hxxps://google[.]com

max time kernel
182s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2022, 04:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 20 IoCs

pid	Process
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
4632	Builder.exe
3480	configuretion.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4632	Builder.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
1656	chrome.exe
1656	chrome.exe
4960	chrome.exe
4960	chrome.exe
4612	chrome.exe
4612	chrome.exe
4444	chrome.exe
4444	chrome.exe
4612	chrome.exe
4612	chrome.exe
4616	chrome.exe
4616	chrome.exe
1284	chrome.exe
1284	chrome.exe
5284	chrome.exe
5284	chrome.exe
5588	chrome.exe
5588	chrome.exe
5756	chrome.exe
5756	chrome.exe
5864	chrome.exe
5864	chrome.exe
5936	chrome.exe
5936	chrome.exe
5124	chrome.exe
5124	chrome.exe
220	chrome.exe
220	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4548	chrome.exe
4548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: 35	4632	Builder.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4632	Builder.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 1508	4960	chrome.exe	82
PID 4960 wrote to memory of 1508	4960	chrome.exe	82
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 4236	4960	chrome.exe	84
PID 4960 wrote to memory of 1656	4960	chrome.exe	85
PID 4960 wrote to memory of 1656	4960	chrome.exe	85
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87
PID 4960 wrote to memory of 648	4960	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf0ad4f50,0x7ffcf0ad4f60,0x7ffcf0ad4f70
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1588,2085223496134237151,16643290654286065904,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1632 /prefetch:2
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,2085223496134237151,16643290654286065904,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1588,2085223496134237151,16643290654286065904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,2085223496134237151,16643290654286065904,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,2085223496134237151,16643290654286065904,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,2085223496134237151,16643290654286065904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4252 /prefetch:8
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,2085223496134237151,16643290654286065904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4968 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,2085223496134237151,16643290654286065904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,2085223496134237151,16643290654286065904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4548 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1588,2085223496134237151,16643290654286065904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4556 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1588,2085223496134237151,16643290654286065904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1588,2085223496134237151,16643290654286065904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1588,2085223496134237151,16643290654286065904,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf0ad4f50,0x7ffcf0ad4f60,0x7ffcf0ad4f70
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1652 /prefetch:2
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4524 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 /prefetch:8
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3856 /prefetch:8
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3324 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1000 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3060 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,16657701906427940091,17395428182989685957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4732

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6012

C:\Users\Admin\Desktop\Scripted-Ransomware-builder-master\Builder.exe
"C:\Users\Admin\Desktop\Scripted-Ransomware-builder-master\Builder.exe"
1⤵
PID:1100
- C:\Users\Admin\Desktop\Scripted-Ransomware-builder-master\Builder.exe
  "C:\Users\Admin\Desktop\Scripted-Ransomware-builder-master\Builder.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4632

C:\Users\Admin\Desktop\Scripted-Ransomware-builder-master\configuretion.exe
"C:\Users\Admin\Desktop\Scripted-Ransomware-builder-master\configuretion.exe"
1⤵
PID:1160
- C:\Users\Admin\Desktop\Scripted-Ransomware-builder-master\configuretion.exe
  "C:\Users\Admin\Desktop\Scripted-Ransomware-builder-master\configuretion.exe"
  2⤵
  - Loads dropped DLL
  PID:3480

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2141e916c95cfa9ad154136321e16bab

SHA1
e5eca565f7d6e04aacb92e2d334f0dbf39c799b0

SHA256
dadff5e5eaa502c91cf8cc77b20dbd3b166efcf1f4f39536d98e73121895d275

SHA512
0b59ccda76d76ab5142273153d4a57bbd8eb112b3d2c46d08448113fb0fb178c5927d5855d33e43dc3376c9196dde6c924bbf021b914363c2d7e2f931b2c07a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0

Filesize
44KB

MD5
eb140c7dd7ea86354194dff2c0eb61fd

SHA1
4b1abb8d5df3c780b55c128e65355b4db7b13a0d

SHA256
ff50deeb459f45ff5433ce883860532e2a923e8c61d5b1b9eaa1abc2297254e7

SHA512
517a1742884e33eec62b0dd2c905b957211ca5c026a62a4af62ab92a6291822ace0439594e7282f93a6bdb5c7c269ea161f068018d326ec161b739cb5f818324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1

Filesize
264KB

MD5
93e24ce7f9272e5b010447497428d251

SHA1
54cc8a3934c76280d2fe2f648008090866e51da2

SHA256
d2566adf39c7d1fb7676a0fef0a7ebc9c44cd53a3f766b4df1dd0fb62bbebe9d

SHA512
4931be78b7f64e9253fce8f60dcbc2baf56f3ad6139b0a619742c396818f1ba0f9d4614cef6c71c6e6430464766ca9a565a05c300f300669da4c955efdcc30d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
8fcfcd2030d3a1250c9beb314ab31a15

SHA1
6554ecd7a011a0822478df0074369eac2b7e7c15

SHA256
65c6072d0ce485b5bbd9f243697edd4200327e42761f5df8c2e24c88ddf8f8e4

SHA512
3f96c2e5543e9f38f7c7365d1a83394231adfee84d3c5f5e0d4d0a77795cf53c7f3f16856e3691ba7f151f9311626e15580073fbfa572e625e783f514add6113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
037b8b86ed9a9fecb020f22862a47376

SHA1
598f9c7736bc60b3800b4dcec01ef885cc36390e

SHA256
9f9aa636001fe381d3bf83106730356c6cb105b45026efc35553a9217e0e5be0

SHA512
58ab73b15954481fcaa2ac66c0504f0da3cff956e559ce6f6a836b8dbbcb32e52244c9e13504f03af57c8553c2ffe0a3be04dabb67fd941bb20e785e43469674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
d1f5861950ff8f3c15c5278c98169473

SHA1
a38fea94fc2b98a1d21a76365e7fda1a069a1d0d

SHA256
eeee567e9376a99fbbbc42e06d9400f8ebf6d88accd7b05cf479878c777e4fd6

SHA512
664286e2cc497b075a89c4ef1bcfdb6198917a2b00706661567794e4df1e1d71ba2f2c75689f51bc6e968dfcaca255551c03271b6cb192cbdd6c0fb011713e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies

Filesize
20KB

MD5
f5ebd183d33db98950acaa91f3a881f2

SHA1
bc3ad9453106620c1fc250848ab90ef10ba4cdbb

SHA256
f118945e145080e8d40c48709b79abe2441aa566ad984e65cf52c9b00cedba94

SHA512
f1faae22b5a093132a11fe29661d4ed5ec5a108be274b208ce1cbf506083881208ba1d6f9da8dff1eca0ee9cae59471e62cf2f92cd7f9bd52a4499e79b88190e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log

Filesize
399B

MD5
a15ac2782bb6b4407d11979316f678fd

SHA1
b64eaf0810e180d99b83bba8e366b2e3416c5881

SHA256
55f8fa21c3f0d42c973aedf538f1ade32563ae4a1e7107c939ab82b4a4d7859a

SHA512
370b43c7e434c6cc9328d266c1c9db327621e2c95ad13d953c4d63457a141fbf2be0b35072de96becc29048224d3646535a149229fc2ba367c7903d3e3e79bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
516a574337801aed262bf2b21b981014

SHA1
3bdf3b321476a122e05a546543a15f3a53a29e8e

SHA256
b2ca0bea57d925822ad1d210034874520d606677a079774543192a576f087e10

SHA512
b43b4c4c6a631deeb3624453a072dbfdb26a2aeea7e46350b866a59551b970d2b5bf52d578733eceeae834577924f15908b38726335058b4cb179be6da0ecfe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
cc5024774be8382ce70c0808511bc86d

SHA1
193610c226c7b21af465fd0642472b27c15e853d

SHA256
b8afc3b3e8b0feb5b2f982c8389fb396ad7f267058a94712aef98a6b45697d72

SHA512
c29722f3e5fec2252ebdc5e529d0d51e83c4c5a399e470fa8cb3de29a023a8508691045c84ea2e05d55849b0a913a7e8045f135956f0969b7f8167b7f852b94a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
116KB

MD5
e308ad02a01e5ef9c4687b558ed28e2d

SHA1
3f00e62ed0b1cd1bba2126638cebd9255cc82a23

SHA256
6393218e906f41c39589879256c46bbcdf2be12d08f528dc41c6e73172ee3abe

SHA512
830aede57e1448a002d709c1f27f2db69a884f1b76a93161fc047fe614920704b753df58dca4c00bc5bd67c986da2679a344d531819d40e3e77ca11196a5e11c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
23KB

MD5
b1f29330a3925dce3a84a5ddc2e6b47d

SHA1
8dd5e90bb5a5c6d77016e29be2c6f4c29bba7614

SHA256
62a4154e9825b9924a0f11d1bab0249927f96d278705744927cdca3147dce2c6

SHA512
d922339a82e0d38bc8c0a97300f0adabbab64e4e7a87d20fd4c142a546c490893a270af0f1d7dccd7d2401d1facf808efe9eea42a9c633746a0179dd785e3945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
326B

MD5
8c8865e90c9dc0c8b1c73bb3e197b56f

SHA1
f5c173e8b9a8ee1a3e7181f686a63f6cbb976c08

SHA256
e8a9f28b033dbf34823b781a3b3f47c16df40ddb322479034baab0852eb0c610

SHA512
85097145aa06f687e5dd09537b8e8b03b634bfa16929b8d5a93c4e76f56d79ef32fb4116a172097e436f642d5a9c196624572f772212a7899c158cb843150e1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State

Filesize
2KB

MD5
87f85eac6ad5b81b026afc3238913342

SHA1
ca19041061087e559142356c16a6cc6be3472882

SHA256
632e9f011d6f2657f215377fb1ba0c5b7801552fd8501ca06fe55f5b8eeda246

SHA512
2607229d28c2c3d94d08fa73d588ca2de73e2698d02523c9a6792a371773a458b558ca7d3385a2e787bf6cbbb4f4d34c0f2ac33780fe18304c724570524f0150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

Filesize
331B

MD5
22f0e842bcb28178cd4651491e086a28

SHA1
d3f3a3cb690a949542fe9af4a2793b6f3cf9667d

SHA256
02170d163c3a6ef816ad666907a8e2ce40ef5257f9db5e6771a69aaf07657b9c

SHA512
0316f10c49f7ad827e9f270091b1847cbed0024cf2d35c75ac04c62cc05489de82a2d9cadee69cf686c1fe1c3f03b1979bd2b6a7607daacffa1babc24012ed99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e6e706577e125a02eea53baa36b83ca7

SHA1
be07eb346d04b1f8db125b7f6f7f3e1b211a514e

SHA256
c22792b53a5b7c4bda59b02f05f9ae4b03a30e7159181961368e03e65c0a3142

SHA512
0236bbf0ca2599dbb01e22d77aa5220012daa8120b94fdfcc0c0769407c603019d2926466749f0218aea3c1414776c67835a72559cfd93d8666080a06c81bad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
913831c85520f60d64eff1059c4e7c43

SHA1
3c1414088b6bea33af575ad451a16b1ac3f36cee

SHA256
d8ebcca1f089598c8761a1c1ee2d1e57384930ef31681b0cd014ea8ffcf52f8a

SHA512
d5e545371107e973317d0ce3cdaf0713a31c79aeddf22cffda59965701e505d1e8d26a27f9dfb47a978fcb857d72215beb11d0aa5d915076027ac3cfce1e3ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
17KB

MD5
ccaecaa3cbddf464d4f942f791d91426

SHA1
92461ed1b0a6118af670146f2a9435e367a32da1

SHA256
c8f0fe55ac0c91264967910d4a2dd579b8216800fa0dbed3cc2712fbd0149c3b

SHA512
10da39c1509df2b9f434a9b2c650c1d0bb498d1bf1a2d9ddbd9a3d828ff71ca73ec3ee1f76d1c418f5b1786c4f759f094b1f70dc6ea5bcf337ac45e4bef4189d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
888B

MD5
2579c7110b83b821c0c32e2f52f3478f

SHA1
1872c88a5f7411940b85ee4e0db1c68ef766c9af

SHA256
05529c31a90add4144ec64b51827255ed8d067c52ce3ebb2adb6fe02e615a5da

SHA512
019d3cc663a25d450c24cdce3d1a0eb67dae1d22226dc2439a5afe8080177bd3a2cfe10167dcfb615049c88d669814477b065060c0acac042704ce05ec2c9aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
9e24442f690652461972dcaa92bd9a1c

SHA1
d06fdb67afb43bc69547c1f287e3dab18da6acf0

SHA256
b7facff13517029adb59d3d46d32df6ca75d1425416e3402d6a67204d4b2c020

SHA512
e84cb8df53f46e64bff62352c08b06efb1a04423255b228580a52adbcc6bc41d258acee750a44febe015c081f16cae45858b7ec090ad7aab1cbcfd33f0f23e70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13316849566673915

Filesize
1KB

MD5
19a16e3779cf715cd7f7f2bf9fe2ed10

SHA1
98003d8d2f25f0ff5a5df80832a9d83445d7ea66

SHA256
372fb7832d2676c8f4de363ab460b7ae71e8a8da3c027132d6da041926d045b7

SHA512
f2c32b3de640523b5333fb66190a216d26edb6b5c80d7654d76809ff17668e6e5632c11e42aa2fa08e49754d1c2302993852fc7ca289b830ab5cc1f0f6ddb587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
0e147e554767e33c17cf140754a774bc

SHA1
d8848987b341cf681c3fa246e520ca08e4ec0ab9

SHA256
431580d659c47f654b6f0d72ecd66c61c48207ff82b247107166796bfd6fe8cf

SHA512
e32f37310af195b661f74d3fb15726c361913a765da0e8674d5bacfdfd0c554ac89be84a869c8d2578cc56a7df686ae0c9fcd978dcdaf72ec9bd9173e7020dbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
f711a906809e9c1f3de539dfcce0263a

SHA1
20fbc11448c4fa1975158c85b9585d5e645d2136

SHA256
98fe14dc29ea2a1ccbeaad4e6a5309ec0ccbbebad5b58047783026607874b1f9

SHA512
35134985a34718142c3656675f6e09322312a6bc0f1685d450f0c2c0b595c31959507f0daad8eb983045e2f331661229495e6c74eee737cd39a748e279d2eb1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
160B

MD5
de92ad90be6d3364745b2f73f4c3cf73

SHA1
9158681463bd30e5af4dda4baac81f93cedbda77

SHA256
0025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0

SHA512
9e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
9a866b5d354e0f9098b7f00679acf98a

SHA1
63783dc48d991992d00346575f61063c1eb349bc

SHA256
717ac06a36b72eb3166a11eaf5ca415e3b18d74f8816722a84ed934853b35126

SHA512
5a2ee1ae99717179c59e8ead199c6a95e0e3ecdf8451f3c682161a9e0b29c37f29117cca3c62befc1a4faff12824ce9a2a78285c153790e847f99836ad5a7ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity

Filesize
706B

MD5
30cebffadc004797c819b4681efcc411

SHA1
9e3a830b9fb943e6f961f4f85af63f22462d240d

SHA256
66c576aae0056c5ebc0db41f291e8af41c0a2f70b9efb1462c87f41335f4f1fb

SHA512
8d03f7abbfb43b7b1748169900d91760c7ada4cbbb843a30910fe3cb5ff0a7888a9a431bcb54776d4f0b82681f312472d9bef8ae6893824cdc8a68d5706baf02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
68a7dde6d880ed69481ca5aa13136645

SHA1
08e735357030ff0550106b3daef046e5bb8519d0

SHA256
96b87562ee216ec5438ca918d174d5a0c5b2f0f3eb850e3cb8ee6d828230bbd5

SHA512
c68477c09d844e28b2fae3e259bf1e268498b2160def37c3b3fe609fdd5fd5b8011e06c7357d0513972fa3e5c2652bf340e94ecee077245aee6b42eb435d134c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
45B

MD5
e388b2a0f926e37a476648641fd22bee

SHA1
93d15f8e929305a5c395448be8c31b7121c28774

SHA256
8eedf19dbe3365b22ca084c2cc5c277e5e970514cbbae65050a53151c9377aca

SHA512
3da410dce5b5af6727b1f425a9c828b3b03601970fa760e87c7d56ec92de6322b5e01ec3cb1542c827b6ab3cac7a0b28501201be464e28373fca17c1cdb9e75b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
b63048c4e7e52c52053d25da30d9c5ab

SHA1
679a44d402f5ec24605719e06459f5a707989187

SHA256
389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1

SHA512
e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
cd42d06fa0b827776a676170123a48ca

SHA1
5a43e05545792711f05e660ac4ea3610aa8e0bbc

SHA256
97db2896373cd73d109685cc3b5d7e1c630f99369f6a0b23d1c5ade957759ee2

SHA512
b572b143ef38b6f70b29ac885ac5b5c812b1cbd590d4a5077c5d9c9a398e521e76ab2e1ae83f0b0c4599513b222c6a19fa9979a6e547ed6a83abb93f9d84a5dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
275ac41b166f4fa612ef06b8e59e638d

SHA1
a2a4dca4f16f5e4ebd6c9afba9e7d108d61ae499

SHA256
6c995bc963ee5478132f11ac45d191f0211bf2e3dd84580001fbf15c82bd2c75

SHA512
eff98b0ea694d7162b394a2eda74c98a5400677e66edb6868414b78400178a82ac69eee37c1d815edafd69579d110088b07c7d77ca73490cf3cf5829d87b5e1f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.acl

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4632-180-0x00007FFCEDCD0000-0x00007FFCEDEFC000-memory.dmp

Filesize
2.2MB

Download
memory/4632-181-0x00007FFCEA560000-0x00007FFCEA7A1000-memory.dmp

Filesize
2.3MB

Download
memory/4632-182-0x00007FFCE9A90000-0x00007FFCE9F65000-memory.dmp

Filesize
4.8MB

Download
memory/4632-183-0x00007FFCDD1F0000-0x00007FFCDD73F000-memory.dmp

Filesize
5.3MB

Download