hxxps://cmptc[.]co/U/?x=nah6afb9

Analysis

max time kernel
900s
max time network
505s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
12/04/2023, 21:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cmptc.co/U/?x=nah6afb9

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133258162568356251"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
3760	chrome.exe
3760	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 1508	1320	chrome.exe	81
PID 1320 wrote to memory of 1508	1320	chrome.exe	81
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1996	1320	chrome.exe	82
PID 1320 wrote to memory of 1392	1320	chrome.exe	83
PID 1320 wrote to memory of 1392	1320	chrome.exe	83
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84
PID 1320 wrote to memory of 2996	1320	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cmptc.co/U/?x=nah6afb9
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97aeb9758,0x7ff97aeb9768,0x7ff97aeb9778
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:2
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4536 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3400 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4840 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5360 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5160 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5652 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5580 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3388 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5248 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5616 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4808 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4696 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5840 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5928 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6068 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6024 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5548 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3416 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6208 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --pdf-renderer --disable-gpu-compositing --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5972 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5212 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5668 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5040 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3928 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6260 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6304 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6360 --field-trial-handle=1812,i,12799349533540761132,10159041614209201237,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3760

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4732

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\10c0cf54-fc53-4275-a741-a814f7ac634d.tmp

Filesize
8KB

MD5
089e5995a5c5cd0d5a3cd09ce0e0be97

SHA1
780348b124f590f6cec1fa7c16cbb65178fa3cb6

SHA256
4279f2bbb40b2eff5174f72e3bc739dbbe0799f6e0d59e978fdb77620e905f1a

SHA512
461f053c15e6cce2572940a599f86d31c3650c894435af1822f718cab94b7d3a95b9078ea313e7c4b1eacd5192dcb41568178af627e5bc0e0ac40738b6bbf204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
48KB

MD5
66d514f7a4e15967dd615da85477a4fc

SHA1
c5a54d294d0e31d2af5f0aee49e2b762d343899b

SHA256
862beacad0e0cf5c98ac73d8125cefbad0612fe5cd62afd431879347f8b51a4a

SHA512
ac67c6e691a33997cb6c118ccef1f68418b2b18dcb2c31220cb73692f1c7119865c2fb337b2a7c266426d40f8c0d472413ab7996b8a8444e1b300282b4a49569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
2a667e4552337adcc73853869ca6036d

SHA1
da7bb6ccc5795cabdcff70f05fdc6cfb1c640b99

SHA256
5631f434dd50223cac3bc864979a1f36737ef6207ee80d97b8fe1b37b6206995

SHA512
1a407a31aa7b7efa807d8cd7098d4571139af52409513498a760f34a626bab778ec37a471f673795c89fc9edf16a3d06aba61c03661605c2c535e0dae32bfc8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
d54328494e2907a88b659ecec69134ac

SHA1
1553fb56ca704fe4709eb5ede282d951ee33f257

SHA256
9366984f27e2ab1d7633ad6b22429a2c7528255b53c25926f56c2f2767d97ad0

SHA512
22127cf48615dec070f733de01b43e361a04f72a59f392b9705b4a09186eb28b96290f3662e4389887a6f2fde3d4da95c9dd4de9a9e0e1759828b8793aaac51f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
bbc79eb153e8b6dd4ede90bca889c8ef

SHA1
6e8565d5190d3dce74db84492e0abb875381eb8d

SHA256
ce9c11a5eec2756ced47a9b64431b5fa7f780c0c96f626f05661324b3018097c

SHA512
dabccb6213de6cbfd6dc447ace4d5f85c9936768cee4d1ebd62fd0a80a50b7ca524fdabff6f0856e96c81d396a148747fae5257b1b12a4c9030356fc0a84453a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
032ec034b0b0573a229ebf09e7f71850

SHA1
f99adfb27d3a063bfd3df8500b92ac1e56767730

SHA256
3596b4a067e521b6c4f4f29474f9a30290b49b3f93f1e98f74d720aad7eb0788

SHA512
7a1095b0127e359d4833b4bc948a926664437252ae95f21e696504d283e118933ec955af5eb7562ac10df4fc164b9274dd65c5501c1ab88a6dbb2d2724cc2ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7c6273d58d9027d174cc7c06349932da

SHA1
2b1c2fcc4bcb06ed6aa11e8da74dd3c24c108380

SHA256
e07c83653a6049f147ecc76060df226461fa06acd0cc8f8404f4909c6757b963

SHA512
ebc2c3f83925d712187d04bf19b26b9f0285215d4c72b899284d2e2601e53b212b348d9084a9097d28a5335e35f327df69ab95405e882e5875c643fba2fbf4ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
dcf5abc2eab88d6da76e33a3c610f2b1

SHA1
b3ece201048f86e92fac5d13d968df06f0eb808c

SHA256
ea630d37af7f8fc8b952d8db7f10b0b25813cc5c1d9b8e98b0176f4376e5582a

SHA512
71c3a356c1cc80d2beb7f6e9532ee574ad34de19aedb7ed43ec949c3565e938dbc5bb2e53ea1ab1b3973618c9fdd9431ad93385393b6f3521e7490268f50a541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
812b2f0585ba06bbd4e17ec53f123d20

SHA1
90939193c437f3a8df7c6760351d9f9feca4385f

SHA256
1c6da651c19a5c806ddbb417c779e754f1c6b644ec8ca646433330342cd43dd8

SHA512
73b55c376d541605f716231f0a347c15d8f6d0dd6cb2b0b6d59a119dde340b6d15e51855708546d9e39ff02e74d833b1ef7c81d220715c46a59aa0b4b5faec52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9c2a51e054f5d321af029c970247929f

SHA1
f49b8ec039cbccf1b8d43cf204d559689bba12bc

SHA256
beda9fc3b9d4ae065ad3bfbe713b544e3c9f2442a09b837fbcd1e0fcbeb92e45

SHA512
b08a1e9d0194d13160a4e2326154033270f2ce76eadf66a6698269712a394cc8ebac21624c1e612cb9e891697c33b5bca74dbc0914a015c437aec28e1bc578f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5110644b80762299985e81de50cb38d

SHA1
0879bbcf51cbbf0b3d0c1f1f1bde500f8d93474a

SHA256
64ea7216690b23330ddebcae5223b8b1a1b9e8bdaeafe0b98e8324cf631812e9

SHA512
8a5d5f44a028934497349fbb9eeac691c27267967c89a51f0703f1fd7a9d0982998d51c15dc26415f78a9e5ed10055338a78300a1f0f27d7ef3360f4d6561433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
316b5bbcd46aebc059a7fe21a431ac0a

SHA1
d4abf08ce52576fc15546ec8a0a76ec55a2e2dc4

SHA256
b7b46523bf0872b4c1f2967768c1b904aa7c731ebb6187934faf615d6c9aba90

SHA512
34925d5e6e92bd9867faf948c19bd0fd17f5c12647504313da078d0262f2e39151c2bfd980a99e8831fbf4f519771b512c3d6125686233dbf8999be4a435d4e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bd316bc82018ed5ece4df0b2acbdcebb

SHA1
bc55681a764b8450bc78fe6c84ffc0f4bf585197

SHA256
2b99597d1533a4e889f9080e916154bc8686a60af7da0ff6184242b088b67b7e

SHA512
5765d50779fe592e45e9dc005247786402c4e616f7f3606eb6239a530590df01d9d4faf0dd024345dc0165dc292842d0b209e8b42382fb033c8768b002ddd0a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4ff0feccc7a865fddfc247105cc76455

SHA1
8328276f2f581222688c64b3a1eb0108efea0ed4

SHA256
be50de524e090e6229ee79e02ff0ff3d6cca3e9bb8cef66556a821baa80df9c1

SHA512
26b80ee630e3df2bd04a3ccef0fd1378d6ac5bc48d5e36bd2fe741fc4b88b7c3d9bb82e8c0a287a0852fba322f0a9f49299ff3269bb058167dd4dc473fe575ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
421d4a7b429e667ebec754545c2b7cf3

SHA1
080211609974671978d3491ec9fa04efe7b4b686

SHA256
92973e0ac987ccd836ad78eeab206b90b8b51ceb4e75678cfe936d43c582159a

SHA512
1c09757211bd2e03f9453955f565091ae41f0b1a078267c0d7771a7ac55ed7c3ac8477a69fe708cf488f63e18c2a90584c8382ea8d8735e6ab10ab92bd50461e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
54ec2fae17eb703b2e60b0c89a431640

SHA1
ff6ac5f74aa3db6b77b584b63f78de9a60ae89d8

SHA256
78eada482c718563517b7d808ae06013ea874b9e255d04ebb74a7ebce98daf79

SHA512
b1e9a27be0a40c8ec7c9904d90e7c83aba5720af9fec95dc70bd0da6ca27f43b00b13ff117f24421c5ed342e848b082969327db9201e8b19a8c18e04fb980139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9ec1dac1cc172177ca597590b4b6d579

SHA1
a49a9eaecd4f97dd221369ba88556579f1e73203

SHA256
dfde558cb770063669b21d35f71d5f98c4b89301b9ce8cf2c6c11f6918ce5bd6

SHA512
c874bc3197a6875707c96babf0b8c9b15323c9402e61947e86191b6df47a01d4e9f9bef347640c0a24972c09253929b6a717379f0f90b70663de8dcf228124c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aefcd70686f526255ba295c6dd8d3952

SHA1
fa4a0e6ac40cdaf2254949ad11e69f97e8e7aaa2

SHA256
9e8212f9d955ef60e3c942dabeed3117708e1fcdf2e7798f24a77055fcf87426

SHA512
96518f883380ca83a000956c3bad945aaa0d3b810312b4da991aa8e10b49ab84b3e189930b44b1c08e65511cd8ff5d1e32a72f09dd71c7ff787af96b78824106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
10aab3ea577ae495ff33bb4a8cd1008e

SHA1
8ed463a4044e0901f4175e159a44cbffbe25948b

SHA256
040623fe5109ff74c2b91e5407390ad285ea9e3141adb9c42f4b47bbdb685c91

SHA512
ad2530b5ee8928b1495592989a99983a8ce288f6fee4a8ac72bb64ac49987a7c84c930e6fcb54c2bbda5b300e8433587a4d9dbc7b58895c0caab31612acc675e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
55f995330e1626287d41b8c3990d24a9

SHA1
8bc7c01645ff897ba4bd3cdee6c57772d213d03e

SHA256
e50a873c99d24cf0cae5cb0af5ad68852986cf0cc83d21af85901cd64d136833

SHA512
10dd8f6939fcb39e8b51db3828cb71cb9e38cf6e5cac22931c72e3f527927abcb7fb5a065b36e355ea171d6404027ae1c9efaa351c0f7e7849147448b1fcdce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
15249c3bcbd2e25e1c525916f2ad4c78

SHA1
926fe81800589bff106067cf4057624b3df885e6

SHA256
c1f63bc5afb37a28467589c3a98f2af2bca3c6d0ce565f3d7d2c63e6378fa37f

SHA512
dd45dc07d4f7c6c5dd75beb309fb5ac8e68dade9f41251af132fcaa0d9d6f81c3ffdc8253a2c513285be6d8a77bf2d61f41665d197c2f357dd54041de7d55e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
56d79f28625170f1c48b40e60b27c846

SHA1
6323dee3d2aa01acf14c793fdf8e5f92c8a6213e

SHA256
4e0ac72f638825c49d43c06bea2878c30d9e4b7aaae77188919ee7ef290c5749

SHA512
c300ccc5e3225e573ef55e54ce6005ed57f2449c8408860755590111321c16014e13e42d8e9c173c831858a794cf8bf7cdeb2ef3196ea167eaf2b5dd1450c355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
f2f598d32825312d8dc1b1a745e417bb

SHA1
9e9d047ea33b44621e60c6a521fbf3aaf5080f35

SHA256
5aad8b28ee30ffd1dd66601fd4681e0a2f4936529c87d5386a040a1d5847a7e6

SHA512
05dcb8bf59f65b7269ab46c588ef491b87dbff9a8e7607d07deb49ca971d24ee46f09104809005773384a3efedc3eb63834661b0e8a3756bd54399b126385c20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
e9d99a831d27ee8d07f4bb6ad344a905

SHA1
466ab79fbaed0ea6db909b2a6028a5bf5bda5956

SHA256
0ffe506f0abce4e7c0e995c64274f05938ad55221a44806b28e2f78dadbe3a0d

SHA512
01edd871e1cd93676e8ad3ba331720d3dbf35c2dce7121c379c7855503de6fe0638db6cb88e506afd5436465afa1e1c03d07be0964213489bb9c7002be7de2fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
17a0df44b7b5b46c823d9c2fe584ed9b

SHA1
e3a6a95a74c6c79fd48949c2d052149a10d9b942

SHA256
8cecf0eea50ac49e510dfa26acf9a5b3a6d58e5d531aeb05fc0baf75de8f4206

SHA512
79e5a9f0229fb934237094aa6061b295467cd73dd0a3c29d43f26c1720f47358bfd04c86ca3704cc213e26a8a50f6eacc9e7b83d8c9c771ac9008955e4a1691e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe578d6b.TMP

Filesize
104KB

MD5
0da2184adddebb2ce65b1a7464dbb281

SHA1
06223de3fa34975b989fdbeec8d1dbce3db91f38

SHA256
6846031ff1d1f000dadf64697644a2ae6fd6972b0cb1f450cc85bddf15b90823

SHA512
ac80f4bd1385b3c87ee75220fb93b179485e1cf7f65ea714a9da7a91cf1b81db672a06183521e5aa7166585c0c76b1246b5228e8988405a18eb8cffa1814a9d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e6171c2f-d176-4318-8074-fe79a98f6e61.tmp

Filesize
199KB

MD5
74e14e8c96b2676384591c4c392985d0

SHA1
ead4ba70e97aef9359aab1c50a976a28501cda37

SHA256
54428250693516394f6b27ac21b0c858e8be28378ec2909612489a8e0a49840f

SHA512
d2f13f88fc89b29d47b2cd655f15f1e9f5fce50516b7929525141cb71ae3be5bf6a6d44d6dfa1d8a77113cd70f5ee35f7fc657ccc5577ee0df331a1cf9ff823c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit