d3644e3b175de5ba44b02e6098bc78cca3fa94ccfee14296f488da9d2273da8e

Analysis

max time kernel
149s
max time network
153s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
08-04-2023 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.js
Size

405KB
MD5

1cbbb572f88a23f55f086b96327fe5e0
SHA1

6d1593368828198dfb5b9eceaab71f49aa535c40
SHA256

0b339883d9d76c11e4b22915fa67303fb4302d9855e219db7e803e693e6fb899
SHA512

dcab6c6025ca9da5301cb6913be35d4285d1ceecc9bd811dfd23727b1b2a14618f3e7a98c18d7a335373c5160c9cb5f62c10f0385387ab7417fc917283981ffd
SSDEEP

3072:WV9Es470kT97kFUxz3mKMACR3R7DyWvEXNemiS0KPMID5whT0bMNj67:dwkwM3zUJtMtwmIj67

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133254522832237921"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4280 chrome.exe
4280 chrome.exe
3164 chrome.exe
3164 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

Processes:

chrome.exe

pid	process
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: 33	4268	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4268	AUDIODG.EXE
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe
Token: SeShutdownPrivilege	4280	chrome.exe
Token: SeCreatePagefilePrivilege	4280	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

chrome.exe

pid	process
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exe

pid	process
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe
4280	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4280 wrote to memory of 3692	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 3692	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5096	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5092	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5092	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe
PID 4280 wrote to memory of 5108	4280	chrome.exe	chrome.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
1⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffca2279758,0x7ffca2279768,0x7ffca2279778
2⤵
PID:3692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1924 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:8
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:2
2⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:8
2⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:4600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:4588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4392 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:8
2⤵
PID:2084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:8
2⤵
PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:8
2⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:8
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5088 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4676 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:1468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3036 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3100 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4672 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3716 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:2564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5732 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:8
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5808 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:8
2⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:8
2⤵
PID:4904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5860 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:8
2⤵
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6036 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:4628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6100 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1500 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:8
2⤵
PID:4548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:8
2⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3164 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:3760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5000 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5924 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:3752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5288 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:4652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2976 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:4580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6124 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:1160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6200 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5700 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:4936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6512 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:2244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6856 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:8
2⤵
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3116 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:1
2⤵
PID:3976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7000 --field-trial-handle=1720,i,6019253001254269787,16544271165501197345,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3164

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3372

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4268

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
696B

MD5
8ec4a70842876557c375a861fff56b35

SHA1
1186d0cce864373ca8dbaa06b21e7d6f4ed769a1

SHA256
7cb96ed1162b994aa0444f4bc6f5050e6953e2e087682f2d6ed5079bf35f8501

SHA512
eaabbd6bc094cea4386b51f46d6696ec49d96fd55f284fdee9be3a6e78dff212918f5bb79fc15262aa769c4908916181cc606a6c4582e083a5997df403487357

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
0056118411171be858518d7ead4938d1

SHA1
f4b819a2068c4ce9675a81f0e265c649959586f3

SHA256
7f526b01aa7cd6380927310144ac76ca9b62642a92dd770bf5a985b1723b3047

SHA512
00d2772407287c4a242c02c61f3b893e47051b7a9418039de56ad80b28c6dc14d34ff36ae9cbf3ae64bf87a2a060bea0d72e6b37bcaf2369e8da87c218ca077d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
691214c47b9beec9b28f5d1500bbe9aa

SHA1
1df021f0c1d4a22fd3770247c29970e8a0ae386b

SHA256
37c25717fd06c8114bd1dc7ffae54225ab7693b26874fe42289e2d70820851f7

SHA512
22d3252834590352257c22b945ebfefcde2271763195939d0fbde100ebd768fa1e2a798791528334cfe1ca2c900e3fc80168c2451e248ab4bcf235d7294f732e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
eee617b06e179dde96c510b8f49614fb

SHA1
5451209826f8397bb9cab3a3eed66d6d5aa4ccf0

SHA256
68daafdc1188864e0ebfaa055ec3de7f223a7997e45bbe060dd6f18301398153

SHA512
d9541356a83a515b00f699997d67ac571440246f2538d90644eb7a66db44bf2e6d8eea13b081f2e9bb808a5a1a6032316812481976869fc865ffa4fd4223df94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
45df6c04e2c4c2f0194774c7599d98aa

SHA1
5ec0ad2c5d872249ce8f201b8fd66bd5561a323e

SHA256
842d87d1eac6248ed158b85fa2122c1db65dc673ab2ec0728fdf3382e30c6296

SHA512
7f973334158cd86f5c24745e8600bf6d2b7e1fabc39cd35f67cfa04832f054630bf71999529522901c03f4f0c19d03d6c52d49710748b533736d44815caa1d4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
46155410f2f0f309cea8242f2a2c5996

SHA1
f102280622243fcdef72cff765c743c667927685

SHA256
80cfc3a4424304e897da2d4e1c34203acdfa6ce325c9a795f73dc1c211d3bc12

SHA512
2b459f33f6f85f6492af3409049bec64f7399967587d09bd47eef7886845a921a2014ae061d9c0177a0d37ee274e60ca1b5b9af817ab28717dfbf381bb8f2b4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3c3eb9642d24f2772694dddd557c9247

SHA1
40abac213c802e5a6fbdbf64979efebcc2bf857a

SHA256
82935d7e194a1b4becc079605a2b2236ad4ad17326c3d89c19a425c04a753d20

SHA512
37a9ed1b3f26fb9f5a8404a8ffa5304d3959db025b443d27a3d18f6d143b64b359aefe9e2ddf427786dfa99a086622c7cdbc050a8700d96d054959abac2bd70b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
c78f0a32e1a51853e9adf038f404df5d

SHA1
3da4d97e4cd8568093f2d3e0d222e2f80f995501

SHA256
c03e0f74e1988edd5f17f983e2330430a72a03775bbb39e950f6b82efe0a955a

SHA512
dfc625405189e476780734c73e7cb6ab6877e6d5539cebd88ae89377e55972a70dd0a291cbea71a37bebf26e0db93fae4edaa2a310afe2244f4318c0b4ad70b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6aecdf99c388c3e4b5e140ceb89d8285

SHA1
367afd7092fe5b7f96dc7c61ea484986f62a0a05

SHA256
cade9f939b31ab00abb52c0c1ac9ee2d153063400a5eaf935a0a7d21893402c1

SHA512
0bfa76f9f95ce25c8667ca3aef2aa4003978cc60f046179e9ce72b00bb4ce5b2198cff452bf6f84fbd777aafcc7adae36fc81e29ea525d5eedf63c6f23284879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
287ab5e57dd3dce0a10240f710e3e296

SHA1
f7dfe7859272a307b6cdfdc3a28baf99c45a92a1

SHA256
753b2079f606795790725860a62f207354cab57544ed31d122f7cbd06b102f05

SHA512
0e667eaa4a5d87e5f095f3d917e6b5b80e2035eeef73d51b50f0bb72d49dc1f26dd9919d4fc2477d871d05129ce897957782f15d0994e57368beae92082c4c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
5d53cf31204334aae529762e7007ffbd

SHA1
0bc93ab356207c0242ea118dfa79071aaf65a37f

SHA256
682b06b83998b5f5cb5af2f4faea5ffdc6612dd28795f0b6f7c48274aa9101b4

SHA512
6e108715383529f67fd9a24f8a5045114720d02c8bb59990acf0e284756f123d4ecfe06c7cb2e2f1cd8f6751584c5506ab59826601dd9f8f00018e19dd57241c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b90e90dc-8429-4683-814f-271c9082d670\index-dir\the-real-index
Filesize
624B

MD5
d75b570ae7874e23f11a2637a7c57da3

SHA1
cc98206badb51f2fc05bb4bc0d40a2830361bec2

SHA256
b6534f85304f1bf0eb98f45d81bdf546a3fa993a28eebe10c123cdf60e683cc9

SHA512
67f22d73b0ee88a57c16cda5133e362f211f95a4eb1126d5378c4668c7cbb3deff92841fa8911b5dfc7706cc7969a60b5c683545b6012bfd50720d3601fbaae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b90e90dc-8429-4683-814f-271c9082d670\index-dir\the-real-index~RFe578637.TMP
Filesize
48B

MD5
ee354956aaab19cd7f3feaafceeb1b66

SHA1
f29f0d21f29bb819ad00bf58c7d91a8b5ae91569

SHA256
87bfbf2397cf6d8089451fa3b1e6555a316240cf160909d97615e9cab93ae471

SHA512
e9b16c277db0bd7fad80704c4e11f256a6df1dbaf439f2588a192a9ac5ca179a39b5e26e18f359ff434bee337e379c688045927403b0fce1700800deb0a826f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
129B

MD5
cbde776fa4718b7dfd7c07f710321383

SHA1
4c9b2319d918374c91ff04a9364ed98b6489979e

SHA256
009776c3c6a7dc1e981707126577c1abfa414e5429a5df48a43d175aeb59b59d

SHA512
9e38c0abca89f9a98a021213d4a9a49f46528d6e3dd57f6aa6250dd18f0fb507b36e4af883f468f7983f6b4f14b8e1c58c3adfbb03d767b2ae63a9fa9f666582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
125B

MD5
f2325c453c33b46d9d7cc967c54cadb3

SHA1
a783de911178e84c5d6568f39e1e47c1ddca547f

SHA256
d4a6415348eefc4be24e60bcf35c743ccb25a36b5b3e07d22edd1959bc044db4

SHA512
08c49f2821eca5c5a015f803dfe3889ec0f26c85abbcb3a3daf1ce68ae1c72ff9ff0e05988977351a226d023d7694e5fe838241c07e7f122b82af8f8ea7028a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe572913.TMP
Filesize
120B

MD5
732e62c0072a409777676ec540f24bfd

SHA1
ffa567f73b4de8fff10dbeea9f9e858f00c18713

SHA256
b9bf43a9cea68d7135be21aa458f24dd652962135bf92793ca99fed20b50976b

SHA512
0aa3ed803a18339e042aee9cde3fb78c67776ebf26a47fde6c8bde8ae58304d71321bc1871392a8ecc264e01a61fa6018e89cd5c34cc26b1d2f2810b4ef3200d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
c7ea8764b88832975733f6455f978533

SHA1
ccdfa51553d1e3cd11d74667c1552ef22b10b858

SHA256
72213c8ca26a56660cf94f2f00a3a9bd37b8a10faae528367abf3dda33f20754

SHA512
528c0cfdb3db022d8afd7496b64cfaeb255e1cdb12b46fa4ad50eed31037727003921427ef2d4b5adb434bcb6d5bad95547451ac638db52860f773addf06bf61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe577927.TMP
Filesize
48B

MD5
77af0e8d5cb76b9d9672b80757cb6bfa

SHA1
13efad54a81d2a6dbebe29a2abbda58832f74545

SHA256
09bea49ea9b138e818af5bc5bc64e33e907a218ef926f6ad29864a94285fe5a8

SHA512
faf80cb4175048e01f095724310b2c1217933cb28be883e4ff661f02db35fd59dba46740ad6dbdf9b70dff53cbca15826b990edb3ced8696368e8345fa4b3e5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4280_1719736936\Icons Monochrome\16.png
Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
200KB

MD5
a5a5b4b8142afd8fb611a5cc6add821d

SHA1
3c154e9a10b2f266e8057ba0dd5eb992921d26c6

SHA256
c91eb371224707d645d3927743aac6e685cf91cdc692d88d032a2c0044e7a034

SHA512
8cb15fcfc512406f49a7e31e18c13c1af3e8e78c03a017f6fa17f32ec59e40a15cd10502e2acf9cf5a5cf6cef6bf27b44c7e2959c0957bda8865837c6e1494d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
200KB

MD5
d2dfae776e28ddcc40f9bad83dae6e59

SHA1
610436a08e76e36d48b015c467a602da167d5c96

SHA256
069f09237af15f4413f8b5c45c46b50b09f9c7df9d6513cb22e53c5c233406e5

SHA512
506ed0a780650f33da44bf4bba5a8e02ae4361ad17867d526196d25c32c8b8ecfe167bff0c05d5696cc3f983270e4bb422b09996a263ab6caf87ec1ae553a170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
5497381cf59bb728c292654dc2cb90a4

SHA1
fa9f541aa460edfc3e1c89d32e2f61a3448888aa

SHA256
ff996f4a677ca917dde96ebfe9b9c63b13e05f89bf2b84f97c457c719f3b718a

SHA512
7a07b56e30c6385eb0c4fa33dfb05f4a3c73f1bd4f03bfdda6fd97d418d60a0e556c48def5af17ceaeae6b739e5bed8e8dad342aa9752622caf72f95bb773dea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
99KB

MD5
e9e7044af4459f928882d8a335737253

SHA1
33f5fd407c3dca6ca4d7bce4ee6e40383bdc36d3

SHA256
fc00976f7161bf1d3f2e8011f437ad9d1e7c1704ebe11ba8b2e4119dd1a2d552

SHA512
fafe36c8e8cf0838c3ef4c38fefe0edff6be266df7a47e2e8dc8bdc46c89adbf54ed79638b6f48d4e73cc2820e719552b323e540cf8b1d0eebdcc97581c76de2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
8d9f126f4f094266486c1a37a1a22b56

SHA1
2580d40a02af3e99c02e9dbeedc0d6d2af2017ae

SHA256
988336520be8e276bc42110420409084668d163fbe5ca349dd03705446f796a8

SHA512
bceafa292ff1bcf55d9331456b6255062efe55e76fb6868551e024aa26ebfde741fa39efff26e392383c38f7d24ff11dcdd00539d55a381bd32d06e119252470

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57370e.TMP
Filesize
93KB

MD5
18de02c88c1efa219be6be02c0c668c4

SHA1
dadd0935ca31f861cdf68c3585301835b3168316

SHA256
ab3758783165a43738cdc63111d13023b8327d2bdc652df65c7e4789390a3a63

SHA512
6e79d11427cbeae9a2901e364ea423af9fe615fdbf11db02ba64ca4d26889436e4beb1df5942739efe932e849a6e93f83870f90457d147d5be74331e61cc6125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a747071b-3451-4b79-87f3-580d12354243.tmp
Filesize
200KB

MD5
3608c858294853fcdbbe6396b6ed10d1

SHA1
26aaf2a9dbe6c720617cd2f058a4fcc704c4f220

SHA256
7f1e8a7ecea9a33e4e57408fd15c043f17daa958a3690ee878eabe74efd043b4

SHA512
5874a59c23e7b348bf7dcd363e4d90af86369aac26263f4110dd1156190ad27093af1d26394073f901f28d74eb6e43c3655069ce4a6b31379d348236b088f244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4280_GJVOHJUYIJHPWPWF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit