435469a7278571ddb7b2cf629323c105839862df407d90135e8e311bf3fe6b04

Resubmissions

02-04-2023 18:00

230402-wllckshf97 3

02-04-2023 17:44

02-04-2023 17:26

02-04-2023 10:34

02-04-2023 10:34

02-04-2023 10:26

02-04-2023 10:05

Analysis

max time kernel
1050s
max time network
1054s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
02-04-2023 17:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Borux.png
Size

21KB
MD5

161c2cf23c01ee0d37689fc51458ec7f
SHA1

b864444ecdcd427209155971ee0a91913d2cd304
SHA256

435469a7278571ddb7b2cf629323c105839862df407d90135e8e311bf3fe6b04
SHA512

7fcd9a981886307a44db5c6661e613a7bdf2c0cb5113de4654e4bb85870de10bef7a8032a2e33bf4c2443ae31c1c26315080905c0d407f2ac1dcb7aa3ee59df0
SSDEEP

384:0jBy2lR1p4nhwiddxLPwwnuLUd0eEx0/LnbnMBBVQu8+y+B:kNrpwiiv59nl0eEx0/vnMxq+y+B

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe
File created	C:\Windows\INF\netrasa.PNF	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133249300279288246"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3164	chrome.exe
3164	chrome.exe
1772	chrome.exe
1772	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
772	OpenWith.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
628	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 52 IoCs

pid	Process
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe
Token: SeShutdownPrivilege	3164	chrome.exe
Token: SeCreatePagefilePrivilege	3164	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe
772	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3164 wrote to memory of 3492	3164	chrome.exe	69
PID 3164 wrote to memory of 3492	3164	chrome.exe	69
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3772	3164	chrome.exe	72
PID 3164 wrote to memory of 3676	3164	chrome.exe	71
PID 3164 wrote to memory of 3676	3164	chrome.exe	71
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73
PID 3164 wrote to memory of 1384	3164	chrome.exe	73

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Borux.png
1⤵
PID:2476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa03d49758,0x7ffa03d49768,0x7ffa03d49778
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1820 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:2
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4424 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4796 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3596 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1760 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --pdf-renderer --disable-gpu-compositing --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4896 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4384 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5644 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5760 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5480 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5320 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4928 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=816 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3252 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5388 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5000 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4948 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4884 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6192 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5368 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6428 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6464 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6392 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6676 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6712 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6420 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6568 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6532 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5356 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4512 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6332 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=1608 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5920 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6432 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6608 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6644 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=3800 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6540 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=4488 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6504 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=3380 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=6100 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=6216 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --pdf-renderer --disable-gpu-compositing --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=5184 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5088 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=3312 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5776 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5020 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=5072 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=4724 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=3108 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6680 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=6992 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=6880 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=960 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=4904 --field-trial-handle=1612,i,3326829972772566614,10617667886300304310,131072 /prefetch:1
  2⤵
  PID:3324

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3396

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:772
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\MEMZ-master\README.md
  2⤵
  PID:4408

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:1980

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:4196

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:1160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:1772

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
PID:2212

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:4964

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7c431978-941a-4df2-8fa1-de020234ce72.tmp

Filesize
9KB

MD5
89d4f9675c2fbf6ce35800210ebeb9ae

SHA1
3c0cfaf6bcefdf8bd8aa6ab6d96bba0431f0ef64

SHA256
7034b2173d5d4a4491b5c667c3cd86300f80e127db5e54b7395df20889740064

SHA512
0831ed5372c0abe21e8bdb7305b9780fa5fe288d7a6201060d3cca31359c5a672749cc3bc681a4f05ad36e6171ffff12a2a6d20b799588ab28075c2429dddf0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
299KB

MD5
b3646407292543d77353c533e79ec470

SHA1
7bb912dce35bc20f5c029e2cdc4652b2d33ec774

SHA256
528aa8485e6753eb0aa4ee73a40d3d8a718384c5f3e497cabc9c4c776ba3444c

SHA512
f634a7913643064b980d980eaa46612c307ea62561b7db01ee832f85065e4417fa7e62d102bf4217d80589052c6d814e63627a39a5a8768cc3f41b41b4339af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
64KB

MD5
c4f7300442a8f13dddf5c9bd09128727

SHA1
d7c8a30cdfe9027cca42c45f44d569627112ae6c

SHA256
5decc8ac1f3d26152842e44d1aa103c913711168c968c936bb782fb3cac10155

SHA512
3b6ebaff36af22dcc9ae7a7593657b56f99afb242ebeed50d26a33e1e6b0ff31c98ef576b96cf98c277cafc1050fee40b5d4c3fcd730595be756089a980030cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
68KB

MD5
75d646446e92f953c075982d56a16c40

SHA1
f58c07c5a85ab9fc5f3966de5716099e0eca42c3

SHA256
b849818336676895ae90e416108f8e218db4388fc57adfb45f3af58d202d58c6

SHA512
4af2259eae1660d90b3543a6c86fd8bd2dff0b81dadedcaa3d74b7efe2cc2c4f5e7238416d8cb518247cec9cb53537eae169c1c328d1f59193bfa3e41129bb51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
209KB

MD5
903e9aa56221175c9ced9bbb4e9b0a7c

SHA1
3a06dd4febd5f638d0520c8a740bd05d6ca37613

SHA256
1ec30a0a1a004f12bba16749ffc9bb52f210966c84244e5f6e0a0daa46588351

SHA512
04a2167b3d50c2001d6668ab5404bd970f240df0824351cb47fcee5ee3e6fa1f35389f799900dedb5c36d6d5802cf0740c33a40f502adedbed24c0f03a3d7a82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

Filesize
407KB

MD5
05e0da6c509baa31af633fdf423e34ad

SHA1
2c20f9518a1c746752a25937502bbadbad5fbe6f

SHA256
7be2ca6bac4855d99cf7f2b2cafc523d62c5e9680cc92996efd75208afdcf515

SHA512
5c8a052981ebc4491d4421374db564e3aee2ef5d142d978ff9988e908deae25bccb98b559360a36c3d0b76515ed6af320a2bcceb49a5689e8ae33b3146d17a18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
33KB

MD5
cb68569c733a7572136e0c21ae59baa3

SHA1
e6a80afb49bb7d0673259747b3f3829badcaa18c

SHA256
dfc55541b0c31631571ccf8a16b71dd84d6743b01956a93718a46349a95e0f80

SHA512
bda24e319bbed03c1c40580731966b75facaae194ee2c789323c78a55234d8c501c112cbc8431b65527829cc8f49b19cb0932b655becc856645248eab5ec15a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

Filesize
19KB

MD5
1d7553c4a8bde297a16bd0308cf64f8a

SHA1
508f29f15c97e1a90c55f9bacf7a5465ef172417

SHA256
33555560bfd6a5a099a8f46e5e71e64a44aecf9c99c48bccb11067aef60ed946

SHA512
28e8d27fa7e627df7e8afeeff842b174fa428070179685b51d083ef8320e4eb2d0eb109a357a9315253b84716705e840c0e364fd5ef6d3cfb234587916f692b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

Filesize
19KB

MD5
3a9d657f0c1033d1d7b610ee318d8480

SHA1
3d8f85517fba385a7616bbb81b4d1e2a4da88433

SHA256
b5ccfffbf4fbb9a8c2df90627b81a30b5edae9788cba72e6bf1ba6fef7bb4514

SHA512
4b884f7b858cff1f1f49beefaf29f764e8516b5fc50dc23ac2c6c2061b2698e30ee06b7d930eed9495a97e7acdefc24f7ee80bb7d38b631597e8d09229dd8c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009f

Filesize
50KB

MD5
40333c9d07daab8ba8a53f73ee3f974e

SHA1
36c2b17a7c48fc28036534f445b79fca9658f0a4

SHA256
998313664fbeab2403238a77e6c50a4541d20805b30533f67de1a12c624fee54

SHA512
4a893bf97a02f88a3ea7830b5f72eb56295566a2c6ceafa33fd80f74f81edadbb4172f71c0e12e4a06b1e927f9d7b0cc62c5ba070cd50f3f25c8b670a1270de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a0

Filesize
107KB

MD5
f7d0caf37d196733802d70ffde7306b0

SHA1
29c3b2044acbe4ecd75557563fa647ca5ca953db

SHA256
108dfb988d1c7838a44fafca3abc98945e7fc45a8c471d382b4450093b0d6045

SHA512
84dd29afcf0d540af969de55639b4329f57eac29ce6a541fae5dcc1090f4fc6403e574fc1182dbfc3063c4b6bc3147c26ec623026e56b970d301009fcbc738cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a1

Filesize
612KB

MD5
a583b39f19252d5e929044138520b689

SHA1
51fc5bbd8694b72756de25fc60f13151d132ef01

SHA256
0123ffed642c61e4754dc6b590a20af667dc7d0b4262335c8b4c46e562ad3823

SHA512
434f70f7361014f9d2f87de0c29a2c2d1cd240333e99a4a61722404534783210575594c4ab996ec60d682157ffd5b2b87278cfdc9a2fbaf08213c42f1f1e1a8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a3

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2a954e534e2174e0_0

Filesize
136KB

MD5
fbd8146c73d23ec758e92c7ba3979266

SHA1
c63a6bc3f8af953045e48cc166fa03b4b1625488

SHA256
48ee6ac8226d9bb5dd6a61a8eaa865c0dd3ca5573d8269aae5ea6fa86861e9ae

SHA512
a507e81e5ea9ec37c171ef65eb91966dbbd5e3f4117c1c063baed7716fd3fbb7b9224c7f716e1492fdc5c3af3e3304d49ad1a712c4a6a444f2834a340ed7260e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bed326134b7faaec_0

Filesize
386B

MD5
4e39f53d0988db50b53c379e45b928b2

SHA1
500713b2ba88e537730b5ba2fdb65528be4bf499

SHA256
d759b00eb7fb639a45d11f42b64b5f440da61c4068025cf15f2f899fe81fb10f

SHA512
947c005c766c0fb9b7c4fbce4a93a77d8186dcc1aadd976b48e9cc09e1f60cc70ccfb495580f6ec8fb7c776918b2c9a4b569a4e3e4a854cc4fd3df257d940435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6440fc61aa46b7997325507c31084fd7

SHA1
173a54dace896a8de18482df1340ada3c5d28ad5

SHA256
16060da325d55575f5279867233fa3c5888fe2d90b8337e40ec928b566f67329

SHA512
4b376fc99d48b7e44df7fb74d7d72ef45c258f30b0f0ffde80ac18d6d157e1866f467cc1428cd9d062adb9411bd7df8444638bac4f5479276c181b284b5be1aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
e8712d12e726fee42fee2e0ef6f5dd84

SHA1
bd4a9bc0ababd59d46ac10ed2f7468ec6e4a7c43

SHA256
90e4b5ad4247c76f9c85dee137bcb026867dcbcb329778653f4aa4d5197785b3

SHA512
afd497491b6edee88d2d0635c3bfa4589580da781bd18543bebfb84ec462887ee4787a98846d29bf4fbdcc8f8b09e0a1fcb5af22b216564a2ddb80b425905827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
778e485b9cb14dfa0d7ed0d4f7dfdd70

SHA1
c197fcb82833ce8c249eee526746ff7583b18bc7

SHA256
bc353442684a0dfba6d0085502a53d8ee2855b1daa53c5185273425878592a9a

SHA512
8178a782335b38e05ed9b4aac21f731b7cc374adb8346d0089c42701171c55f4c051848cc61a33fbf0ca31cf912c82342671118c450976b889aed70f2c6cb71d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7c30f3b11adef603d54fa1bba2560f3f

SHA1
2d460f1798c345fcd39ef48da5c202638640a529

SHA256
bce99a9650c43a36dd519cb757ef3d30432015a5b452d314cd0d560bdb78ef0d

SHA512
bd286b2dc07bed0f711ea182d03bded2ed07021990662c9e1f0d04a2bd6c4133533057b7da0065c888489b597909f7b469b9a45512f12ea614c06c352385385a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
871d20b68b112336d947b69c4125e095

SHA1
4828cdd614f0d722ba778eb7956cd8d84cf023c0

SHA256
23ca49765551d0259368d340f001fd3fe5ef4714dd3aad320acb75504b343a6d

SHA512
4d37fa5c0cb29777123e2d932160829b11ccdc58d267d182413c2a1bc52b6ac0691a3c48913cce47865cc53cb527df3ad10c8dd8cbdb1e96920ef8c49fd4cbb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
819875ae303ccdf007afb367cc6352dd

SHA1
c578a9fe164ba37f2550b17f80352212f67af1ae

SHA256
155885e3b6542623b35aab9cf790ccc359821bdf073c922ea781d6a6fc48e1ca

SHA512
51698a8f89d9ff0821c5c2695e2198e0d2a644f75cc8876739ae29331be33b565ff15c8017e77bc6cf0412cedc2ed28c6153d8fd9a33751d20c5dc20a0476187

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
11726a50e83f32a0b80a100f85ecc01e

SHA1
4959084ad3f103fd83f6790e6f7b24fa743d0467

SHA256
0311db845c9971921f27f6aee18b7ff01b17700bf21b7be41fd2e64bf9fdc471

SHA512
2988a06634d8d3fbe23c192f490646145ed4753d3ffdaeba8355193c8a195a77e33abbc16137724423acd70824d59a397e81ce69e8234a7730c268a68716dc61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
528dfcadfe2e683fd296c1db70e79dfb

SHA1
54ed25e58df726b02b9ab3bae71b59a74a45263e

SHA256
20fe272a7c71fcbc4e88ec1723a8013362cca19f8143e51f4fd630bd181d9245

SHA512
81a89e554324f79f46efca8c50949224a0f92bcff0ae165326f10bbe9aff3728040ab03629373fd5b4afbe726f1d9512e4e4f70505205aafad09805c4387cc87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
6d16ddc991ebfff204778461f01b800c

SHA1
95d8ccd5db0f19e9c94f800d14295822d8900eef

SHA256
e8fb64c13c0034872b396bfa4450e1363a8ad427d14b8f3773217ac30d398c57

SHA512
f8f0bdb99ab31098336dc0eb3d0b346adb8c67de10e5d6e0b037823aebea05423b8d7e851844793640e7d91e5219c1d582c4ecc089cf9d8cdd097d29adb87b9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

Filesize
112KB

MD5
fb71f6c8b1860d77a9abde5099ab9984

SHA1
282e56986e1afa590efa671f7f7b80dbe7f27260

SHA256
1b50bca0c0f183891896f789b85e7b2fb05e19545d61bcba1ccb7588d3e2e585

SHA512
75dcee5a8bdf901de3e7baeb8c8dc0167d181a29f35db3e6e7ef34ef5a9b22b1d8eda151be195eff9b92f4f29e54975483c94842b461f54f89c13196de898fcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
d411f1a957816dd38d768fe6f81ad428

SHA1
3ead777c3f39963019d3ecb19efee0519db830a0

SHA256
a9ca65824a3b55e9babc8f6c9e6db29572ee3680a06cfc261c1409407093e9c4

SHA512
c34e92fb17d78b14995379f00d7763f39c7b29560f336d85aba4e43769c799d866777d2c76d1ba804a34a82e5eee424d91554d592fdcdaf06885267678500056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe65a8ee.TMP

Filesize
351B

MD5
c6c1de9e46a2ccc7aa8e7a0f8b8b041c

SHA1
af5b011f2f30e147ac9a423131f6fc83b4318594

SHA256
8a646ab717958f48bcadfe8d53d289724466c93fcda1ab887b793542890533f0

SHA512
6f6fe77173103447b07d08af247dfffdc7755261f62601940345fade335756991aa0ead28191b4f47e24031adcd2996ea8024b1447b2a00298d82aabc879e54d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
de6d2265034bbc1e5f21e0871b9eab9f

SHA1
28630ceaf7d3b843c0c5c84923eec8b9ffc2ead9

SHA256
7bcad2d9510bb4f416d4e9f751af2e4b1961479ae33a2c3417d500e8f9339ace

SHA512
e189acce31c9a2a392ba048bcff13d88f03c1ec37aa73e2e13ffd9e40b6009a6d080ad3c3d86964dd16554862d9e265cfea0ad0e5464d9057344e63199836f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3aa6871c203d93e393937ee02b049997

SHA1
7c4cebb83bfe37ba587fae38805e038e9426fc25

SHA256
9510989bda9bf9b2ad95ddb8d2443b9d15365526a69d8b61ce3a0c44e3125458

SHA512
d50b5409350a771ad7c592c43f74a211a2961864a38f50cce0b49d7c3408d51614f0a48bd56c967231d45d30a274903c328099a1adc37a71cf9f725d23c960f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a3d798c3ec780a5f4c769659b08555d6

SHA1
daa8558af01fedae934d8c0409786f3e182238ab

SHA256
97662565864c0e0672bb647a492dc3c0bc93ffb03d6dfa3f852c069baefcc8c3

SHA512
cb0a5f31346cf9b14f853e47cb64356935910d33bc1bd45f4d6aa189e5ea753eda25ba044482c3c952f370bd90751e4d647387b55052669c86324acfa4b1efc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
f06f1742fdf75f16a8382d1b5ecb22db

SHA1
b22153b015bfa95b47bf17156dd34b1bbdeed081

SHA256
623de6a16aeb592e2f1f90baffda0b508270aa92f27befa463dd37364cb6099c

SHA512
e61f96c2fd4e781c0461d8ac5c2a96b5985ca71a9ca25973c9f333c632933d759af27b5b65e625f9444ff94f72422484dc8be745158fa9f8cd18f0d913cad7ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
12857465863d8a44a100220c5302d5f0

SHA1
571d91ae476244d708d86aaf370f95a412fa16c8

SHA256
864cfce5d2831e970ccb15855eae7bbbee983df6ae75630684914d9b053851be

SHA512
7201919beb43057e0a252049af0e4282d8933b1153978f6767eb59d0ff803d5df90d7e7cfa9c95bb02137438975ddef91991082edea915d59019c6e463d1151c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
9d4caa0970999fcae50db766b0f8e868

SHA1
fd1d54bc5852059652daed461e601a004c6d18cf

SHA256
d91c7846bb9d8c5ae1cc8e7882fa3bb0c5ed2513870fffa4ecf0c4719e039840

SHA512
f1de67d43f8c36972693673d2a04733395c649535dbf38f9575be1076240aaa3fd7c15cf931429728df321745364f5b29db6bdb8942f4c76831875abfad196ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
cf102507df5f737130f8551da955579d

SHA1
0f7e0f0d141087cdd781132511c2993e25a19a35

SHA256
06d4ab4f6f0b50203538441d528f31a8b8e4242e447285e94dd69b8138798619

SHA512
6b304ac5c19843348a9a192d15a943ade738a2cf86f5cbc63f4fb3da58349595cbbde4e6693786bcd9a5308ea8ba441f1cb06e16c3bf70d5422924912c8c2164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d1ea5fd6e030b32a41594de3df18290a

SHA1
cca83fa774ca345f3fdcbd8ef8e2e391e6b74837

SHA256
c48ed5a3c8fc8b7878919d9a35e2e6f4f1b23b0e0199ff6ba45620183b102299

SHA512
0c8a01fa1338edc3d8d4f9e603ec6a92bb6605b6adffa5b36dfbbcbeb30e32773d0e568c80b3e41392585230460dd6d59e7d571cfadc3dbaa620c1cd0f1aae41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
427bb30ab1d33f00e0fb64f2b71d01a2

SHA1
80ed86c440499934c3515e42c33baf5ad6f3611b

SHA256
0e9680bf9b709df0209d1c86b25dbff0cf330c1b6beb9b22ad63df5debac2745

SHA512
37aced516f5d8b0824d28000293c5904c0feb04a6d23708b93a2f18ca9f3777b3254e5b602a4ded046d9012a5c31f220cfda8b5b7d011931034116d3a9149f1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
80f2fa3a0b22d469aa58343c30425121

SHA1
75baf70e7d0dc23639bc7a517ea3d647fe91a9a8

SHA256
720469d00308f22e7d45e97e0ce7437b6b0ef9fbde6780e1463afe667e661834

SHA512
3140cb68f6c6cc0f5fdff1f8d1697b3f975474e0a72bfb0ae73ef06a98d4b591ca136827c2240e5f3c03c3060ffacdf40049ceee5a577d038e06828d80290e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ac5e596dcc87f6fc7c7aa7cc580feedd

SHA1
b51ed5b978bfa0ec46fa36bc3411f09a897fd72f

SHA256
94c9feb85e45b48aba92f7638f37721834ea23873346de9139971d41ac31fe61

SHA512
d30eb4ba7e4e51a45fb212a537a619eed504269697a971e823e9f1db355bb01d907713bcdca538fd6371f190eb0dce3a1bec02fc43efd62e775b9e867070cb46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
efed08c8aea4076602b0da133205b2b5

SHA1
6e8292cc937ce434d694f8e099b03bbbb2635972

SHA256
2a5d4b1fa209070be332b0b72ff7d50bf7a162f0b51db5da84a23f9860fa27ea

SHA512
1579ccf3c993b2e5688fb57a9ef7fe3d4c6aa153a764672de98608b95e4b7b198755d4032f04169fc90363270c8e823fdcd9c370d9ede80eb195fe4071918f22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8812e1cd4a75ea24506e7d250480ee00

SHA1
4e301df21488f58afe2816e04598d30d0696428a

SHA256
f3dce4adace3e842651cb829e98f5586ae4e4ec26cfd8e9c62035d4df2227a2c

SHA512
26382c72f6fe483757a08e2ec339c196f9c971c83e106bd5e3f4873fb02cda507a0ccd34e9cce6ec51bdfefd42b210817d23d997f89c34498a9cc63c8dc6c165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c9d2c5bb4940f92dcb678b69adffc4d0

SHA1
46ffae2feb103e57494f2788075ff99d92835efa

SHA256
71783bb5a8ddd6e8bc2af77fa3cce5d4b4683cdd428b3b40ea301ad91b80223a

SHA512
c15fa1fee50383c44848dcae574788693d7a5d47eaa7c47f4d55ce757ae488ba3d3a7ace486df30ca9e5d5a4783d0142821d3befba8e92915f9bd936e7cf1467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f86701c4c5f7da58112c1dfb7ca54b89

SHA1
8b9c354744ab2832e957b78c06611212f7a31c52

SHA256
e815d48d6ea0836768d34d49ae9ce07f0f450c7cc759d5c4f5e8711be9e2789a

SHA512
95cd8341ab31fdfec6851fbb298f2f83c33f3b40ee5f6413b05638fe31f0c9d8f4c911979d647cbb1d1154b8541ab05a2665dbfd4c77106f89655dc592787774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
774fb5608b3d01702bf388b21df4237e

SHA1
e9b97531d7ef24d5add1e2e165fb948b81a80687

SHA256
98f8839965037d7f99931fb4ea06fa6fdafc14c7f24c209e8ab26960510d3932

SHA512
a64e94f73a037b9f1a0f5b9f2a914be096765a504c5a9dedc719731d65260cf4a39d243d72a861cbf3f9e3256d03a6cd6f9b76e55f3a99c7abcefd7e6e0c4cad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d45f6bf9ad0b4789b9146cc8f37ec70c

SHA1
77eb3939d8704d07d986a277c17de77641128259

SHA256
72c3bfa6d7e51c0b4809d6a9fbdd2ccd591d18d58f1d205ab4a338ef1e774652

SHA512
17237940ba713eb8d824eb366628b579fb6c086c303eb08c0424a0175703561d4aa6c2932698abf183733a80f84371e238754ef3cff09999eb5f8c551b032e5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
550957baab3bcf9a9f38d59ea109b6bb

SHA1
1d3ad99f44928a428c986e1e73d22f4ca02cc093

SHA256
3d2b90373ca2679fb5ae3565734e02b2a883b8942887fb418a9a26221ca13357

SHA512
6b36e0830c545d7c96019a26c78aa59146a28fe3f0459b297dcf7e1ce9e395b104c9095dc4056938fdef9ad1a9889429e8718fba6f2726326df8fd566fbf7d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
46031ccc2c9ea8391083024d7924fa12

SHA1
1146b992f5a58d96893e9c51a3f0164b047d6adc

SHA256
7160d96676e20dceb0acb834f79d92c2b7e9d77b8956780cb089a7f39b3114c1

SHA512
ef0c4a6bef67cb5ee6a99482269e7f03ea63e7d4cc347e31847a00772b9786aca1d8600f2e47a7730a7373732031a53c9e837336ef400d55d5cc5a7a0c1f0d64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
061875a1579671e6bfaac54c3d902fb0

SHA1
6e69672c755613d8ce76eec896cd1c08c19f02e8

SHA256
635faa31f0b2624a59537fd64b38b18c9da90930b9edf41fec84999505613f1b

SHA512
7b7d3d446cf5271db7736912007f8330ca5e4c1ade6bbe2cc54dcd986747360de81f5f446afb61cce0dabdb0cd91592c74bf21dec33b7d1ea9bade10c26ccf72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3884f489b8b01acf84821e9c55756e1f

SHA1
3f86f2bbdb56cbde6aef24611e68e3cc3305d502

SHA256
6d9608615e7e950b52f6a4bb07ffbde3b0778eaebb0c3a130e04b74e59842fbd

SHA512
e84c330b856f03ddb9bd776a414d0e1cab36531c67a4281597f052a2c6f732cf750c2dbcac7019e3042294c9a1623a28f92db364ea9d9382992654ef3889293b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e20647a46790a20642f420ddb0cfa33c

SHA1
d254c83fb03978eaa1f6f6c6467b41ffaa911ea7

SHA256
6721b0704e4413f28ae5928aac6a25f409829bfe66bbd7dfc295270572dbac14

SHA512
069259b409918871ca57b6c4ee311555474fe2c65c38eb1396bf2e602034f3a9d6043fcf5991830034774bf1ca2a5fd2e3f6ecaa93ef24e42c66b6b49087e994

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4ccbfc68b6d9d8066ac57c2900b99b5a

SHA1
df5751ea8c5dd02e9b361feac903f87152248f72

SHA256
849affb86a5f2512e7f9900d7bc42350429af0ac4a38c8b6a0398acc841a3d49

SHA512
180bbc20a40478c7369d401a0dbe0448ed265b548c33e53e4e61c2acac999e85cb390d027834f14a771a6005acbe71c9ad4426203abc8310c4c66a26b62ba9f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
246cc0fbc2b9582b4893e3fad6d94e0b

SHA1
d3bd9357b9364a468eb69711942cb28e2f12b148

SHA256
1fbffffa58d0e3267adb20f23c2ff19726243c607d7bc446baf7fa5a30cac5e2

SHA512
7460a5b023a62d2d0ea9cbe3ef0e2e04b0937228bd4be7f8a05e5fd01c63f485218ca334f6eb86575070b90106a05f2c9e91f224112452c23b505956e9bf5faa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6355123c3f843bc939ae3d07867d8bb2

SHA1
4a336ee20d753ea63781647e9cc38cfef8c7e0d1

SHA256
2cecaed1da9b93a640039ff87a444011d9d8e2f8a9be9eba883656e852607f5c

SHA512
a4ef99a557488d18cc40fbd8ec9134bd811c7714c7154d5a2c046ce70434344bb65812d4b895f7279cf94cd70bc2ee4b1b6030a9ab0eb452f84f509b2f0f1f9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
afd2cdef835e03221e24aefad9c8fff7

SHA1
f69604a8aa824e0b63bc55be40d9de62e99ff1d8

SHA256
fdbbbd9cc2c74ec52e2a10f014e55a7415610ff550e86f071c6775d69477f04e

SHA512
b94f190280e546cc00b04752130c3cca7a2876150e6873aff5803241a91c7ebf3b7e92da32b56ef33765b0d9927ca1755b19a058c8295812c97a6cb2d3918939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
167306f800da4f83e73e50f6665eb2e7

SHA1
da49ebc6f8449b4b4f895d0b9ac4b08d6c5d2db1

SHA256
d94f550bed8400c80d58b7bd44c6b5e368ae8939fa7953e8d1d515ee74a715a4

SHA512
a869e5c80fd020c2af4ae71ca55798cf7274b4e39902e742a0aa2d729b1250fab0236b8c76400027c654b5301d31d9c7ab8a0f58de152ef8f5dd99f847151d85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3d6d8ad22859a1ac2dfb2cc53c8fbdb9

SHA1
258647958b36902208e35b3439fe3bba2fa76845

SHA256
429659f29c6b192e1e652bba9a4f912fe4d1e55189c270f17f7e9bdb199fb306

SHA512
12f6c7be346231d9c3468c140bb9b33cf507c2a14b8ca6b9b8cbbcc2aa94fd5568da09043b01cc7ed2518bdee2628ac02c55d01a61594c58e854f52477ba53a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
63e2e64ac67c65cb49d87bf6aec094d5

SHA1
cc5f3c6a3e513390c7d3896ee8364a06788f6a47

SHA256
a9bc8bb9f1f1b5cbcc76a52505c4ef679e8debeccad8f55a43c97789b08c71f0

SHA512
4819bd887044f522b47bc06d397810f8408f6ae0ade6e6b61312ecdee1492dd92a90cdc5671e27cbd5a6485ed75c456cd2dec8cc38569ba864ee5a655320279a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a61a768c52c137919fc2f2c5f4834fd0

SHA1
6c873883bb999d87e57be81d430f718d1dd6d587

SHA256
450302e27a3299394a6ce980c9946e3e8617fee0b4afc2f86c6a521322e39e49

SHA512
cec4cb3893368be7cc17f6a2e4fa077c44f8a1f01a03c1d1b741c7479b23f75a5fbcb914be4e02ce59df483c5199be2778ff5acd620f8c3c1dca43c180658ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
32c5a2d57a6ac4ee1a3c6f1b7116061c

SHA1
356ccbbcb202faef1791780f677b16c0377640c5

SHA256
977a8fb8f2c2bf5cb36bd61b8d485cab484a2df792eb0de3898f4ab221558bfb

SHA512
a9f3b2e44cafd02e1c7e28f046e900e6705adae653c94df14831f02a79d2417d1ebc40526ffb3141d361a9dfc4425d07a4697b2fc63eace678f9219c12a2eb8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
15f31c92da9e6eae176fac599b174a3e

SHA1
a0fab54f2056cdc5e8578abafd4933e35bc75c9b

SHA256
06a3b52ae80bf6d7508ac9941d2f4a06aca2c03a1ffa8d39be6cd37bf3b44d6a

SHA512
b29ab892caa8c81765a2382dd007050b658735063ac935d7d513fe847627064477339c9c8e72be7f50bc93234c8450516c545fab0175126fc751d6c9b96f2ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1fb3e0d761bd9f8adec15f6f2d503743

SHA1
6706896758224a40af2f9013be35f870e11a76b8

SHA256
e71498568f9ea5686132498cede416b9e1a611e0ac55e70c4619efb44fc3b72e

SHA512
dbe2aeff6c9bf0ebc65f85c01cc38a95309a4097a3df083c6099c8dace2d4ef0f58e6e7d97775800994050c766c93f6aad794cc20d565e9b325c721a63adc5a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dba372e3c622e023c141cf7b2276473e

SHA1
03c8291687894b28bd3629f1a5079ae96c935c00

SHA256
aea519176e695b7fd8656d634394c5aa6045a7b194a691ee6fcb623e4f846df7

SHA512
b90439e345e86cd0304df14e5b95dbf2edeb3499fb7bbdfad2ce16800e13fd04dbb8a21c0c8902aba459f861b59e57d475e4e133b0466406af9b0ef28092fc29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
79bd8956742b7f9b2e8a10da955a8707

SHA1
e58db823fad9667193b3dea2030a9caae30ce2a1

SHA256
8e4fcfdd66ec4870b4ca4dcc4cf540b979665e1ee4c6423a190799668e89af1f

SHA512
7337d0d0e1cbee7f86db9bc22a5b9c26ebd3fdc622942f00663b13d375820336ef37b82143bbd3a32c56e0ee95eaea75ba0c4272c2a2f69cedf9dcb8ab697cc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a328484e5b8be0a863a51adf221070f6

SHA1
3752c22026b726249de894721ea2ed1b6e0a61be

SHA256
3652f0a4877aa0e40b60355a04a9a15d0dc768079b1969287caab4fdeb4467fd

SHA512
c9aaa8152af9477b2df6a4345984ecd9cca976d937f3165cf924b29361d966d6afdff07e4b728a90f437bee0760c4b44a574f7f11140d6392b2ea1436ecb8095

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b69541b5b2e892316119a7443dacda6e

SHA1
f25cee8f6443002fe36d037cb6db02afc7775f6c

SHA256
abfc972b9cbfaa9be45e2a98c8b39e146ec714c75fd769e826b4405331867632

SHA512
2f0027f1480d29ad86688785e9528bd8d087eb316d1426863fad48fb68750d597a670fa647f356d2fb6054ab0683d67e4ff9d332f4138873c2d950862fcc856f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69763c25973f260ac6f64d3da9e2b624

SHA1
4f0457b851af67c876a50876164a39b8029552c9

SHA256
ce73b8ede05475e1378a96dfab064211993fbf99059865478b15f8f29a8af91f

SHA512
fb1f773f255fb51c7be2d5de00b2777366b1ff39bdb46be48fd0660019b3721d94dbc597070a63dc1a2782afe1002c610f65e0aa965bbf752265c38914f28a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5e7831328412fa786e2864f95939a591

SHA1
7b354271d0fd1f191da78de9ff1dbdc6bb87dddb

SHA256
481d4de9bb4c89c20fddc261bdf582acef02bd6e64021b0e88f1f8e3114e54f7

SHA512
5c5ef0842fced065a8dd3675bffcd1e4d768bcf88d210f90b63cac72fddcd131d8c1937ef425cc408bb0f656f4b9c20bc6034e182f0761b70d21cfb6595b0703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
305181d0d451e8fdb9113b6b083e7856

SHA1
57b9c26fa36db5abbe1c3678668c928352303089

SHA256
3a891cc9f126a7dfcc4cbd916eed5129a0550cbe498a8deedc18a0db05566eeb

SHA512
9662331a32163efdaec99b962bf19580eb7e06c037450b3ea8b445ab82b725537e68fddb9ef57b82869146984067f70c3b8f4edb23e59c07048290032bd2571e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9587224e96c69ce49f0c5a4ae4b5d8ac

SHA1
79d2e8ff172cbe8a074ec2eb3f41393e6081c3aa

SHA256
7db9fa53da76881d3d8290fb754076cd55077643613c500afab9eb0202c4e58d

SHA512
9cd6c439af9dec78e44c2aa2f90ac819b300264656e34df22ae63ac050eeff902e1bd621b233cb6a6b51759a36c206564645f383af9c20a93c355d620f3c21b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
731d8e9283adde1d3744b6981c1eacfe

SHA1
a57b3fa880beb5c6a78cc65fce852a0d89dfd3f0

SHA256
9746472db767e4863c83ef2396b8f5e9813d42d17538b044c6b9d3f6f2f10b88

SHA512
f5f80b3a252ae684ee8e075159bd60d4304a03b7d63bf027a55478eda4df342a568461b6c496c903df327dbc5e87be3bd66e62ba16ed142abbbfa93d98ca8210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
6ce36e05b165d0c72e70f595e51d8a8c

SHA1
3bb447857d97d515e0c5628f6257e6c80f954133

SHA256
135ed709e359d48a8dff881db186d4c02b33389dde04bb96943e31d43e4666b2

SHA512
88dfa1ce59ad6dba5bc16722533f950d127fcca2cc5efc3209ca1a5c7d100a8c1ed174d0b5af9f1c83b185572536001b35a325a04f95378e8f0119d3dc2b813c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe579fba.TMP

Filesize
120B

MD5
e469beb1b7947923ec8c498d2fdeb0ad

SHA1
2c221c0472c00751f7b9cea3c8c5122298f69c5e

SHA256
71a1c05eeeb2e9776cab4dab143e25ad395829a6ffa687e9af257167f490d07a

SHA512
ef70202b2d38a80bcb0482b53089d9278e2bf2596565c463241d7cf51169eff7fe8969e8b3c5b1ba7585ac5587fd270dd9f53b8e5d994ba58c73ddf12599b454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f61993038ea854df6ea6449abd0e9c39

SHA1
5dd63e005c3fe9b238dd2c181c79d5339b7ce706

SHA256
58680f0a69ea387c8980795d5eff0cc000ab55a07808091ff3b850b83ef67cc3

SHA512
9abf7a70170ce9e9cff5e0786869e4df1c4e358df15513f639ca25db6fe56572b57c1c0d11ff80e3b8bcf89e1742ab52ae1decd7e67188e1a9a469caa5731227

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
2bc49616b3f7ffb6baf5d9fe38e00504

SHA1
60d77f58767bb6e41d26f8a4caf51b0773253531

SHA256
dfad5c9a8f0468632a3b5ecd05678b1fa8705313e7858c2cc4ba282910af2bea

SHA512
c7b58211474fe0735a45ab1411aa1d3f84c15ebc2a7f7dd3780d31c7a9f3503d0216cfd0deb0b087704f2b7c71f5129550a9df50383c74bea3ec30ef003c6f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b50ad.TMP

Filesize
48B

MD5
3b8a2466e8098ce51545770685bc1e7e

SHA1
f9b1948315c77f5b2485d0fac2dd7375ba674aa2

SHA256
69d9985e66819c907f37e61e6ada0e75aa1acc2d81c60aee355f6525ec7dbeb6

SHA512
1c8000e378eff80e6079695466aa267ea03312beeaba54763af58fe7db7c843996b5571230118faccb9cfb19b6a21105f5bc3331d7fec273e0b5501210803c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
0d3ca54f39ea1143b7798c46f6da195d

SHA1
1d3705381004afc855ad13273ee7009dba822c7e

SHA256
0caf036322f4390962619bbc6696d1fb302582552d376f0cdf8ad2bd0a5bcb1f

SHA512
a94065581f1dbc3c2ce0a797dd868226bfc81192d8ca1b5dc6d7ef7c3b7b4399bcf8018aab301d945d6a7bb25c7be6c12d15f16b95858a0d768a07d9638b5288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
6ecc14851bf91f830464af94702350d0

SHA1
85d3fdc810830d0a1eec1593f553daa4dfdbf03d

SHA256
eb377d8a53218325c8dc9ba5f769f42fbe0058e6117064ba8cf228428fee2f58

SHA512
314d24b96f5c73ebb1458c9f190da4ca310204aec16209a4a948b19b0934bf1cb26aa8d96aff319e52561168d248c0bdaf93511db7647f321b6b860f5a5d0b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
c9670e79891d567e1f8104cc12b2a555

SHA1
f77ab14ded2c9a20085a5f9194b9936a56c1fad0

SHA256
5449f66e4cc819a6886abe9ad324ab1272142548553adb9b06b8a621cc98816d

SHA512
97adf7a3e0fef424c209c7eb37ea7c2ba8b2d710fa148f2b9fc6919f12ad146a1ee230bc1a5034db6e09cc264f250bd278082d9d2ac7fb82a3b555776f35b0ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
b1c9b5ea02fc08cef3079c70620c0c9f

SHA1
c93ac965f98413311da35c27d239ebaf4c61f571

SHA256
79b7eadab1342a40ebb835966fc6b15809e9f52ad1e55688c511dff9280e1ccf

SHA512
ef4e3534225764e0914cbba51620c9b2f7e2af145ceebd0c28f18a22197ffb57c5872039a1eaa94a86629d8a24078bdc7a4e167bdf178d36da10bde9c6bbfc13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
15ae7a5379826f4df86532a7cfffa6b1

SHA1
fb3043be43bcf324f63c68b86940a9845e56da9f

SHA256
172c7e8043e28651080e45617c4e11938722e77d6361845fabb1faa4baff9f53

SHA512
976f3ee3a10c715429dfb038f6dfbee42ac5cfeaf94f5f13d24190d9b55a09d7f9f43d0f8ca4858701aef6a81e7621012aa6aa7ff55d3653e1c15926975c7022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
d9a2da115b6622387bd4b44b1d183086

SHA1
2f7541d406a1fd116a602973f37f7ba27b59384b

SHA256
6de8f48dbbe8459de3e828327e6232cc638eaa9fbd02ab2f0565470256c61314

SHA512
6ed3b1d7e1559f17e2e0d02c981733d2dc5c2a4a0e0042602d83bcfab4953080d4df9a6ca24e656af5e84cbcff9e8ca680dcbcfb52ebe6e6c806f6bbb33f51d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
67b514cc2341f8fe7addaef5653c29c5

SHA1
7367bff591817bb7ff6a6a8a3b8f3d723d99fba5

SHA256
343f5457dcf58acad45d5be825f69654a24b7873204cc16c402b926c673c8d4b

SHA512
71956273ea0c6030c38a63fc056eb043ae701687e2108945915dfcf64e3602b5f2ab293fc1901fc3075bbdb8c8cdb7c7a67761393e6120e89205c4c94ae9aed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
99de9138032b0fdec9d02a7c24ea09f3

SHA1
4ae084e9db32b81046faadf5a7e815f5464649ab

SHA256
6f4bc4dcf8ee6d4652efc88852afc63dba973e44d13f5ddec3ebe1f108a1c074

SHA512
0d44b86d50caa02118c53b9b5cf50b3dffad5ab39fec2a9652a6aad3b161de61283513d960a4822ccfaf1f276671b187182866548483df75c6d74d5684763647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
1ce6538c259c03703e6801697725c991

SHA1
f334011778dfc5bfd5d4621a0cd708a4999ca745

SHA256
1ef91f0a3c87ec2bef979171d6b3f221e8e1bf9aa81fe43039fc48d11adc7ff9

SHA512
c11ea4866c0f34090808081b11219e769a4fe03190cd5c52512b512327c68cc4ea3a82c60249250ce5c795a8ab9b53877c913952fbbafe88322c70b4cb0431db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
20e5355e1f8ca55b1c3e886e9f19654a

SHA1
7347a1fe6ba14432d4e7356b5441c63c8cba8930

SHA256
8780e6935c08d9b173a0c743c7e14b13fd03ebf2d8d2c9148d38fc765d1e7d0a

SHA512
165954797eebf760f11719e913a9b85b9163b27462cae03cd48d248fda9026da9d2b0c2f41d01574eee5997d04364393fb5ae65c4cc97ba149d94008a4a489f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
7a21d86720ed7b072d589ccc85c3f26d

SHA1
fb2726b9dc4d7e018b279a3f7b4d0f05d92eb7bf

SHA256
ba50fa34f4965491737503236e9da40018931f4a6fcb9a77b2577730d0de6d5f

SHA512
9e665859b626c5500b752731c8ee6449545b674a396a769adf70dd33d7a4a4b627bf8af15846bf0ad8baa0132bba717d7bb1effc9058d8e7540ccc6a927e8980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57bfe5.TMP

Filesize
92KB

MD5
6457467af546b706baf3c3144ee3fe57

SHA1
209e63054f4246e6b42279cc243bd4aefbc68f98

SHA256
adf1457cee5e27da278e258ef9abe5f79aa4b4d6933ce9c8cd73f2ffa34072ef

SHA512
57927fa0b5f1369d5554df91b08c5b854e38155bfb0019e5a0f997c8da7d859d0f76f261dafdddb52dc55ae1ad426abe71a6bab6021ff7b903de9cdf0c69722b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\memz-trojan.zip

Filesize
47KB

MD5
c31e52bf196d6936910fa3dff6b6031e

SHA1
405a89972d416d292b247fd70bbc080c3003b5e6

SHA256
8b47e773a782361209f8adacc8d6aeefb595e1c13ae6813df7de01c20a15c91e

SHA512
a5335c7d3beafdefa6cb1a459736615ca0151fa2e64dafb78de65aa4b924068ad0dc55c70a5317be19edeb899f94ea02e2e54279933b87828ebe86ef95f13291

Download Submit
C:\Windows\INF\netrasa.PNF

Filesize
22KB

MD5
80648b43d233468718d717d10187b68d

SHA1
a1736e8f0e408ce705722ce097d1adb24ebffc45

SHA256
8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

SHA512
eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

Download Submit