vidar | edaefe4989655651df0e69e59db1023ae6c93077e847017aebb04722dcc79635

Analysis

max time kernel
1161s
max time network
1159s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdfdfdf.txt
Size

7KB
MD5

e0e398ab9fc85af4782e59c9ebdb0aff
SHA1

528de232534f4fa431642154349e6c8814c67895
SHA256

edaefe4989655651df0e69e59db1023ae6c93077e847017aebb04722dcc79635
SHA512

74af44a1c3754af24cb26c191aa7d2ba3684ee6ef2454de8e177d715c3ac54681b401e026ae1928839e992be25d5412fb70a8255255c7141c48174f92a43e555
SSDEEP

12:8uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuY:X

Score

10^/10

vidar f5594a940041074375a00887e616a9d7 discovery persistence spyware stealer upx

Malware Config

Extracted

Family

vidar

Version

3.2

Botnet

f5594a940041074375a00887e616a9d7

https://steamcommunity.com/profiles/76561199482806358

https://t.me/tabootalks

Attributes

profile_id_v2
f5594a940041074375a00887e616a9d7
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Downloads MZ/PE file
Executes dropped EXE 6 IoCs

Processes:

HxDSetup.tmpHxD.exeHxD.exeHxDSetup.tmpsetup.exe85129373715058927331.exe

pid process

2860 HxDSetup.tmp
5240 HxD.exe
1308 HxD.exe
5724 HxDSetup.tmp
3444 setup.exe
5528 85129373715058927331.exe
Loads dropped DLL 2 IoCs

Processes:

AppLaunch.exe

pid process

2768 AppLaunch.exe
2768 AppLaunch.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

pid	process
2860	HxDSetup.tmp
5240	HxD.exe
1308	HxD.exe
5724	HxDSetup.tmp
3444	setup.exe
5528	85129373715058927331.exe

pid	process
2768	AppLaunch.exe
2768	AppLaunch.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\ProgramData\85129373715058927331.exe	upx
behavioral1/memory/5528-2128-0x0000000000950000-0x00000000017B1000-memory.dmp	upx
behavioral1/memory/5528-2130-0x0000000000950000-0x00000000017B1000-memory.dmp	upx

Accesses 2FA software files, possible credential harvesting 2 TTPs
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chrome.exechrome.exechrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious use of SetThreadContext 1 IoCs

Processes:

setup.exe

description pid process target process

PID 3444 set thread context of 2768 3444 setup.exe AppLaunch.exe

description	pid	process	target process
PID 3444 set thread context of 2768	3444	setup.exe	AppLaunch.exe

Drops file in Program Files directory 8 IoCs

Processes:

HxDSetup.tmp

description	ioc	process
File opened for modification	C:\Program Files\HxD\HxD.exe	HxDSetup.tmp
File created	C:\Program Files\HxD\unins000.dat	HxDSetup.tmp
File created	C:\Program Files\HxD\is-J7PNA.tmp	HxDSetup.tmp
File created	C:\Program Files\HxD\is-E54EI.tmp	HxDSetup.tmp
File created	C:\Program Files\HxD\is-BADIU.tmp	HxDSetup.tmp
File created	C:\Program Files\HxD\is-LQ4Q3.tmp	HxDSetup.tmp
File created	C:\Program Files\HxD\is-KCGK7.tmp	HxDSetup.tmp
File opened for modification	C:\Program Files\HxD\unins000.dat	HxDSetup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AppLaunch.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AppLaunch.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AppLaunch.exe

Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

4560 timeout.exe

pid	process
4560	timeout.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exechrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 5 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248633680138986"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 27 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

1948 NOTEPAD.EXE

pid	process
1948	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 56 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exeHxDSetup.tmpchrome.exechrome.exetaskmgr.exeAppLaunch.exe

pid	process
1068	chrome.exe
1068	chrome.exe
4884	chrome.exe
4884	chrome.exe
3772	chrome.exe
3772	chrome.exe
4120	chrome.exe
4120	chrome.exe
2860	HxDSetup.tmp
2860	HxDSetup.tmp
2332	chrome.exe
2332	chrome.exe
3912	chrome.exe
3912	chrome.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
2768	AppLaunch.exe
2768	AppLaunch.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe
4800	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exechrome.exechrome.exe

pid	process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe
Token: SeShutdownPrivilege	1068	chrome.exe
Token: SeCreatePagefilePrivilege	1068	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe7zG.exechrome.exe

pid	process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
2300	7zG.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exe

pid	process
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
1068	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
3772	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
4120	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe
2332	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

chrome.exeHxD.exe

pid process

2160 chrome.exe
2160 chrome.exe
5240 HxD.exe
5240 HxD.exe
5240 HxD.exe
5240 HxD.exe
5240 HxD.exe
5240 HxD.exe

pid	process
2160	chrome.exe
2160	chrome.exe
5240	HxD.exe
5240	HxD.exe
5240	HxD.exe
5240	HxD.exe
5240	HxD.exe
5240	HxD.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1068 wrote to memory of 4600	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4600	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4628	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 3092	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 3092	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe
PID 1068 wrote to memory of 4340	1068	chrome.exe	chrome.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\fdfdfdf.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff24299758,0x7fff24299768,0x7fff24299778
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:2
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4600 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2904 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2908 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1676 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5072 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4580 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3388 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5004 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5444 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3316 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3300 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6028 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6172 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5924 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6116 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6096 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6764 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6620 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6512 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3316 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6344 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3252 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6316 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7080 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6408 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7276 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7596 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7292 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1804,i,1273888307847846372,3259398556287483614,131072 /prefetch:8
  2⤵
  PID:2748

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1856

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2908

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\xPhotoshop\" -spe -an -ai#7zMap11380:82:7zEvent3632
1⤵
- Suspicious use of FindShellTrayWindow
PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff24299758,0x7fff24299768,0x7fff24299778
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1884,i,10827964087626394176,7516864688906297746,131072 /prefetch:2
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1884,i,10827964087626394176,7516864688906297746,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1884,i,10827964087626394176,7516864688906297746,131072 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1884,i,10827964087626394176,7516864688906297746,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1884,i,10827964087626394176,7516864688906297746,131072 /prefetch:1
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4576 --field-trial-handle=1884,i,10827964087626394176,7516864688906297746,131072 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1884,i,10827964087626394176,7516864688906297746,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4888 --field-trial-handle=1884,i,10827964087626394176,7516864688906297746,131072 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1884,i,10827964087626394176,7516864688906297746,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4984 --field-trial-handle=1884,i,10827964087626394176,7516864688906297746,131072 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3964 --field-trial-handle=1884,i,10827964087626394176,7516864688906297746,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 --field-trial-handle=1884,i,10827964087626394176,7516864688906297746,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2160

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4268

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4ec 0x454
1⤵
PID:412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fff24299758,0x7fff24299768,0x7fff24299778
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:2
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4516 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5052 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3112 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4740 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5424 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2636 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5708 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5792 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5456 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6072 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6228 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6384 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6564 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6700 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6884 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7000 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6900 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7064 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7460 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7584 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7748 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7860 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7872 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8604 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8368 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8760 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8320 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8060 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8728 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9016 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7396 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7476 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7204 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5196 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8496 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:8
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1992,i,18229712122511107121,16745409348492876595,131072 /prefetch:8
  2⤵
  PID:5600

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1880

C:\Users\Admin\Downloads\xPhotoshop\HxDSetup.exe
"C:\Users\Admin\Downloads\xPhotoshop\HxDSetup.exe"
1⤵
PID:4960
- C:\Users\Admin\AppData\Local\Temp\is-UPITQ.tmp\HxDSetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-UPITQ.tmp\HxDSetup.tmp" /SL5="$1102C0,2973524,121344,C:\Users\Admin\Downloads\xPhotoshop\HxDSetup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2860
- - C:\Program Files\HxD\HxD.exe
    "C:\Program Files\HxD\HxD.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5240
  - - C:\Program Files\HxD\HxD.exe
      "C:\Program Files\HxD\HxD.exe" /chooselang
      4⤵
      Executes dropped EXE
      PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff24299758,0x7fff24299768,0x7fff24299778
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:8
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:2
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1980 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:8
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:8
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:8
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4932 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3192 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3284 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3164 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3648 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 --field-trial-handle=2000,i,4127845518195401558,5444317321664342927,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1496

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:4800

C:\Users\Admin\Downloads\xPhotoshop\HxDSetup.exe
"C:\Users\Admin\Downloads\xPhotoshop\HxDSetup.exe"
1⤵
PID:2312
- C:\Users\Admin\AppData\Local\Temp\is-3FN5J.tmp\HxDSetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-3FN5J.tmp\HxDSetup.tmp" /SL5="$20516,2973524,121344,C:\Users\Admin\Downloads\xPhotoshop\HxDSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:5724

C:\Users\Admin\Downloads\xPhotoshop\setup.exe
"C:\Users\Admin\Downloads\xPhotoshop\setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3444
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"
  2⤵
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2768
- - C:\ProgramData\85129373715058927331.exe
    "C:\ProgramData\85129373715058927331.exe"
    3⤵
    - Executes dropped EXE
    PID:5528
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\ProgramData\85129373715058927331.exe
      4⤵
      PID:208
    - - C:\Windows\system32\choice.exe
        
        choice /C Y /N /D Y /T 0
        5⤵
        
        PID:3992
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c timeout /t 6 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" & exit
    3⤵
    PID:3264
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 6
      4⤵
      Delays execution with timeout.exe
      PID:4560

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\HxD\HxD.exe

Filesize
6.6MB

MD5
0719a4514524f161ceb8a9e47713e4e6

SHA1
af1ceefb86ded0c483c2a3f2f047fa1c3ecb4868

SHA256
03e101d5d65377d559680848648ffa4c111d32d128b6e89dde8b441de7b6bf8e

SHA512
e1e50416b503a70f342b86722d67db94016dc05838e7c89fb8a26fc319e8e2f229ddabf274d09f66a0959b5a9381d8ece7e83499fb0c9bf4a99010f8c3880d2b

Download Submit
C:\ProgramData\18103637985960102340106011

Filesize
192KB

MD5
1f13339ac084e7bf9c9763a86022393d

SHA1
11531cd797c127e528968d5b4a2c2c86957c2603

SHA256
22aa2dc93a13249ec30ce0ed3e504678895ad75d4d3416571b79c7cfafedc22d

SHA512
6e65a1978b55e46337cebfca6d8b652ed49929c5e5a4a09795122e86f1985fa775f9cbf90c69eff40da7bc866f8796fb4049426847aea061edd496a71658d4a8

Download Submit
C:\ProgramData\31485356060538030988494715

Filesize
92KB

MD5
38c6ca268db336f06a897c32f49de18c

SHA1
d09f08ef64b9dd5dedc546889ceb01249def5efc

SHA256
06c9f0fb1a161abae1bb05ce42a80ddb9daa2122699deeda399ca6856e38529a

SHA512
c4da66f2af2d4e3d489d082500904f8af43a21e9b651aa4ec9ed5364fd610b849ec7623b88c303db7ff363e29af6b07ecc6580d473383d0e55fe8fc4ab289f24

Download Submit
C:\ProgramData\85129373715058927331.exe

Filesize
4.3MB

MD5
5ba7a1cf10c6afddb1e88c9b0e571f35

SHA1
d80689fa73e965eb0d195dfd638cf0efe1678677

SHA256
6bd69873ac5d8fc227657b497057d2a24609cae866d53b871198effbfdc349af

SHA512
65235384fb662bca94db5082f22f17c9bc9c345d2d4d3d22dd9c6ad4b08fd0d0deb0053a374e29739fd533a704cdca95d1f94bce86e21978b45f18aa6f8ba964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1fb0253c-a569-4369-bc46-2f79c0873ace.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\91322939-bfa0-49f3-9603-d9e6de75322b.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
baa68f3aa0ec249ffaf895b22e9ca850

SHA1
e990a031c59cdf5a477163ae0f33ec3ab580e9e3

SHA256
60ba48a187ab838085221fe8c5fdfefe90d6830503355899ac553611b3c54c04

SHA512
9cd36466bdbce8650bee354f39e988a8f7bc2570c28f2dbe40c650f05104592302e1f8319fe7a604518b6218b16be5958d36c027af21e2b1a2790021f6c915e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
f0fd2b79ab08929414be33e69078d5ce

SHA1
f28310f9182b4d59b9075a850d605beb8b0c0f9a

SHA256
0a6fdf4aa4f6ecc0c60291191558a41a13251e1d7aa0aac6400cbf77e04427ba

SHA512
5254c2a0378e695c8801686d2bb35eccf55cff3f813c3253260189ec44b359cc2616389fb1b488c334986bed160c6e30a418ea0b1a93a1daebdba4b9e46b3d7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
3582167c968623516ab9b0a8b7ce9378

SHA1
52c823ba5745afac81736a232f5aaf33a704e8ce

SHA256
bf7214f55f16fab6f6a7396f106d272c58601926f18726c1ae51d6f2db1a275a

SHA512
78296a20b968abf69e65ff51678d6a64c6f19b96f33075fd6a1f2a436a03699eb3078fb53026150e54ccc20abcedea788208c52b59e03a6dcef8ba40f83b9531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
11f686848500487129aca783fa2e2619

SHA1
6e24d851b5c7aec1c2e507a1e9bfb2c4a56b2c19

SHA256
28b9287453514edfb0ecfaa47a61c7c733a5f0e54b63f5691805288ce7231060

SHA512
bb7987c758486afe0874194676eb02d02c115bbe8ee6bcc15527b3dc15f6838e3c7c12b736e26705b15edae10c58d5267bf69e3e1af1d888c27832beaf5b3706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
edef98f67056f70b80941d83ecf7a9fa

SHA1
35b3b272e058137839f155086aee807762e710e8

SHA256
d9147937e8cd7ca3c5131bd1139b94481cd1a2fbfc56ebacf076364de2279ce6

SHA512
bfb1066176e6d201acd0aed4c70960830ff5054b9da1a9feef0738515ef02fbd6251f8ee1d14ddcd47c886de87fa35f137def7c0660b0217f841d63e2401d001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
48KB

MD5
10b1102baf964d75a0ce7676ee85dbb7

SHA1
b1e6c78b08ae79f5aa021fdecd5ab04fc04c2995

SHA256
a908f0b83b50291bba322fa1d67afa9c1217c0d544d93b29fd6ecd9c394b4f95

SHA512
cfcfd7da69e1648ca1ccc86365a2977bb21ecb9aeb173a3bb95bb39adab64bc88694d2377e9dec76563cc2277ad8292be9d43b706d4dbdc1a2a23f76cfc1fb3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
43KB

MD5
31367810d4aab6a7cf3a0ba3e40342c9

SHA1
f6af71abd697a213954de3b9a5fd995c54ab60e0

SHA256
42eeb1e58cbbf0f2f65eea19dace0ed0d59f814454588181a5a6e41d1621244f

SHA512
c349c39b8174c5e098f26d1d48b0892e22e7cdf5f26787f3e7d3a1d6a83160ad802876f35995b1eefbe7c38e5f4b0a7351c66b525c59a226dc2cd24f5bed180a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
77KB

MD5
57054ccba30c2dedde9b6139f72bf37e

SHA1
04d436872be1c702db70b33b56b97b9daa17ec48

SHA256
c4808b176fc686e19da8d088b99f9e607ea2a9040f736397343f8b35e0fc6511

SHA512
615341c2a5eb20bb491996b5a16685a1b11294c3db87d49a33f8a2162a94bc9bd1d529e8d57a8c28232a1154b2cce4b044b089954795a2855621693c2e5c9523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
72KB

MD5
74fb294a841e9116e5b5435c2f0265fe

SHA1
119c988a93c9bafe530adf86eec43846d140fd6c

SHA256
ce1d1d81e04d6fd9ab4e9a3a747cf11239a351cb69a88844300ff0b03a9162ac

SHA512
fccbbb7f80c2c7df3721f553e8295ea410f7ee653b7e8b378f873f7930f9cd5a172af711b1b1d0353aeaf8407e382645fad65a18b366519c1ee230d3db1c60b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
25KB

MD5
5ba4859e2e317527daa8e120c9b647f5

SHA1
ebda35be5247bdb93fd62302f711e1862f8e6434

SHA256
457aedf731ca907954f952206e79073405b1c89dbe9235245e0753ff27ab8f49

SHA512
7b08bdba8ca4261bac2929c8d834eeaea4141452383bf43d1352747ece27b36fbbbd968e19bfd7b319d01b7db6fb7ea784dd1a785fef25ea540be110a56cdba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
53KB

MD5
bd349e729d613a976d77d146cc2dad67

SHA1
3d59a24ae48159666a6b772677cfd2c855eebc08

SHA256
9f66feb14c253bd4af1f716853efd8ab9fceb2f890b76d2e4c7f03112bfa0984

SHA512
e84c0fada275c78133633869ad6b716fd3dab6fd5d4a4a1bd1be3993fd9ee6ed65a6d472f1dee06bab5bd0158ba987ab5e6c612195865fabd46c57df0bcd8239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
74KB

MD5
6393931cd47074e2eef3ac09591bcb9c

SHA1
ba5da37b38258064f541cdd05054a62082c6f8b5

SHA256
0a8f04752ba662af544243813698b2a75b1313a10b3e6940fd4843eea782b051

SHA512
9c91ba1a96d06a8305acf76b997d36a3a18a091b1ea1cfd91e6157391e2ef8f64133745a6d9dc6c8878ecfde90ee319be0afe30b5366b1e61d7c36e4a2cdfb29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
123KB

MD5
279902fdbb44fe2c0f3651415a219e77

SHA1
fda4d1bf7fcb58dfad2e88f054c98c7713569591

SHA256
d1176b6bcb6bb60c2351a7dadb07f5729182fde0bad9abe0ea6340ebbf31d885

SHA512
ddcc016ade05ec267c20a98d91269bdb3fa25d8387390fe4692c6883171d8c649db8d2505493ea4075ca9836829809add4cab1147ad423b4a5a090a8bd6a2a51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008d

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f

Filesize
162KB

MD5
b81d6636c3ad72c63e532e5180eaf7f9

SHA1
ddcd059999fff6218e98af62dbe3fa9c885a0de8

SHA256
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef

SHA512
4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
545f84bc58581e7b745394bdbf225a0b

SHA1
11ca2d09fbafa332f8c171457d0090d96904d8e3

SHA256
1ce2d0a145f3727165c646aba2d92eb6c749ca2f184cd28e3796a3aee882ba9e

SHA512
022f04b2ac31982fc735737d17c1fa47c4b7722bed6bc15e471fc931e24a607d3cb67666120e4bc5fc0c6376eb62dc683bd90aa827d2011063d94a05a95fd572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ef58349502057f765d3c53272458e7ae

SHA1
9d8727c95c6f822d0d8b081fc12d06ef22418edc

SHA256
1eb8de86294a632f5e7ad2e3842c2ae30e8fa483d908be38b5e4abd92dd10616

SHA512
282cc5082958b5634c756f680af3282c98303741960d44ddd2727735723a0531e2d0fa5a219228bb2cecdfde2fb260b8366b89b460a5d5830073302bbcb22d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a6d3ff7c6270acaacf5c1aadb6c2f0e5

SHA1
db85659d395637c7b8a86adadfc131d7dd64c758

SHA256
1ebc8fa135a48790f39adcee0710baf69189ff861c2950f8feda435b68637c7d

SHA512
4994527df854cfd37e4384ef1a005b081b589af31773cf778c01e8b1145826594fa413ddafe8900db456a45d1868cfc34c5d0dc36e5b28b37b4afa89bd1693b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a53aee451f3e1f24b1ef5bd34f55c0ae

SHA1
aafd4ee71409c66c862a72772465b7c30e3387f4

SHA256
7461a69e6ee8f8b73569ece22eba5764af03f1b7a6a0c3351215df8c426e3ffd

SHA512
5c7ff7801a5bab64275ca5252a6b6509b23b78359813c4e105faf6f2aff44e72f04659954ed8f9c814d36260098df8a3a31e16d9c1c6da7239505670cdf44b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7fb49a2cdedc30889d79f2430c898a5b

SHA1
40365cd7f3ded2b19e6fc414ee3bb8b1b341a507

SHA256
a315434bd7f2da3eb8f3245dc3de7c7a781eee9e02e413e7f704350bf0b52de5

SHA512
988c924569f83c99dd97a4b2a246dbce15aab8b98a706083437d8cda372599620aabdc331c9fa494f27477dd733c3eb0485f3c0497b03204972b0d3103ccdd42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
fa840f24dd76ced8649f607ebd816745

SHA1
702f98843963fe5c48bea0d0564e70714d90afef

SHA256
529295c1f2be6555ea92e3492ca82916fb50f2249d681c6b9e7293aa0e53c06d

SHA512
a601d1fa799beaacf3c5f99d5d9c9942c9b2711137c0f544f69eaefcb1f2f369601618b1a9277974963330f689ece0a9d33c90f6fd7eb64219636a3e1cbc4ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
b93065615db7578f4e7c5b27e4380c7c

SHA1
35499e23388b11f25a152be9d34b45f819e51091

SHA256
7ab87b1bb75442358b66e1ed6a8c8bcfd54087af873d1becc23c9a67b8e21225

SHA512
21ee23e0cacabc1595aa2eddcdd3f452fbd20f710cbe2779b04f357478c3ca3b1f9c6626e436963a18d2ccba6c692d25f32d3e508c2bd6f8d2ddf5755566900a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
52KB

MD5
404613e86d324748308c6de7e297ba60

SHA1
f365fee6aa07e0f7e92656e2e881f17b0e974aa7

SHA256
1a34b11d44e8351a291db68f151482b3b631d51e8cceba6621933e968a60794e

SHA512
3af94850987fd74768f3b4342fb74bf870d33b8209b57b8345c13221eb5842cad8dbbe69bc501c4d34ad2e9c90456a3a39a4d0930e60b3531837d519592ff64a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
192KB

MD5
299a7d7e990699e76e34b0183a93f510

SHA1
26899864a972d6049a7600cee28054b11965f994

SHA256
d74ed09a40fdb5e0e2d829925835209c20e89104042adcf93a1b860f00cb9a08

SHA512
5857fc77855c7c556d6a837b594e2ec75c454ebf688aac33610812805dd4c8bb81e484508bee7eca7eb6cd21736bd8520ef5cf4e229ee9e485b82568787aa8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1014B

MD5
7b71af262a41086c3e082ba7d28fd1b8

SHA1
dda3214f3b6e994283cbe92fbd5229a02663faaf

SHA256
9411c5a0a082fff563532595256882f85921195f8e61bb95c76aaf0bb9aca371

SHA512
5e7cf3784926ecaee2a0a676c19f3da697b82b312800e627504a6bd51e58b5e4e7a84f6f9ec3753fef731b0d1fa744e4bb381afd9124941a5ca4597310f8ad4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
b25a22819303db6e27d196d041b31a51

SHA1
2d143555c8566974c1236c4b12228a3280d69676

SHA256
14755ad7dbc7f200a94bd99d6889a89f2bf2b7776173d2f76a6b0363757ad435

SHA512
150f5ff01d76b5aa70231a8161fbc33c9d9fcc30d23a3febb5831651823a3311e4054f7603c42b29748efcc0cde5bfe63f273723899399e8889def7520d78a81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
0c6e16defd5fbf26c2114e5b8da553d0

SHA1
4596051dd90d8045127b280193c3c61a47c53a8e

SHA256
fe65c31aef16f9ff6abe720c96aeae8f85628805316a8091d24ce7dbe9ba7c7c

SHA512
0486b516ee097a71c5f8ca123d5f54cbf735bf56eecf960134912882daeb7a4618be53c4495f1fa6af1107f7c6489c6abf6ca20b8047ee97ffc5a8b1bf7d21c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
3b9d97a21a4f6f27ea6cea96a0b068b3

SHA1
39329070f7d05dd098c8347d601a093a8c75ed69

SHA256
32346708b8883c25ba6a595495858eeece5aad251245090becef829acb23c5ef

SHA512
4cb13d26a9959e69c2b9484ae07f1f520b6752e72a583eae628a6d01024594d8597b4719104d37c98aafd1f3e02ebe14c2945298734704c40a0c62cb88f9b9a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
6c6a522872d47197ba37c2d6d1b0379c

SHA1
5cae36ae984fd08040bab3652a276962edaea036

SHA256
5913a4b696f3989b54cb694212529d270243b02e2272a69436eff099439685a1

SHA512
470e0f4a8eca3e2b409198f34ec5f477518e718b44839c094ad59ecf5182f3e2e0821df7fc7eba7210e85a5890b76c2ceb95c512eb21d650cdaca10ce432fb1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6a890ef673ecefd5eb0061a3772d4187

SHA1
cae97872d766da57357b718a6a2fcdf8c795da83

SHA256
39d63740e44ecb1cf25895f70b2419034ce130582ab8995fc1d76e43fc83756a

SHA512
59508710e96ef467897a93c5da54feb0f726e1cea740ab8bb2b24872eec89952a59df801810f4680ae4c19ac3eb24cadcdade4b359871e30adbc3f9867de147a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
78eb481b5e31ea5e4d4d79c0fce3b34f

SHA1
eb516f62cd97d1bdfdb0d94ace6ec542e2f45b90

SHA256
d49f32885852ee25b4252da0cfcfa4af56e091345042de41951c51e8dbde57bb

SHA512
2a2f959621fca97bf84776bd69af188953686ecf489d50271dd206de4f9c6882df2cd2aa515e3414d1d1cf7c06c8cf7abf8e70d1aea0f3b377480fc7972ebcd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7e0a5f1de641225a0ee69d879714abfe

SHA1
56c3f108864609987cb83187bd19c5241544f619

SHA256
5d32cbb5f186d292c7ce3f713bfa746fa4bf788336aa8cda40af9145a087b2a9

SHA512
a1ad556bf6d8907c943b3f9afb5d70066a5a0f1987031a02fb5b23dd6f071679824ba2ec042b3986ce992d6114877f15d7662b480e9dbc612b847d67102ccaa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
080a89ce304cc4be03c218bbba02e2bb

SHA1
800b9f39f1404337137f72a3f79dc741f661ad05

SHA256
0fda9f738010adc18151c414062c299070ce6e2bc342527bc94db17171fe4831

SHA512
4999785690a57d5f4a0aff91aea36901d40432f0b221df20568a4d7cd7836676183a7f1b0ada99474a8fc661636272104a8067736698f93ce8be845927804980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
70bf636388d2dc7d6771c81ffebb841f

SHA1
2d59f3f26e45246fdc0a944aaf9f13eacc011ff4

SHA256
f20075d5f1201e1a35222bcc7616e1531c2ecd04492b5c169fe2b20741b71c8c

SHA512
20a11f36be1bfaab15fba874158e4c86282cb068c057ecb2084a63f645088e02c31e753a7c02e18e1d7d89d8f4bfd5f7fc28ae4c7afacab095c7184d06d12693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
068affc2e83538c1c56ae8560e4e0987

SHA1
9a2f4484ec0ab6669b11ec4f9f854c60d4058ece

SHA256
0e9e578a18c091e7910dc6a68cd392c231d24efa84ac92e09940eeee4f4ab6de

SHA512
b2ba90dfb0d5bb4ecf3480bc22744d3e8865bf1c942ae2fef12a0feaa0c38e02ae3b4cd1a622f8e7b0d64bb8f5dd0edcdca6eb7fc9d11420947a08dd11698e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0af73245d761ad960d449b586b00d151

SHA1
34cdfcda0e150f5ca5693c81d26264b6bc5333fd

SHA256
260c47744bbeb3fc5615b8dcabd4bed7c7440e2210832beccf9926e1c129c43a

SHA512
de2a347aaa5055bd00d0284a3abd82de95ba39aa6148add04db948d051a1308094b30ce6577f0b150ef42ee29ae17b27c89773aba4dbc73212042a099bd9979f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3882850ccbc39944dbd4cba9732501bb

SHA1
218727781582aedfe3a873460431c7afea60737f

SHA256
acd43c5918212e3cbc28971ac7c18b1b880a5410aa84466f434e6a1dc0d7d96d

SHA512
9be98228403facb018ac6d4160a28d0f631b0a186f4bc77b9ec33bae7cb36c1d71c6db59ac5b8b64e0a1f148fd8f4afdf44b761dd783e57928b0f7f3833f6d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3882850ccbc39944dbd4cba9732501bb

SHA1
218727781582aedfe3a873460431c7afea60737f

SHA256
acd43c5918212e3cbc28971ac7c18b1b880a5410aa84466f434e6a1dc0d7d96d

SHA512
9be98228403facb018ac6d4160a28d0f631b0a186f4bc77b9ec33bae7cb36c1d71c6db59ac5b8b64e0a1f148fd8f4afdf44b761dd783e57928b0f7f3833f6d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c884c693ad774b8af8fec3a0fd99a67f

SHA1
12269dc1bd1581f861e989eacb2365b6e1f7aff9

SHA256
7d70cea4d9ff23b0122ffb4ea0b061d47613657103650e399e023f6c25487826

SHA512
febd4be27ea7df8184ad05cf87d08332ff90d7ca18a6baf3c87f9b83efdf2f9f2d93cab690e6e4f9fb0f274d776ade4c1ec9f6d63358c98b53abc44525307d7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1de264a4d5e32e5493a0ef1e77ca03b2

SHA1
d1853222680915bfe3a7ac64823e5df00131304b

SHA256
23fdd5f3636cde6aa9512db78f52c1dbdc06ecb8b2d3f88a8ca2cadcbf59cf84

SHA512
2f56a4d6229ba3bf19e16b346325b1a09e8be288b1fbfb29ecf9c9859e02103d86cb15c2649cb33903ed25ac423326312f0340e908991dd59e13d3c1b88d66e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
1a10cdaa6fe86e2abead065486757d97

SHA1
79bfa1d8d570d13f2b38e84d164cca3a86b8266b

SHA256
253eb52e5a188451f912981e30aaf3df0474d23c9c0cd3b2b94307d89b3d67f4

SHA512
c383b4b7bd2ad26076a698d4d77245828ec8c34a6a17d00870150a4c9335bfa4942f3d1f4eaf8cbc15882257df8b2710a4ba9c9c758aa45b147ffeddda18a89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
08e1ecd1d7a691cd1227e6400de16bed

SHA1
1f315f50eed54f98b0d93abdc9906b825be1d505

SHA256
8d1d2a7f3bbd05faf40fb6e958a83ea7c463b4967519ad9457ba3fd8e7d91f7c

SHA512
41ab693c82de6bf194808b16828c6cc806e3b10ad3d7cac61b61cae9621e3cbaec552af8e5781f349d115615bfb5b8264d70b51a94f74e19ba0274a2199b46d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0f56c235da4feff95805b6c358b6137c

SHA1
ced8176816dff33a96dd7405cea05d4a27613ba7

SHA256
96b73ffcd4d1ef4f4051b9e985fefdf0489ace3cd95609ee34ef2b1ed4c018a0

SHA512
ed63231662248dc92dce1cf082e395cd72c8a5d2f7792f5d48f89d3dff5866bbe749fafb8cff6aae3a3febf07175d1a9ba9768a3a82e838b503de42e5a690895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
79d5b8363865d5a7ea0e4cc0d44b91ef

SHA1
47ab1ab290667b5c45d451e7b0de6d9686f773c7

SHA256
d9d8d8ef5677a8148557b18acb0f491de7a92ff6abdf136f8da148128b00d179

SHA512
1a358551946c2f2179ca7dc5d6cafc9ba93a4c62300e131ba9c55391072401b538326c14e586c1632a5aa2c88dd3f8e2343f11a2e8c9aab2ae92bbfa77accb28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf5f91d7993db8e615732c8c202f3009

SHA1
568e928574830c39063a01162abf7ee0485456b4

SHA256
20765703a864c88880fa81d74f03b672da3e83634cc514f29a5f6d6d59a042c6

SHA512
e1f7ee3169c118541f9bd4d064fcbf78a48d1a2b4f36d899463de3d369ce8fa78901069b574ace6093c436580b223d4842d6978ba522cb9ea666e3bd670090f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b4bf97c29e09eded1719a2741fb160e7

SHA1
d5e789ab66c5970d47af704c0c29a935f3833437

SHA256
a217f0585c41c695913288112768fd5275fc02618ab9c9ea39bdea9144150651

SHA512
b6e6ca3a681a731e7af9b1215dad30d7d78a2be69ab8bb70ba9d62ca91fa5cf2e7ae19da54c541701edd287b858091f0dfddb01c5ce7e3e9ab08c9c40df2b2ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5fe195d36642599f359111f7bd0506d6

SHA1
d22bd5a48bbe5fcebcc68d0692540a79bbb5d678

SHA256
d3fcf539735c2e55b4381899b44ce679765ecc6c82d34d4368f69627af3580db

SHA512
ab05475be9e36f38117309fe924385339b794bc56ca58950089f3568655897146e7c8d2bf3979b79d3281e085356cda5e4eea831b55688d6e8f5cf7b6d6f776d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e832d10de3567a9451fcc986bfc2c5f8

SHA1
ab43f0d48ac71fd50dc730938ed69017c7e72983

SHA256
1855b7b85a99d40c61f97c478dc266194cb31f22ca5eb706e30d9e35fddb90d2

SHA512
b2b1b6a927cc72e947bf67150e6b94a166cea49f9b598a2db3937ac00e0ed33507b983e0a9a5d3cc88570b34fb56404c35da99c72b09d2e46bf73fc88f969ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
8c4d943bda96ca41bc4e4b6e08cbf9a7

SHA1
174f8968f5cbab0355e074beac3341d8a5677acc

SHA256
8533b9292d1e24ff4b39ea57f9ded425f54d40729188ef9ffafd954769d895fd

SHA512
f4187b836ea3f0fdb019c312be3a64336a924fd679f853d70fa29888c6f5f22090b29cbcd66b9e1411c74ca54713f066b6848ed87b579b6ce54f8a38d2945f83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1bb6b974f7285c9b70ffec64842a92ac

SHA1
351e6a1737c029999da8dcd9359ad09a3d3805dc

SHA256
8035951d8119b4bee73e6b14eddc9976a0fb5ce3f9cf3d86e12c8c68c9231f77

SHA512
5da32998e04d6e06c403545170c26225cbed02a6a917ae8f93bd82d750fac11c90e4a4671ec85a8ad1a8de431f244ae70fb986d3e30b243d876d43cebad3de81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
283027ad036b6297d6ceb60d9b06f2f7

SHA1
6d7aa9718f0d452501aea235deb9a2a4ef161e18

SHA256
c7f293821335edcf16cfe4b1467b8a26763c36c1488bd0537f2bcef2aa936279

SHA512
a5646077b1e8f5ffe1fe5af3a3214fafbcbc8bb850d4ec42e3595f75ca4dfac6b46870c6302cc7476fe85b5ffdbd20d54cd3c9d684e0eef0ca3e46783ce98953

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
10b3fa193f06d899922b8702c01e4bc8

SHA1
c792993a3efa91da6c74df0c86e37b4e5cc1a81b

SHA256
c300c9ababbf2862968aadc635aec112e6eb3525d7d8dd7ccb35ac16c8e9a8e0

SHA512
0580ee6a1f6915f9bc316e8bad439b8deeef451b9cf80039f043b284fdf31b7d671587ea314331bfc9d4b0f94b299d92de65811f27a46e02c3287b6ed9c6f0ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
406589b5b6b11e1ff8abf097237f7aca

SHA1
a99ee31242e45ae6efdcbfa6569c0e9b0c813a23

SHA256
3fd7a1549acc151c4ecdd5779fe68d2a9d88744c8c53af22703e9fc074c017c0

SHA512
8ed5908920644f58fb61aae8c7b2493834f7691c06596a8c4d5b6043e654e616037026e896d1ac5c074262d2a2aea996137cce3d1e6061e74a4611860b57edbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ed175b0a4eaed4858489406a72d375bc

SHA1
b787d69f2f41048aba335a67e9dde3cc63840484

SHA256
68a6f4fb4c3502365c03bfef47673ecacbcd3eeafc656e6e214b60c8c6fb6ec1

SHA512
477e4e8aff0483d4dab92339f925c737672e4d5dda7c02f8d446bf5eab136adf1f952700cacf21c0a4a8c9f3a6924ac4f0d68ce262b45e45c109192fdeaa9f41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a42e7ec050b3d740dbd7348c2ac77a8

SHA1
835a028a096a356e31310d2f117ec0a6f39e720a

SHA256
078f555221fb02d8533d032d49250d3ea36bf5e066e633503aeb77c33d12cdd6

SHA512
96fb7057ae2b51b5ad28d0b7a64c4b030bc1fa198873bd05484be8300fd179e9ea1746f38c7bcdc040ffa1077b4d38f0838d09718638bae86240a2460091cc7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4bb0996805458bfd71707c1cf428be92

SHA1
384cdd29dc8b72668f04ee9222ef391923d21d2c

SHA256
e0cbd3026100f58c070686456a91b79704091632d068048b92853b3a0e472d85

SHA512
cc3bf7e70970a4017622108faba0dc29a8e20a23950ccd8f8a8f66de03ac681f99e7da366a4cfa1c345aacbc2213fb373b1627cbd8ac7a15d05bbf8abc516740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9f7bbef553f35c0e70aa6b967f0b0c95

SHA1
18f0f6a63ecb044595c97bc8da149027b403c15d

SHA256
be737e1dfead0daa42e51d52d25d4c867d605faef7da9bbf2c6b7fbfce3f44d8

SHA512
fe0ffa88f5f2b5845e013062fe57c48feb1d932c626f433d31c030aefcfdbd2e63b6bff2590193acdd042e767fc7cea012b476c7ad4015acefe9e583ed7ff9d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe6747c9.TMP

Filesize
48B

MD5
6aa3f2ceebdf844889e02359425da4cb

SHA1
7bda1e94ad15875a4551dacbc741655aa0b6841d

SHA256
0402304db05e3997951845fdbc2673c239c66af2c4702e235400033d20c6e0eb

SHA512
a35f3e134787e572e0e2f319e48e895adf191c1561dbff8d972c4515dfdd77728da2086d791648a6de15a8d18a01383e394d9dfc3453cef1e3cac15823bb6c9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
8b25fd1aa2c89e733ac2267069a01613

SHA1
b1583e15a1a09d52355254a688ae34c5fe0b1f75

SHA256
95e93faf62de22cdfff21df1a9641b52f32b3e4e616ec519ae09975b0a7032af

SHA512
9ec11174a32cdaae8f6a3cca0c3ed05f9dc35776288a9d75e169c75ea0320718229e2f92a3bb3d8a0639d5721649879bd84d80a2dbe418ce933e95088c7b21c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
8b25fd1aa2c89e733ac2267069a01613

SHA1
b1583e15a1a09d52355254a688ae34c5fe0b1f75

SHA256
95e93faf62de22cdfff21df1a9641b52f32b3e4e616ec519ae09975b0a7032af

SHA512
9ec11174a32cdaae8f6a3cca0c3ed05f9dc35776288a9d75e169c75ea0320718229e2f92a3bb3d8a0639d5721649879bd84d80a2dbe418ce933e95088c7b21c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
091f579863d0ca84fa6de4d4fc1db0a5

SHA1
f23e7c4aa2fe4cd64b93897e45792ec1f9d4b88b

SHA256
50e1a238f5653da5359ef87c4cf243aae627eb278d93410ed1e6db1a4c0e6b8c

SHA512
2bbd5e500ef8f749c897a002aa3a26869553fde8b1194476f16a0b3d846dc4017f188a15602164f661c1f21b6da14afe38dc1ca7d09dcda7c35ff4ae8774189b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
10836051aabf47a43f18f744adc80e2f

SHA1
1e4800dfd42044e6909831835dcb5a0447e45e05

SHA256
75f8dcff3cef6584c81035cedf7677c09a203a2774e68b6d01bc93b02bf8a3ae

SHA512
e4846ee510c4120fb671e2c59f841ca4119382879de98a3e4e55829578d4bc13cff75170d0dba5f7c3013240d54516495829c40a331a44d88796e82c3c79caac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
7027e72cdaacd89420942f5c9b4db8c4

SHA1
a29a2a985d320a7d54da8635b6c5507202d64b54

SHA256
96d7e6eecfd533bde28a1dba5ee8bcc5e20746fad61ace212110daa722866356

SHA512
f37ae75ffff7487d799121fde85f591493e0b3ee8223b30f286c68eb743f2aea467ccd7ba06b181fe071e7ff728b6c0bfa716adaa293156089ad7a3cac758802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
b25681fa26e6cacb92ffc342f49565fb

SHA1
bfe9d5d708bfdc7162ef5736d0022a0a66ace574

SHA256
02eed7d969f125402795e78487f617468717be04172fbe3f6b65cc794e42bff3

SHA512
fe806e699b7477f5f0651a72a18cff6ee09266776be19664de0555e746b935204cb8e7c3c4b3b9e8ed11e0df27619f4698bab6085adb50f137ed9c67a1e197af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
c5a13ebc3187df43f95c7155636b6c36

SHA1
5d4b0a9cad4ca3400eae241bd4ef9384b1eecd32

SHA256
65c07599e2be0833c68ef9ec9783a08b0b3e9ab2628557ab261208e5fcf856b3

SHA512
a8b441dc77243ef42c8618cf3628ca4643f4945d067af0891df8604e605d9ea158b1b8c56ef644dc74b8cd571e9dd6ec1fc22fc4d47cfb58281429baa5001f0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
5d76c0773e286b04760aaf453c3fd804

SHA1
229d3e35b5720769ba2ea53d53ed0baf30ad30e9

SHA256
1bfd68b82d352ab4c1c5257adcf0b4065cf3a184bdc960a74a6224209a8bbb22

SHA512
f31f2d2af88b652f1ee91563b3b57449dff420eb02a4d3e2050ea2040b8593ca7d73c20fe50e9d35b28d1f4d29600f61df102283eabbcefc9403b98be2e1fb23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
f2f686ffd4d9417a9e3b822e1a43e090

SHA1
ab5d54366e8d7b8c20c226398d091efb209b7509

SHA256
362888310b7cf6f7dd4c4347e28adc2bed11ff83bb8afbecab4d3e49fb693319

SHA512
d1d43dae21b0d551f1e217bc5d85b85382ef00c90bfd63c650925e3830c4f6230428fa4554c7c476d80f6e50fc42ce09f343fff5bda742f80c06cd2f967308d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
b363438ec5cac4dfe0ef0b365a98b5d3

SHA1
2b27ec7122d6460851acbb3fc85e4b304a5fd665

SHA256
e48601cda24f23203c72ac5d96a2ebdd57643312e7919b95a6575dfaa9f0b36d

SHA512
7904bc1ffafd0a9f38329ff32a42b0e6b639bebed772cd23a564b544038877280d0c2d18e21101f6935eda228b9c63b5298930a1f4f544e88a5610ec2eacaad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
90eef24e080b05a8f1a04632ac478e02

SHA1
b3f52ed8ebf15502e85577bbf5b436b9207d9d6e

SHA256
1fda45186edaf8ab7a68aa3c52a9ef8cfa7c70c6b4f1ecd83457876ab0235059

SHA512
30650b946fb730eab6b3debf45504d96fc8a05a56d90d52a255ea0a709aefbe1316393f3b48e24d38043ab88247217a2952612f296130481dc7e7a7a93f5a6c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
105KB

MD5
cceb68420ccf6721381597111bf50021

SHA1
956415e25ab927ad0ff05e37ff08878ff6bd1a72

SHA256
d144cc72fd29af86ffd5f3e2a926ad4ac52298290e66ec27ff1398d4d6e0c0a1

SHA512
583da8e547ca51347a6dc43aef7c66770d25190c4d8c57adce04c55ee73448ea1637e7a30dbeff9ae6345a9f9ed26e5794ed398c9762c18c177d800d1ef1e639

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
c9c0cefdc0b2b54517c7633c49f93ed8

SHA1
274c89798ced0be27dc3c1371eaca00f70394725

SHA256
797dbe7fcb165fc48f65790b82fb99607e79f4937ba591cf5442a931f4435e17

SHA512
bb364af45513a6545ab922ceb4c6d4381968389b460b8b77bce9e211e4f545dcb07e6900b58d80da7a87f4f9bf59e0fb4509ceaa31c62386df53004c29f59cf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
48bc1e47e21fa184b577387491abcfba

SHA1
c8152ce1c0cf8587ffe967fc82c6b526b73b7560

SHA256
c69d30b535cc7ac8c36b16de3d30627f3ac4c1df0886864b680a02f88f06d980

SHA512
625c9b1cb55b8e8247fbfb9a42dbbb4c9e1c7a53b970debb7870f8cb40672ce6572b38d46f45ff51d325faf58bc7f0b25bd344b3e215f878f98ab1a5525a2fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
115KB

MD5
235078ccffad37338d04ca554c17fb99

SHA1
932179c97977d86dbadb44c696fab1f8149b2a03

SHA256
e3261a46655558b8b9f894beecb0db7bf740de082c447c22f928df801e590ac3

SHA512
3907c2bf80c97943a0a58c9f600d2e65f5b78f4182e22659e0a6288089634eb14a3299d8a07a9ef9d068034a966ab07119f060bd998944d6f14cfb701714eb15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
4dd647834895b6bc7a06cdca480eb5d6

SHA1
c281a12a21d972fcd204bab81a191851ef9b4dd4

SHA256
b3d51bd5fc60bb0da378b353e74d6e7aa938a412d0fbdc5d0151fb0e082a0572

SHA512
dad4ac608b02dedc0398c191c82191b28c418b83c0d6940cf7247f65935f9a37ad9a410806989ed7037d0c0393be3a6a258c933bec093b5d840814fae14e832e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
a54ebaa161dfc4c274f8428668d443bb

SHA1
0b1d49ac0944b8740674ed58605810c758d95910

SHA256
d679fc2f61f9db807643d02dc182d8e792009c9ecdc8cd5e4a56252318e75292

SHA512
f04357cc1d982ad6210d6b93d7443bfb980a98d8496d67d2c31cc51f16e7596a5b9d11ed537804edca99f9f20219a894b1e99447f5cf3e9219e7a5bfe0efd031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
0f0a2636832d870a1e6de58149ed5adf

SHA1
e4cb9814d16c2cd8425a019e9d1248da2e0ac0e8

SHA256
814bed789226499b0bdb089507d4c885529b408858be5eec99655208aecf6ad5

SHA512
721c93b02ab73b9daa08627ca8f2bd9eaca5b74974739da52088d0d2370dccd04b662e32883a49d28641429dced14fb50d4318d79ac0db5ce5a024b90ca36d28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59c809.TMP

Filesize
96KB

MD5
7fcfbaa6d7a682426ab257eece9d717b

SHA1
56b9c2ac65a0d22adddfbcf075e9b34b30cadb33

SHA256
2e52f527134c6ba994fc053d4beeff71dceb3aa2c868667ce59a97d08b29c40a

SHA512
d8c41491c7f9ca0e50afa9b92a5a313477ceadb1b7d102596fa20a54c2285ee3fb833a63f59398b581445214d5207745f353871fb798ff856690352daae2715e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
27e90ada15ca0bbde9f333efd97277a4

SHA1
4ee95b37d4d731ba44d47abaa360515989f11f88

SHA256
2b79bdc94a7eb601d3ed2d2cee31b2a3448f457581ce056de2110d1e2afc1924

SHA512
2c8a819909873630bbb0a25d0bbb085ef45cfd2111af67d21112b1d3bcb074031e6d7d0a39657035fd4a1350bfc381954edd0b6b5de74f4788854013338a506a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\Downloads\HxDSetup.zip.crdownload

Filesize
3.2MB

MD5
8197454e020b2622a1356abab39f9408

SHA1
d0d69744f1d01353507bc090ff79fb45db6882c0

SHA256
5065041c7b03c24b9533a5b32b33db58f2b4924cd84bed41834ff2db51c1cb7c

SHA512
ea97d98877342d725adcbfa075d5d5770470cf4a1d79477d577d299b6298d62f9a7fec8903633f8adcda7d306bff848751f8c788b611cc2d1074624a9153bc49

Download Submit
C:\Users\Admin\Downloads\xPhotoshop.rar

Filesize
11.1MB

MD5
19fe3af4157a1080c70877cb67c081c4

SHA1
233e097eec425f4840596bf4af952f9eda9c0c39

SHA256
3149b73c821579cfce70bf7940b0eabd19d46ec1eca2609a05bb4d6a11b1ee4f

SHA512
a9c12605b7e44302fab992d02cf030c16ce2f619fd0ff08a039b5fa7d0e695f53b6998280acedafd2f51d8e5836e17d4cdb4bfde16de954d0a1314a3c3f75763

Download Submit
C:\Users\Admin\Downloads\xPhotoshop\setup.exe.bak

Filesize
761.7MB

MD5
08ecf11f20bd981984ac4dc491965817

SHA1
0588fe531c966467b7be3b9ade251b539f3e23b2

SHA256
b0a638ba2db29bede44a35362e7d16c23586f4304dc8f04f05903aeebf0a4395

SHA512
3bc2a62626bc4c220c4c9eb8a0d34eb6b716998531b3f1e3d392a2bdb5c3eba8c4350562cafed76bf40d3daec5ce47a25724bc01e316c97e11a6ad3cb909bda0

Download Submit
\??\pipe\crashpad_1068_RUXYUBMMKMFRLSXF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1308-1561-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/2312-2024-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2312-2030-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2768-2031-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/2860-1526-0x0000000000830000-0x0000000000831000-memory.dmp

Filesize
4KB

Download
memory/2860-1525-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2860-1528-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2860-1532-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2860-1522-0x0000000000830000-0x0000000000831000-memory.dmp

Filesize
4KB

Download
memory/2860-1563-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4800-2013-0x00000251DD7D0000-0x00000251DD7D1000-memory.dmp

Filesize
4KB

Download
memory/4800-2011-0x00000251DD7D0000-0x00000251DD7D1000-memory.dmp

Filesize
4KB

Download
memory/4800-2023-0x00000251DD7D0000-0x00000251DD7D1000-memory.dmp

Filesize
4KB

Download
memory/4800-2022-0x00000251DD7D0000-0x00000251DD7D1000-memory.dmp

Filesize
4KB

Download
memory/4800-2021-0x00000251DD7D0000-0x00000251DD7D1000-memory.dmp

Filesize
4KB

Download
memory/4800-2020-0x00000251DD7D0000-0x00000251DD7D1000-memory.dmp

Filesize
4KB

Download
memory/4800-2018-0x00000251DD7D0000-0x00000251DD7D1000-memory.dmp

Filesize
4KB

Download
memory/4800-2019-0x00000251DD7D0000-0x00000251DD7D1000-memory.dmp

Filesize
4KB

Download
memory/4800-2017-0x00000251DD7D0000-0x00000251DD7D1000-memory.dmp

Filesize
4KB

Download
memory/4800-2012-0x00000251DD7D0000-0x00000251DD7D1000-memory.dmp

Filesize
4KB

Download
memory/4960-1523-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4960-1518-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4960-1565-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/5240-1568-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1584-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1570-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1569-0x0000000002C50000-0x0000000002C51000-memory.dmp

Filesize
4KB

Download
memory/5240-1578-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1579-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1706-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1580-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1581-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1582-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1583-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1577-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1589-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1590-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1567-0x0000000002C20000-0x0000000002C21000-memory.dmp

Filesize
4KB

Download
memory/5240-1597-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1593-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1566-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1592-0x0000000000400000-0x0000000000AAB000-memory.dmp

Filesize
6.7MB

Download
memory/5240-1564-0x0000000002C20000-0x0000000002C21000-memory.dmp

Filesize
4KB

Download
memory/5528-2128-0x0000000000950000-0x00000000017B1000-memory.dmp

Filesize
14.4MB

Download
memory/5528-2130-0x0000000000950000-0x00000000017B1000-memory.dmp

Filesize
14.4MB

Download
memory/5724-2029-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/5724-2028-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download