hxxps://gofile[.]io/d/qXvX9j

Analysis

max time kernel
1799s
max time network
1687s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
17-04-2023 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/qXvX9j

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
5528	decoder-encoder.exe
4580	decoder-encoder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133262300397235336"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3640	chrome.exe
3640	chrome.exe
5856	chrome.exe
5856	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe
Token: SeShutdownPrivilege	3640	chrome.exe
Token: SeCreatePagefilePrivilege	3640	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe
3640	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 3584	3640	chrome.exe	66
PID 3640 wrote to memory of 3584	3640	chrome.exe	66
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4432	3640	chrome.exe	69
PID 3640 wrote to memory of 4260	3640	chrome.exe	68
PID 3640 wrote to memory of 4260	3640	chrome.exe	68
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70
PID 3640 wrote to memory of 1528	3640	chrome.exe	70

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://gofile.io/d/qXvX9j
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffee4459758,0x7ffee4459768,0x7ffee4459778
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4748 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4804 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4900 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5216 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5580 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6056 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6488 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6460 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6272 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=7004 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6608 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6716 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6532 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5404 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6848 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5952 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5196 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7268 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5316 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6128 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7604 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6124 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7488 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7276 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5452 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7480 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8132 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8272 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8448 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8288 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8060 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6592 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5292 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:8
  2⤵
  PID:5496
- C:\Users\Admin\Downloads\decoder-encoder.exe
  "C:\Users\Admin\Downloads\decoder-encoder.exe"
  2⤵
  - Executes dropped EXE
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5896 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=1512 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5352 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8372 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7456 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6172 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7300 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9048 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8988 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5224 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8220 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:1
  2⤵
  PID:5440
- C:\Users\Admin\Downloads\decoder-encoder.exe
  "C:\Users\Admin\Downloads\decoder-encoder.exe"
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3376 --field-trial-handle=1752,i,5204947403349308892,1358752280201890480,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5856

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1292

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
48KB

MD5
d4a02a4690dc0a2c58584efd3972a5a0

SHA1
420f64c8b7e2b78dd1df6da6fb76e0de988b1c49

SHA256
94fbb30a0ca48c246676f55e55de5e15a4ff0dbd72a5026fb69d16b2545f5f92

SHA512
aa8f1a75fe2b1e14825c83c365f4701d878d4147383fe5129d97306c3bb87f11bb5fa0ff6805d1033d4dc85743823822c7a58a922484f7f4b573585171d8396b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
29KB

MD5
f8d4cd97e53436f3c20d32bc3dd18695

SHA1
b412cb15b2b545181e6f3075e9847e6f1f5802e8

SHA256
45a61a04904fc2115c440a349a65dc93d2965b0b24dc5a8172bd8b792bdbf103

SHA512
169197af2b468514c86c2f9434b4e62a814eec67b32fed51ba25484a15d69c8569da63e2776eb14c3587868731bb2482a375daefcd6ee8bad82cd2bcb9b78b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
355168fa4f7cb026ec65e015b8f8aa40

SHA1
a24fa24c73065c6750e0785c528a7304466dfe83

SHA256
55e09cae883eced329c1c83b365e13e2818aff644126fcc43dce57f0dd5877d5

SHA512
de95763280a37a57d119c24c72185dca28a6b0e9d573136cdaabfb67ea2f1e3145b6e9b28f8c8fbda64adfce0771eedd46dbf0347c1ecf4320c1c35c52462325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f12e8a5cfe035386929fc9f2baf17b28

SHA1
9446adb109da88cc10dd2b73fda3341313c092d8

SHA256
4fdfd065d6559e4ce23a0bde2db29f87cc571d9bf2b37487ce984c0195e3258a

SHA512
a116e5bbc2fb0ee19a9ab0a4516405bc30f679f5dd3f348b093dcc3423e275e7970194f2445e3f0e5690d8e57db5ddf9162522a2fa13feee5e8d386137128e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
47cb0efe90dcef4fa7e62aa7e25f2b99

SHA1
85fa0451dce9985384cdae5147fbe6b570bc1e1a

SHA256
b9359cc90ac7fd7676c84ffc4f02248f17a34b34043c32505d30ea693d7fa6b6

SHA512
26345d372ed768845d0a770e59138630e83f8d73b37768bce8f74789e94f346f273979bb1d8bb48a9fcb1ccf8b2286ccce29cd4271389fb20f1ed44c7bd5f342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
320fb60986dcb3552fd313cfe6c55b2d

SHA1
b788d13619e04daf8dac604439808bbfc49bc1d5

SHA256
88af60ceac5bb9a879656a0dd4e0e9791e0f172010223103995f6a4c414f7def

SHA512
1637133a281e46686d4419314752f8a4cdd06579e596b433599c7ec078447325772f28c8357604088754368bc326651741425a2738a1f4d0ab766bfa2f72a1a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
716d69b4130584ba97660439a6269e8c

SHA1
b2ef0e130e0b032bfca04a0a2ab1f66a833377e5

SHA256
3e3e506ad1ead08aa133ba2dace474ef49846cdb788ce28246e3bc84f5ec5189

SHA512
35771d56b9219371d1df7dba94111e978b6e2eae070fce53bb59b4d99689139f7c6573cb679b33c53ea47cd1723069e9638d09dfe93465262dde29972f392418

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e433dcc97cfe30cd805f151cd6a253f5

SHA1
984f046703f5d5711f2c80cc10d1402b8f1b9a28

SHA256
5f97fee92480b23e259e4337d94ed2754c9d322fe9499b0aca137227723453d6

SHA512
4b7329ce32e011f1da757df16bdfea0366228b59b17363de58bfb7105d59a2d621f64123135e0476575b8651890c445b907b84c85e981bc5fe3cba71fafb84c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
94dbc61485852aec965f28821cdc96d7

SHA1
7e7053e643aa167a9cf53f5943b30bc60931a2b1

SHA256
8994cd8c1a7237c078f1ae0605b086e297563faccf5fa73d7bcd249f679535f4

SHA512
250f4e240d019cabdab972a7b12b38c5d638cabfc0f87f742fd1ee2ec4adb5497a1f51f7239f48354c46ff99f7a65cf9de17407418048a3e7094cd9a702270a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b5c995bee196a1d5b8aaa51c78e2474a

SHA1
54f2e2c8fb10b231c14c3346be02994f817c7de3

SHA256
9a9d0c42f5d3255ad62311e42316025ab351406c6dbace7b168bd9d5c6814b92

SHA512
fd180d5828b01eea38a041ba76679eb0cd4dec1fba9ca1837ecf404a1817b68e08fe9be1dd371ab2b5d07e61f73ac0a3f776732d046aee4082d70b4343766838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8eb70f45f77df5174bc647f8731d8dcf

SHA1
3589b9dcb54e348b2a4ebc16471d71e11491b005

SHA256
f6193559d067367025a788cff28b9302f14b640bb2e62e404b634c7ed4a232fa

SHA512
ac4a5f530f73045df3a9fcf86dc38c313e284905d702633bfa996713a218040dfccab0216c6271fbb73b0c4b8bc61cd075a0bafc5b3ae9882e1957fefcc8369b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
190fefb7f6a35571969cd0333147542b

SHA1
3e06838818b07b8ace5997ac494ccfd487c8f09f

SHA256
bb826af8842a66550106c0b6becccbe06c225a58d148f0c4e27752c8d686b760

SHA512
517cdf1e8bcd535de7dfe28113919ad344c8088bdbb4d806876f82546f1149c78d4ae6b92351556c3e17311c28e0e039b85dbb779d2b84236c10d8f7274cf40f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
8e751ba96a75e21c4e27e1991e631402

SHA1
09f64ee52ecbe8b2a3b4edb79c5a3e0df4b0cacf

SHA256
705369614ef3a9da8b5fe4b557a21eafb72ed09ef2f9f2531556aa4a96e3a18f

SHA512
2e4d28bcd4786e3f090278da38ecf3b0fe5e806af868fc6ac5a5d5b2aa48d7305130940a3a1da47ec54d80de9c5f467d4d204a1abadcf7fd994102be45b762c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
0ad1fd84d2d0c9cf5f39a89605bd1b2e

SHA1
f96e735bde1f4b6064b8f5a99096c58fb4c0d560

SHA256
dd1d533962f5395eada4ca903987658782dfc49a66ff901fb05e8990b9dd6090

SHA512
912f3d2b900d1fe125d196fb6887b96cd510207c4472645fd8865b30bcfc635dda04e080aab9c92ba6646aa1b75ec069772079c30a67a4e15198816a9bc52401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 945505.crdownload

Filesize
232KB

MD5
5ec72993874e57ccc0888a9ad498ae84

SHA1
c0d7c6c86b6d703ece4a5776c429dcf528212f30

SHA256
aca93101d570d1d5332f30ec9884b08b710cc797a04ad05593dac51515d12a6c

SHA512
019e8a8335bda12a544c8a59fc123513ffbb8480a7005937e7f8759a7b044e2767f0f1933358173d7efb5746d8f0f66a666050d4ef2c91cda11cb429b88ad61c

Download Submit
C:\Users\Admin\Downloads\decoder-encoder.exe

Filesize
232KB

MD5
5ec72993874e57ccc0888a9ad498ae84

SHA1
c0d7c6c86b6d703ece4a5776c429dcf528212f30

SHA256
aca93101d570d1d5332f30ec9884b08b710cc797a04ad05593dac51515d12a6c

SHA512
019e8a8335bda12a544c8a59fc123513ffbb8480a7005937e7f8759a7b044e2767f0f1933358173d7efb5746d8f0f66a666050d4ef2c91cda11cb429b88ad61c

Download Submit
C:\Users\Admin\Downloads\decoder-encoder.exe

Filesize
232KB

MD5
5ec72993874e57ccc0888a9ad498ae84

SHA1
c0d7c6c86b6d703ece4a5776c429dcf528212f30

SHA256
aca93101d570d1d5332f30ec9884b08b710cc797a04ad05593dac51515d12a6c

SHA512
019e8a8335bda12a544c8a59fc123513ffbb8480a7005937e7f8759a7b044e2767f0f1933358173d7efb5746d8f0f66a666050d4ef2c91cda11cb429b88ad61c

Download Submit
C:\Users\Admin\Downloads\decoder-encoder.exe

Filesize
232KB

MD5
5ec72993874e57ccc0888a9ad498ae84

SHA1
c0d7c6c86b6d703ece4a5776c429dcf528212f30

SHA256
aca93101d570d1d5332f30ec9884b08b710cc797a04ad05593dac51515d12a6c

SHA512
019e8a8335bda12a544c8a59fc123513ffbb8480a7005937e7f8759a7b044e2767f0f1933358173d7efb5746d8f0f66a666050d4ef2c91cda11cb429b88ad61c

Download Submit