3ef9cace7dcd1de35eb68d63e01e20d3a72aeb031592ea9f95be8546fe46b06a

Resubmissions

01-04-2023 16:04

230401-th1xracd6x 1

01-04-2023 16:00

230401-tf4wmaba63 6

01-04-2023 15:57

230401-tealdscd4z 6

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample
Size

51B
MD5

6319e1c4894c0a8c853ae60ee5be1d4c
SHA1

c3148e4bb8256b69eb9cbfa02c2fcbdd2d328868
SHA256

3ef9cace7dcd1de35eb68d63e01e20d3a72aeb031592ea9f95be8546fe46b06a
SHA512

6f3a5291bfd2945c7b5cb23817810ff025b6cc94ca8b44d619f6e018f49f19c95028dd77ab2c61722958a72a2600223847aa5702ce0727712d7e698a451abd48

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248383076318066"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-144354903-2550862337-1367551827-1000\{C52D5D9B-4A24-422B-BC49-289099D3B93A}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
740	chrome.exe
740	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe
Token: SeShutdownPrivilege	3880	chrome.exe
Token: SeCreatePagefilePrivilege	3880	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe
3880	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 1456	3880	chrome.exe	91
PID 3880 wrote to memory of 1456	3880	chrome.exe	91
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 4896	3880	chrome.exe	93
PID 3880 wrote to memory of 3068	3880	chrome.exe	94
PID 3880 wrote to memory of 3068	3880	chrome.exe	94
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95
PID 3880 wrote to memory of 4592	3880	chrome.exe	95

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
1⤵
PID:1104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffd8b019758,0x7ffd8b019768,0x7ffd8b019778
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:2
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3204 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3340 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4996 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4944 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5288 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5440 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5608 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5044 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4560 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4692 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5308 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3360 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5660 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5476 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5232 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3560 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3208 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3424 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3428 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5220 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3992 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=1076 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=2808 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5564 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1812,i,6388771798981054522,12329703526822276286,131072 /prefetch:8
  2⤵
  PID:2020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1192

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x4a0
1⤵
PID:1844

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
48KB

MD5
10b1102baf964d75a0ce7676ee85dbb7

SHA1
b1e6c78b08ae79f5aa021fdecd5ab04fc04c2995

SHA256
a908f0b83b50291bba322fa1d67afa9c1217c0d544d93b29fd6ecd9c394b4f95

SHA512
cfcfd7da69e1648ca1ccc86365a2977bb21ecb9aeb173a3bb95bb39adab64bc88694d2377e9dec76563cc2277ad8292be9d43b706d4dbdc1a2a23f76cfc1fb3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
296KB

MD5
330872f1e1b2fb999ed13cc141601ac5

SHA1
6a9d1faec53ab604cd348a19c671360ec1be48c6

SHA256
ffbf9b787c37b2abf76bc0951e0a18909473f9fa166a42b5343014f20178ddab

SHA512
63a233f7558cf30bf2d6eecb49222cf6ecd15e03f4ded97b4478379ee1e6480a3cf52645a275b5cd42c73f48c787dbacd875213f596c8985df50d0e0a1956c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
64KB

MD5
c4f7300442a8f13dddf5c9bd09128727

SHA1
d7c8a30cdfe9027cca42c45f44d569627112ae6c

SHA256
5decc8ac1f3d26152842e44d1aa103c913711168c968c936bb782fb3cac10155

SHA512
3b6ebaff36af22dcc9ae7a7593657b56f99afb242ebeed50d26a33e1e6b0ff31c98ef576b96cf98c277cafc1050fee40b5d4c3fcd730595be756089a980030cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
68KB

MD5
7376fa45f083aebb4d1f89a1e71aec91

SHA1
5c0fb4b8ebb2a665e602e20fac0a2ad9afce9a6f

SHA256
713bbe73000f8273cd7307129d799de0b31282c9b5954081963d44472b127a76

SHA512
c393536304a36268cc2598af55d21729d4ebcb00754c9bd1303bbe6edffe5d2445068dc207a7eca83d83742383ba0e73cdd21b8a5ff08307e073d4bd42aca207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
1.6MB

MD5
6b1275d40a481add93c024cee90ca5c1

SHA1
5393a6451876fd627b43f451a5767c11b38ffe84

SHA256
409a5e4ed7ad0a59238727004b97f28657620bf01d1e400d0b28dacec50a777e

SHA512
fa06b79912a9be3888eed4b1d8ef9427918f64dec0ea40333e9baab12d8f807c6874a23ff4c86099e44d7c41cdd20a1a7e8cd34d71728f6b0ca6c1ac6520958f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
22KB

MD5
a34c77847d7a957a99edaf10a7deaccd

SHA1
1619cedec658842283a7a474adba2efdcb0d3598

SHA256
ebee5d0011bcd484c4e7067822a1bcac208a0d03a33fced5c6a222666df67350

SHA512
afe20d031816081eba10587141518fbce91ed5f3b44fa002a593f784603d4b2007c89713cd6d9ef3eee3ecb8b53a57ecd078826ba0fcc5d02f2b7de814dd1b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000067

Filesize
52KB

MD5
d5755de46f8dfc440e052cb0de1d9c2d

SHA1
15e6125ac49efed2f8135ab1065da9f3cad6c03e

SHA256
a860b5455ef4c2028025e4db2be8f79c46b99a8d6a8f30767bb9dcff91ad6292

SHA512
286717b19e023f7aa4ad4db39dc5ef9deb12aa5ac5be64be5e2972e9b5abc2bb74dadec359615ed9930f5b0b49dba6e0a1f596c0152d0ee3fe0410688d18c370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
eb9254712d7a5d32aefea479cefb34db

SHA1
0bf39e4a44fe6fb22a3ddbe0b9e3496a65f0b503

SHA256
dd78aeaba795ad605c7d0cccb8476888c827673d2b02162329c175aa0ba70999

SHA512
9fd81ef5fcac7a07f0ed12031f07fc89b490b7429678b8116836966e812a01e423ee89c2a968fa9b03d004286a26315cb8ffe7865eb68706a9b40af001948dae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b0d65e5b1ddc0b228ffaec03f418330e

SHA1
5d18adfc8164840bb99284c6737119f80bb5c96a

SHA256
aa2bd110c6905744d057d7fa92adfec6a922ef71bd3110cb192d1df010c8444d

SHA512
82ff4ce346912289862593af0db71093dd4fc098eda89ac0281b2904d6a1d9c904f9fc3a08e442d1ff5b79ca07845e12b12b0b2dc46349b8ef01ef08b3436aef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
82ae443d10c564e9918d74c9d5dcddb4

SHA1
72911d5387987d801f09ed3fecf69a69f7ecc841

SHA256
158308e6bf819bcbaade0ac55968e0e0d23e47af89fee39524e555f47d5476ed

SHA512
8cea841ac77016312be9774ddc842dca8dec1a08a478aa371755eeeda5d9dda36db67255f5838b391993d6bd92b06ab6cfaacd7720b82d94476cddbfa2ebd58c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
694d3caf1280bba0f646f21e9e383c94

SHA1
eab07d2df70956328c33eecd18e4b5a05da4865c

SHA256
c6926a03b6f592025ea6d81c19ce3fd8f8c56a4cd69c3da143c0814d24fcb685

SHA512
a735160e5bb27045f30f43a57f17dd7a212246e90f09fcb6259c0583bc7f047bcc9fa374204bc9f016918b24c0553eab6ea257b87d5a041588d505d2800c7ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f081ece9b35b2c0b7d4d0204b9ad9575

SHA1
fb9956594233f4974f5237d92ea80d49a515490b

SHA256
955ad1982527f9b68a776d15f937003e55375e3c9448f62b5e4780ebbc58e672

SHA512
d4b353a9e6b61cd7755275b97733624456a1132f56f36e52aef1b1667c823be2ae02a3fe713949e6b7bebbc64bec70cf36930a674a459275f2ba047e67216d0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
899694f1961f0362978fb6b027d3cde0

SHA1
7c5fd19ae0d3931e4d1a94cc9db7a22d4a6ff371

SHA256
303cede776dd69679a9832a4d00a6c66efe86b57c0c1b5ad4139de5fe250763a

SHA512
71e0444c7b9842a4165dcb56447c6f4a661ec30d38449d11107b21dcf5706414c71db55139493fa73e8ecf3eaf6239b2bfeb333f60294de42dc46a014449e61b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
181f7a664cb5acf93a8ffdb2bdd976e2

SHA1
f7788a2e42ac5c4478445808478a8226054ca2b3

SHA256
5f54d48afd99f13c55e4c51414c6197c9af4a0fe711c540138989dd7cc65eedb

SHA512
cb2f414d02106856efd005b4adffcfec7841c52d19efa75551caa111506f7927b1a3b8f11f8b763e3fb3fac63ca47288e9279bdcb379852f34bb1d6aafbe426d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e833379aca1450ed7aeac88f2191ceab

SHA1
7de5ac26a45da41df5a55d8ba18d51e8cab47b04

SHA256
7de3adc53fc02e6abd4dd92ed8f8a3397d5b8adaca716d24bc1432b6f70e713d

SHA512
07678f7326701e63ed0ecbfa54bfc7acccd7efafce671318cd27680036edfe824bc5ead6f1b7078997f4448538520661be556fd250884228fb2826d4bdc6e01e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a63457930953b32ebaa449eb513f238

SHA1
2bb23256ed1da2054100cfb89166d366cfc566c3

SHA256
30f213998bdf192a9eabbbac83903224dd6f0dcf2fd949d6dd25f6a413c30162

SHA512
c1e0ba2eb2b2dbcbca6712f81fd22493c9497c5d9c513c1488f8d268b48458f61b0aec2069fcd1cd3c76974a70f39269a1d14be107522d45c0b678688ef119c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ba53b631d0093984468e6467c2ed02a4

SHA1
2f198d7b01495edccadaa705ade85cf588ab9190

SHA256
e97ff6c6a9b6e0a46196af0dce3ca8f59e220431ffc0fed1a96971287b55e6d2

SHA512
8133b6692f20bd98ae42c4baeb684a5df99e888df8a736aca20ce4398b8b27aba8861502fcc6f86b7abbca7bb03655cb1b839d4df82cd0c1353a79ad762be992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
93f75a06f8c48d9dfb6a6535813670a4

SHA1
6189914b45e3368b3a80cbe7f0882fbe0d323207

SHA256
34412570f22db7ac407986a5497734182cc4fe6a3938b7b87111d1ef1a22dc72

SHA512
aebf7dd386ac62aecc90a30011697b70e5e2ecf5de33325fa591cb7e37c61f5981692991e03ded4872d6774b5cc37e5e21b48e658ec5f24f8dc5368ef161e63f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f379a17bfa9b96887d64824bcac80877

SHA1
7c56ab6342545f71ac2b4fe46963f4378cda69aa

SHA256
7c6a7cc50520614bd937c35c5bc548374595df418e574f8a04bbdab30f8a3815

SHA512
eacb55c9f636b8a18c3a922373a69f0010c456ac8df3e05c52ea1059fdc01d80e6d815636f451d132667f86aa15081b9961adb0f033aac6c97f2496b3cdaa05b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a2583cac0b6ee32a5c8c2df1fb90f0f8

SHA1
faa30982c0c1fff1b87bcd62783b5c878cf00102

SHA256
586479ef5708b7b518c87052ad970389b63cfa17c8810eda22ae56f40b4ac106

SHA512
eadeb284458fc64875b72135ef150a1bd62f08f12e269592de1adeb01bc090e0d1c106cf64d2c6816e4c2d3da11faf1f9f02f1951a6679dd48ca020facadcfde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
270b0db16c4a2eec74f5e0bc82dbcdd1

SHA1
602dc51ca6816b4153200d20dc3fddc225bbca38

SHA256
cec8b0269785493f23cb90b21a36971571dde3ed5f0d2e537b917ed20d66d48c

SHA512
0a7d5bdf6a4abbcbb1c3227c6379ce8f5ac21c27ed79698ad0bb4752735eb2a3906dbc532676287b8490b0d0dc3f44bfca28134653444394e26281bb3cbaf745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8d9a6f284acaa6fa457edcc6ba977d76

SHA1
35371693bbe7a561fc24fd5b3817866ddbf22b67

SHA256
29c4b246ded6a7a9a604275c8c3b2b1d7a8e719e22ef65aed60f90259e93f46c

SHA512
228c4317074c1a962e7782b8f0a1bb78bcd2125bb2ba03305eb0fe19d42b13ee0e83e21ca9ea08c7f12704626f9f411838332037e49d25b7fc910f6b1595d9f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bcd9f042e20d850f6e0463ad9304e2d0

SHA1
bb663da12f502c65fa6a9ca4092dc4cf84fc8a06

SHA256
32ed9ec5053fbc4ba0bf2afe027821663209ba2d64f9de8f0ce40e91c1de7882

SHA512
a0db9ba1b919e951880ca83be64a483bdd2b39092e45b898983b39ed45b7d9f7be9a70523240dce92d474c73f41f1c43492ab455ffd90d89bfc5d94b6ed5dedb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
aab4a24d7e0d4f5855617651cdc72cd5

SHA1
67707a1df902cd39f25f674933abb279a4d218de

SHA256
857c7e8ef82dcbb0534472f222a6b078875d9acd75cb61eee295be7c27675745

SHA512
1ab365677a9c2cd7f2401b759c56ee2522225d20658e1ef475cddcb6304cdabb4d98273955029fa0634a5927415fb41b032cbd5f04f289af7876d93c0fe08cfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54e21a0b8a2bf2733935f8b5dcbecd52

SHA1
71b05fd00d6e8c40b3436c1d6e53998fb42d9800

SHA256
9b95a0e3a6ca3fdaa2ec9f60615d3c3a0c2417d2f43d38d2f6d240cef0df83b2

SHA512
2a45ba127652ca217bdb50f3749916a1e0c55ef871999a6688e7964fc7f419221a7780b560918d5740bea88fd59880d36493e2b18f94acc8a77cf1a3db6a92c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4e6bd24aa675e81c08bd4b6d7c41ba5f

SHA1
b0e2e63c639244d9c8b36bb011d6a40e3b0d4fb2

SHA256
a818167e82dd253b59556a42fb56de1d0bf5f1c82ad8e6318446b536bf5ebb45

SHA512
cf59e40f7989070139f49d226992d8ed74658ba33d6315e4aef855b7fdde180a51686924795d9b959aa78b44fe8104183b157a3357ac5d70db69efaf8c6757aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\92e3ee79-b9dd-46c0-a327-643f91b2b6ac\d5723baa59c92c1b_0

Filesize
2KB

MD5
0c6de39bc42508bf7228fd1c17cf5c5f

SHA1
8792615d4b896a01d40af313de8b1f4298c6e5ac

SHA256
63c29764aad285ec9cb527d76ce14167bcce4ab96f90f66c4c8afc93b3700d40

SHA512
7ed09abc35fe072c71ce51c734f222815fd0b7eb99ff4f3685ec9a729fd0239d168a5ff235ce5b8b816fbb2b3c22f294e8a10e6b9743fef68c9c6ae48b832397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\92e3ee79-b9dd-46c0-a327-643f91b2b6ac\index-dir\the-real-index

Filesize
624B

MD5
3dbb827801f72a3ae1914193677e0fa3

SHA1
88cc7624e46f2d37551c6f97f4faf74d88247064

SHA256
ee4dbaab59c2570850a71351f18bf8102cabf73044dcd4edb9c4495df4b22df5

SHA512
2c7ea8a94849ef421a14356e44a6b4b115bd1af1fd7a1df70120c3e51b54c1ba5d250f2011739e8abd55e3a2a7ca5200eb3fff50586965f35797cda10aee0bbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\92e3ee79-b9dd-46c0-a327-643f91b2b6ac\index-dir\the-real-index~RFe580bd2.TMP

Filesize
48B

MD5
4df7927f8fccd1d2e05b7f834dff4946

SHA1
7122210d5566d7e0057dd2b7ff40a3ffcf530c9c

SHA256
4cd124b2e6d811974f593f6620e67ee09be86a4ea6841dc679a630dad43386ed

SHA512
d81c8feb53164be3e6090d7c8cdf195a3b6593fcf71918cce907ead0404d7e8564b415731b178a26617f16e49086d24016bbe14fafb75ff3aa71a120a10432c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
129B

MD5
85358aa1694298bf3db03bcc3cb7a548

SHA1
20c87cc08c340193e1d3e36857629a2e4ec7d148

SHA256
432255f10fad134e87dc712bded784ef870b7cc7fecf19d05fbbbfd273fbfbbd

SHA512
45d508e2a290a4fb1bab1a5bad08a43b57fa74c3a5153ebecd8fda15c33695676a485de6fc8edc3974a78a5083f6312fc2e1ffa4837661dd8c304d61bc4a70fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
125B

MD5
cdf27258274d4eaf66d8d152f667e2be

SHA1
6e007af698262d36ba3cdecf564eea8bb4639244

SHA256
37254c3892027bf1bc60dd5e100581a4bc7aca23d388665af507c575c4b4191e

SHA512
9a136b0058e2d7d4439576e2014eabb3827a95ad7925b89682e541c600b81a2bdf6d61ef78e0e976b229369f8592e483524c3849618ce1b868fe63c28b51a3f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57adc4.TMP

Filesize
120B

MD5
37c9bce5a0fba1d220d4cf6b0f6d94b4

SHA1
1e5eef1e74181f978ebc8be20ea8695a748f1ada

SHA256
9bab13aa2041e876b28e8bdfe5944c68386688f91135a261aebd00e329ed6403

SHA512
424accd087d2a0563e07ffc59b5a097e414835e341d2edfc23c16bfb5aab6bde41c7c569044cf026e4dda379292b7bc45b781156ed503bbaec072927b18d264a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
305e6d38b32df25ab5210b03f533b4cd

SHA1
b432c18ead40d4a0dbde7275981b1e74c97ee168

SHA256
483bfbbf76ba7af85cb6837def1e5b9abdf7b01f9176f96f01ac227b6f660c68

SHA512
0c305d244f905c959d842fa7bfa682e9d83cf2de3543ddd984776d3786ec1f3227bd2dfd7e487d5585f53d365a8292eab491a29d6ad6fe36ef8f8da8e7f0f1b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fe55.TMP

Filesize
48B

MD5
d94c1db7f34670fb6c715fdd18678508

SHA1
2b85caf0e22ee9badee55eb5a2f7aca998b0be27

SHA256
3f5e6c55338a7326f2d78528ac61defffbc55b11ce17e23776c5270c99ea5062

SHA512
b42bd3620a604176f0c7f971679e9e5206f15413bc1e41bdaa6dd29a7edb1ca2c935f4660d0e1b1a5165cfbaabe382e59ff2b37f17e8c50033358fcd62b7995e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e2ff265a-6814-4421-9c67-962a6e0fb111.tmp

Filesize
5KB

MD5
f62109904673b1a966e811ff25676223

SHA1
2025fca4bd1981895942fad9b6a6a77c824f2614

SHA256
a45e5a05e3e8b4bda90b936488775d86ee99ad33218d8a03b3013abf1ac00dd7

SHA512
e9c8962ce06b1b27f8138177b2c56d321dca15711380bd064d5631dff770e65208388cfe62513e32f4800a8af5795d566a6b9bb96a4d572c5403888d715383d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
13a381af34ba37f880d45f4694cb81fd

SHA1
c504655e8098db15f17823cba1e3efa5deedf980

SHA256
8e15fadc919b6809dc981ee81e431016222dfc405f608e3ae4e5be3be48ec181

SHA512
175d5d935114c1f9b95a4c9d11657b849a23b54697d96b7b20df5832574de274afc3a3c1a7362e0828c1adafe08f14326791dc17d1eb62389bcf4d7b364c0a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
4abf40053a9dfac74ae5dbc2cf396e55

SHA1
13bc1b5360a94c89c87e9ff2b569947b33b133b9

SHA256
bb7967ea6ab80f48af6eece11304f106ebcd231da6287f2b15ff2e6d1d1558c2

SHA512
94cffb8231f82d4f86dbceb456611845eec3eed146be6ba6d4108fb534b8c137d409d432e863b06a7645708e339ce9c186bf5673d53826eb612a938873559530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
6a8b82254e5eefa606584d7dfbbf4e09

SHA1
a4013faa08178fa5e21399ddc6163db12d9c447e

SHA256
280062e6e033dc90931d87f6d098632a606184e042977a667638502a0bda65d2

SHA512
3e22249a4267e8dfd2af34e07aebf3453b94d5a9a2a6c149aab708e3efecd832968a2be04d2ab6ace058c2c7afc48c68edcb027645fc8e8a05e022d18c3a975b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
6386b68170cabf9c05679a0b4a80a4d8

SHA1
47507e76b96ed4388dc4c845fb9ec710385460fd

SHA256
22928113fab8e1f6595ac15855d5f85da4bbce92564f13484b5c4a77edceb9ed

SHA512
9372101f5e67edaaa674b4c3a477b8c1136eb739e58a62efced0a1d65b596ad052c08c0958f8940f33723e4f8e8216a0b37d8115379d7d8631ebde71b716f827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
b611ec6d1b9b2c824198e5900d92cf35

SHA1
0aa74596ce343151ec90a58f2b6ed24aa6b7d3a1

SHA256
5d176697a1e3eb57fe6d83a47a5fd705babeaaa6b8e5e9d765ed331a77a7676d

SHA512
62f82330a316037e04378cc6bf8b67e01f2a4ae69ada8d015825352887e066b73bbfe7091cf37399362b0b734fe8eff51bcad3461ad4e96dad04201bba2ed892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
59331da0b13f802de358ef42d5ba3f1e

SHA1
1f7cebcf0facb43e972dbb84ae4c96e34fb0b0ee

SHA256
d0a59e3483aafd0563b74dc4efafb87a5cbf734dcc13f09daf5e67811b37da02

SHA512
31e5ec491675777baab86a69e8a2cedeb2169607b9ee57c59837b075e6f22e3e3746b03aae8e029bd806afd4c13990fa2198e80c2285f30c233b244b41baf382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585c73.TMP

Filesize
96KB

MD5
670af3ed780de695acf9973739111479

SHA1
81a3192d39002dfdc3f8d3bc9a0621730744cb9c

SHA256
f2323ef5b74e316b012b72aed94896a13bb0cd4de1654b019d3c4075421cfd01

SHA512
5eba90337db482a0c1b758b2ce47c6d26ad0d8c79ca61499b804e2e55f471f76e10b30635b84c0b0b6633675b7140e64f4e86a08486d4a7e8c104d5d0d2d2b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit