12024b951d44b3fb61a34f8e5a8c7682e6478468fa8b33d5197593e90e990eeeec4704a985ccc9fc4a44645bcfa200d7fe192124c5ed56d50c4150a8aceb73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
bdb6b5033f4f18a0eef7ae8b543aa452

SHA1
5077a098898ad03977b7d8fb6f596635a2cb7101

SHA256
d17d5efd02ed9f521596fa8792bd646024899864180b376c7ebf7680c6dfd085

SHA512
08ce72a071cd7d84451a19250ebcdac9f18fbc8fd65cbd6a3443e7957c566cf3122a947d548cab5477c3feb2381e69b5521dadb0d8642dc99283cf57e417d7df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c5c3e6b6c16685775792a98f0d74ac46

SHA1
1bd86bf5f1a1c9937dee43435feac629085d8026

SHA256
1a3ac347783f5efed11ec76be82e4740580f0ced1f45c3f2c3d43d313e084814

SHA512
98692dc02d0184a91d654ef1373c40e3d04e63d58d8db326c624470b82ebea4a42d75fdc65fb6d8f3f2c02cd63977042d12bd2bdc7e137f22286bc0830420dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
f3f69e91a831131cbee61a5ca80890b6

SHA1
abcbcaebe4885748b53a3d22f84d29c6c284f753

SHA256
6abf1e6daf0399ca10746d2332ca01d6f4d848def40ba6837c45ac87883cd35b

SHA512
5b8db9f694f405ed0e82f1f4a8443fc54920fe9aa49de5f0f1307dc46ee11fa1b018cc5e7cd789a47e8c66b341c8ba67fadce0f225ebfe30c31a2b0fc7b7b324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
81bf0ba0577e6515dce297ca0fae7834

SHA1
29f0562bb583c1968d6c301c184b4ea1f76c10d5

SHA256
6e0bb991654d24d30bb21ee11ff337832c388cafc2505983ca07b08f50613f65

SHA512
c861a8e2fab99c342429d31c62bac54a8056e96a75be3e7063e62dbd2506f47af1040122b5cc73c8afd90b03e6eed8727b745edbd63efc8a6b9a4d03ce8ff1a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
fa79ae0d91e229cf37813a2c92887540

SHA1
418534b257bb2b50799b0e88a3e91a6f37c56ad7

SHA256
2a0f18c9262dea64121671bd94591b376ef5dc227258ca6f23cfc5fbe8b3816d

SHA512
a850c8e4a7068b1a8e85a945e3c4f7867af80887e06c465fd2b96b905a3abdccd75a70284d1cb2849fc3198ba253f78b773a6f4c53131db69b5326076752df70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
cfdf11f7c1a5adfcad0caebfa5aec538

SHA1
bab45c9c788ca9ee73a220488b069447a5299d5f

SHA256
e50fbb2a50a74234c541fb19ed8ec349d95916cc19f290a0a9fb844bb547ec5e

SHA512
ddd0df8d2e4039c0dd77868474859aff5840e42b29a40bd625603cda112aaee4bb4407956117e32558fa4860a8f95775c9e99da7145882f03f6daff5dd18b266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a88202c64719595b2f7fa5e4fcea384c

SHA1
282ced7ede0ccea20e0da70547c328f65d8b7237

SHA256
9fbfb196f03f833c312254f636e84edd4529c3d6b8c2a96b1d4bdae206222a22

SHA512
f146b351fb60d8591c67024bf1610372b9eef8873ae731a3ec563e0691c974f9c6811b23dd0c8e41b5660cdc8bea035a752b6cfdfe17515a1a72e34547550de1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
5dbf4ebc0d79fcd64540e525a02ba092

SHA1
b70a9968372a937b92262274bd518ea458f4112e

SHA256
8215d5f71fa33094902963684cb366c5e7328a8a042db5fc7aa7376bd1877973

SHA512
344cf1fb8eac2798ef0cf4faac90588dd288a397b5842e42ec6d4385f26e4ac713bb055e5d7469a371e554bcbff786ec43e985ffbf2d16b259969c05cf18a91d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1232f27aebf07a69bcc9ebcfc60b5cf9

SHA1
d5d09568b7dbc17c85b646d1f399892df91a29a5

SHA256
2d38c6c83a87fc7a20ead2314ead388dc446cbfcd6432d4f1a33121e66857d2d

SHA512
786ed672caf0c25caba3a1e1dcd3b784c29f77b12cdbe2469e731f49724e449ed0c5b9305c5b9f3330bc529e292a69ca0bdcb642210a20ba4da06545ce0b3279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0171bc574da79a7962355783041f77fc

SHA1
56810beac36d050a2d07321536c531841e943c08

SHA256
f5f4694565d16867c8823f6614c709d79c99dfc1244d34454e6c55b01bc230a6

SHA512
c04147fab82fc9a161fabddfd96182dd350706a9ab1f5eea7c0372949b873542fb663cb54f5a7cb4b702f025120c5d34a4a52f9f2e3d9babbf5e81d21744a5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d29ef0a4c1c95ae3374bc97b022553bd

SHA1
f3f83b519078d7882ef02b33631f01e5c5b56081

SHA256
479cdeaf37c59e2958c4d493aed73d1e77af78abd90ce8084ce9f86d67bf01e2

SHA512
d70905c0e32a1d979d92c03a6fd1c65c7076bdc39afaef15d2ea201eb34e96c1481b70cd11a62e89f5e2dad8e030c73273fa03649b6ac08bc5bcc00ef036234d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
016e10f8b468912f525b4c5e787212b7

SHA1
3293b499f675d1ef2738b2a0c2d1fcd698e0ffc2

SHA256
b1ecdb4b03634db7f418fde321718e72ef84cfd926511e18ecc3bd9b444be84e

SHA512
370716fc9d20ac934adcc4145375e3afd0e622dbc87a7f5b3d7ae3a7145ef3d2ed6c72fbe3d140d61926c64118747120d6a17317db729f27cca344411c4d9dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f683ee47dfd1f804074235537e08a532

SHA1
45f0ea4e2b296c3882e15cb1305ad319f56bc8ac

SHA256
d930141f8159bc77226c9132c9cedfc5aa47feb639eef9948229f655ea746a79

SHA512
b54c55047a9e3aa614ba06b2afeb48315d741fae9f543c22ff5ffc4524f5c0417afc9457525e39da115a2239dffdcd194ec7d575db33a71bb5de9c36251f8bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
407fd56c7851eedc42044a2d3cafe5d9

SHA1
4cfaf4995b910a029b9a2a166119c31231c7acb0

SHA256
9d6557b8e5d47bf02c271b0e6f5210f451dcb0f3b35bc58f2fff39b8b364af47

SHA512
66a7d411264921affe774f11b816785952b9bf279cb65ed7a47fd16b775c7d6579c7ebdcea345560209ba79bc1e85acfb9f00e628f88e4ab444f34e78d539960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8bcde377e55bf97328ecb7b5e997c417

SHA1
7726a656fc36f3551dad34ca4c44f53a50318775

SHA256
e59298b6278f11a1cd56fa4fa8dab0e7ff72b27195d4ef9d27dddb25087b0eff

SHA512
77ed34e2d3e2dcd4bad2d537473bc752549b4d0fc8ae0546d6a6ad5a3b1c56882e5b4915a33d602e761ce72f9906e4dcfd6d7d931d287a110c8938c0008f4612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0c4ee74392bcb9c2651fb89da5d6ea38

SHA1
3b0c059f0763113bc1f02ff5dcbc7ab421b9bb30

SHA256
271186f51c93e49b8e397d63570f77ed64355ad873c825457f56c4be696da869

SHA512
0c69717b1882b08f112a904faf5b582497a6ba83dceeb00e15c8522c1557dc55e25ee27713984c27e49a24c9d84606c6cb4edd41168ee16587e07a3402257080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0348e986c85f626b37f22d32cc8d2dd3

SHA1
e16b7cf328c3f6b48fa4cecf5c1937d1fc3dcfb0

SHA256
c2c1553533dcd52d58cc56f901d7123b498cb85da30c16cef7cf4373090d4605

SHA512
82d4a14d6010a533284fdc10df9fc2388d5d33a9dfecc061b6d911c4df6a76ab37eea18ab09dc3d2d4a52bc9d55697a7ccc58cc747f6c25f463fa7307a79dd6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e416.TMP

Filesize
48B

MD5
9b1a00cfb063c6b35780131f15ff8bc1

SHA1
8291fad57e834ef34e22d217bf8c67ec46336e61

SHA256
1a8b646c389f442f28880a382c8ea8fc7bd8b4df389db5d325b881b17bb02b03

SHA512
39ba769534d50733213731b72a23eac64b1ff33f521e5186a9f0830af88f4ff2a9963312f290de09485470812bc15ea0bf7177fafac75e89ab87c8630a38de0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
6c3314b2614652729b7598a829a66b97

SHA1
1e0f4b4de5229593f51ccad89c4ee45adf283fe9

SHA256
591c40a089e6aabcb8b61a6cec7098201708d8869c03831d6a4ca0c5cd8522e6

SHA512
67bfcf2a6fd799fef7d20e7db122218589666328b37bb223dff50f790e86d864eef6a087a8e073e8cff6662cae2f8322f4dba0dd0b6df01f264028008222569b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
f77b5d3435f4d4e033584207fbe82cd9

SHA1
a7d5929ccdf55cfced6cab761945553ac3962d98

SHA256
933e1632bd5b9b1b81b02af4a316c8d6166b0128c366986e154893f39efae066

SHA512
35df241659d546f8e72b9193c5fd300f5d8d6bcb41d3ab4a10ae5f9da1e6519076abc5c793bec5e0eab8e07e9e3e69a6e9e7c0993e9336249c53b99d4cb81c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
6d656c2ba395977228fbd512dcb7ce03

SHA1
9759b52cc33742925fa10ece6463e38db946eb08

SHA256
b383a178fcc35141c3f5099590b7a003f6a4ddbf50ba9dddd12f3046e5d14cc3

SHA512
7c9058715c18be55e0a5755c24ff277ce04821c9e178a0f9e30b114876a904d83575b3eaefe4c3a77f47c5a16b9e7b473db58671d6fa9e7182fde359d64c96c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
3f59bd91859ed0753c88545df95141b2

SHA1
32c89a4cb944e0dadac09c2290ce330e2f66bd90

SHA256
5ebf9a1f7dc5dfd3a04ab2022ce5930bf81a0e42eff27dc16d3d39961a186e76

SHA512
636edc8b5f4b11cd510056451d88057d1dda4e7605ecc5d921d2ca43884023f573db8cb7102f691c900b1d77e6c1ec5022b53c2901d092379a5d2a96d597d621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
0d92126ba371ecad15ee296f7e0969f2

SHA1
3cd1bda81d4052dd9df577a752326b3cef18c3e4

SHA256
1585305c8bc60752e3b892f25870b2fbd1a1eb63c0dc1724bc02d1c71d907fbd

SHA512
835fd006eba6cf8884537f77e3583c8acc056e6d8faf284b6413538d2479ef138bc6b3af268f89a17c2d0e55ac9e8ab056a7e7258ed6116236730888f4b51a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
d34ff98c581947b740d4a50ffc8c7640

SHA1
b8b8a8bebdf3067bb69997bee4e30b3e7de850e2

SHA256
fb8ebfcb4240a91b1bb4690b5b46fc913790389f9ad0085335ba6369e6f61e7a

SHA512
2d529d2bf4c2f372c5e0da7e02fb13d75bcfe45282ebf753e39e1d8b582a31b63c3e66fd7ff420c48b52b6b9ac469244633ef69e68a2fc1c7e25de16fd860edc

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\91105760-7997-4070-b740-e8dd4aecbf15.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit