022f3a5067ebcfad464cb62ae1326f82889cfbdb1f57409bec7ebb107dd8debf

Resubmissions

18-04-2023 13:47

230418-q3j8ysbg55 6

18-04-2023 13:46

18-04-2023 13:44

18-04-2023 13:41

18-04-2023 13:20

18-04-2023 13:18

18-04-2023 08:57

18-04-2023 08:54

Analysis

max time kernel
149s
max time network
142s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
18-04-2023 13:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2022-06-21 14.46.37.png
Size

89KB
MD5

3db0b4a9231860087b407ab8e85f1877
SHA1

d7baf924e1778fe9637a35f1c751f33a9de74ab9
SHA256

022f3a5067ebcfad464cb62ae1326f82889cfbdb1f57409bec7ebb107dd8debf
SHA512

3b335c49df321d587a800650443c4338dcdbf18baa40832a2a515f2f525f0a099fde70014c6200206cb9c710843f535ec3d03abcddb56f8363e5c0da55163e24
SSDEEP

1536:OPgXyMXGRgughoErwSze6a1pzwFpHojLnZjAxYSBruStd0M+fQM/kB3QudKT8tCX:OOyMXG8aErizn8+tYD+fzuguna

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133263064512082593"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4232 wrote to memory of 1584	4232	chrome.exe	69
PID 4232 wrote to memory of 1584	4232	chrome.exe	69
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 2880	4232	chrome.exe	72
PID 4232 wrote to memory of 3052	4232	chrome.exe	71
PID 4232 wrote to memory of 3052	4232	chrome.exe	71
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73
PID 4232 wrote to memory of 4672	4232	chrome.exe	73

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2022-06-21 14.46.37.png"
1⤵
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff85b049758,0x7ff85b049768,0x7ff85b049778
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:2
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4428 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4380 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4704 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:8
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4892 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1496 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3144 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4656 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3048 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:8
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2128 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5204 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4960 --field-trial-handle=1812,i,10143155928223380902,2677343968970220221,131072 /prefetch:1
  2⤵
  PID:4832

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff85b049758,0x7ff85b049768,0x7ff85b049778
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1848,i,10736563886299248958,13822749931467509444,131072 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1848,i,10736563886299248958,13822749931467509444,131072 /prefetch:2
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1848,i,10736563886299248958,13822749931467509444,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2824 --field-trial-handle=1848,i,10736563886299248958,13822749931467509444,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2816 --field-trial-handle=1848,i,10736563886299248958,13822749931467509444,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1848,i,10736563886299248958,13822749931467509444,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1848,i,10736563886299248958,13822749931467509444,131072 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1848,i,10736563886299248958,13822749931467509444,131072 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4276 --field-trial-handle=1848,i,10736563886299248958,13822749931467509444,131072 /prefetch:8
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4592 --field-trial-handle=1848,i,10736563886299248958,13822749931467509444,131072 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1848,i,10736563886299248958,13822749931467509444,131072 /prefetch:8
  2⤵
  PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff85b049758,0x7ff85b049768,0x7ff85b049778
  2⤵
  PID:916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1472

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7c48dd2f4e33b67ffa3236b9ea4aaff2

SHA1
f66927a44e7de0c0038ce744d1d1d7251742702a

SHA256
b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02

SHA512
6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7c48dd2f4e33b67ffa3236b9ea4aaff2

SHA1
f66927a44e7de0c0038ce744d1d1d7251742702a

SHA256
b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02

SHA512
6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7c48dd2f4e33b67ffa3236b9ea4aaff2

SHA1
f66927a44e7de0c0038ce744d1d1d7251742702a

SHA256
b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02

SHA512
6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7c48dd2f4e33b67ffa3236b9ea4aaff2

SHA1
f66927a44e7de0c0038ce744d1d1d7251742702a

SHA256
b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02

SHA512
6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
1b0bb8991341d8c478771c1df537edb8

SHA1
daf390d67fe82b4318246523a4ed193b5584a114

SHA256
c18b5d7bc1464486e9d4adc92dd7398af04cc51d63eca0c2c325e9234e3e7a2d

SHA512
4bda159ceaa046d700e33d9bf5730c72390557c9afb69ce73c1579ddb17009f720716285c7124ca8d8c3c11409cc67780336448932d52cefa58fb8380e332ea4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d2df2e5bf9d7f6d0db26fd06e0f1f937

SHA1
3c97f1c121458f52f62f62a4865f79a9e3d21d3d

SHA256
20ed5cca032908b1ef7212c3b0fb2c85c67f9e6cdbe742e4ab21082e7a33422f

SHA512
c592af25e4e4d8ab0664954fa3204ffaf99dabedc6708082a448edaebc42ddff462b003a9eb78d8affddb044069fafae69e6ac7bef3660c9052c3f0720880ffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
f3bcddbecf7746d8bdceb5acb556a792

SHA1
3c44b9ff884ac838da371790281a4b1500b2522a

SHA256
a0a5e9ea7f7e8bb9041f624e0ff4300b02a7532dd5ba041c3b3c426a25c6410f

SHA512
3c14c006ec3999e16d497cdfede1255c2f2c72773678c9002c5ab9f250bce753ccc89a280502c07180ed62534c2b4f311bb501e87416edb9d40bb8142ed2cec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
ca5820bc74990e2f88d9cf7df349ce4c

SHA1
cde7631298fddcf43ee25815366fbd16065e9b7e

SHA256
d5aa028174d04b8261d25774c1ce65c407378c7e7cb1e64e6de056956bc08ca1

SHA512
f2a0fd1faa74ac706e773e3f33023e9cfd91c4db30d8ae322133a6a1f11bb55fb781492d560df525b8b2ef80a5685e8ee65e1eb77facb2bf2cf3bcfe7161bb99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c276606e49975851b59f3f12459db50b

SHA1
beef87d5e7dad3cb12800e0ee91298e06c5073dd

SHA256
60883b6952e6d78265a480087fda2e81f96a3955595fd7e849a18f7d3001ca55

SHA512
b07b9eb7993da24b52593a86e47c229c0516e142f7b7ea203dba75035b83503aeea693ec459270e89f6a9a9bf8d942e91eb524c17560481693885f545eabb3f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c276606e49975851b59f3f12459db50b

SHA1
beef87d5e7dad3cb12800e0ee91298e06c5073dd

SHA256
60883b6952e6d78265a480087fda2e81f96a3955595fd7e849a18f7d3001ca55

SHA512
b07b9eb7993da24b52593a86e47c229c0516e142f7b7ea203dba75035b83503aeea693ec459270e89f6a9a9bf8d942e91eb524c17560481693885f545eabb3f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
2b59a867b09f1747a1d52b1d3042c035

SHA1
5f8f3e0c8f68c60e6f183830c99a1059d4564db9

SHA256
b0552a19206a9e0de8e31ffb27eb2c5a3ca7c00500102cca7d6b1fca00072869

SHA512
09fe231cd139438ebc2a25d75f97f0d9321c7f10ea569bd3f6292eb938f77c97a7b3aaa9c7cfc438e552cccda3f7d9e562d93ae079c9e8b07fb5661db648c419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
88b1e52c91003689dba44792f76bc34a

SHA1
5b234e383bdf4071e6941c289f9a8517b08369d4

SHA256
5794aa66940b3eb8820fb17a15c295004b86f01c843ff98a2ce7f06db7e46732

SHA512
5582ca6f3e1b0462a385e082d7fd354c7e683c840da6e71fb27f0e4f4d59e530c7209abd84a074b02ea8d21198615229238348ee9a300c56fb3af0afc8f4b9eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
88b1e52c91003689dba44792f76bc34a

SHA1
5b234e383bdf4071e6941c289f9a8517b08369d4

SHA256
5794aa66940b3eb8820fb17a15c295004b86f01c843ff98a2ce7f06db7e46732

SHA512
5582ca6f3e1b0462a385e082d7fd354c7e683c840da6e71fb27f0e4f4d59e530c7209abd84a074b02ea8d21198615229238348ee9a300c56fb3af0afc8f4b9eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
2c60a239cc1a0d199084f2a352bb73d5

SHA1
677029593b4bba4a66e86a598ac9ce8d8234fee2

SHA256
253374863e75007b0c59dd0a91ba378c48cdfc1a7d534821cb09a017ebbcf760

SHA512
0d5e41c7075cbba367104608c457c3946243768d94443ae9575ffd6dac36aafcf67bfe7edd23d95e9222569d3dd5597daf3776dc3a4f01c02d45f4217b270eae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
24KB

MD5
11ddf8181280c0898fc537602eee7370

SHA1
55fa80c4e441ffa05fbfff935d8055fe8447ed17

SHA256
5c5a037b271507af079f7b60707eeea590b65d97be8a7a6d43c41a2bf88f4e39

SHA512
eec146e28f8da88dc13e1b49e972f14df21b831248ef52b98d2c55c06925188d1973d9938428aca678f4c2f87d84f5e9a8139403c9585b2d6f247dc152f9da88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
88b1e52c91003689dba44792f76bc34a

SHA1
5b234e383bdf4071e6941c289f9a8517b08369d4

SHA256
5794aa66940b3eb8820fb17a15c295004b86f01c843ff98a2ce7f06db7e46732

SHA512
5582ca6f3e1b0462a385e082d7fd354c7e683c840da6e71fb27f0e4f4d59e530c7209abd84a074b02ea8d21198615229238348ee9a300c56fb3af0afc8f4b9eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
af0f94c07b490999bf11f6ebded5191c

SHA1
17ba15cb94555f45f9c293c8ea2844142a232a9f

SHA256
a88e8ca196b83c721ff09863953499fc88ececd444d1661b1f378ee11db96d3b

SHA512
b74f3bced1228d2f2959cb3f95d534f4b3cf3bb92891ab082cf9446652714e50dd9c8498cd10ae1f65f1d3f0a33d3005cac3b4e7bd995bacd2df698db4d7d4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
19KB

MD5
a8018651f4dbac65fffe81123dbc6e24

SHA1
5aa34393bfc69a1da6b083e4c5491ac7d940bbe3

SHA256
4b4404855a051d457379a501786cbd34c8314a4f8a2f5b83bf088dfeef719847

SHA512
3174039bcf4bb7a6ccf72706b06ca2612f85d984efeb77755d7609d85ca398695944c4e437d7637245e73a71bd0ee6f79e4828324aa93186091a15dd15e13a84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
a906ab7c7a286246cfeed0f6bc264e37

SHA1
d7b174946b89b5b8686a1ac4d0c124971a2cad9a

SHA256
d91b9ee33e69a6d67676d167f926d018cb3d971aa8f13ce2efd39cf840a2a6be

SHA512
78d1d4f60ca27c83144fbaf4a42a3d27fbfb5b030ca7734db6fb2ea39b6d9c94f3e1d8c12dc96cffa8734c5ea6616dd332b1b3501f7d09334e4527b4591bd4e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
ea1a5182e1523659fa7e9fe0d24ed298

SHA1
e5db325add51b2aa8f87361312489110594e38a6

SHA256
4179f04d98194d2addb4648ea922e6f016d041d82fdf63574ffef1398d7cf1c8

SHA512
a4151749b322e2098c1a432b0ba740466e214dbf3407d1b5249974b5c9af2cc8e66c7f700a0f03c87bf657b04250666f687ae97c2cb1f6cf32597141e7b6f07e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
18419bc30b8d42dc918576fd267e56d7

SHA1
988693ad67ee8c3c5d32c0d0383767ba73911456

SHA256
97470039c4f33b26d226280c5b7ac092f3c758ca7b08c722fd1f3c9a32c256f6

SHA512
a54f355f9fadcc6e7fd763c70f27936f1685d2c0e06c51d41936b37e4abbf593ef7832ea62c902a036dedd798c1000f143959a14eea3d0f0b9de65e824d4dede

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
06215524d73b9d35c7a193f0676b050b

SHA1
c021a72f76371b9c08a196eff20938288421ddf5

SHA256
4c9cf8b9b9bd1e0d43e67db712b2ea847582e5d69d1177cefcd164d9138b33ef

SHA512
c16febc298f59a568f24f15d0c3e9d41b576ec0527f25cf372329c8eca7315245c8c9100a9bba4fab49147db583db511ae9eaa1f098bcddf8f6283f00fb9aa02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
505e8443f808823aff88405a45ca140c

SHA1
ff2104cc6eac025063a119ac6961e15e4a777d19

SHA256
71ae13779e5ede452d9fd2956e97864dcc0a94e64dde32b80f627af41bdf0858

SHA512
2cc0d8d0fc5df74a730c73e8a3060826f17201dfd4ebfa950908f78bd0cde8f6e59f644542b24df15d840a6daa530f8771c88c4e4307b550ba50fd42febba846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
e34a5aadc6faf17f812d6cb153f5a75d

SHA1
6290cf3b6d3b3a0adc7ace355e52e525dc979f7b

SHA256
202819bbf51e7d03de88a7df3ca86573f41784994a745bd8b3a148cb019fa096

SHA512
f6c7288bbe41227d524f339179a4955c4559cf5c86c8028deecae84780f372b6794c24fd1c106eed6e3961ef0629a3f9875b75c79a1cb73407191eeaa3e3fe79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bacfa93f3e8af2c14aa8f51f5312441b

SHA1
cb61b6ba8bd0b95191d0f00a852a9b1561da94d7

SHA256
86691a9e6e47a99f4cfa5fa9843f650914f5c8b3028df955aa4df91059e13640

SHA512
bb3ff4f26e1b5ac2d6172d971d4ec6eefaf31530d0c8a00b231d88b9d941accef7eefb0a68875caf47cd5ed1d53a7f06630a570b71c496cd8f68668faedbb9bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ecf6b6fe55d5f19cffa1bd071bdd160d

SHA1
df1464a4c60a49da975252e659ff3434f74d83c8

SHA256
2f7907b816f4f9ef904260f131430f6686192b30cf3fc414e2afa9236592bcc0

SHA512
516b933489a2d826a23ec5f9cc6943b22719a0d3deb7469e62d9625ae8107812c6b191f0348f6cef1f6d6185a69cd7d44cfc7e6979e4741cc3cf5e96b570dcc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
69656a5195df4ba2cce9e3b5b80687f7

SHA1
1464f319b9f54d65ad1e4f3a88662e14c400818c

SHA256
029b53cda80293fc4d8a8c6b1c8a534ccf6c2095523e763dae88fbfea421ae2a

SHA512
a6ac5d171107714e03861e75ce97602482523bfc83317b161c57ee58c2cefb331566f115f268a59d4104ca4a90de68d67cadcaff1d5e59c5734fcdd95d515d2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8c81497518c689aba29e303380ff7a4b

SHA1
050ac3606e2406e5ae1649658da0fb639202faff

SHA256
2c3b59e72389cb19383189ab050b1583dff72d14746c14cc20892c89f16ad4fb

SHA512
66e4fc1c8029f191ca473a22f19a4fae8175fe10a1ba5b6ab2177d77a1d9fc81e7efa38524726c253a65dd8f4a0a18c53591f621a387fc480cb9191f7c9c0748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
16b4526b0f23fd046853172c448b1213

SHA1
7a48a9fc88364683776aacd624d5f73f04c60173

SHA256
07e5805dcb9cbf7d026d462160ce9d2e0999c4448e224d79b936365d64de0a1a

SHA512
4dd75ffd3f304a18f685bd7085f8a66ed68bf635deb5e8d1d54186743acccac1ad2b15ef4d86e4a824ef600d9e3514acffe24bc5e4199f3418453184b0f00ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
990a0d07ff0ccd2f6b3d899196db3691

SHA1
17f4b230ca5987865bce52ed3935b1ff7fad10b4

SHA256
b68d30fe3ad6848a0dbc5ea798cf1df550d8396bdb604e6f8c418e2d723c6afe

SHA512
2e446a21386222050444602b2891da7709946dde52945dbe0790d289ccf11ef66f052ec6a1059ec1508a761ca2af6fa1089a28cea1720005645c1139b04a7ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
990a0d07ff0ccd2f6b3d899196db3691

SHA1
17f4b230ca5987865bce52ed3935b1ff7fad10b4

SHA256
b68d30fe3ad6848a0dbc5ea798cf1df550d8396bdb604e6f8c418e2d723c6afe

SHA512
2e446a21386222050444602b2891da7709946dde52945dbe0790d289ccf11ef66f052ec6a1059ec1508a761ca2af6fa1089a28cea1720005645c1139b04a7ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9214c28898e54aa3c33dfd1fbfe566c5

SHA1
8270aca2971273a0f7a5ca598a817730c540d39b

SHA256
ec69eccf778fc9f8454f19c180a9a6bef4708483f76cd93079139594ec8762c7

SHA512
cea84ce5172ee2ddf9d2100935d8b4d8afed728f11316d385ca5831c97a3a51ff680da6a8aa15e9f7d172f2b357fb34609341c4f89a3277b44d12780b4bbea1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f5cb7431e3c17e8a3b0a5ee196426ee9

SHA1
d3f7e6a587a0c378482e9fc46fca60b06425aeeb

SHA256
1301923a87df7c9758f2115805ed309a17aba41f0eba40bd64b47a7e9f28b326

SHA512
004736f4ed820ad5b4de37f315e77d9973875cab2259deec00f112f74a0d9846ff20be978e7d257f46c80e7a1093c39ddc98f41b762b73d1d279932a8dacd903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
4dab62ba588f5c33e8b5e9891a2781bf

SHA1
2b1ac8b2d426a264f35ccae2077d4eb164790d9b

SHA256
d3d276405dcd70aea8cc8caca37f044a88749c06378ebf3129be80331a9ae4ad

SHA512
4f0d628907a5a672867605bd48465f15970fae172813f9340bbaa5e7ce71cde36ecf91472a3fc41745646bf1347652efd4a7518a962eaa9c6dd716c05c847dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
4dab62ba588f5c33e8b5e9891a2781bf

SHA1
2b1ac8b2d426a264f35ccae2077d4eb164790d9b

SHA256
d3d276405dcd70aea8cc8caca37f044a88749c06378ebf3129be80331a9ae4ad

SHA512
4f0d628907a5a672867605bd48465f15970fae172813f9340bbaa5e7ce71cde36ecf91472a3fc41745646bf1347652efd4a7518a962eaa9c6dd716c05c847dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe573f1c.TMP

Filesize
120B

MD5
262ab7b4143af36a54a482df3476182e

SHA1
59ab2531e1769420fc8016fa299f25c801e91291

SHA256
35ccea7b5d5b3b388ea3a91e5befcba2589f73091b982cc2328e966fe3a1138f

SHA512
3f1dbe53f9f7c93ebd031af0b7cf1f311c8c30dc6913857f8b6105c26d142ed18919c71a4f862c9d2ace3cec55bf876da41f436b0878c6ab31eb33a3a262a28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
2KB

MD5
fd1d23845bc6d56fa8fc47c666324321

SHA1
9a2477f580d35e991a46245a28b84cb43a441683

SHA256
57f9a3fc3ea1d81714b6be41fd1a090080b496f580383f292f4cd027383e92e3

SHA512
0e13ada9cdcf1e13a1eee7039782c263d29b21f5166cec7d5fe0f591a023a12c8dc1484dc3a0003281f84d4290f77dc7921dc822ac36d6a28043a34b9cdbd2ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
0a0cd05e4989c5df59b96961aa073238

SHA1
27417f99a0412be82a8d00e55fe0b9f84cf32a06

SHA256
5ca5e280b9b6663da6f39a7440c263cc24c036b3aae7f754695facc66af401eb

SHA512
656caeef3edf34fbb8d64ac91718e2f7316a9cf204f3f576c6ed84d3cb4b4c79362d1a1dd244696925b19e32f0d39418bbb441cd194a18ae7f57b58f0764e6fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13326306528390994

Filesize
22KB

MD5
f80d0d84e33bcdb1a956964f02e85cb6

SHA1
08360110aa7c15528ac0d28f408f5b7eb10cf371

SHA256
158f175b0365db36be28ec0ca5c50d89662a1f434f3cf423a8ca0d6dd441926f

SHA512
c5d327cbd39a3cf2f6f7f0a336c19f9252fe5669355f314486b14c18bfbe4a41877b05d532dbfd397969a1513632f9795eae7a79c5e88035aa050f5ba037950e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
793deea4257d542fb64864308c551495

SHA1
5930e947cf96d69952a8eb089601b3c6d50ee738

SHA256
48e03cdf028e844c086d5bfa26ca8e3fc498261b08200c508ceebca8785b4e06

SHA512
1db6dd3512c509bd4652a12aca651fb09f458285710aedef79ce353fb7493ba759e496a0b4d55ff8b0dbabdef5dc30b37580195c33f9f78a826f1b7479cac5e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
e2f2578096dcf6cb9806c5922f853490

SHA1
16dfa834623f7df70cab561c6dda69e9327a9cf1

SHA256
68c64b8a60340fc54c6f8c9ea08f2d77a7610254c9d054702c536ce74d418359

SHA512
36e834bf5ca4963b31b372289225187c6fd5d12d212145c41bd193451282664e11f94018dd8c5339f40354a6d0bf9cb14ec82cd3ed73851cfd9c6aca3c5e2b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
7470b8e02105aec32da04baa73d64b0d

SHA1
11b4e400095c81f4ad2d37cfad6d530c90649e3d

SHA256
3d519562d3af6661b3a5cbba55888068b84c758b74713572357b4f210a783ad7

SHA512
f066c395146b294bb851f7340cc4a63901c413b913d40334bb5a7baccb569c298c821f9e5bdacbd06bad2070ce5979f4a69973c560f51e127800f16273723507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
4f450af220c0dbe73e10e682cab88d67

SHA1
ed9af6301d27407843dca2dc5a798cf0d3b17095

SHA256
d1ef39acb93ec3fe428b703abc13e85d0d5e06462415b59bba877c6e2dd0a8ed

SHA512
da0d80acb830a3ebab79aefdd7dc75a6e05183b041ee6cc7b3210aeb3d6a4c9ac5d1db13893db2dbd823bde4002a5e6064b85c92cf38c6825410de36b9aca977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
54907abff1f5bca282f9d0b4eea07010

SHA1
f41981886707af81b520fc96c28d8300896d8a7a

SHA256
1d55f3cb9cd288b4a31535960b6025ab593a53ce1ae0098a07f0dce207d3a3de

SHA512
b7cc090bad22d909d7ead4de1a64e3ed742a4b1876fa1d82a4ad613bbac0fc98b7cf78162a416d50fce06e6f1a72c3c96d0b6a395730bee94c3f3182bd58f82d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
a336edc8761359643d9953222329e865

SHA1
6d023ba5998b30897448a4e745e3286ac17ac971

SHA256
e8edeb2425b354c35532a379c941b6535ba7ab02b061e06fca65aab74e304493

SHA512
c1a5f4ab9a604370311fc25c33b95fb07310c581cc62d65ca2375312be986fc61405b016c94fcc4c23270bf6a3881dd2940cb3bccf98511c69f55836be1a4ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
996B

MD5
bd7f5cabab29ef9a3b3266a1980d270a

SHA1
086350b5f44473310634e684fbd9ad61dea4d944

SHA256
f53bbd39888174d403d3d4d55af9df078f7f3899c3f4ad849c4d7eaa41c741a9

SHA512
512ccf64d4b4e0a525d93d6464597f793ae0c93b0d45b572ce811e767df900a20f05c983c736bb2c30bf55d31f7d3fc58c51ee866da8281a8e4eef3a61e12a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
c4c644134dbc690f57f10902a5d70293

SHA1
03d307943359a98d1bce4478c8bc71b387339475

SHA256
da253a81d320a0db7d52c6b283ec82a38f0421386f75b3e326e96bf5dc4969e0

SHA512
511770a7bc153eb8985501e68bd32be6536bb9f1495d7a17f09560259b5bd40535b50dc8ebc607c1ba3c93ff3b965f9094137d3fb60b67fc4ecdec5802e715fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
855B

MD5
4fa2884f5f95a3dc55e979bf0d62f151

SHA1
e8255511ef3b06bf9679d3fc51dcc10aaef7101c

SHA256
5c7aebf4c045d6994cf346df70020b5be9b3e0c8893e48ddb69cc33701d5f1ae

SHA512
3d6695ab0a13fa6f8a69db831724574ff9dcc5fc0a67d7eb2241be14d06bf7960f215631ed617dc64865b669308347dc6757dd951bddde409e74d7b73174d06f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
e440442bc7569ee87430d553072f8a14

SHA1
bcd31190ca68e38f7d15e7e00758ee8390646733

SHA256
f6754e47c5ef42f109ee34a69fa219de5e156b01a4661515d3d3a0522f263f75

SHA512
37ec9ebb90e7db276e6cb84cd6b0df7c0c6e0443e6e7114555940b0b72281cb94a28912470b373001e26acf80f28925eb08ef1349d6fab150920dceda8d9b447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
131524d998a5766d70e3e0695ffd3f79

SHA1
2a7a813f6212ac0c26e0e56db4d15654c9417e50

SHA256
b944227c4f5fd942da91fdbbc43b9603def0328ddbe620d44e066d6228413fbe

SHA512
5eb24768f14602c836865c824da177a18f74ae02db9c6c810034261076d9b319873fef2aa1b8e965a343207f292188b2d7114b65340248ec4619a02de249e37c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
2c4d65013c0480aa2987541acacd7839

SHA1
59af89c44a11a295435dae6d147c8b91b6ff8992

SHA256
ff519e8a2e69f7757ffd22b9856f0c33aa5f8972074e76073ff6e839d6df7fc6

SHA512
cee432e695bcc25f23eb5ea55cb1fed47e8a8b1526966adc09acc0d18ffdad4387061c241abad8fadc52298dca829271508cb4ce05ee0dcf273da34f994ec7f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
ef2892ab0e291431b0dc3ad7efd03e59

SHA1
d40ea6285ec6981753f0c597d410169682089301

SHA256
de437a3829bef9d26bd4f6145f1d3e00148a832303520db276d9c7a81cb4864f

SHA512
19e544862ee9689e16f77307e75a5dc97989284dbedadd975f5daab3b0c38aac72ff433835b484d39fc05e11a5b724ab7d7fb1fdc8936520f28a6a6c2b9a8783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
abdb8dbe4dd7ca666bdd730cb1fe26c3

SHA1
c3dfd26f6fe4afcd7439a224f27bd11a414f0ad2

SHA256
02e37ef4452f23060566916e792a62cb3e09e6c1d7551f42c959b1c89f4e0b97

SHA512
75e381ae356bba650493ab15d751098dfd086e327a786dd1237c45069745ca372b39a6b3164d25c7b00036c8a635b830d8c222a40cd1d7ea412b692bcba6e34b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
abdb8dbe4dd7ca666bdd730cb1fe26c3

SHA1
c3dfd26f6fe4afcd7439a224f27bd11a414f0ad2

SHA256
02e37ef4452f23060566916e792a62cb3e09e6c1d7551f42c959b1c89f4e0b97

SHA512
75e381ae356bba650493ab15d751098dfd086e327a786dd1237c45069745ca372b39a6b3164d25c7b00036c8a635b830d8c222a40cd1d7ea412b692bcba6e34b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
d1639f258bcc676f4517c269e51732b1

SHA1
09e296824ba73632e2d3c437778e3d8ea6a8eeb2

SHA256
886ddfaebdb971062343ae6cf1e59af0f7e062b60a22feb7f3f22c09b823f684

SHA512
7b8d079806d683d522d47b4cbd18b14d5bf9c2873939c5add72145e558b2de4c37659ab8e59421048ee65b3ca5b81714ed9e0984b88623ac5edecd5f8db424bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
e8f39e790d76d7f46b27bda4abff3ee1

SHA1
7a8aeceb3f8991c1b39e714d7f6c572d5334711e

SHA256
ad81cb9129995f1c21fb93d674a0f8b430f29dfb6e2d507b08a8ad06ee68cf40

SHA512
57b3640296c8e66e27afd74e7680b0d49cdabb54baf5e8d8308bf14392722f546dfea8fe028e98a4dbdd86776e1ca2d33cb90c0f2a07555151e983a67a43bbda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe578b58.TMP

Filesize
93KB

MD5
35af7151454d590a0e379f13537bdc58

SHA1
64c953e6c70c546472ff29cbb7855d80b46cb58c

SHA256
bef891743c779cb8d43cf14ac78f188dcfd395e6e2b7ace24511dddfb5c1c76a

SHA512
eeaf439894e1915f820ce91f2e01ca7f4e6197e124e1d6f6401e7461166323cc926fd3bfd567248f238053187d1e8716e609cac045a92dc94874d1488477b188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
22b6bfe21333ac86dec563e3ee7bdec7

SHA1
088fda7d66ab8023073bed07c926715475f201e7

SHA256
ab6ff5d1c154e54d46b30c55566548fbc6c617567a32460231bfd850fb7c9876

SHA512
fa5f39e4a15a85eb4ba559521fd2aa551d41b4c82613cf8bc173a7d7c58554d012c5b0baa4f52eb4054a1a420f867f0b45b62a9e66d45c924d6758ea0f634883

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit