ddbbf34580df55639d25c93409532171c3d4230a7609d5909e1bff1f29979cb0

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2023, 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df4brk2-5f3486a6-6e7e-42e1-a5b1-1b419ef75c9a.mp4
Size

165KB
MD5

f5eafcc303576a4344588304f9a0cabd
SHA1

dedec3c11406d0356d9c5ea487f39306b95e29d5
SHA256

ddbbf34580df55639d25c93409532171c3d4230a7609d5909e1bff1f29979cb0
SHA512

502d52cc58fd3d65f4f71e1f220be45a235710a3dc1dd6514c39dff348395e1cc63672b7030b540eb172d50cc5e0be8882080552b981daef2b2df00eaba6c459
SSDEEP

3072:2YOSb2U5+6v3Bzq0OCj91PMYi0BsRFBlgo1NaCPl/VhfvAgedFSrK:MSY6v3B2yR1UYzsRFbgouO/jKFQK

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\F:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe

Enumerates system info in registry 2 TTPs 17 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133277801877501250"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
6048	chrome.exe
6048	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4216	unregmp2.exe
Token: SeCreatePagefilePrivilege	4216	unregmp2.exe
Token: SeShutdownPrivilege	3156	chrome.exe
Token: SeCreatePagefilePrivilege	3156	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	4168	chrome.exe
Token: SeCreatePagefilePrivilege	4168	chrome.exe
Token: SeShutdownPrivilege	4608	chrome.exe
Token: SeCreatePagefilePrivilege	4608	chrome.exe
Token: SeShutdownPrivilege	2344	chrome.exe
Token: SeCreatePagefilePrivilege	2344	chrome.exe
Token: SeShutdownPrivilege	2668	chrome.exe
Token: SeCreatePagefilePrivilege	2668	chrome.exe
Token: SeShutdownPrivilege	3112	chrome.exe
Token: SeCreatePagefilePrivilege	3112	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe
Token: SeShutdownPrivilege	2932	chrome.exe
Token: SeCreatePagefilePrivilege	2932	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 1560	3156	chrome.exe	99
PID 3156 wrote to memory of 1560	3156	chrome.exe	99
PID 2668 wrote to memory of 4452	2668	chrome.exe	94
PID 2668 wrote to memory of 4452	2668	chrome.exe	94
PID 2344 wrote to memory of 4264	2344	chrome.exe	96
PID 2344 wrote to memory of 4264	2344	chrome.exe	96
PID 3112 wrote to memory of 4064	3112	chrome.exe	95
PID 3112 wrote to memory of 4064	3112	chrome.exe	95
PID 4168 wrote to memory of 1500	4168	chrome.exe	98
PID 4168 wrote to memory of 1500	4168	chrome.exe	98
PID 4608 wrote to memory of 1068	4608	chrome.exe	103
PID 4608 wrote to memory of 1068	4608	chrome.exe	103
PID 236 wrote to memory of 3888	236	wmplayer.exe	104
PID 236 wrote to memory of 3888	236	wmplayer.exe	104
PID 236 wrote to memory of 3888	236	wmplayer.exe	104
PID 2932 wrote to memory of 1544	2932	chrome.exe	106
PID 2932 wrote to memory of 1544	2932	chrome.exe	106
PID 236 wrote to memory of 3196	236	wmplayer.exe	107
PID 236 wrote to memory of 3196	236	wmplayer.exe	107
PID 236 wrote to memory of 3196	236	wmplayer.exe	107
PID 3196 wrote to memory of 4216	3196	unregmp2.exe	109
PID 3196 wrote to memory of 4216	3196	unregmp2.exe	109
PID 660 wrote to memory of 2176	660	chrome.exe	110
PID 660 wrote to memory of 2176	660	chrome.exe	110
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5152	2932	chrome.exe	111
PID 2932 wrote to memory of 5184	2932	chrome.exe	112
PID 2932 wrote to memory of 5184	2932	chrome.exe	112

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\df4brk2-5f3486a6-6e7e-42e1-a5b1-1b419ef75c9a.mp4"
1⤵
- Suspicious use of WriteProcessMemory
PID:236
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\df4brk2-5f3486a6-6e7e-42e1-a5b1-1b419ef75c9a.mp4"
  2⤵
  PID:3888
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3196
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:4216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Users\Admin\Desktop\DenyStep.dib
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffddbfe9758,0x7ffddbfe9768,0x7ffddbfe9778
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1988,i,11021683929797835469,1428498023476301382,131072 /prefetch:2
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1988,i,11021683929797835469,1428498023476301382,131072 /prefetch:8
  2⤵
  PID:5532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffddbfe9758,0x7ffddbfe9768,0x7ffddbfe9778
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1964,i,13016808802195582250,10441549262135384277,131072 /prefetch:2
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=1964,i,13016808802195582250,10441549262135384277,131072 /prefetch:8
  2⤵
  PID:5816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffddbfe9758,0x7ffddbfe9768,0x7ffddbfe9778
1⤵
PID:4264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffddbfe9758,0x7ffddbfe9768,0x7ffddbfe9778
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1852,i,16410001169601261975,1493244063799838346,131072 /prefetch:2
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1852,i,16410001169601261975,1493244063799838346,131072 /prefetch:8
  2⤵
  PID:5312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffddbfe9758,0x7ffddbfe9768,0x7ffddbfe9778
1⤵
PID:1560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1864,i,9522500386581392389,5746626960816212577,131072 /prefetch:2
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1864,i,9522500386581392389,5746626960816212577,131072 /prefetch:8
  2⤵
  PID:5236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1876,i,3718394082991341320,814250425951194840,131072 /prefetch:2
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1876,i,3718394082991341320,814250425951194840,131072 /prefetch:8
  2⤵
  PID:5596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffddbfe9758,0x7ffddbfe9768,0x7ffddbfe9778
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1944,i,4012911464609483946,15887989484720250751,131072 /prefetch:2
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 --field-trial-handle=1944,i,4012911464609483946,15887989484720250751,131072 /prefetch:8
  2⤵
  PID:5376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffddbfe9758,0x7ffddbfe9768,0x7ffddbfe9778
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:2
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:8
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:8
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3632 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:8
  2⤵
  PID:6308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:8
  2⤵
  PID:6484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5084 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5260 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:8
  2⤵
  PID:6456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5412 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:8
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5580 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:8
  2⤵
  PID:6588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5736 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:8
  2⤵
  PID:6352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:8
  2⤵
  PID:6488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:6468
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff6af007688,0x7ff6af007698,0x7ff6af0076a8
    3⤵
    PID:6848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5092 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5780 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3988 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5468 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5460 --field-trial-handle=1916,i,10784113231781700182,13442488021481305854,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffddbfe9758,0x7ffddbfe9768,0x7ffddbfe9778
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1968,i,2808962286211920486,156011582014440986,131072 /prefetch:2
  2⤵
  PID:7036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1968,i,2808962286211920486,156011582014440986,131072 /prefetch:8
  2⤵
  PID:7088

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2292

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\744a11d0-a2b9-4f93-b9e9-8fa3d93949f3.tmp

Filesize
71KB

MD5
9a7b58b24ce46d3d2c1c8a0fbffd9241

SHA1
f6850cbbcead586126c17e1d390af8a273c2d3e3

SHA256
4859732538f5a1523827804008e0f36edae4d54ad08e188579fd32da0664a185

SHA512
e3b7f658de753415e6763cd280d5858046c04b36bfd2219bbc0ea03529ac81300847bbb5d6e5d0c86b19dd9b822748008fc47c7775bed8e18b543a6318962c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\92304e9c-90d1-4a13-aa70-5ef2653596a7.tmp

Filesize
71KB

MD5
941c1cc11262192dc0ba9097147fa307

SHA1
05d01ca3f9f9129d37950d0159d609a975a3a956

SHA256
09f4ba8bdd6bc6c74cf55d4fd4317d9f2b55acc506fbd5a4d8034005368980e2

SHA512
35be7bb0f4b6cad877850ee477285b2fcae08a8a7509e0e070768a8a1a87cf89c6d29681300d66023d3f656fa6070de754f00ff7b603584752b3757425e1eb01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
118KB

MD5
42f2d28bc118e32ac06f256e17cb0b09

SHA1
dc575b8d825a51acd2e58950861db18824c13f7b

SHA256
1299d6ddb37abd7ab7af528411f889ce30df7822340aec9265e6a6fe210d5e33

SHA512
afca64520577fd86514ba7de9c46c9fea3fa9f778ab5c48f0f5ac2808535111ca16f18924a122dba8eaba389b2ac50eff584f1de7b268377eea2f068f23ad327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
49KB

MD5
c12075d6afcfce79df001ecba960cc0a

SHA1
f11913a40353bc451298b24b47642c65d591c2b8

SHA256
3d738adbbd4904e038babeab34d1481963921df6d8e7fe721e84649f1518cf05

SHA512
b4732bb0b6c5edb0f9d42e1f3d3facb8752c81bb70c3c7982ab14d7380b2bac31c367b77a11163592a511ac13ef894009846760a0a1246eaeb9df11c6408132c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b349fc9e33341e8f784a90d8f4145655

SHA1
fd3f5618b3f83c880e3ae480bd44a38f21f3be37

SHA256
e9eaf4f82455778125f6ec348b93f1c6eef41f701d852563cdd14999e688a5ed

SHA512
5313e9ebe167935214d1510d4d2cdbecaad13b17f4dd392a9ccf529ff2f35babc806b422fd1af45a455cf0812deeea7dc81d7b0ae782c9b22e9dcad143befa1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f72b0425243cddd64bc5f09adaf3cec9

SHA1
97178ec3fbe7cda9dd9fadf42f0702b46667bd0b

SHA256
b5385c75c14c3639459f7ac804a2a8aa30d935b8aee6814a1ae6023b9feba904

SHA512
d327e33ebe4bac18caf18eadab56988cdc529c6b1596de63d89d524cc8c475e68dbf4fcee51d9d88ee35410a7eaa7bc6e444c464af3da4bd06d0fdbdfb3010ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
59ee49f233d3e5aecbc11ad4b94cd8d6

SHA1
aeee0afec00c9d6646d3f5c5c6981648e70c1711

SHA256
e84b13e13d6a1876a42d060a832cc86193a547dc7a0a2e980dd7ae3e25232fa8

SHA512
3706e0dfbbdcd899ef9919dc9649655d3d49a24a160c1497d2c025fef60dc46388728a029900ac21e754746ed74bc68280a92f47c21ef73f18c4b6578fb91b33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8a55476a7bac367982a17fd69ce909ff

SHA1
2ecb142ae5fe80734e3765461a2837d4907d425f

SHA256
85c4432769e8d4250ee4c1a711d8ce1f635e11e9e1aef39870bd3ac5df54265f

SHA512
3f63cff1e4dfb205c28b7d5924fe7c1aeb0a499cbfd4c97bcafc30bad094bb0c1674f0b23e1b512c00b953088fca6f8bcc09b4b95ba2ca2538ec136f80e5fc54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fe0c28dd1245f17a7db99057202feb16

SHA1
f1e391a396c150955a93f2cbd2e613072d16dd58

SHA256
5ddc95894953f0be27a0a06bee50bb354a34112e5c3ed6780117293031c0c93c

SHA512
708f5ab15e7ef3c415ea45c479381711a835231f091c6303ebf013373509d14f5ffdc825308a82d20c8cd2ce51458e493b917a9c5b51ebcdf95fad87bb3217cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
dace9b50cec0c96efb74c357c7c087e7

SHA1
5d1bfb448fd8cc2f8af797e90979cc7c0f7f506c

SHA256
4379f1ae21389067425a84def852d585dab4b4cae4b62d4bf431e6dddac9d5a1

SHA512
c5cd7dc515b68df03ed5263b0afd43b255466877eb25439e4ea5b8919ff5e4fe8e90abb2bc26b9afdff39305533e830afd3406f1eaad4e608ae3177182defca2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1d076ff1cb039f061476c6a7c9835245

SHA1
c550bb5a0a49fc9c96ea5826f6b0b76fb3c563ee

SHA256
2cef1b6a1638507a9a83258c0d7494503f7f6e02eefb04c7138207fe73897a45

SHA512
a4330ff517daf8ccf258adaea123caa88a2b68e7bea55173d5e2011988dc192a9a7f928ad4d6861e6fcbfe704ef4d1857f12984886e1c7661cedeee85ae99901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
75d52a91170caf91a94834e742814bb0

SHA1
7884a5f8c7d07d59952d3dbec10107b9edf92dd2

SHA256
9fa936cd12ab94822a1d014f22d768cf8f99f9fe9231c1dd47223824ef779d8e

SHA512
640b7b71ec44710c218ccb9033fd0b86bf99b2534b4362b0735de2bcbbb1c7ecb3fe4996e547a2b7e9fdf276483a9678edeeddd7a41221373c26416660d65208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
40cd776693e7a3eddbd05cd1fbddd61d

SHA1
438eb75e563fddc658f59d69ea8446bc134de1b4

SHA256
9166f4e918cbfa2b64e3071b967abe286a0a0ca4cfa39b19d0c2b6e72a4ce334

SHA512
7d5b21f768d8483f2c4ae69dc5ece3f2ea30b6013d98e7e7b0fc870d435b634df925c524b4fdfee10551d66c9381d5019b1879cb83f401b6a2ada2ca1d917d1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f6d950eeaad607eae06878484d66c0e6

SHA1
8261bdfc9ab22875f3a8006a9416245630b24543

SHA256
f9cdfdbbee8a564303eada279fc6493b4b5313d384a9497643aacac442511db6

SHA512
a5691a095835477fc76c1ffa5270db59fa02743416dae65c2a3b49d15216f8cb1a6f475fb90421fd1e288e32e0c0810842991c19f4cc7f91f77d31901b8d4f7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
dc2cb5816288f53a1fe1dee75b680fcf

SHA1
f7b67bdb00802165b320bdd95130fe87688489b5

SHA256
a8f7b3e5d52fad8dd91a0e9c66a79208d67b2a518cf7a754b5141e133e671e38

SHA512
32386f87f5bcd6da68b62fef6eac070a0017bbb80d306a06901d11610bd225409a5632bee8515cc28de478bd8651227d017a88c07e1a84651cdef94ea24d049a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
97ee5d11faaab15f42ff319d68244218

SHA1
b6a111487702bac03e6716b8e0a71ade273cdecc

SHA256
1e677841cc47e5fe4d6e93b5be39f74b1de3400a27279e24b1d9853b64b75c57

SHA512
abaf84e3eef4f3df32deedaa82dff4c593fefcfbcd0fcc2957407f48c65456e0711ca69415d6c3f63317eebdcb489b9dd2ac19bc4ad253b85ee47da5fe6e9964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
67757bee9bdb2d9a01fdbd5ed93d729e

SHA1
eec0421aa03707622cc258588864c424e51bd86d

SHA256
ff67cffda548767e908383c70e8b63591248e73d2092c1aab3c8050fbb14afed

SHA512
3ffea57e8b4fa02e63c513f6c84b1f8d5697698e104e2df157f0efee75dbfdee718afc244e0da2a0c18dccb7d50d53df4da46172af89aeeded98a7611fec3cdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bb27b0142ba379ec90c8f4b277e89d4c

SHA1
592ab9ac5883fab5cc901f5f342eff0087895a86

SHA256
cf3709b512478e1cadff7890ae986b54c29b42b11a650d35d3b3c508c445f115

SHA512
5940f9d67316160a6575d28c69de1e9157538e4ffae0814d6b46913d6486c788cbe3828e9371b618def278caa52fe7296d233bc307d80662a143b448b711bf9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
162e4d811d1c143f0f04132fad9d6c1a

SHA1
cfb76a7f0a4fb9c95890bcce370fc200e9bd1fa4

SHA256
945dae729f8b5b6af286394ed3006aca638db3aceeacbbd2df12bb298a280277

SHA512
c39e1bc38d2c06f3be4d49a7a9cd51e91ed72ce701aab0ce9267a2044861af99bd5ee52f6f38713ad6ca0f5a241f96b9a5bb13021dfbd783ad7fef5c514a9778

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f19d490f8bbb0ec73792935863a3ca34

SHA1
d9bcf27015690f8077711523ca115a55d3eaed50

SHA256
05b2dbd1589a3ef7fc1fdefd8667c69f59e03436450b040b79c2fb2d19d0b635

SHA512
1f0ff57ab939cb053adf3d46c434b1b372efa4959854c1680e10aafb3830651a4421bdd5a02592cbe276432f3de653df8f97a37550ddda242f95d5769f3bc758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7e0088a8f4f21f3b8cc56d49abe2e2dc

SHA1
32c870ed5b8a4f7e2483ed85767da7f09f644a0d

SHA256
bda9be511ef541ba4a306099f5264fbc3aaee15b2cd9e974212432925f2a7c5c

SHA512
0cc0bc79ece5bdb346203cbc02b0290f62cb60361058de32ec48751695d3a317d3e51f466e90f453910be32872d35425be79caf614d4f1c67992861768656736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fdac04b8df53794ac6c68a5ac91e7e73

SHA1
3f1d0a04455f61b7f1d34762ca18fbc8a4a1e829

SHA256
ea178937c04d2304038148b3001286ae4e23dd049e5b8e8ad88b6e371e2dbd51

SHA512
f098a33c77280bda3ee008b7a426c3fb70513c424ebe2b1b010b26faffd82d053ca89eb73e349395d9158a414c64354b1d48ccf96ac48e09d0a575864fc3e20f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
00ff4f64c12c42e605f5b4ddd775f27f

SHA1
ac236bd8c8e61534f375c26ea7fdafe94b47afd5

SHA256
a839fc302fa644adcd72f16ea29abb0ba8b078e71aa7b51c81a4feb2d036f42c

SHA512
f1e03f6cca3bc10ff1966ceac57d34666391eeb8c38797c216fe56ad778655c6306c1889df4be299624e40eb995f99387692279454f3a936fae398a7b67c8d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
94bf79aef3481c417e6f6a64b8cab6e2

SHA1
a687a55f2db0bc5aa2e5baccb1b8f65f938ea618

SHA256
cefc789d679b926f3dd4771464cb384d520b6b0229ce8f34941230854e340193

SHA512
308a8710b4e4d1e6a906aa91aa5fff9ac78c0406cba15063603df613092b5c162ffd7d38362bfccd878920632468b9620c9fe4842982242c74bd8964dbdbc521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
94bf79aef3481c417e6f6a64b8cab6e2

SHA1
a687a55f2db0bc5aa2e5baccb1b8f65f938ea618

SHA256
cefc789d679b926f3dd4771464cb384d520b6b0229ce8f34941230854e340193

SHA512
308a8710b4e4d1e6a906aa91aa5fff9ac78c0406cba15063603df613092b5c162ffd7d38362bfccd878920632468b9620c9fe4842982242c74bd8964dbdbc521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
d985e9faa498915ed292c42414738f0e

SHA1
75589051b17ff2e94ea0a8ca53d98a66597c5903

SHA256
097c52a6c7feb3180d92ce971c8d052410407d0d0e46aa9adbbde6307bc6d948

SHA512
95ac76cbd344a1f5ec1474a64437f6671f7b7d06ca99974fa8eaae2ff2f83036f2aeaf714bdd2e024c1c1c0864f25d87e2d28e400bd768ca6447ac76a85b139b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
d985e9faa498915ed292c42414738f0e

SHA1
75589051b17ff2e94ea0a8ca53d98a66597c5903

SHA256
097c52a6c7feb3180d92ce971c8d052410407d0d0e46aa9adbbde6307bc6d948

SHA512
95ac76cbd344a1f5ec1474a64437f6671f7b7d06ca99974fa8eaae2ff2f83036f2aeaf714bdd2e024c1c1c0864f25d87e2d28e400bd768ca6447ac76a85b139b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
9a7b58b24ce46d3d2c1c8a0fbffd9241

SHA1
f6850cbbcead586126c17e1d390af8a273c2d3e3

SHA256
4859732538f5a1523827804008e0f36edae4d54ad08e188579fd32da0664a185

SHA512
e3b7f658de753415e6763cd280d5858046c04b36bfd2219bbc0ea03529ac81300847bbb5d6e5d0c86b19dd9b822748008fc47c7775bed8e18b543a6318962c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
512b296560372a7b59609b5de510b2dc

SHA1
9ad4eaf6d16d68bf923b8d02f1be62ca472e5768

SHA256
a79f14759cd1dc355cc704052c446bce77e21d9baf93b2ca77c9654c9cbc4561

SHA512
79df74c07ce238563c3f4f762569a4ec22234219e030f9ba4e960c2522e5680ad62fa8fdd151cc248fb02636b98e4ec30eff386b87dafc5e3c181420adbea9ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
512b296560372a7b59609b5de510b2dc

SHA1
9ad4eaf6d16d68bf923b8d02f1be62ca472e5768

SHA256
a79f14759cd1dc355cc704052c446bce77e21d9baf93b2ca77c9654c9cbc4561

SHA512
79df74c07ce238563c3f4f762569a4ec22234219e030f9ba4e960c2522e5680ad62fa8fdd151cc248fb02636b98e4ec30eff386b87dafc5e3c181420adbea9ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
00ff4f64c12c42e605f5b4ddd775f27f

SHA1
ac236bd8c8e61534f375c26ea7fdafe94b47afd5

SHA256
a839fc302fa644adcd72f16ea29abb0ba8b078e71aa7b51c81a4feb2d036f42c

SHA512
f1e03f6cca3bc10ff1966ceac57d34666391eeb8c38797c216fe56ad778655c6306c1889df4be299624e40eb995f99387692279454f3a936fae398a7b67c8d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
148KB

MD5
be962799e4bb45406e6482568aa4150c

SHA1
1924522bf3fdac45fce76f7587c82bb059aad476

SHA256
ebbae9ca147589ea773451321118906b0106ecf9a55ddd0d83f36dc67ee65879

SHA512
48b68abb00213ee1f16650c97eaf9a0f013c493f5e41f9124c33523372a87d8c3450107a2becb931736245fda7c2caf51fa810bd5e1db4c9ba64216a6690329a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
148KB

MD5
b942a3200e3923d725fba196b8312efc

SHA1
12808e1d66ae5a81b64990e2cd658f735690653d

SHA256
8b48cc3fe669c51dcccf44c4bb5d804ae93b7a35ae43ef5eaef291f96b40cf31

SHA512
97cf4c95dc0d43a049d558d8fee8ffee24259efb6f9a66099425054fa24f8709a5bed0af554cd0e0fed2ca32646dce082f827a169ac24b11dfabf1277b5f0d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
941c1cc11262192dc0ba9097147fa307

SHA1
05d01ca3f9f9129d37950d0159d609a975a3a956

SHA256
09f4ba8bdd6bc6c74cf55d4fd4317d9f2b55acc506fbd5a4d8034005368980e2

SHA512
35be7bb0f4b6cad877850ee477285b2fcae08a8a7509e0e070768a8a1a87cf89c6d29681300d66023d3f656fa6070de754f00ff7b603584752b3757425e1eb01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
bffe823601fc6a7258dbaa3cd59768cc

SHA1
6c1076b0795ba580979050cfb9ffc32ddb445da5

SHA256
458e56283edd5a1fc247a093f28129dc5373b38548da5d55ee90bd55262cc853

SHA512
f7beaf8677875913f39cc2da16daabe045596e19c62e5d2672044e9bff5847f1122aac7bde2bb27620e7e6b9a0222e96aa97939c9eef2d0f75d38bb682ba4dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
bffe823601fc6a7258dbaa3cd59768cc

SHA1
6c1076b0795ba580979050cfb9ffc32ddb445da5

SHA256
458e56283edd5a1fc247a093f28129dc5373b38548da5d55ee90bd55262cc853

SHA512
f7beaf8677875913f39cc2da16daabe045596e19c62e5d2672044e9bff5847f1122aac7bde2bb27620e7e6b9a0222e96aa97939c9eef2d0f75d38bb682ba4dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
941c1cc11262192dc0ba9097147fa307

SHA1
05d01ca3f9f9129d37950d0159d609a975a3a956

SHA256
09f4ba8bdd6bc6c74cf55d4fd4317d9f2b55acc506fbd5a4d8034005368980e2

SHA512
35be7bb0f4b6cad877850ee477285b2fcae08a8a7509e0e070768a8a1a87cf89c6d29681300d66023d3f656fa6070de754f00ff7b603584752b3757425e1eb01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
512b296560372a7b59609b5de510b2dc

SHA1
9ad4eaf6d16d68bf923b8d02f1be62ca472e5768

SHA256
a79f14759cd1dc355cc704052c446bce77e21d9baf93b2ca77c9654c9cbc4561

SHA512
79df74c07ce238563c3f4f762569a4ec22234219e030f9ba4e960c2522e5680ad62fa8fdd151cc248fb02636b98e4ec30eff386b87dafc5e3c181420adbea9ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
bffe823601fc6a7258dbaa3cd59768cc

SHA1
6c1076b0795ba580979050cfb9ffc32ddb445da5

SHA256
458e56283edd5a1fc247a093f28129dc5373b38548da5d55ee90bd55262cc853

SHA512
f7beaf8677875913f39cc2da16daabe045596e19c62e5d2672044e9bff5847f1122aac7bde2bb27620e7e6b9a0222e96aa97939c9eef2d0f75d38bb682ba4dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
d985e9faa498915ed292c42414738f0e

SHA1
75589051b17ff2e94ea0a8ca53d98a66597c5903

SHA256
097c52a6c7feb3180d92ce971c8d052410407d0d0e46aa9adbbde6307bc6d948

SHA512
95ac76cbd344a1f5ec1474a64437f6671f7b7d06ca99974fa8eaae2ff2f83036f2aeaf714bdd2e024c1c1c0864f25d87e2d28e400bd768ca6447ac76a85b139b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
94bf79aef3481c417e6f6a64b8cab6e2

SHA1
a687a55f2db0bc5aa2e5baccb1b8f65f938ea618

SHA256
cefc789d679b926f3dd4771464cb384d520b6b0229ce8f34941230854e340193

SHA512
308a8710b4e4d1e6a906aa91aa5fff9ac78c0406cba15063603df613092b5c162ffd7d38362bfccd878920632468b9620c9fe4842982242c74bd8964dbdbc521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
9a7b58b24ce46d3d2c1c8a0fbffd9241

SHA1
f6850cbbcead586126c17e1d390af8a273c2d3e3

SHA256
4859732538f5a1523827804008e0f36edae4d54ad08e188579fd32da0664a185

SHA512
e3b7f658de753415e6763cd280d5858046c04b36bfd2219bbc0ea03529ac81300847bbb5d6e5d0c86b19dd9b822748008fc47c7775bed8e18b543a6318962c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
0e5ff77143255229f8f37bf0c0f40807

SHA1
9a5e925fe71606076bfc8c791186cd55a3ba6075

SHA256
8184030d2168e3cbe47b2de3c3b9538320eb0cc3692b790da5119ad259a91630

SHA512
fa9e8b444b849f784b6fac85c913dde37d67795f0056d1b99b2e5fb26ea7a6f9eb34d7813c22f3c8bcd1ce9c030edf57fefb59f3c2e24b6bb31b7445b9bb5914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57a0c4.TMP

Filesize
98KB

MD5
ebbf00eb65bd7875edd8043dd9f10191

SHA1
63aabf61f0c075b0e6a77bf7efb803961173563a

SHA256
9b149fefd71e7280bbf19bc055f3c50c9370f711f7f0208e748ad3970963ef4b

SHA512
5aed9fef64db1061b5665a2854345a0f76f82ee39fa0e9735fc7ad4a223a80e4c8cca5882e0a1999ebbe5165c54c92ee89690416f5d3a806e4a890a2cb24247a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
8549c255650427d618ef18b14dfd2b56

SHA1
8272585186777b344db3960df62b00f570d247f6

SHA256
40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13

SHA512
e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
384KB

MD5
7f00d2250062e1e6a6207f6f526b7960

SHA1
4f7120afb0a143eea31000ebf4f2147f325f8536

SHA256
a91369366e5e9775e1d9dc9ff2c06d2705acfc7197993759db1c89f8c9a02184

SHA512
ad5272dcdf65246b432b834c6a7ff062f9e7afc43f6366ff53d6653eab78a13f0d278cb9e066051e17bdc61b97114ff4ff99dbc27547cc9c1f595d1b17eb72ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
c2ed3842f74405c4f04ca05cb4a9324e

SHA1
98025a256a573969cc07e8cfa7c1094da8f8beaa

SHA256
61d325b058311a27f00e5f3439ea2b1cbad67b3593811e411584cc116b2bc87f

SHA512
202a80905d1b138397d4250e52acef12430942c5dd3e43436d4b92b5049f1e2fbf5c4caf444eb61ffb9dfecb7c2051918778b9d6b5f7ad17c14647019b1dd8f5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit