hxxps://cdn-141[.]anonfiles[.]com/H2h8q1M4x4/9d951881-1681588187/Osiris[.]rar

Analysis

max time kernel
480s
max time network
474s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2023, 19:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cdn-141.anonfiles.com/H2h8q1M4x4/9d951881-1681588187/Osiris.rar

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2660	CSGhost-v4.3.1 CSHacked.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133260612745564549"	chrome.exe

Modifies registry class 57 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 200000001a00eebbfe23000010009bee837d4422704eb1f55393042af1e400000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f44471a0359723fa74489c55595fe6b30ee0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 58 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe
2388	chrome.exe
2388	chrome.exe
5504	chrome.exe
5504	chrome.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
2660	CSGhost-v4.3.1 CSHacked.exe
5316	chrome.exe
5316	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1512	7zFM.exe
876	OpenWith.exe
4760	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 51 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeRestorePrivilege	1512	7zFM.exe
Token: 35	1512	7zFM.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeSecurityPrivilege	1512	7zFM.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe
Token: SeCreatePagefilePrivilege	1300	chrome.exe
Token: SeShutdownPrivilege	1300	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1512	7zFM.exe
1512	7zFM.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
1300	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe
5504	chrome.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
876	OpenWith.exe
2660	CSGhost-v4.3.1 CSHacked.exe
4760	chrome.exe
4760	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 4340	1300	chrome.exe	86
PID 1300 wrote to memory of 4340	1300	chrome.exe	86
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 4812	1300	chrome.exe	87
PID 1300 wrote to memory of 736	1300	chrome.exe	88
PID 1300 wrote to memory of 736	1300	chrome.exe	88
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89
PID 1300 wrote to memory of 4808	1300	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://cdn-141.anonfiles.com/H2h8q1M4x4/9d951881-1681588187/Osiris.rar
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd3bc9758,0x7ffbd3bc9768,0x7ffbd3bc9778
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:2
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:8
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1792 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4944 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3456 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2756 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2740 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5756 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5744 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4740 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3208 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3524 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5740 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5572 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6140 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6220 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7372 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7336 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7352 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8000 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7872 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7184 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7036 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6880 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6772 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6752 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6620 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6588 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6456 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9268 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9256 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9420 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9012 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8732 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8716 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8676 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8312 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5688 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7608 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7636 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8552 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6912 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9276 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8716 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8684 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8768 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8484 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8556 --field-trial-handle=1816,i,15679171950548132419,497084582839361346,131072 /prefetch:8
  2⤵
  PID:1084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1748

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3340

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Osiris.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1512

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbd3bc9758,0x7ffbd3bc9768,0x7ffbd3bc9778
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:2
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4624 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5068 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1252 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1048 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3384 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5956 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3396 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4704 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4604 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5752 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5988 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3412 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5604 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5644 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5064 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3900 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5588 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5948 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 --field-trial-handle=1896,i,8974853449327074975,6838983962316093380,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4760

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2160

C:\Users\Admin\Downloads\CSGhost-v4.3.1 CSHacked.exe
"C:\Users\Admin\Downloads\CSGhost-v4.3.1 CSHacked.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2660

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\135d3256-852e-43cc-b511-9031ff98f335.tmp

Filesize
131KB

MD5
601f253f97893d904d94131a0943ddec

SHA1
02a54d386fcae09f4c127d38d4c6319761317961

SHA256
cf02aee0cf8ce43e5ce5d95f3f75f28af7e3b8bc305f1dda2b44339965182d76

SHA512
b3e354a8c9d36291755ed05e5573a28c2b11f2d9b44e50e02a107a1198263665a8018992af46498149d658e7a2413357ac73255aa486a423418acedd38c89703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
298KB

MD5
1aa7dfb18b53c36e6932e4c559204251

SHA1
b6c948e650fafa192f2f95c4b00a0f981582e7ff

SHA256
cee1d071024b963cfe3cdf5ebd7ffa53c13fe200d19dca4622ac70819201edb5

SHA512
09c9d19fa865aa5951b9605326a285e19448ac86e65e0c885641c82b6c19fa41f011ce978bed96d21fb0955e747433ab7f89e99ad51b9430691a5ec00aba808a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
64KB

MD5
1067041b8fa46bae06ebeac837cb67ed

SHA1
9a1e51cfe25d04692592f1dc13ce75058db813d3

SHA256
e6f3a928b555e72664e65ac8d3455b7ace51ce76f205975f98daff89b3a5d533

SHA512
d16c71f87ebcdc4553cb5aa4283f84ba02178e80d237a99d56ec416377031af4354582d459abac88df5b06239e3fb4625466b478bbf67ac5f6f001e82fa58882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
71KB

MD5
086e25ed786af05bc56440b071abed2a

SHA1
c89f022294845a3ffab1c4e069c554713a3788d0

SHA256
11b0e71a33ada4c87b440135c628395e446d481325b12717e6649845596530b1

SHA512
6f8f8fe034b1891a50758252752b27f26805c2afc6feacdb9cc2ff2f2d8418b8f43bc79c5ffc36c289f2e85201610dcdc523cd396b0854cc12deddaa837dc171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
61KB

MD5
98cd30ec232b4d8130a06c984d8b73a5

SHA1
a5b9a5446b08b8a2bfdda101ec72537a92ab0de1

SHA256
c2b2952753b613d80525e39bef9706cc41728c38c2fa2bb65cd62ccd47cc055d

SHA512
d702c14b964f101eeec921feac272c4c75d30d88096aff8895c5b12755de4b02d89f333a7a36468e05947cdf6c61c05e21a499d972bb1021040c388159755049

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
50KB

MD5
322c7ea5b81a01940fdc4cebe6d5022a

SHA1
000df4a603c205667c9da9735609019a4d1c77c1

SHA256
089d9480833d283208012845bcf91b1ec55b6da8db9c0f753e80bcd5b9d91b65

SHA512
681939f3979b71d914caccca22adb28988506becc3b795e7d0bedb87be932546b9da173b7352e792f9ddaf2a6f618bb0acec620ac9391ecbc4c273f50bee409b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
108KB

MD5
371e976fdc0396a2a19df2887ec21c7e

SHA1
5244965458646963631f1cc020543ccade5ff215

SHA256
3ee9526eed593009b438181c1bcffe0f4f321ce861ed52f971cb3ed84859172b

SHA512
f65dd4549b5ec44b6854e29c5a0bb7b19c9be44d7d4d555fc6d7d10c42dc0a8132bd5d98abb6a815baf51ba814a2386c88ec9fd7ee8d3c4e65d25ab7b8074cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
25KB

MD5
e2c987836b37b8d89de07357f9900fda

SHA1
741144c208b4d4180fac9f900f5513c14711899f

SHA256
37e83f1fc2cd004828d8c1e70d90e69b2ad2f740de9ed67d74d3dcc0a728ccc1

SHA512
9a4e9adae6cfd06e029d24b21c5c1befdf7746840ecdf49868dedc28f35768615dd8d614421bf325b1dfd28dc82ac1391ccf15854ed6b4817d723415edcce561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
100KB

MD5
f134fda98a277b1c8f20ab8fbe2fbd58

SHA1
a922796190a1f5bbb3c410c6ec591502050df04e

SHA256
27bce9e85eaf3567a4695ba2b612e32615394d80d0a3a2dcb07b1fbfdfababc7

SHA512
2b2e8338afb9b0ca9b5fa3d452dfd80368b5d17566120ae6351b6d03572e5a69cedb97f165fbc31ffb3addcc00506a3fc0761cf2404a5d9826a8448a7c4d9f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000072

Filesize
162KB

MD5
fdfdaf63d56b4a9cd6641d79f7159fdc

SHA1
18b413d8b6b9f3bec32026b7e9d9f4e5e366922f

SHA256
f4dba3e15f08cf0686e6d89370ed42e8a5dafc38973501f0aa6baa9b93c720f3

SHA512
06fd67f1a2d5f168c75b5b833d3222d6c0eccfadd4021173a7ec7f949971554d1c7df322b1dc512ef14941e76a9ff6445ba3bd16d940be5bc177be989ec39c2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
f6a08c97fa4e42042ade6836a9c59e51

SHA1
5319098eabd15f8aa385a741fb8480938e7c3d3f

SHA256
4dd9e4e4909db01e6f72e1feb2dcbc610c6ea3d2fa176b799c9c9f2e29b9abaa

SHA512
98c86f80453453ed7aa2a92442f1774b69d57b280109c1e15fb27f4133c3726cbe1a9622e48a29ba5af68152a318d8bfa45f8322cca62bd66ee989e6563471cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e5e60bcd8a52a7fbfeb3b10a28a687bc

SHA1
084a651bc0cf0c695706135bbab9fb2ff73be627

SHA256
95a2c9cf5ecc12f0877a01f35b8fb7084e888bfb01b0f1620b4ac2e97d48bce1

SHA512
1628fc9b7f95da0e53bac478f6ec3234ddd6be598262655e5a802c712a1fdf94265373fc93f54099950a746ab622ce65d3bc44866dc35ee4a97d6a6c51388b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4d434744b3bb63ba96b34c3a45f3f34b

SHA1
f20b6aa11a77f5ad2b21fbd75c3bb62d900a7a92

SHA256
c8664b8dbb31c49f4cfe73ea8416b7d5e13e0e4adeb716d598415a69de8c0579

SHA512
4913834294236b7950251854c69db42b7125111acbfa3dff09cb8f374b320cee962fb88daf97815ea3c7dd8d8a37e75c92e9eca541fe613a8cffdea7bff9aa37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
99e0a10508c25e6e04ca6942f44abd8e

SHA1
6091765bb1ce6d11e1e4091e10ffa935ec7c28f7

SHA256
c5679a44cd391fa2823b79bbd334d546af10dae6bb614eba8a9389e25b89dc21

SHA512
c4026bebb6a377ef696c862ae4f5625f8e91454c6441362dc92344442147e90625b4cea210d8f8895d6c1253eb5696baa5912c5847b319a24eb5d72da94b5aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
51bd1f03dddd86e193b7ba40a931e661

SHA1
6a71d3efd9355ee1197257e10596af937b1d77d1

SHA256
786197c6980732ce2020fff510744f2a21a0d3c8e4409f4999e53313e1bca4db

SHA512
48e583be35316a5d20b496337075d7efe677af0aeed0f92b851ed53adf625175f7a5eae6db1aae1d4e68fb5c5af0944b1a08b78816dc2237abb7505108e853c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
b5f837bad7f495e28766f54ff71bb0ef

SHA1
795b8db795339c7828d20c24f270a07b8793bf5d

SHA256
24b1f1a77690b56417a257929d9380f8851a88666fed4506901137c2ca9d3e44

SHA512
8330c8fcb5f1345d20d83b9eb8baca167247f6317748926de839b373bbe1e03242494b2a056f16399e35257b5fa7acb456b6ed7754d1e86dbcc68ea604a63828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
66b78905b6c4393faadf4b6b45ad0faf

SHA1
c4a310452a517f3403c0d3a3971f0993006e8c7d

SHA256
43a7e76842936b53220ab3181b5d433453398dc53e03aea0b07ad551548e0c59

SHA512
58e288f5183ca21eb7c50a8b0e9ddea5dd76c8dd01a5d4deea9325023934b8c759e9a6b4c5f8e3003e8181c3050ac1cfcee76ff8031e091c61a7c5177484ebed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\582c579b-12cc-4437-ba57-198984ea7568.tmp

Filesize
4KB

MD5
e6903e3f8f515aca2a8b2326845f7b8a

SHA1
6249b21cb96bdc9a08486b3aada4d64210b9f6fb

SHA256
e11254f722681f741fce8e980daf0426b71b4151a940c8bc872d40d6914d132e

SHA512
42fa6d0bf1282d302f59cb33ab1370e020879dac27ff125f38d9f4ceb19976bff289837964b4b71203fa66c6cbc625f3a3210787e4dc97c63cf11882e9e8ed42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
0716966995af6406f21fc6e073f14e91

SHA1
5ffeb6b37839f5fdd35f87f3d3bf56c59fdf565a

SHA256
04b27286b9951e5715909feb260e38b03238f45b0ae899300029012573a69168

SHA512
21e38b0642b933d2af042a4da0f44edbe3f1a79aa2b50122933c8fad2373f28f737304aad4d43d4be15922a10b6c6953f764a586b7cff5775dbbf2f2f9b75cdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
708B

MD5
5ff89e13a44db37d0bc3f5c98ad70e4a

SHA1
272bd116acba6e8395e65be06205f964541cf45a

SHA256
2d7bbd023907f047c4b8c44db010959d08092f0bdce0c6dc68744ff0c9caf0c2

SHA512
57a5dfcd1ea055630828e89b79cd9b5a305d48c34ff1b78f16bdddebe6e0d7bb7666195f947836c6d390d5af173bfc27a73ba819226c6341f8fb04bbf458e66b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
1b861bef642530277dea451063caee59

SHA1
d7b505a932ae72d1bb3954f4a6cbc0f08f5bb2bb

SHA256
c05a3074d40d468fea05e126bb5bbae1063bc514ba9783b35a0eac808ffe2978

SHA512
95eb68fdadb463b3ec8cd8ab41f2bf60a66bbf9e4ef2460ffa92d77d062b7935de0c20675a71b0b282398b64196bffb7299240db11a4987f944cfac319696c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
db93c86a3ec8c4fc8aa033e001c2ea66

SHA1
18c6286dd82a7d0bf4709c804ec6ee0c7096d948

SHA256
6ebf620344fdbbc9b9aae4b09bf52a94f002a77e3c32c190633a7895c4d267d5

SHA512
65e921acc56b63c561d6a291569c3972799eac14c5519f9b2a8557ac7a714d72b680b5896096f81974f3117bc56de2d66280c7d57b4e3e7f7434ab31529d3e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d83fba4580763c0fac44bc6411e8bb30

SHA1
e4a31607a8dc911e9d8e1de76837202f1cf0fc19

SHA256
8a0d4d29df6efc6e1728530611be4733deee9753739f45c73f8cdeb407b90c25

SHA512
65fb60790b3a5a46ef5732ca2641b230d7dabd3a2f7f5e7c2d41ec58b3405b12aa977aec64b773240846cf2f57018d9586e9e945189a87e7fdab6f43c8cae33b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
51efb02a0b2e7cd75cd7f33bd2520831

SHA1
ea6856b01a656bc2150112a8f03bc60edd7fb571

SHA256
04cf3e6c25a11c9207064f5858d7fbd540244e6556476d4593257b497da0026e

SHA512
6155151d6cef43eb254a17ba5c72cd0e729c2e12a0c5608a0162d29642952f02012f92af44124502e6823b42f4aba871bd2d0ffb51df56fa6b443f822d5d3b24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9e0d366d1e9908423dda4fc0f59073a2

SHA1
e614d2a114a9be9e966f73ecbbbece5fd0d3f02a

SHA256
d775d69c34102d910daabd66efdafb290baa633bf73dcf58cb70ccc3310f3f21

SHA512
8a76e910d7a94bd1e1c16b135e1105ee0596dee34e0668b3fb57e54fcbeb424a1e104dfc0c0be02e797e6b69f2f915a5730ca7018062deb9d15cf614a8e376cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b3b6e16c0b8cd08b709146ee4fa9c384

SHA1
965ba7dda6499fc7293ca5ba04dab4bb80c46054

SHA256
190b95548b4128eb6aed632835b76e1410b8f29f808f3f6b26ef4f539b0dac5d

SHA512
e59c6c36620452c3916032b8d100f795b57af56fb658874e24db203337806cc0d85d9dda5113182fbf47b349e391adb6031ff439ec05b71d924f0646467bda15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
14300e33bb45d9aa65f6a6223b12cdc4

SHA1
734c7a5f908840ac5f5f3809b485a06e356a4082

SHA256
442b7605ee44d0106a94274a30142e6e5cf3392710405c1b6f81bac3bd1d91f3

SHA512
740c1699b765898e70d9e2dd9d4f0b9177fc6334a40dd8fda2b948aa65caa0c26f85f5a3bf19debab4582b4991f1f2cdc0e7a6dab1db62f2a9f0ae4e90ea7145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
cafcddd2456a3115e2da39e53f2baf6b

SHA1
d2056078586d48b23f90d110b78f26e2bf0423b7

SHA256
b7bd540e7c2b7bcda531ce4cac36ef2cce5cae6bb15cd46a996bcb3449fd421f

SHA512
932e23837a925ce102a989837564c3f09edf5cb5a81f466f4fbd6a259b44cfa21d99426d3e52dfb04c0cf388770d0b824cad600caff8adc205272b4430427bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6791659e43718d3591a7b65de4d28515

SHA1
caf213030af8ff644b616371527a4f3002e2ad3e

SHA256
e960fda64d1093e10eafcccc7f9885cf0c15f6664b5893556beaf01dd42741e8

SHA512
a4a5c5bb5925b88f03d531663e9c532454dbd637ba4d35116a3f4c6b7817741afd97bc8067cdbce1521b0c47ebd1d59a581e70f190f45ffbf6aff91558ee03f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1afa1a0f26454bd4befe65802057d285

SHA1
f7d93ea187733b625cc944145547b16caec9b920

SHA256
fafe70534577aaed4128355e4e977ccb83d62cde615d9fd861b1561587dd1e49

SHA512
723e4680a8e99a0c56ee39a9d0c921b73b389fe8e33b19e1c4ae256e9555197b00b4cd4615f946062ab5b3e3338d53d0872e7fb27367bf9db0a4c92db022c8c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
2369d93fd8926f86dba7d2b2d2ebcf56

SHA1
0d54989ac60a5c4345740cf871a6f87930a6c511

SHA256
34445a67e0043da6dfa3ccf0e420be9199c9cd167922cc00edd12b5aff105c96

SHA512
786b367f25ec0da941dc186ea163afd75e79d44c24e113a4c2d124b835d23273781eba9bd55b88b2ff6cc4e8071241257a294fb2f4358b40c85bd3a74cff860a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d94cad41d927a3912ae396c5cb283034

SHA1
a47a943d07df2b89bc991e375ed5427c1e5e2752

SHA256
1016c33d9eb7113861b607cebd721330ec444f03da45d03c39c5c2f5d1d2fef7

SHA512
aa97c37a9b676f8568037f2549f4013c7536841dabea93946ea23dc1c978ae6e56e4cc9fa77ba7527242966f13a2bf79f2b39084a604d4f21b75daf96ec9df50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
137d592f49c85f26c3fffa144771fb74

SHA1
13bb8bff4386c6afadbd939e7caef7a7c3d7634e

SHA256
c1faee358c36f887c5b0f9f8531c3d0625451b9ae924c9aa652f3f86c553e25c

SHA512
876ebee19e7273be61a9e5e4b4fb3150c90100b044c25e417c1bdd101b5e689541bb0f433a71cdf27f9a888a164fd0d4fbde57adea28e5cde1f1242bafbe224f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7359dbebc24e64e9aa73c9c036b66b51

SHA1
51c83a5b85b3e0404718c804e552c3e59e4a5889

SHA256
a2d5a4424fd8bc748f693c81605223011bfe10768f88bd17f8e78c8280c15f3e

SHA512
24ed810874702be0804a478d8af83378d00f709a9b53ac8758020bac0fa32ab892701a01fe509c69c953d5294a46c127050935f30f38be09c5f3b852fdc110ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
297894cfb5ec2c4aa2eed4f173cce972

SHA1
222edcd0b6ac64d09f2891ccc1cfa6ed31114102

SHA256
1194021bc1dc96f384ff0cf339885c15ba9e6e485cb257a489d8a6c970c3af5a

SHA512
cb5e57f092d10b140ff664acd4624aa1e48f302a3cfcca08998bf347e97e7353da7d8dc289384edee586674fd2348ce1f9a5683b459d163b85519d8e4a9cfa48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0397dc6f7eab07628dcb171276584a2b

SHA1
2fcc3980f1bbe72176a7a219bbba04ee0657202b

SHA256
a5cca57962209220e793219974a6f8e0d2b23ee43cd51446b1995398a0952f26

SHA512
7ad393bd3aceea2131d29c4ac30c95a5808e5ef8cd92d618e6ef6a4e800ad3475e3cd9596135d7d7c92f0464233705dfb5bba9cb3afe46419c94038f753297fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
17b14bead92d7f8ed94c2bc0ebbd3c91

SHA1
1be61430152b7e83814b831cd08c00517c96dfa5

SHA256
9e63666590086915a5d8fbdfb446380b07fea255c39af69811a1329e82456f8b

SHA512
13877e18aa6b5f3e7c17ffe4ab54a96cf96027da0891d4720d5fdf12f43ed1ed24f830c3358daf82d7a7b515225dea6515c251b696835c80d0e3420e76406db8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3397686739a90bafe0c3d542327ffb8f

SHA1
f50045d8018ce99304d413d28bd380b637aaa3f6

SHA256
671f08c8f981c88b475159bab4fada3b9926d71863437ee96d82fbbdf0c7e5c7

SHA512
8eb3493d339b2e504d1da20ecf0dcde8c46488470bb18234983e366e373b5eef9d45c7a0821f3df359d8c7391500501f7d8f7121af05debc8f00c9b650358584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b87d19dc6c321a0ce7aefb261d4e883d

SHA1
b35e80c0d96827091810d4632aec0988c7b68fba

SHA256
ca4a7c1b1efc69fc23b67aa16c4bcc97fc130a3897fbdafd672bda427e9b577f

SHA512
1c02af7938c29f06541d5613adad968b2e40740ccd37a4f96baac5a6e69158b3a0e270cee69d155f421d2b3b0cafbf744b02507ae39f21b1fddbe0f3c1ca9d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b87d19dc6c321a0ce7aefb261d4e883d

SHA1
b35e80c0d96827091810d4632aec0988c7b68fba

SHA256
ca4a7c1b1efc69fc23b67aa16c4bcc97fc130a3897fbdafd672bda427e9b577f

SHA512
1c02af7938c29f06541d5613adad968b2e40740ccd37a4f96baac5a6e69158b3a0e270cee69d155f421d2b3b0cafbf744b02507ae39f21b1fddbe0f3c1ca9d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
95a7042fc6b8e744d48b8f39a8235a53

SHA1
00209f07d197c532ddfd734ef972fc35babab319

SHA256
dc6f5db6dea28208976f5dd7a1f95060c4d5d8de2fb2c6415c8571706be0b61f

SHA512
7396f78c338b305438ccaad318c6061f99d83c178cc4fe9e00307d1b0b275e3027dccf854fbe88180b3cfecaec33c5579948e9603904f94d99d83bf0da3c3b08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ddb1e0d3d707583033102fd19d8bcca8

SHA1
36912d67a1ab3befc424782e40e2b28e40f01bca

SHA256
7b4d5c228f46223fa4163ed6cc8e4fb883fdb4d0c2c2ad53d3faacc78151ef1a

SHA512
0096eec4657d9b6aa815e844abb2f275c0431f5a5919fe7f50033314a121a242400fc148ecbceb908e8555aae37a06297a222510fc96f185c0634c70adc5f2e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4250ddb79efbe426a624801f0b2bd366

SHA1
ba814a0ddbcbbd019f8dfec5723429be9a9fe894

SHA256
7411d2a95a3e49b891d49596d7df1f3fd99a2a994c7e49b78dccc9dbacb11694

SHA512
0c8221ea230dcead85b415907f663a7a202d3477cb23a9674ae247fac409dc6bfb1a0e0e594133e28af7f322c24683aa0caae650479bfc93e176527fd7205cf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3ab1a256b48a5007956d021a35f0d227

SHA1
2f2b530c1f00a70fd7c01b5865b57a3194a5b998

SHA256
3a7e795e219d094658df7268116c87eac2a83f2c7a061bf3cf3d237fc2bebea2

SHA512
145c0b7b73b03657654a0a98d7d5ca8bf5794f1e17edb521729d65173f6a4c9bd7b9d4996b6d1fcc936bac8f874369fb1c86d44aa100b2830ff672e5b563b704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
27c7b9e786b337b8c0b2551fb155cb67

SHA1
13c094b5b4d30aeac54b5a4a6a1371d15a54eb1c

SHA256
de4b0526816d56049a2a2e12f75f05daa48b2dbff61d583b99341057f89badb7

SHA512
e3380fd33d5c0439de16be3950e5b6f6f34cd8f14c65f7147d123d486dbb983d2a0bc78b2e4083f6b4587d27dc9d04682cd7b8c95755e039efb9b9affc603bfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4aba963428ae088cc6d48b1e9d5c4864

SHA1
2b617c50281586ef7f0f1bf95e1fd65fc76b8e4f

SHA256
4c3f41f85488f03993b74d8deb3095882e49b4521a023a915b984ff9f7300f25

SHA512
bf6e7d57566cac9cb2123e136dec90c0cb76b70a76bd3d24df50bdcb615bed9a1bdda266268821889e91cd9b221f05519ee8585dc7223a92c99a97e157bd23af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
e26cf5725122a2c7b54d1ca4a477f5a0

SHA1
63e1cad5d87734601bfb162f49290fd759fa6622

SHA256
1c8f1d9b258815629e5b9687a72258de8ee669fd59e19a7c90d0db967c36d404

SHA512
88d929fa5c472c30363050c5ec1ccb575d60d05eb24d7ed7b9e5de0b8c9a804cf2f7d0a51ef0fd0aff94477d5814610ac8e5ff1a08aebf4cdf26539e9aaa670d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58433e.TMP

Filesize
120B

MD5
62e7720c39fccc9ca6f4772357a4df6d

SHA1
ac9afaebfadf8e0249bcf9c6d57fa75d9209b71e

SHA256
161623a030f821feae2983c4be3215affc3c1ed96362db1406b28b203e0d0a7a

SHA512
83870d0cec2273e8c46d577f59b36ded11c2de58e015d923fa4a05aa377b6a2e18043fc718c97303c18ab4b76f1ee5ffc10afe6c6c23efe9cee05f5a6012fb05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
49776ae2d2069bf179c2ade637171748

SHA1
2b7a803b69f6d2dd8856734c4fcbb03bd1dae8d1

SHA256
df2704496b7c8dfa161fd40f238f07d307607cc8e04758f53380a37b0c3faa2a

SHA512
8f7b2d27696a88b15dd031115a80047962a406226164065b5004694a8e4602a4c7f9121036c969e83d7dd73fe3b333f8d6f77ce18f1492275737653359748498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ccf8c.TMP

Filesize
48B

MD5
5fcc26f2747ef186d049250a5db32677

SHA1
368960d91999cb5c281a113ac22f3dc0ba3edb45

SHA256
e2ea2472a2a27de142815679656180df1f8ec3c0ad9ca93cbc3931eb65a3f811

SHA512
140f7dce5d85cfc3e75cbeaf9e1df40ae07476cbc751600f68b419ee008b999e686c751ccf647959a39e1fceaee744c2a2e824cb6f7105680cc461dd27841a24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
c75cdef190d0b74dde9bfdf4fa908df1

SHA1
ab632d5358b470c62e69bfe20266d2e55ce24ad2

SHA256
9c64871cf117b1523fdbd0622d953a4a1e0793d3291bde22ea18ae4ed4802482

SHA512
48a50791f2a673b1a3960d7ee2d760bed965243696fd54ffd11dbb317ee4db71230367c730daaf3af095ef1ff951f371365d90e2da626f104f503dda2c78afd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
fd6012bdb63e20a197be42c48609c35e

SHA1
26ee43a668bfae81beed504d18fc873d58b07d94

SHA256
aea9639cb5b48f69bbb4cd934609c611c318dd25c91914e4d851e129e4198b7a

SHA512
3cd7941951f332e84a3fc61f0269655ef41dad2ae0ebdb676a77b885e5d4af2c8a37e9b02d0009d8d35db37c27c079681fcbe700ecccfa11c786faa01f269435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
25152b6d49d114e6a6186d83511913c7

SHA1
5c15592c19348dd2adeea646380a7cb99989693d

SHA256
dfe738cb7cbcc68befcb5911bfcceb335eb3dc6fdf65ec2c4b08481e7c49dbd7

SHA512
8a2453b7bda2efe4ecb3292cc630f3f77974ac97e367b8a4acd12fb20b446d49ea2988f42896c444ff12f6146a5ce60675d95879b09ba97578fe9fe7fc5295cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
4cad21389cdb06d26553826a97775d26

SHA1
ec882aab1a8209bf330c0eb11e04b66c25adb2b3

SHA256
44ece503ec11d803e7b623296b518b168350535c7a68c1494b861f80ee1b4b03

SHA512
3b2ddfcb2d02606f94edd93d06664aa1a5330bf24a8c1e13c391103852d1c5e4c7f4c7017122ebde06933358d36090f2dc99a76dd64da366292af14edd16cb27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
3facab3c20fcdf4901f528ba32c00c35

SHA1
a7f14ed5a3dd69562c81805e8b62c84a446dca4c

SHA256
d921d48a21a189755f49ca4f5042cce6545cdad7c85200fbaa96f42cab2628f5

SHA512
5237749491b85146eb119adf7bf155c59ce8cda08b29e0e1a0b84fc1f7b024e7e2825cf83d37f8a471680bb82f46e14ce9ccbd919fd5ac8cfd9fe2c9134ef4f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
4cad21389cdb06d26553826a97775d26

SHA1
ec882aab1a8209bf330c0eb11e04b66c25adb2b3

SHA256
44ece503ec11d803e7b623296b518b168350535c7a68c1494b861f80ee1b4b03

SHA512
3b2ddfcb2d02606f94edd93d06664aa1a5330bf24a8c1e13c391103852d1c5e4c7f4c7017122ebde06933358d36090f2dc99a76dd64da366292af14edd16cb27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
4e4a5a38b20e36bf8089e3f204c28e5d

SHA1
46d0200ae85b721a9fb0d888bbe07205ef74783e

SHA256
bbbd4b69d6cfc36c5c1aff2919da81142b641e2992b9da7758e83a0251790f91

SHA512
16f09a04e3efe323db0ce8edccf556b4a8c8d60d11a1ec733fc90d1432f8bbfd4691d216eac03a8b90dc79b83238ccffded22bcc7f43271dfe104444da2acfad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
115KB

MD5
a70bc9e46aa7539c9da7e8f02f5a6fbe

SHA1
294b0587875f3ca6c8af9467ef17fb117d26bd65

SHA256
cce53cc8c1c8d3700be8f9c1e116dfedf1cc45a8350b4376597a207245f989d2

SHA512
047f0e9c49923cd688a6e71e1b1cbbeca5abe0fdc8f021ba7f55cb9bd4e6c896abdfb0f9c302200c89a84c42aa3d15dd7eaf0d285b13afadf2a71d264abe9d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583a64.TMP

Filesize
110KB

MD5
b8be6784f096c108f48c82b8de214435

SHA1
d2f281fe0ad4bd68ca8ff4d44b9428481e144045

SHA256
096375b1515ced9209465989c16b99148ba1c0ccd41a2b1c00d8ced8384f335e

SHA512
eb97fc440dce91b3388b4ad7a107f03d954bf8dd21db9b851ae3b34ebce61e21e34b7c43633df6da3f28ca612736a8be6f5ee70f55d1b3d627adee2e4c998310

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
eea9db3309e32a512e4d8b4ed8ceb46f

SHA1
a9e9efd56877e935c90dd446b6e987fc370f52ef

SHA256
7fd897714fba1b77747cd079a70ebfef6140617ea3dabb5d94d28266833a35b7

SHA512
2e9a0ab8fabc5124dd2f93a7abfa8368ba1305c769e8e735766364e39c809611fd0ba69d18b81a73f07b51dd21c4e74923118d11b18358a6e90cbd375349d7d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\CSGhost-v4.3.1 CSHacked.exe

Filesize
110KB

MD5
5b7c939e660af3a678af8c48d416f3fd

SHA1
b751c3ed92f2b33693c63610a27f57616c59b6c6

SHA256
4d512dec8b02a8779f892ed6a07d6464625fd0ebce4ff1a0c1cb356784dd2d9c

SHA512
3f56222100b2decef5cb1022d446ce2ab9b282473ef51b8044b377e02b7907116c2790f08a154d4859d52827ceeed8b2adef519b0f9d193f4a488a4c7ee5ef55

Download Submit
C:\Users\Admin\Downloads\Osiris.rar

Filesize
593KB

MD5
176ff3a2c6b4bf8272b1a11fef883f41

SHA1
16fffb3a93c05c0981418dd303e7b0f048480284

SHA256
7f0bcd97e0f6aeada66142e97d99ffaebe5c5a23777989238abcbafacdc69f24

SHA512
90ed9ccdd27351928b8d04c27dd2cc979db121cc742795e72ac8b7a763c38cf491546142faa57f7daf3bd1c1b5261549f099f8f12076a391b47e8615b922b2fb

Download Submit
C:\Users\Admin\Downloads\Osiris.rar.crdownload

Filesize
593KB

MD5
176ff3a2c6b4bf8272b1a11fef883f41

SHA1
16fffb3a93c05c0981418dd303e7b0f048480284

SHA256
7f0bcd97e0f6aeada66142e97d99ffaebe5c5a23777989238abcbafacdc69f24

SHA512
90ed9ccdd27351928b8d04c27dd2cc979db121cc742795e72ac8b7a763c38cf491546142faa57f7daf3bd1c1b5261549f099f8f12076a391b47e8615b922b2fb

Download Submit