8cad66adb36b1f4f64204a4328a063ae33695dbbd5386f761cfb56c2c0987471

Resubmissions

29-03-2023 05:23

230329-f3ey5age3t 1

29-03-2023 05:06

230329-frr5bagd9s 1

Analysis

max time kernel
607s
max time network
610s
platform
windows10-2004_x64
resource
win10v2004-20230221-es
resource tags

arch:x64arch:x86image:win10v2004-20230221-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
29-03-2023 05:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CL_Win8Helper.ps1
Size

11KB
MD5

e7a665b03533dacfb4f3df3d8efe01c1
SHA1

8c1aa0ea2447fb6c319a1251032b3f90f1db2fdf
SHA256

1a1505f948eb08624a4a7380ca25ef18654b5c0a15df9988209f70e958f5337b
SHA512

294dd1b62bc9d6d1b01c6fbfc27864b0e45c1cdb4cfea6cc109490b9874420f66ad15afdf988af870926631952439a2faae608db3e97744b21d464fc4cc57189
SSDEEP

192:oK5+re5p31lwtRZizkYeOcJlQwHx7cprxi8RZkeuYT1bLKRoguwCsXsoz+ppjGk6:J9AtizkY2JSU7Mrw8Rme/T1bOw7gs3zG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133245484139165077"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2805025096-2326403612-4231045514-1000\{C7BD799E-352D-40C6-85B3-015FE91FA065}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

powershell.exechrome.exechrome.exe

pid	Process
1656	powershell.exe
1656	powershell.exe
1268	chrome.exe
1268	chrome.exe
3588	chrome.exe
3588	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

chrome.exe

pid	Process
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exechrome.exe

description	pid	Process
Token: SeDebugPrivilege	1656	powershell.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe
Token: SeCreatePagefilePrivilege	1268	chrome.exe
Token: SeShutdownPrivilege	1268	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

Processes:

chrome.exe

pid	Process
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 1268 wrote to memory of 1864	1268	chrome.exe	90
PID 1268 wrote to memory of 1864	1268	chrome.exe	90
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 5008	1268	chrome.exe	91
PID 1268 wrote to memory of 4136	1268	chrome.exe	92
PID 1268 wrote to memory of 4136	1268	chrome.exe	92
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93
PID 1268 wrote to memory of 4996	1268	chrome.exe	93

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\CL_Win8Helper.ps1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff983b39758,0x7ff983b39768,0x7ff983b39778
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:2
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3196 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3328 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4560 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2852 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2804 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2712 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5368 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3416 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4548 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5320 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5620 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5684 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2796 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3460 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5884 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6112 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6104 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6208 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6348 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6504 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=944 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5320 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4592 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6636 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6112 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6576 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5280 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6692 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5744 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=3968 --field-trial-handle=1836,i,3135715278360332581,10290606729859425951,131072 /prefetch:1
  2⤵
  PID:872

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4616

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
29KB

MD5
e7d6b85edb141824af8951e19333337c

SHA1
76600b2cb1978ca24d9fe39b1412f052da855ddb

SHA256
6e1bf43d1d49858aacd5de53b32b551732bca4b2a46b1f808eb6d6d0f2b70c0e

SHA512
caeece2e9f68aeb3ae0f077644afc417304c4c867674e779cc0acaa30e372ccf7cd42080fea47f986508082f15f7dfca6071def8dc77206af61167220c34c686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061

Filesize
356KB

MD5
45b6555aa5f76baaf1be12a6545b4cfe

SHA1
56de8f99600fac1587f0379ed78f1a18f3707962

SHA256
d93acbbdada5d656ed9e27dbe6edae1d9c8259797780b7da153d7f2976766e41

SHA512
1272e802848bcc97d693b6a58cd1e6a93ccbb1f6c84dcccf7e82247cf9d4a19e7a9732cf6b910fe8cb27017edf54f56a9d8c880ccf4fbabbe2f632cdd807ad3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
62e96aff8bea28606b5e0d7e16c0fd23

SHA1
81ece9177d75b889d489ad356a06e932bc22a07e

SHA256
4cc596a902be802149004c61c743b4036885656d93b77f08ec373e9e3a6392be

SHA512
4a8d4ebe0e5babb87d5ad147fb88d587e5da0eabe3e23f9b84e550b523268b7bafbab8f5ba9816af3e224cf75f50c0e46ef35c28ddd9bd7685035b4f47dc8c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
154c94862f5f9f2b1f0c4ce09b94345e

SHA1
eeda8b189799a2cceca608e4705ea48886307925

SHA256
1efb0fb34c6faef060619967590b9f473fc352ec8d8379746471feeddff711c8

SHA512
1eaee028baac28031fcc90f63755ad5d574282d4ed12127622b1c48d72c2c072e5eea55467b5f4b7bc4d7d6e5170f288b2af1430cd6cbafd2467f8cc7ccf6fb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
60ee96ed4dc35283b44d1d27a8611438

SHA1
f62d7f62fc15e4992d755d41ae5b7cdc700cd402

SHA256
6b79f408d688bf23dcfdd15aba8f455f005b9e9f6189edb7ffe57828a053ed4e

SHA512
c8d902d223119e9a19bea34dd43bfcdd9d6c82ff9fc5d6929caa635645c7ced8e330a21b3cc0ea7161335034461a539ed24dece537ff99e6cec4acff28b94c9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
34009d0af5ac8007a3e2c8a1edcf515f

SHA1
08ca659a269557b26115e21ddd833a86a9e9bdc2

SHA256
da3c6132a25f692e06d6d11936987169a4c29237d89c0f37698c166716498ee0

SHA512
e127be60c7336f9ac5505a05118fabf3017ad0ab12d09684a8890b43b6a05ace8096e3449c434aa3b05d4b95f9f4cd455693ef97a28dd0a78dd0d0673648c63a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
08c01006d6f6ba2c4805184475895a7e

SHA1
ceb955bcb824a8ecd0c756c5277c87fd1c569e62

SHA256
bb3ead16ea3642742971f7b15a76e5c1d5499915fdf9a29882db4dfa14333782

SHA512
2141327ec82d54ab6ec7456c19018fdd6a266ddc8215d4886ac629c1107280f6ba5d9678a92dead81522e4639d06d9c9231611c1abfd96f52c55c4303dd65514

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
879c44103ed4da0a241cdfbbf6da8e3e

SHA1
6688b8390035decc2ce7cbaa9127c3702b1eb6eb

SHA256
26dfb2da55ef0ec84b857688776472b54d0d52562cccef4e876c239233b237cb

SHA512
5c4647aff69601ec90ab5d9fe813c5d47ba575dfad69e54f73833de6d74f8ae4c358030e31b8ff7693a3b9a1b97774e100845f387889728fcca6eecf55769043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7b610d48a1e522ac15aeb02655c77f58

SHA1
ce05f2ace9991806b0e585e4e4bf20c464cb65f6

SHA256
4506231fa28498f0cbb802e119c6426947c006a12ae0d8d1bf986af1d884dbe1

SHA512
4a7c5ebf713ac258291c0100e97b484da556c735a5881df40f44b55a4aa6c7605199e751d7a1d46151f43cca8f1cb5643d0927ba4eec273d82146908ed9b01ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
7dd9058f3b1e580ecdd2d67aac9efe96

SHA1
bb483f23d493f72635bcd08345790f0c531d5a94

SHA256
6174a1d4ef73d79144d86d1a8795aee371c4c89abf958e632224645ffbbd452c

SHA512
327e8abca8010206c30bbf79001f0ae4fd46f46875461f53e291555522c0e292ea1c0b8cb73ed5165c355431a5f617c99ced3609b60ec09b43f047d6d7ec4c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6d4af725bad722628bdc68e66afe0a1d

SHA1
d9bc036f8af8e9d1c11503bf51759f6c0dca497c

SHA256
0b08f22326f3a1af543bc0ffbf176efd96226819dabfa73f13fd5a6cea21cf9b

SHA512
1d16f3a7e680e1981b16a181edcbe84f6cac15ceaeb8c88fd05e9946c246185de17686ec0afbc5dda39cfd674979643bc45edb56b544669adfeb3aa6d0bead83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b4cdb5fe81563c747e3bd66c795ca6ae

SHA1
842ab352db27384d7bf2a557d26e5d3e5c2c145b

SHA256
283673bc8852ec48c60a1aa59e7c468b6531e140bc0e18a0d1d77dd7700a5b60

SHA512
265fb8b941255bebc663132da58a40386483dc4136609de75f1c623d7fb0e27b38a7f2378be144328afb46592073985d5630d51dfbec963cf6ca1361ecafb9f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
daaae1a450ede74bb5aa2c7667eb7cb2

SHA1
018b3528d399c9c564434bbfe2862f75435ea489

SHA256
b5cd8a256ee74fd19b9068597a45c5eb836cc23a9de325c7330b65233022a2ec

SHA512
f4725f577b04da851f9ca9bf412fcf6894087e6dd95eb181f3b93da967e017f5f195ac5fb4b2793678189bc2e157108d2b0057986704f10dd48aff14fac6cd1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
fff050349ee442c12677c4e0df2daee8

SHA1
46a9fabb867364c8a6a0fbc25565beb2e51c053f

SHA256
36af9d14d93419eb6f186922ef7fb6923c75a757742c3f82a8f6727181b27008

SHA512
d9044b1149c5625ea3aaae736bd72da42391ce708aac1d0d2757ef0dfb70ad987a43534e4b5a8d5afde3e93330d38661bf45ff2d42c4e019194e6e0b7e063d1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bfb53821b05cd344fe928047d39c5c5a

SHA1
9e81ff642a3e5219f47d1560ef76a0c6eb7c6c2f

SHA256
9091abecb1adf7deff6fbf8b1503ec16274c1c3af6b850c520cb6ef3d65df873

SHA512
fe607a4f5e852e5f5f8515beab990278f2ba763c1a46eb3026e4fe942bf15834a06ac5b9ff5be7a9d7af6487b89bdf159e6ff9696c7889c5de48d046d5f1717f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d63a9331ea0b506530273e77176aeeac

SHA1
47d105cf65dd4a8fb94ce2d25925d95765212543

SHA256
5f25b17efbbcc46c9bd83128c56d01cf05de74040731103e83613afb0a2a9c42

SHA512
fb5fdc759ca734264ef3bdbe3dd6a2006718f2395cbb9badf948606ab466451d488fc1921276a43cf8ef31042a9059e93d795bb2c68d5e1cb51e6e78b0242cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d4a3a4f9bd76fc29ea4d56d4b908ad92

SHA1
b077f10a49fe4700f4243d2b07bef1b563b1c39d

SHA256
090c519ccfb60f9be8ad8cf8f3460c1af38445f0c0dd6dd8c11c3359658ba6f8

SHA512
6c6b4e33e58b96c3bbbfd24c16092f7034139607d24f26f0e4833ae107f480289441b02dd404b61b8b86039cca6c2dc4e499f3f01584d62ae494e091ecadad66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b04f998aaa245bf1af6f8ee1d370ca3b

SHA1
4df3a06d4b82aa5c666343846f2170ac08b718cc

SHA256
ee77e79ad997f43d4be6199e60ad157f3f8408c625f13843d0649c9200eb714f

SHA512
b46ff42f447ed1515a9bafff7f0765bb7a829c696e63f8337c990f9fa0eaf8b99b3d2e44e7eb6cf86c95aeae551c572055a19614adb19147a118e6901517c600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dca83730e4536ecd3eeea8f628ee8ef2

SHA1
77512df0e60cc769d99c2bc13250e1d60bb7363a

SHA256
6cb5047a2bd13fc9e23d26b3dd68f3aa081e37ecac42fab1aa993863bb80d6fd

SHA512
06b6f5712eff9a1a6b67e16e2b4977e1a7fd3f1121e20dfbf011420ee536d83f0bcd5b210ff9a7d19366c5fcb57ffb486a46e2b4dbc9d51a4815594df7d40d79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd48d541923b4f2267dacab53f00ff1d

SHA1
4dff7b9163dae196d63204f5fc490ad8a2bee147

SHA256
4c9e63c475cc1ca2c64361efae0480c6e3ae897c8c75880264b1d4f739a07581

SHA512
d916ad0c65654365028ec0d08c6c650488792666f62ced5221e9c617a74d3084a15f6da50d8a4e132302c9fe66f0e05ba0e30e566338b168e0540565170e5220

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
45d38ba1b8e80876a583e05a80c3c1cd

SHA1
10bc8e110fcf670f4316f859c36a904a85ee8a1b

SHA256
443be959183134c2d3c112ec59ee39a9bdf52cdc4451e208edc85f27a9b25b5d

SHA512
cf17ab596fef621bafafaf050dda5ba28f2dfeb911ce0b6634c610d0ce69fab4dabe03125637685796b94a4beb6a86facfaf8d2a120c237d5361cde2f8409539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
432541b284cb6b1b954865967b3f3440

SHA1
6e23c73b7ebb808c738999d14d36c302b2371918

SHA256
14fc4b8bfa2497f3be70aefefef97472f61741d4d11a0e2d13cae5aa9eb79752

SHA512
60a19c50a8c8aacd719eb01b57597802ad42e0f32f5983dc530dd85987059b804db865e480a9a031fd11f882a84996974f5a3b476af6b4693332f50dcdcd8fff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8da16fa275f89a677bf538208fa87853

SHA1
4bfc2787ac4b27918eb0164b28af55e509f2fc92

SHA256
9d1865de4560d94cff95594c5c1bfb3d3a15c6a2e3b6db9ab943a0a56b470877

SHA512
29cfc06f886c2224987a9341e6c82f5e1fc32c03be5bd78931c391bda7a8aa3dfd8ef0088d5405b5e4b95a69dcad7f17f7a8b02e4faec18c846ad3da33ed197d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
98e184bbb3cc38ca20da51a4cf64ccf6

SHA1
c7703355cfea4112fdf20b2a0c0e0e86a09422fc

SHA256
b6d7305fcf62c68ece43062087770a64032c69b7998225478a4844efaa1a7f9b

SHA512
d05e2fff9cbe15329004169d2d0133224d75fda821ec9e885fe49235f1976bb388784614e582922a93450cd7a959db784c7458c25d40dfbba8cc4cdffcf58fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
24cba7aa5f1d44c4f65ea1ade52fa21d

SHA1
b4b42595b8e80f3fbb68009bdc0f23b64c5603b5

SHA256
e42cec89103b9e861d7df2b59e31c24b8b56de8a73a0ae086e85448e9b6b6ac9

SHA512
589f4d05c77af39140f3007fff410c7b873801c8ae4e8b13eb197df7174d0c6eae7bda783ffb5a78a84ab1d941c76d491fa6d8502a84bab765bcb180795f1fdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
826cf08b68b9598e39d9e6c3147e7ab9

SHA1
2e2b9b998c55de4d33622321a09b02ce72b60b17

SHA256
58973678b7fa6c002ee8267227e73c8cb9acfef10c3b3b1e14db85483ed4dcad

SHA512
1ac37c1fb8575445c1806fcc1f94b28aaecfc91313dc3bafef0a15227abda659c9d37087fe02ea01e9b32f41db97a3823b409978f7783a7e2c48f630b911612d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
dfb6accb7792e12052fb988fb1421460

SHA1
fe514778e9375a5136518a6e7caa96a9a2c5ceeb

SHA256
cafd3542e6e901e6e54553acfe2d3b330cdaeeb27c2df8ffa57205eea166dc8d

SHA512
497caba131361a8b3ece26ffa81edbf95d0018c7f19cac82c13fb9df7e2c62f594f304a6af6d60c895f52f4883e52bff252526ad9a1b0eaa8e5d033bffcf07f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
17ef1438746955473627cd5c34fbc543

SHA1
cb5fd9cf324f787b86e090406a3e9ee19f584a0c

SHA256
d069775c3a30c3c2cf7beb64b2d43317d6b7b62deaf9420cef10d43786805148

SHA512
56003281f14388a1c008ae8dfef289f466ac65e8cf8b67e50a5d992ff8b36b846c5c95f31f19cbe28778d276ff1a4b777c4b6dd80fef260bcfd5e43583104085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1b479e9c42d0607048c52b17b331d4d6

SHA1
f7670d226eb633c014bfea05c06b2228e14d3287

SHA256
0b4b68060e3db715793a78381a329a4f3b4b97bf48279a577c27e334bf24d646

SHA512
5c1ac41ee0c09c7a7736983470db7125734b37b5ab4fa3c818ff0a1216bbbec489d2383cc5bd64987b924d24b59c8dda171addcf33de2c59c0027a77a4a89615

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f6f10e97acb360e98dd155c207d67b0a

SHA1
02e722368c0989d83e09441e208e5fce8ab2d902

SHA256
47f2ee1a2c08370c503cfc444398652b941390c5e6a99fa4405df5e59cf94642

SHA512
7b022ab2c4397ed7e405d9db4c4266335f33c331e0f5ccd12c3caa5598efbe1fb57ce998038985cd62339c23609738b0b3912cea14a7fd5f9f7c3e91ba319a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ec049122716f6bdb1af95692168cb8ed

SHA1
0ed337afd46f13b5c18b1345b05c2b95f4aba619

SHA256
717e333b992470dafef12cf895aee42188ed94105e3d822e63cedf307cfb772d

SHA512
a986951c2122df83017348d92d021076fa1e794fc30af19d3ff2d2ed817f4d513ef79de936ab4272712fed879c4b08a65e608c7314a6a1bf80c05cb55b0045f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1976e3494c481d1e74cb33dc92532978

SHA1
0718c9c149ba230a609558eb19859c4d8a3373c9

SHA256
bf763f2220c7a1cf624bdedfbb136619aadc537d1421359382beb89c4c3b4d63

SHA512
ac22293dff58c499d8d33511052d7b393a346d410466fb814b91caa510958e7762ecbce8b557392e18f88f48a2000c47bfc42b7383731d8b359dc218ad9a6504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ecd7eebc32703b5f74c87ca4805356cb

SHA1
0c01a3a35821ed327b8d11db8bd8919a91f3c61e

SHA256
95f453bcc3e457ef7154cb638da420f85be17e31032fe2cc18e62541d2deab04

SHA512
d6d020b7e2f3e2ef9f67c7d5d325fda640df89035ee573b9ecf8af371342ccbc4f268edb4f59c281ddf8abdf7ebce43ceabdf3df5dbed4c12ab271ccb997ae70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c1a6b4622dd88089e54828732eb7e330

SHA1
215cd2e683b0b263955ee8d12a9043a145f7b24a

SHA256
e308ab93b7e46a90d5e05f21216b3878e69ad5fd1a0ca92375ccbeded51a4311

SHA512
e9cb7254e267bd80dd1fcee411ee9915e86d7cb37ae4caa5fa6b7425527e5938f20b76648f555d854703b886ae9360c7a77b832ff335f4f4da79128f6bba1f3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
172f7fbc3f830a2dd896d07fa1e63f53

SHA1
b42ee48c8d9b31c4d6f1ce66145ac2065f297b07

SHA256
2e645308ed9e2f3ee6936469a7586ab0479504f0dad2056259b9e54a9efa697e

SHA512
46820d600b8f5d8ee285a763951ee56dce55af28350e6da6950474f0a99369730673b85bfe9946fabc7b40b877ac042ea2e764bef4f7476468569010818ac5a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c0a29394f156fbdc7a8675e717f266b8

SHA1
b93019921997f88b4b2e5891980892bfd0e8e852

SHA256
d118de84cad97ce6d4242995b3b91bd39630c92d46c08e28f025dfeab16bd3c8

SHA512
54d97b83413659e2ed34b3dfa86d091791cea955b4b625a3c3bd24df7907d97a11cb16d7d0391bdd34e0fb48f56b46ff8f0c1c732a8a9f3fbf1ed1a923e3d456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9d21cf3f458a2c948da88479f2b546b0

SHA1
8e28d8941e8bde01db203c84c90dc94b9053daa5

SHA256
f34e39641088d8f70a84c24d8c1a7c1b379b91dc66a369f579a57ccda585ef00

SHA512
e87f3a118b16b6d702423142b11988a174ebb9eebe196c85a1eb74c76897bc2d2b1c2d5439425e74d67328de50afb6c75a64998506efa4e7f98c39cf86968117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
d7393b5907fb869ca1ef9a2a81a3aa8e

SHA1
8382c1ed947bed272d74ca594b34b425b96f6262

SHA256
12855ac6be799f7bf3864f65bf1aaece9b35d32f8d09daa5d1056f3d5e89f8b7

SHA512
e553e1613b26fc2430bdb6ad8aeea7fcafe3b3e88f4b4af3f826c19d941edd10b894604ca995efa679ff6f747608bfcb312bbfc3004b211d58fe9a366f9a11b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
206797d3b5ce6348f28ad15a487fa743

SHA1
ed07ca9c415d6801918754b974034b9a1ef2b477

SHA256
9f59910e6ff0c9f416bd3a60784afa9770c151cef58bf2252eeeeef24d42e112

SHA512
7e90062867f68c9eadb1a74981b03fdabb383f15cf164cab13dfd8c6bb261670820c8cfa2f8ef84801735b6c62ecd2269b981f9de40e57d8b162ffeef4675aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
a347efbd4c679d066e6347319614828b

SHA1
4fc7dbc6db585b3add1e8fdaa412aa39143f062b

SHA256
69f78979d86d5d106f6cc04441667bc3fade75b17f2858ddab8f1882dc8be956

SHA512
3a00d4d9d1ba17f5614afa198b4f9d67dcbbabb3e94752e72b5aeefa15840d204808f5a5fb085eaa353c3163a86a8a2d694194ce48ce947b95457adaa493153e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
852a93b2e0a2d5d303f8283bacc77faa

SHA1
b3984b406f9811d16335e63eaa739f3acfedaa20

SHA256
d0f12d72e8a4683a2a1451c2e606f4e93bad7278aa7f87d50e2844208898c130

SHA512
dc142029a98adeb35f5af728391bea12e3d43b29fd052eab43a3ca924cbd9942e343d36b823013366b8cd816715fc64cf6b0be5fe84f256c0897337901457ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
c9ca16133133e443e82811006382e38f

SHA1
8f82c0130fcdad9773a0a0b9b549710036004948

SHA256
394cc451654151b6b55f7e6d1e5aef8d1bd7bb33ab5d17e345a816298272a554

SHA512
c15cad8244df0a3de42138d6489c2f28b075529581e1570e23a75764e6ffb4c0cf9ceab62a050d6e7ea46918c1e4fd9f34084a0dc55e692292b1320f33b9c287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
dd930f3c80620fc79ea0eb8df501c8e5

SHA1
47af9d7a92b300674146142d49357c17cda18b26

SHA256
0e74b3781b605fc840b71ad46c41b89ca786a363b7b16d56328c7c0bfe63d6af

SHA512
0fc6cfc87ee0512642a5bbde93dbf6502358b6423928ff22594a5a7e0edbe7497965d8e0266950346dbe05fe17afe78e849d8b751f6a04645f615e230d54f2eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
de28ba911ed2ca073c4efaade0ca7eb1

SHA1
0aa6e6de754c6712c2f96f58a4e7317c3057db92

SHA256
aeeda8ded026ebdad2aaeb273b2b55973e54187ac8263eb01c96bfbfce859c37

SHA512
d54bece88faff12b59b276839a27cc8e1b0788e46e98045764d2a1f466ddb0ec4ddc7743cad2e0272362740be17ea5e643ec5fc612829519142f08ae68c9bdd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
ed9c98b069d3b28b9c9f84be24bcbd21

SHA1
18d437eab181f72b65d2b6a822615321cf2daa58

SHA256
85fe83730a9a832f0eeb97c3789f3ceb9cb4cdb229a882060738dd8807435812

SHA512
ea0af80c268107128ba4ab19105e2e7db4cf6e2aeb828f21bb27df07e804e274e1ab18a57e9d127ccb3385a082e148d9d9340d0b7249c86a3ec37cb0b073c80b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
f4f60247b1004960d19a66a1fb2b9a91

SHA1
246f8e36eea19e6579b04a1dfe736bf50de57aea

SHA256
a4f1f6c3a34c8bba7d2eaf2b6b718d33b4153f9af4cf546d404912f2ce47e79a

SHA512
b6bba7a16079e2ec59771d4ac9c7a152363d05666fa1c50d5e3bec295d8e04a20d928578df3fc37c6a5e0253335f5849320e8178915bf1fe7863dfd5240e619d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
01206451ca41ee785e966cd2e8e3ac9d

SHA1
683a0a64d44248f3e18eaa7a65d92a454a3edb27

SHA256
05e1a259a5caa4de8bfef11e611494eaa45cae14624e09216f3da7fe7b35123b

SHA512
2c2beacf334abc9432ba333835440cdf9a385087aa30a5fc86a3da803494522c8fdf7a3339075ef7d9cdafc412089cec17ffc17f0acc45f3e39b28e289cc2bf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
3feb5f82f955a2d27260fee81242b08b

SHA1
2951cf40b03b1dd44e731da5fd7e73cb4a5f5fd3

SHA256
67d12a4cd6833916adf1cdcf40415a0d6435b3eca85b5723a24daffa6942f695

SHA512
36d677a346de8a0b6b5b5e4cae7a2b82486739193dea96cb8bae62bf888909397fe0e475d75e130fd3464f9371ade698ccd546e0a4c378de9e2e8706a5847ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe598e1d.TMP

Filesize
98KB

MD5
031a6dd81c540ae9f24892f65171272d

SHA1
ce68d4d3b5bb05e577b4c017e098dd8a98608b9b

SHA256
649b858f0dd7bf8b1eb1be65cadbe3d07e5f48c35b2d04db5a0a73e4d48077c7

SHA512
e702e4bdc8b786b777f49869174bc700bd28f231261da680e9351bcab6bc065273dfe11d73354b660eb543233839c0d5781e3d28072d39216ca282a76827b9e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rmjroj1l.tov.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\3GEYUOHXEHXMVIZ52ZTQ.temp

Filesize
11KB

MD5
c2a51b529bfbc97ad6cbb85d54ace154

SHA1
bff3d4217e7565856b0c0461538b2e7496ffeb68

SHA256
1054a93ec201975bc846a89524ba294e210ca8c460358c77ada4d5de717262d2

SHA512
fed7f720069290f20d611cbf16ca655b4ba71311d117960dd7818844d252dc8eb3c175c5250e4ecdc91f4c57e99669bbeb1779dc8919f5b337fec5afce12fc81

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
885cfd43beb7810462dbf2b2b5114adb

SHA1
10e1cfcaa6ef852b5c5184d10d17197ae40a5357

SHA256
49b371411f73396d8338ed9a1a3fa6bf7c1382ad2adb73c6c4c54093acc26859

SHA512
d6fff313aae39dcf0a35b41f8603e15bf56659e278cb7fbcb8e771bc7296eb278b85b51712272b55c8d118e99a8aa1df24546ed64a93e641f844fe8b21db8c2e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
14KB

MD5
dbba7df6066eae1e24a6f8e30a63c66f

SHA1
898dd5d3405e5d881a0d05f4c26e4f400e4a73ab

SHA256
4042825d52053d638b92e95a037672e9ed9ef217edf505d700a03b61d11a59fc

SHA512
a161a98b990399740a368aae1d497d84e36aabe2645e54b0138b8ff0899714c7ff1d32946be4bd9b2dbcd3cb19967c80898548cc03ad3337ca500dd7fbce296c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
fd26beb9ebe5b73e3607101df889ee94

SHA1
8cab16f9a00fed21b084a349e8863115cab5814b

SHA256
6fbec68004d4e26b8e2e0ef61ad55480f38040f665bbb05dc64ff3cd72ee95c2

SHA512
c6898083760010ff2f5fd85e323d755b545bb62e02302d332bad715ebdface5d77cda4c8608590f92a2cc07b256c64a9d1658a0da2f48f3ca7024f86c3e07aa8

Download Submit
memory/1656-147-0x000001B753EE0000-0x000001B753EF0000-memory.dmp

Filesize
64KB

Download
memory/1656-146-0x000001B753EE0000-0x000001B753EF0000-memory.dmp

Filesize
64KB

Download
memory/1656-145-0x000001B7562E0000-0x000001B7563E2000-memory.dmp

Filesize
1.0MB

Download
memory/1656-144-0x000001B753EB0000-0x000001B753EC0000-memory.dmp

Filesize
64KB

Download
memory/1656-133-0x000001B756040000-0x000001B7560C2000-memory.dmp

Filesize
520KB

Download
memory/1656-139-0x000001B755FB0000-0x000001B755FD2000-memory.dmp

Filesize
136KB

Download