Analysis
-
max time kernel
1800s -
max time network
1806s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
05-12-2022 20:48
General
-
Target
CJYUAEBL.exe
-
Size
1010KB
-
MD5
7cb5f631784c4e56f1bbbd2db5e08cf4
-
SHA1
467bcd4c278b2fae07b3dfb68b29814f0c1ec606
-
SHA256
ffa9f3d0e3d4d29b10cba30fe3394d538b8c415e9c29cf36a56990e9204ec7bf
-
SHA512
07ec1ed2124d24c02438fec3cd9ca65897f320fcb324192f5717ff0759c3a6a24e04e88dff84fd4ba37e0370c24d092231c93147fe90e93ce981cda6335d33f2
-
SSDEEP
24576:owfXt2qCbasU3cyK9pNhMhtrjxLF7ZQ/ronBb5:oEcO+9bh+1lLFaMnBb
Malware Config
Extracted
bitrat
1.38
winery.nsupdate.info:5877
-
communication_password
e5ff7c52fb3501484ea7ca8641803415
-
tor_process
tor
Signatures
-
BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
ModiLoader Second Stage 1 IoCs
-
Modifies Installed Components in the registry 2 TTPs 1 IoCs
-
UPX packed file 5 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 22 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 8 IoCs
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\CJYUAEBL.exe"C:\Users\Admin\AppData\Local\Temp\CJYUAEBL.exe"1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\colorcpl.exeC:\Windows\System32\colorcpl.exe2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies Installed Components in the registry
- Enumerates connected drives
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.execmd.exe /c start chrome.exe --no-sandbox --allow-no-sandbox-job --enable-webgl-image-chromium --use-gl=desktop --noerrdialogs --log-level=0 --test-type --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD911931862665983⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --no-sandbox --allow-no-sandbox-job --enable-webgl-image-chromium --use-gl=desktop --noerrdialogs --log-level=0 --test-type --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD911931862665984⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598 --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff83d9b4f50,0x7ff83d9b4f60,0x7ff83d9b4f705⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --no-sandbox --log-level=0 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=desktop --log-level=0 --mojo-platform-channel-handle=1624 --allow-no-sandbox-job /prefetch:25⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=network --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=1888 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --no-sandbox --log-level=0 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --log-level=0 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:25⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --enable-webgl-image-chromium --log-level=0 --test-type --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 --allow-no-sandbox-job /prefetch:15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --enable-webgl-image-chromium --log-level=0 --test-type --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 --allow-no-sandbox-job /prefetch:15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --enable-webgl-image-chromium --log-level=0 --test-type --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 --allow-no-sandbox-job /prefetch:15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=3816 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=3932 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=3936 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=3976 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=4820 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=4284 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=4292 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=4280 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=4272 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --enable-webgl-image-chromium --log-level=0 --test-type --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 --allow-no-sandbox-job /prefetch:15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=4308 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=3992 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=736 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=4080 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --enable-webgl-image-chromium --log-level=0 --test-type --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 --allow-no-sandbox-job /prefetch:15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --enable-webgl-image-chromium --log-level=0 --test-type --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 --allow-no-sandbox-job /prefetch:15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --enable-webgl-image-chromium --log-level=0 --test-type --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 --allow-no-sandbox-job /prefetch:15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --enable-webgl-image-chromium --log-level=0 --test-type --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2948 --allow-no-sandbox-job /prefetch:15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=audio --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=3960 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=video_capture --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=3004 --allow-no-sandbox-job /prefetch:85⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --enable-webgl-image-chromium --log-level=0 --test-type --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 --allow-no-sandbox-job /prefetch:15⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-sandbox --enable-webgl-image-chromium --log-level=0 --test-type --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 --allow-no-sandbox-job /prefetch:15⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=736 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=732 --allow-no-sandbox-job /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-level=0 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --log-level=0 --mojo-platform-channel-handle=4124 --allow-no-sandbox-job /prefetch:25⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=1424 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=4448 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=1424 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=1424 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=3308 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1612,10979469765918170877,3253851686315749853,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=4628 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"3⤵
- Modifies registry class
-
C:\Windows\SysWOW64\cmd.execmd.exe /c start msedge.exe --no-sandbox --allow-no-sandbox-job --enable-webgl-image-chromium --use-gl=desktop --noerrdialogs --log-level=0 --test-type --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598"3⤵
- Checks computer location settings
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-sandbox --allow-no-sandbox-job --enable-webgl-image-chromium --use-gl=desktop --noerrdialogs --log-level=0 --test-type --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598"4⤵
- Enumerates system info in registry
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff84ce946f8,0x7ff84ce94708,0x7ff84ce947185⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --no-sandbox --log-level=0 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=desktop --log-level=0 --mojo-platform-channel-handle=2180 --allow-no-sandbox-job /prefetch:25⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=2264 --allow-no-sandbox-job /prefetch:35⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=2608 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --no-sandbox --log-level=0 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --log-level=0 --mojo-platform-channel-handle=2436 --allow-no-sandbox-job /prefetch:25⤵
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --log-level=0 --test-type --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 --allow-no-sandbox-job /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --log-level=0 --test-type --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 --allow-no-sandbox-job /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --log-level=0 --test-type --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 --allow-no-sandbox-job /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --lang=en-US --service-sandbox-type=service --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=4368 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --log-level=0 --test-type --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --disable-gpu-compositing --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 --allow-no-sandbox-job /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --lang=en-US --service-sandbox-type=service --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=4880 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=5220 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff65ed85460,0x7ff65ed85470,0x7ff65ed854806⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=5220 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-level=0 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --log-level=0 --mojo-platform-channel-handle=5068 --allow-no-sandbox-job /prefetch:25⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=5384 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=5036 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=1256 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=2952 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=4560 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2124,14261019920256702969,8626464295150375000,131072 --lang=en-US --service-sandbox-type=utility --no-sandbox --log-level=0 --use-gl=desktop --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data935CB1CD91193186266598" --log-level=0 --mojo-platform-channel-handle=5156 --allow-no-sandbox-job /prefetch:85⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\CrashpadMetrics-active.pmaFilesize
1024KB
MD503c4f648043a88675a920425d824e1b3
SHA1b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d
SHA256f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450
SHA5122473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Crashpad\settings.datFilesize
40B
MD52141e916c95cfa9ad154136321e16bab
SHA1e5eca565f7d6e04aacb92e2d334f0dbf39c799b0
SHA256dadff5e5eaa502c91cf8cc77b20dbd3b166efcf1f4f39536d98e73121895d275
SHA5120b59ccda76d76ab5142273153d4a57bbd8eb112b3d2c46d08448113fb0fb178c5927d5855d33e43dc3376c9196dde6c924bbf021b914363c2d7e2f931b2c07a7
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Cache\data_0Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Cache\data_1Filesize
264KB
MD54f86a7653c2ab82c19577762d0ad797c
SHA1cdc19e307fa8580ff0e38556ee1db7670dfb2da2
SHA25636b40409b02f4d8f33bb4499681d7ea6c9f1d4c5435a96bc75d3c55b27d77724
SHA5124f4433b00b1675b16d1cbeb0efb0b6229ff16bdcf39b22fa47319eeac1c68a8316758dbdfd359adb24e3ca1471f1cd0469628fcf90fd4a9ff89f6ff4fb3ff3cf
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Cache\data_2Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Cache\data_3Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Cache\indexFilesize
512KB
MD5d918ab295b2ca9f4b458c44a137b5dd5
SHA1e76e892f4dca842fdd4d942d1aef4a5556c01bc1
SHA25679a5d72fa7b75ac15334f732c94502e8c9619e1535ab57aa9cb9f927951aee71
SHA5124b53988b1bd2165b1cefe988cf92dd2b52a529282d5d1718975ac7c3f317277f4476d2471acc98b03c61b1a829db50b4b6188e0d384fabb9a229824585ad9415
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Code Cache\js\indexFilesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Code Cache\js\index-dir\the-real-indexFilesize
48B
MD578f33319014a67498e6ec15dbca73078
SHA16f6eda98b7df1841b21e02616c730581b7405a65
SHA2560c3df31bff9b5e69aea274a2cb5889c8128236197f6e96b21f087c9f08a1acc2
SHA512afa5e67da1d06443f7cf5cd8cdbdf5cb296fb99e0ae98305b3a2a313818e116ab3a574f137f30e6362d0bbec87f83f2a696e0f34393c7012e027c8a5afc598aa
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Code Cache\wasm\indexFilesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Code Cache\wasm\index-dir\the-real-indexFilesize
48B
MD578f33319014a67498e6ec15dbca73078
SHA16f6eda98b7df1841b21e02616c730581b7405a65
SHA2560c3df31bff9b5e69aea274a2cb5889c8128236197f6e96b21f087c9f08a1acc2
SHA512afa5e67da1d06443f7cf5cd8cdbdf5cb296fb99e0ae98305b3a2a313818e116ab3a574f137f30e6362d0bbec87f83f2a696e0f34393c7012e027c8a5afc598aa
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\CookiesFilesize
20KB
MD5055c8c5c47424f3c2e7a6fc2ee904032
SHA15952781d22cff35d94861fac25d89a39af6d0a87
SHA256531b3121bd59938df4933972344d936a67e75d8b1741807a8a51c898d185dd2a
SHA512c2772893695f49cb185add62c35284779b20d45adc01184f1912613fa8b2d70c8e785f0d7cfa3bfaf1d2d58e7cdc74f4304fd973a956601927719d6d370dd57a
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\FaviconsFilesize
20KB
MD55688ce73407154729a65e71e4123ab21
SHA19a2bb4125d44f996af3ed51a71ee6f8ecd296bd7
SHA256be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60
SHA512eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\GPUCache\data_0Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\GPUCache\data_2Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\GPUCache\data_3Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\GPUCache\indexFilesize
256KB
MD5539ddd755fefaacff3b8c36bc148dd39
SHA1d1571801bbe736b920de4079a43461ee4dc4fd99
SHA256ae0a0a2b288b5c346cbf770846b33848322d14c7032048ec4649541d5e4d5e5f
SHA5125a3df92d2f1b255422753fd362f27d9dbd7ab95c879fb63ce2568217b6abf8df9315fd370cc204da21eb2384cb4515a9deedfc7452628ca1ac2bd80b03398b6c
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\HistoryFilesize
116KB
MD54e2922249bf476fb3067795f2fa5e794
SHA1d2db6b2759d9e650ae031eb62247d457ccaa57d2
SHA256c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1
SHA5128e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Local Storage\leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Local Storage\leveldb\LOGFilesize
145B
MD54a64625c341ea60012752fdb2dfe353c
SHA152fdea8fcca2c80be41798b3d7086c7c95204f34
SHA256997c5a2b614bcf3c2f6ce5b19e05341394d0838c466b6fc5e2506c1067fecb15
SHA512b3a9f1498e6be2cb5892878659096f7ea074768f131c263f4b0a0f41ecf4088fe8e88dfd1ff1f89c78ee7cf8efd254bd58833a2f4831129a6726262e24babf80
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Local Storage\leveldb\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Login DataFilesize
40KB
MD5b608d407fc15adea97c26936bc6f03f6
SHA1953e7420801c76393902c0d6bb56148947e41571
SHA256b281ce54125d4250a80f48fcc02a8eea53f2c35c3b726e2512c3d493da0013bf
SHA512cc96ddf4bf90d6aaa9d86803cb2aa30cd8e9b295aee1bd5544b88aeab63dc60bb1d4641e846c9771bab51aabbfbcd984c6d3ee83b96f5b65d09c0841d464b9e4
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Media HistoryFilesize
140KB
MD51ddfe694c682299567c25daee0cf2a04
SHA1d32bb6199d95989525ce204a859780cca708142c
SHA2562237a10a071315f272ac9eb9338ce9a83350739537a5cbf0f82bd5ac65e45968
SHA512a1a09f7e4c919a758c38c8a789feac95dd17f07fc955ca83bd0e4af6ca053f5e205d6f55bcce380f83cbc5bd26e75457ce120fc287c13bd8b73b68e1610d11a6
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Network Persistent StateFilesize
797B
MD550ef3e8a758b719b9d0b39a037c23237
SHA115e5ccc91fe32c0a5d3c6c07007cc31a94694e6f
SHA256b8f70c6220a2f97c89fed5bc454b61293c37bb4227184e698456a6968dbdee6e
SHA5128591d99c727980dd56308e251f629b0f93c0d35219ffd5920926e122ffa9a384869691d6a2d513c0f251c6185be45c6c2d15910cf2e6915ff9cabdcc60ff6c4c
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Platform Notifications\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Platform Notifications\LOGFilesize
145B
MD5deb918e21740452822db0630274b29bb
SHA180f50a5b4d21240d764f1d4841f64848bf7916b5
SHA2566c0d8d64faf9d60b4f2cbbd403dcb5270964d42a1e0317943c7e7c1474403a0d
SHA5125369945479d1db60459651e289cef73eddbd67ca6253f071a3f60d0f4889bba01ef811a18c52e2a5ccf8029391ed91738facb293f650df5047d9d53ebb75e461
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Platform Notifications\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\PreferencesFilesize
6KB
MD52a874b66cc222a3acf7a5bc1feeebff0
SHA18763a86147b50c11f90e092de8fdfb37ec8d4ecb
SHA256960cb3d68c4208aced7c06d4697c5fdc08890cb591e6814112810f6c42c9837c
SHA512f32b01536d66f917251a69382f6fcf76bd8cef7b252e5c9e5166ec44a5435a4dcf4d661245630f950de976bd65c0cb83db9c3da338bba09f7823a1c37d4a77b4
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Secure PreferencesFilesize
15KB
MD5a6c5198a7b153b28cb695bacf2578a88
SHA165e6194cb58db6d489e864deae4caee91a0277de
SHA2563af81add618d25ef442eb4c17d749c5523aa82af8f950c91b6063f925c0e7d35
SHA512c6222ee1c231cfdcb13e5eb819c4000c70088ea86f61b891e96deb067ae1a16e95d5ad3c4a944cd1aea852702fb46777d9ec42d1ac2fc89f531d0f2437a76d90
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Session Storage\000003.logFilesize
156B
MD5fa1af62bdaf3c63591454d2631d5dd6d
SHA114fc1fc51a9b7ccab8f04c45d84442ed02eb9466
SHA25600dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d
SHA5122c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Session Storage\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Session Storage\LOGFilesize
138B
MD51a7e6014dd36a5d7c38692c6769e0a46
SHA1328422d36dd3005b1a9ca21fa32742ae2673c83d
SHA256afda1be043a7ccd6b33afd9a1a3a4d26d7cd26877f8ec584f2ff96cbb2171688
SHA51205085c6070d9a428c4a4fb952109039c40aac2e9a68e8ea61464c839689cccad4cdf6e44a5ec5bb2c878769080e8dc9c72bc576482e132e265f7e79cc8ebb8f5
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Session Storage\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Sessions\Tabs_13306505039831878Filesize
669B
MD5d747712817108203e23164ff337e2e0f
SHA134875fee254568ca1cff1e3069442155cbba9a72
SHA2565aae965ca35d73561feb2ebc9fdfc4908458d466b96ab60961f07b825adabb3b
SHA5129976bc37cb868352eddb601433f22a7a7078dac27115242dd0d71710db7955440d3b8d69d1a073df1b482fb6c60867d84df6127285921dbbff138f0154360165
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Site Characteristics Database\000003.logFilesize
40B
MD5148079685e25097536785f4536af014b
SHA1c5ff5b1b69487a9dd4d244d11bbafa91708c1a41
SHA256f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8
SHA512c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Site Characteristics Database\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Site Characteristics Database\LOGFilesize
152B
MD5a1f6b88a57905e6ca36247010ed71e51
SHA14415190e3f74911b922cc81cb70e08380629feb7
SHA256685ac81da1489feaf61bac60c5ae74c39849cb8900ec00f3f49c450704bb9152
SHA51247d146e9d78ce7de5376b60bc1efe9dc4bfe77e17901ac4c123fe5a6f22f5dfcf4ea1ae9d75200ad927a9d510b238acc6bcea7c958df6823cd7511ff7bd7b0d8
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Site Characteristics Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Sync Data\LevelDB\000003.logFilesize
122B
MD50d9f70652007603a81c7847dc3cee8da
SHA14a7c8341cfd657f31314690bfd9bd8f51030c5b5
SHA256a705d9d26ed11df2f38e6c25557ccb83916b8598fe92d2ad25868f9ae89844f7
SHA51227e34f4b5077a9bb58f30d2447c43d2ae877495bda975b33f405d5d08d03a009bf67bd24abcf70838934f17f1ec66ed1b98429ad96997cae68d0f1e0bf9ea4cc
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Sync Data\LevelDB\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Sync Data\LevelDB\LOGFilesize
141B
MD584d992e053a4bb49eb225226b894b5bc
SHA1db7d4a4ee5fee7c02e8a4590ce561de3ccd38c2a
SHA256a76fb966940965c2117462aaf662a7f430ba0b9568ef43fd68ead1ae68c6eb19
SHA5123ca3a296c281e24a4fb36c98e835b3e794f71a0cd7f98e8b30825a5a1506b09ef9fd13a7fec03db1574112227c1dddd219f2cd0993211eed116de11c59f99b4b
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Sync Data\LevelDB\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Top SitesFilesize
20KB
MD59048adc11b40da3679e854f2aaee2813
SHA13a5f63f46b6f38dc15e852bc9ec85d17b3bf09d3
SHA25655f6ab81fe7167e23124f16688da2f74223d2c7b6e3312316f243f129519bc2a
SHA512421477d5561ba0e55597469b01785c46ed1a3ad36f592db527290705129539c6355fc0477c219c899c253fb95b1213b1e05fef57d4d0e0b74c48a9f2cc0d3e1e
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\TransportSecurityFilesize
203B
MD54dc6af6aad8b6f67a64e74c7e13dc116
SHA16e8dee626456904d8508d1cdb29c022f56ee569b
SHA25615e554f055b6e9c489fbbb53a944f4f73962345c9d3d1dd0583789039bf465b4
SHA51228f4da2147dd9974fb8e6ffa87424c366bbbc34f29e65c72a13e36949f9951767c0e692f6f8fee798dc7050708df229ccb68f98660c4b5bc6e2b1e2082a18f22
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Visited LinksFilesize
128KB
MD5a6bac5e1b4e036928ec5b0fb167b92fa
SHA1292984bec29c122279fe43f3accfa4bc7073036b
SHA25635772423f16c371b86a0534f24d1fa084341ea384b75b4da4d3b5b2bf174a8e3
SHA51250a26d167b6a8c25b3e191a1a13bbf9762137f36720d78a5dc727aa6b93da8d9f7946a954f11d08b9afcf5acfb89e5bc6c749e563f8b1b68a1b60f9973196a0b
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Default\Web DataFilesize
88KB
MD58ee018331e95a610680a789192a9d362
SHA1e1fba0ac3f3d8689acf6c2ee26afdfd0c8e02df9
SHA25694354ea6703c5ef5fa052aeb1d29715587d80300858ebc063a61c02b7e6e9575
SHA5124b89b5adc77641e497eda7db62a48fee7b4b8dda83bff637cac850645d31deb93aafee5afeb41390e07fd16505a63f418b6cb153a1d35777c483e2d6d3f783b4
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\GrShaderCache\GPUCache\data_0Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\GrShaderCache\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\GrShaderCache\GPUCache\data_2Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\GrShaderCache\GPUCache\data_3Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\GrShaderCache\GPUCache\indexFilesize
256KB
MD5a71b0446a0347dc5c023b499b6006001
SHA1364e2d3bd198e88529219470b6f1e93037fa1957
SHA2566eb7808467755c2a510eb7c0fd3b06b9a89e6c416a694f111a98ac14c1304b27
SHA512c57469d32c6db3887fd891208257456d411ffe6dabb27aa9a63c2f6470606c20ccfccefb1ef3db0e6bc61dda184789427460af926010d2251b90e3f03f90590b
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Last VersionFilesize
13B
MD5b63048c4e7e52c52053d25da30d9c5ab
SHA1679a44d402f5ec24605719e06459f5a707989187
SHA256389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1
SHA512e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\Local StateFilesize
90KB
MD59f3922257d31b56ddb3260485c5f49a3
SHA15cf822cd0ff48b4ecc8899050529b1babc810f77
SHA256597f38a58894c5bb6351117ab025033272b6e35fac3e0be949d0321ad232868c
SHA5121aaa66c44c954ed6303959c55d742db1f5359e77a8ca987da01407bd07cea89949540353380da1b8e105840e3f676e0d2d8c7f4d55e1c6fa74f351b59e0f7a69
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\ShaderCache\GPUCache\data_0Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\ShaderCache\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\ShaderCache\GPUCache\data_2Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\ShaderCache\GPUCache\data_3Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Google\Chrome\935CB1CD91193186266598\ShaderCache\GPUCache\indexFilesize
256KB
MD517d4c5c91ca2a31839fcf972ed936199
SHA1b318419fdd22512883580476c365d4b8aed5b8a3
SHA25665bd1d6e9c8c9052bbf9cfbf3ec5f3da953506d0fe656a72c3abc812ad126139
SHA51202e564fed462b5dd5fef62bf6c142525c61cd85063509d2ec1217717e21a70114f8ee5f9af48a5741f7f17682d46e5bf73ab1d938e9869b721fdb497a6c1dcf1
-
\??\pipe\crashpad_3756_DDMPRXLTLUVYHUUYMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/376-252-0x0000000000000000-mapping.dmp
-
memory/444-242-0x0000000000000000-mapping.dmp
-
memory/628-141-0x0000000010410000-0x00000000107F4000-memory.dmpFilesize
3.9MB
-
memory/628-134-0x0000000000000000-mapping.dmp
-
memory/628-138-0x0000000010410000-0x00000000107F4000-memory.dmpFilesize
3.9MB
-
memory/628-139-0x0000000010410000-0x00000000107F4000-memory.dmpFilesize
3.9MB
-
memory/628-140-0x0000000074E50000-0x0000000074E89000-memory.dmpFilesize
228KB
-
memory/648-245-0x0000000000000000-mapping.dmp
-
memory/956-231-0x0000000000000000-mapping.dmp
-
memory/1104-234-0x0000000000000000-mapping.dmp
-
memory/1140-249-0x0000000000000000-mapping.dmp
-
memory/1236-238-0x0000000000000000-mapping.dmp
-
memory/1600-236-0x0000000000000000-mapping.dmp
-
memory/2120-241-0x0000000000000000-mapping.dmp
-
memory/2272-237-0x0000000000000000-mapping.dmp
-
memory/2416-253-0x0000000000000000-mapping.dmp
-
memory/2676-158-0x0000000000000000-mapping.dmp
-
memory/2784-239-0x0000000000000000-mapping.dmp
-
memory/2800-251-0x0000000000000000-mapping.dmp
-
memory/2908-248-0x0000000000000000-mapping.dmp
-
memory/3096-250-0x0000000000000000-mapping.dmp
-
memory/3388-233-0x0000000000000000-mapping.dmp
-
memory/3448-243-0x0000000000000000-mapping.dmp
-
memory/3476-254-0x0000000000000000-mapping.dmp
-
memory/3528-246-0x0000000000000000-mapping.dmp
-
memory/3812-142-0x0000000000000000-mapping.dmp
-
memory/3820-244-0x0000000000000000-mapping.dmp
-
memory/4176-240-0x0000000000000000-mapping.dmp
-
memory/4216-235-0x0000000000000000-mapping.dmp
-
memory/4408-232-0x0000000000000000-mapping.dmp
-
memory/4480-157-0x00000261A2260000-0x00000261A2280000-memory.dmpFilesize
128KB
-
memory/4480-220-0x00000261A314E000-0x00000261A3152000-memory.dmpFilesize
16KB
-
memory/4480-225-0x00000261A3157000-0x00000261A315A000-memory.dmpFilesize
12KB
-
memory/4480-226-0x00000261A3157000-0x00000261A315A000-memory.dmpFilesize
12KB
-
memory/4480-228-0x00000261A3157000-0x00000261A315A000-memory.dmpFilesize
12KB
-
memory/4480-227-0x00000261A3157000-0x00000261A315A000-memory.dmpFilesize
12KB
-
memory/4480-223-0x00000261A314E000-0x00000261A3152000-memory.dmpFilesize
16KB
-
memory/4480-222-0x00000261A314E000-0x00000261A3152000-memory.dmpFilesize
16KB
-
memory/4480-221-0x00000261A314E000-0x00000261A3152000-memory.dmpFilesize
16KB
-
memory/4480-154-0x00000261A2F60000-0x00000261A2F80000-memory.dmpFilesize
128KB
-
memory/4480-151-0x00000261A2220000-0x00000261A2240000-memory.dmpFilesize
128KB
-
memory/4480-219-0x00000261A314E000-0x00000261A3152000-memory.dmpFilesize
16KB
-
memory/4480-150-0x00000261A2280000-0x00000261A22A0000-memory.dmpFilesize
128KB
-
memory/4788-136-0x0000000010410000-0x00000000107F4000-memory.dmpFilesize
3.9MB
-
memory/4788-135-0x0000000010410000-0x00000000107F4000-memory.dmpFilesize
3.9MB
-
memory/4788-132-0x00000000021C0000-0x00000000021EB000-memory.dmpFilesize
172KB
-
memory/5000-247-0x0000000000000000-mapping.dmp
-
memory/5052-230-0x0000000000000000-mapping.dmp