b704c87d14f8828307b1d25ca6e604552fa643b33c351d979a50b46e0edeacd3

Analysis

max time kernel
899s
max time network
779s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5 Earth spheres.pptx
Size

3.6MB
MD5

53a40d2aff2c3a4d6c5fd947cf829e59
SHA1

be7ab8ccd86f9accd95a1f14b0882c79a10a2ebc
SHA256

b704c87d14f8828307b1d25ca6e604552fa643b33c351d979a50b46e0edeacd3
SHA512

591dd08c86e507b4019171bd84d5323aa8777d11d8152807227400a5a6df29bd9c6706ecf8da48fb1befad2288f503997f644235ac41a375bd64de991908a12c
SSDEEP

98304:mzRBlUw31cvMpCk1+TjBRymMtHjJP2aKJ9WHZPL:mlr3uMpC4QjBRutDJP2aLlL

Score

8^/10

steam discovery phishing

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
226	2108	chrome.exe

Detected potential entity reuse from brand STEAM. 2 IoCs

phishing steam

flow	pid	Process
188	2108	chrome.exe
204	2108	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891309243097577"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3348	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
3440	chrome.exe
3440	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3348	POWERPNT.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3348	POWERPNT.EXE
3348	POWERPNT.EXE
3348	POWERPNT.EXE
3348	POWERPNT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 3564	4616	chrome.exe	96
PID 4616 wrote to memory of 3564	4616	chrome.exe	96
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 4300	4616	chrome.exe	97
PID 4616 wrote to memory of 2108	4616	chrome.exe	98
PID 4616 wrote to memory of 2108	4616	chrome.exe	98
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99
PID 4616 wrote to memory of 636	4616	chrome.exe	99

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\5 Earth spheres.pptx" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbfdd4dcf8,0x7ffbfdd4dd04,0x7ffbfdd4dd10
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1900,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2208,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1764 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Detected potential entity reuse from brand STEAM.
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2384,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3324,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4356,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4420 /prefetch:2
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4676,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5332,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5376,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5596,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5524,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5504,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5476,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5412,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3484,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3460,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3448,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3188 /prefetch:8
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3392,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3408 /prefetch:2
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3388,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5488,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6044,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5460,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5928,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4732,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4428,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5240,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5840,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=3168,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6344,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3452,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6680,i,15019440150362899304,11723766823499609070,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  PID:1180

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3936

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
e736268453ae386ed8c56eb3d3132210

SHA1
db15f198fe3583e82b32be29df49c2a68d8db9ba

SHA256
8e8f57818d2e4e4fc8d723f25509c0c91ae3a88252d985de2ca23035d40e450f

SHA512
1b962f7366f10bc009e33ec0889bb069920ae7741226faf63e69c77301615bea17a7dac25576a2b95cf0246490b2138224e660bc757a2964986b81554aab1363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
72KB

MD5
0eeeca9930513af1c5241b4e04e50bab

SHA1
15b02adb24b30de23e9b7068f49437a93b18d0fc

SHA256
b350cbd0a9344d96801e3a628f24296129835752a89487cd18844650b2b21022

SHA512
c24eaaf410badf59fa9349ce2d90e61f51ebb125fb3f7b8be783696deabde3f372c2f1f24d325f5525860a25b98d88f534580cbf3aa85683d40edf29fe0cb33c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
228KB

MD5
6981d0716dcba8492b1f056011579210

SHA1
7c4e9e779e28302527ebcc587beda8b94d988063

SHA256
586461e86b3dcaa302c749febcdfc58b65bbfb95bf0fe56918e360ebfd1101cd

SHA512
74337ef75f9e624cbc09a0f13fae4027920547028a016a820c98bf46f9282fa91f6629499f5fb45d38bc89cebfeb3be9e6ed0636f364321975bcc6db8cf9ee86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
198KB

MD5
9e1885fb40406f5d789fdf5719cb5584

SHA1
e5167d6f671fbcfdacba16d85dadf520c6a5f671

SHA256
7f5ea970b28e0d69e0a1686d7affbacfbc5651b44d1d6c79fa1eb4793ebf472e

SHA512
757a2b9ab1f15b1d8902d857226edcc6d6f114df6a605f9d62cdfcf819f2509d5619a3ff3d9be5bde4a2548824e540dadf29f0ccafb1bae5a37c19faf20b407b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
332KB

MD5
a3de9fb78352479d4a66e159925e8817

SHA1
6d0a5261b7a5d4b81a3486260f16b2f674777027

SHA256
27f193515a33c6f9d45beaf189baebb31c9d285ba2a13d87088fcd51b7385b42

SHA512
2e5ca0c32a39e4bf472e36cbfd686398e2dff044ef40117358fcc2aa842b2ad7856878832743e2984f84196d661998953aa47a2c67882bd9834dfcda9b1674a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
78KB

MD5
46dc999f893adc66e9140feb27594ab0

SHA1
fd92cffe826af7ac38749d0b1805f718963e2417

SHA256
d78a9869a2c57b579c75eb57d6c807ed0b70af7bbe463ea057e11e36e56c6951

SHA512
40eba96dce63c8ef9dbde4447c19d5f6b097f509e87ae9097f5fec32f02846c4deed78ee871b80751d212b91fbb69d4d0c1b687387f2bea2d457dbdbc9939155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
40b8880f0c75bd85cb8251a3c98b1b55

SHA1
8ffffa440299b78dcf1c567e32cc76fd499b7c14

SHA256
f50f452534ca17f19b3ee3628a970876da9fab0e186c6ffe281c5fc68242f080

SHA512
57f3969438a22426633f5b4e9e4cc72d64ad3753644af062fc72dac6e80bedb896c16ebbaf10cb28a3688101a3609a5efde8c9a85c151e2a089f5e32bba43a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
b2db08b4fa683c35707ebb5d1bc52ab9

SHA1
bbd3f5530de5ee5fc4b4c8e4008694d4157328c2

SHA256
0bfb554f22725ec2e8dab50b41ba216552fb2db5c61d23e91b98a040e93a7ef1

SHA512
cef7d415205901b3a1f045d26703c6f55229506c9e960b3559ea80bed28c72d3d966f25712f0694a6740f6341777a6dfd5a1a703666ea284716c1645187d4ef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a2318efe22c193baad775c1b457e3c2f

SHA1
5f22a5d87bbf8db6ab9f9cf21229398acbbec109

SHA256
7a25fd52f9a321ef5a59bdab2c2cc3a22a933896be460ee9c437b52517f43cb4

SHA512
c2e349e544dfae443f76aa0c850772a96591126340b78b1e0a471f1700b886fb367af96011e3936f7e99043c343ac8e5d89963ffe6fe7fedf67a400dfa28b691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c87ac614010473988052ef226b609673

SHA1
7897868b8d9d2167e4f2fa29fe2be3b0e7ecef05

SHA256
42f6c25424d7555b9a2d13ae820c14d078d21e0c059891a9519ea26d55bd8fee

SHA512
16cb510c85a4ddc2f634c1c06f64067e83afc5bf00f0800d6969e96f007a7d3f5b2c2bb8f17b172c66be79c714104d44af03f763e4ad4200b087a10a82272703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
d43e93721c1a4ed80951a7e739003ef6

SHA1
d2537fb860c4a608b0525ce181d59d0ac2e5fb9e

SHA256
ebafa7c9a4b32314248dbf75b7dc101b1bdc2d18f22e3a254d6defab547f46f1

SHA512
3e814326f0b1ac91f8a7c72c8b4ac46a6d950c7522099731a0bc894b73e919411a59f21812a784c5e439aea89ced796505402bd9323f67411a781bdfc8ff537d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
7dac16cfc687912289142cc0e8dc23ea

SHA1
d461675cb232fb697904ac861a3fc219da032276

SHA256
2f94686b90583c96fc7817fbb48478066e5eb47cc6354db30f2c4848cb711fff

SHA512
a3e04043a517e4587963d4dba8c2f81cc6035b4c137a824e3e843ccb67c9a3faf167375e65ec63a5044d9f14c750e7ec3cc280e12842fdd4b56d5d218545907a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
71185858b51b638f408a20d06bef76ec

SHA1
1c86fad8002c2e0dedd3d8bc139d340c156920ef

SHA256
5bfc74c939bbe5e6ee9cbf22c69ded22caaf05ee223d33bc84930cfb6924c991

SHA512
10e99c9edcac318fb8781705daedbf1db43bfc6f7c03036f5a599fa65402d2e62f727196e28888771af7979eb783838903f69a3736de2cb9982bd971492bcc01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e39a6953db06ef588f21dfb675849f6f

SHA1
495e2aa48b63c137041591ada179e6deceb15d1b

SHA256
e60dada21a68b6f116c9c75577771ba95f8dc1b34df0c2e93f68e471e80a999d

SHA512
3580a56713fec553317f388d1b90852f6ffef6659fed56125b024bd4e83d6ab22ea3d9b1d41fdbbdc05fed728a5daf8a24745c27757221fb38839050af448ab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f270819c89189de9caa528820feee387

SHA1
a656b73972f6d355712426136c41812bb6e839b9

SHA256
a714ff072e514004f2771d6d8af219260bfa607a10ace8c857dd679e73118ca2

SHA512
0c11fe8644a2c56483b850b551109836c5ff9d01c3fdb9cd68a5d48540be709bf3a0a827e5142eb0c109a9a7746f7cf6d162a7a66364615f3d9398e528024913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
dd8699d21ccbe4030f28ef2f3bd8c717

SHA1
1849b289098b64da198dad9403015071e0c76bec

SHA256
e7ac8509968b02782d071036592fb03394378bb1f039ee340bd45bb6fa884abe

SHA512
fd89742eef393d74814c926e2df23a58a3fb1af4278ac4251ccdccd5803b27862f622426fbf25d11da5873533d51650e73120baabbf5b0b177cc1badbbd68675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cd0a094e75b3f4f9e9660cc841741bd4

SHA1
aee43f022057842bf2ad0e013e915c543c251e80

SHA256
a8a66a1d1a3e04bb2c90240b54799415d2464ade6fceaf43ff6d0fc4e2984f2d

SHA512
9ca1778eb05be2f55bc88e81017aa7494e48f1bc4b2c7ff39a217ee6151239f18ba5330beede7b2fa76dc44574396b05e3e1a2defb05868a459608bcdd8b067d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2a9b2aae0ab13acb23fbabef93dbd36e

SHA1
0f25c72693a1ba6269f2de60efe46fb0e1de631c

SHA256
0be62eafb471d935944d227e8bf55c30409de176f9d8b51466da1ad87af000e3

SHA512
45e76703450915481beb4af51c8fbae1b8abb32573f3128d5ef1fe5eb112075436404a81f2d1e03bb181ab1ed4bd5c673d70bfeb19eb06cbcf502f5b743753ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
67926d93d653a4ba695cde376313d5bc

SHA1
f068d06f6dcd1b7b35febb73f4a9835c19e24b49

SHA256
f1732841c1e9df39b485794a22ab8bf94d680e8e89f051857849ef9a14e51c34

SHA512
7a6e311f5d0961655ccbe60599a056b20087e3c8d9505ed92f5c35606acd92fc4b172d111e4ce9f32d340dc3304b10ca4f7c1e687ab5d445d1349e2d706b5182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
aaec23790858910a2ef5c84bf4e96977

SHA1
e076cdbdb48b6e81047a90b2970418a2ad45d0ec

SHA256
5dbcb3a00b9fee76e6be6db77428c8c959357c75226d2bbbdfd6a3cf026857f3

SHA512
4068a128d736021a7e8d3c6e2951c6faf86a44835af69ddbb2acbe73c333eec0b6e9cafbe53cfe6ca06cb106fef8ef8cdbbf929036ed6816635c09f5528ce89f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b0fc4868cacb3a0ada6701a81694d840

SHA1
4468c4c71aad2571df2052c86ec20a52bb2525d6

SHA256
670b44bd7e7ff1d2f270e30319729b47ae2abc847a909964bf07ff0a7a0b7235

SHA512
a75b6e1f88202d75fe981d5fa0f70eab6e9fe99063788042c06e4ea2ab4ca65c5a0993baa7a20ce2bf633631b79dcee3cd215d42dea055c666b840bae79b065b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
160c86875b3b8248f7eae5fa1983e97b

SHA1
4478aada5e3f16a86d35716987cb089614d59302

SHA256
623fa658543d7894f8cfe913bd4ca33a607858b2b3c3cf64c0bd32c20112f33c

SHA512
c12af91cc3632ba405c1b9c07290b13b58e77488be1096aa6cb086bd16e5df5720161b0f43a3eafc89a801d45636d0be3a1b5947684f3c215dbe7fb00d76006d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
49a2f2ce11f89d6d39ad46b48bbfd3e6

SHA1
d2dc1acf3efa6d7027264b1623188077e29bf7e3

SHA256
9320222e381ce167647d9f4dff4748606370b5a4ded502e5c33971d71dc4f3ed

SHA512
b38abe42926508a42e2c5ec2b17377611ced70940223e9b745a6ce2551c5ce463e7ca333cd1fed1092ec67e49f06bb40d35ea81f9b412bfa0ec1b4e774b81bfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b40571677587810ee2ed531a08b4c9b9

SHA1
146efe8d42114a8467330ef4c865c1358e2ecaad

SHA256
f80d14a74063ccc9db873effd9125caebddb1d5c3dcf80f283132f383a5e2fef

SHA512
de5bc8b61b31babe411872fde844f2e3176831375640afcbe0bad9fe930d1029e46f18b7c348c3ae15d9db050339888f5e6ac0809b92d287ecda83c28d1cd0c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a3df95684e5fe519ab42963536fc3c76

SHA1
18ee502e897e5b69deffaa2e0943620d7331efea

SHA256
ec30eb9d2bf1d56ae97846b0c6ed12ecfa1a8395d1a9963dab17742d0ac11d6a

SHA512
a82fae864be191f901932416932e6c9c00fcbe1b88b915fbddc0af6a5c65b6cd5ced6355d473a0d8422de893eecb25c2f98e8e84ad0eb8fc12699f0c15996208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
5bad4dea5db3e8e7a1a430f7e3296b80

SHA1
2bdf527d354726ba18b43dc44bab653a185a3ed1

SHA256
845f4bb35c53a62c0a22198381c0d12f02ec0b651acdbef0f86456473c11e986

SHA512
ead9813f08996f2956cc9ff6ab21c1d897f39ba9b175caef7ba00a1ffe089cb62317207cd2dac5389c6c3cea85afa192da65c90a78ebb1f697740e6ea10e3bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e1a6dcc6a159649dad9af3014f2f1c67

SHA1
f6c3194ddc4a45a5893d3a11436d73451429038e

SHA256
3980a5ac466c5704e4edd4bd021d0dbee19978d15e80b9f6979132388f0fc846

SHA512
b58b95441dcc4b5674a3aa28ca4035df5b36b3b989cbccc57c7362c2404ef2a07aaab167ced981f5d8055fe3e4060931cad9bf1a6c68bda02ca80d8e88c23e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b0bdc322196058d0801b5bf36859e41d

SHA1
c706a99eb9a7f01d146bbdd62960bbfdd0a5d69e

SHA256
ee2494e5a72f571e077692d28ead9c57bee490fac07d1c93a44bbb58679719ce

SHA512
eeede4abec4e976d8178b6439ed1d03f30e4f80e0ba112996c390c20ea06b3b7b8dde8d8e457575961534d7ab985316fe567bf997f648b92fc34766f8097ebe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ed899bf589abeeb89bb677d1823acb22

SHA1
8a480f0127bd3ff8ce12ddb5baa99822fbab8db1

SHA256
1be2f71921631c7394ee14927a5b36af756ba1b13315fe184d6c4f57baacfc83

SHA512
1fb9b225c954985e759b1a58787e9e24eaff2ff329399a2eec5417c3318d7068258bbd3202445043e50ffd4e2d7828fd57e8b1c47eac001b9ba6f0f8c62eb84d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f6b4.TMP

Filesize
48B

MD5
4a10b501deca93a5e187b39ac607d6ca

SHA1
cf625f75678bf9167837a1a4893e2b0a8ff6ed68

SHA256
1422b747ae3f3bb4ed23e660ac27518b8e86aa12080fc7a0736c756f310d4bc6

SHA512
0539a4d182af16805a961c7265a91f9161eac62bbb360229a78d917abd800bb343f790608b5272c0891c7cc55c208bb1fc3add0946c911361f91957dcad8e72d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
bd0e0be1be2cc0615451c334e91c0680

SHA1
4f859523395868dfacbd3fd850c79855bbca2a4a

SHA256
36bb7338eaee34113c6e38d70ffb6b3b3b00ecd68c058defc3d4e2880a777459

SHA512
bf20ba05b7ef29a8ab6b680d6c462f9e1bdaa09c8661e670255d3db53b93e8f5fdd3950995265d05cb52ea947920908f33bfc0f9066458dc15b58953c6772dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe59456c.TMP

Filesize
140B

MD5
cae04fe38ae1089f52894253f588a597

SHA1
d5ea3f3977b0727c072ae2d84ec24808ae824c53

SHA256
b00d025cc8128e070de70bcb7196cbf16ec3b1ce5344d6f02d825b5106ba9d8d

SHA512
c9f288a587fd69bfcc9956f486cde554522b4d7cfb802e957c96f62088800458b1336a48da124fe78f8cd6772bfcd298f4a81dbf3c55767880bd65e3924e6d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\000003.log

Filesize
41KB

MD5
9aae2d2e63e40395b180c5fcb95c76e0

SHA1
d817f22106127f8df877d0896f449c225e12c6a5

SHA256
4827d9458ba1639ab45e0128413919934c16dc4903f3406eca4b00a1be8096b8

SHA512
f895316ee0a3f41ee66caaec0e720ac2fb5b13745e385f34f00ee389d1a47659c470ceae4d5817d163be9d06543d582640928d160f84c8fffeba416a9f62ee82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
44f3d8dc73fde6894e7060550c1c9014

SHA1
4a785d65e1a0e102ae8fefb28ace922a441f5b43

SHA256
51083c517e6a48b46a33c04aa6189e7035426a698a71855ccc52ae57fd82d306

SHA512
b5d06e31dfa634666b7b7f79edf9c30a767342a57301de9848d4a2498ede01c0c4dfc94c97dd7f833a7175053d8b95852f42aeb137b068bb530a736ae07254f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
df15d5bc1f73fc925c578a0ae41350a5

SHA1
e60a180f799d2fe9b22e7e86a25544981e270895

SHA256
bcb6d436559743230a6b3c96e3107dd826006afd029d95255ebf1840f2135681

SHA512
2222db364d16cdba5772ae9cf103306a32f11ab9df928cc630b3f57efd5dda29efd93834ac3601cd5a01c4d091fc6933e4fc256b35decb9a3db405512d44f909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
1b611394002894f2a3898516c781afe4

SHA1
2dcc5ebef1108d4dd934e2b9b7fdddd7ca1dca1f

SHA256
fb2bf590b0c211b6c09625f65875ff192418ad53db47e8d8507c837eb48694ab

SHA512
015dab9d67b33633500e8e3574463305f5f2d294413e89a703a0eec5ff107ca5b640de4d45fe3d9eccce091577d7322c1f35aa161d7509c43737de1c6a977ec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
f268a82d5cfd92fc185850c05c387a8b

SHA1
19c9f99acb10933fb5445fdc78d81399876abeca

SHA256
58a3822619522f4fdf988adc5eb60bf342951d48701072de0e0a650637220d90

SHA512
02d7848ed740765a7a17c1db55b3e17d738c11fbccc91a6c42e4edfa3c8bdb58ace89ca4f5ea8c3562308cbe357581d043c133e74c9749879d0ccaeed9efaf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4616_871190971\65544831-76fd-4150-9876-d3149ca5fa39.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 650279.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit
memory/3348-45-0x00007FFC0C7D0000-0x00007FFC0C9C5000-memory.dmp

Filesize
2.0MB

Download
memory/3348-41-0x00007FFBCC850000-0x00007FFBCC860000-memory.dmp

Filesize
64KB

Download
memory/3348-13-0x00007FFC0C7D0000-0x00007FFC0C9C5000-memory.dmp

Filesize
2.0MB

Download
memory/3348-16-0x00007FFC0C7D0000-0x00007FFC0C9C5000-memory.dmp

Filesize
2.0MB

Download
memory/3348-15-0x00007FFC0C7D0000-0x00007FFC0C9C5000-memory.dmp

Filesize
2.0MB

Download
memory/3348-14-0x00007FFC0C7D0000-0x00007FFC0C9C5000-memory.dmp

Filesize
2.0MB

Download
memory/3348-11-0x00007FFC0C7D0000-0x00007FFC0C9C5000-memory.dmp

Filesize
2.0MB

Download
memory/3348-10-0x00007FFBCA490000-0x00007FFBCA4A0000-memory.dmp

Filesize
64KB

Download
memory/3348-9-0x00007FFC0C7D0000-0x00007FFC0C9C5000-memory.dmp

Filesize
2.0MB

Download
memory/3348-8-0x00007FFC0C7D0000-0x00007FFC0C9C5000-memory.dmp

Filesize
2.0MB

Download
memory/3348-2-0x00007FFBCC850000-0x00007FFBCC860000-memory.dmp

Filesize
64KB

Download
memory/3348-43-0x00007FFBCC850000-0x00007FFBCC860000-memory.dmp

Filesize
64KB

Download
memory/3348-5-0x00007FFBCC850000-0x00007FFBCC860000-memory.dmp

Filesize
64KB

Download
memory/3348-42-0x00007FFBCC850000-0x00007FFBCC860000-memory.dmp

Filesize
64KB

Download
memory/3348-6-0x00007FFC0C7D0000-0x00007FFC0C9C5000-memory.dmp

Filesize
2.0MB

Download
memory/3348-7-0x00007FFC0C7D0000-0x00007FFC0C9C5000-memory.dmp

Filesize
2.0MB

Download
memory/3348-0-0x00007FFBCC850000-0x00007FFBCC860000-memory.dmp

Filesize
64KB

Download
memory/3348-12-0x00007FFBCA490000-0x00007FFBCA4A0000-memory.dmp

Filesize
64KB

Download
memory/3348-1-0x00007FFBCC850000-0x00007FFBCC860000-memory.dmp

Filesize
64KB

Download
memory/3348-4-0x00007FFBCC850000-0x00007FFBCC860000-memory.dmp

Filesize
64KB

Download
memory/3348-3-0x00007FFC0C86D000-0x00007FFC0C86E000-memory.dmp

Filesize
4KB

Download
memory/3348-44-0x00007FFBCC850000-0x00007FFBCC860000-memory.dmp

Filesize
64KB

Download