hxxps://google[.]com

max time kernel
74s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2023 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2412	3800	WerFault.exe	44

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133280630448999506"	chrome.exe

Modifies registry class 19 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
244	chrome.exe
244	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
924	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	924	chrome.exe
Token: SeCreatePagefilePrivilege	924	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe
Token: SeShutdownPrivilege	244	chrome.exe
Token: SeCreatePagefilePrivilege	244	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
924	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe
244	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4464	SearchApp.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 924 wrote to memory of 4212	924	chrome.exe	86
PID 924 wrote to memory of 4212	924	chrome.exe	86
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4476	924	chrome.exe	97
PID 924 wrote to memory of 4144	924	chrome.exe	98
PID 924 wrote to memory of 4144	924	chrome.exe	98
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99
PID 924 wrote to memory of 4320	924	chrome.exe	99

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://google.com
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffad72e9758,0x7ffad72e9768,0x7ffad72e9778
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1836,i,16851373980758237358,8173537701841650407,131072 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1836,i,16851373980758237358,8173537701841650407,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1836,i,16851373980758237358,8173537701841650407,131072 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1836,i,16851373980758237358,8173537701841650407,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3168 --field-trial-handle=1836,i,16851373980758237358,8173537701841650407,131072 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1836,i,16851373980758237358,8173537701841650407,131072 /prefetch:1
  2⤵
  PID:2012

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 440 -p 3800 -ip 3800
1⤵
PID:1868

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3800 -s 4508
1⤵
- Program crash
PID:2412

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4464

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4692

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffad72e9758,0x7ffad72e9768,0x7ffad72e9778
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:2
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3252 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3224 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:8
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3768 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5020 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:8
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:8
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5316 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:8
  2⤵
  PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:8
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5292 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4816 --field-trial-handle=2068,i,10907343181834066912,9931948942785560089,131072 /prefetch:1
  2⤵
  PID:5420

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5192

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
31c49aae6da6e0b843bc0bf37612fb19

SHA1
1329acfca3303f49efea8845494773bda99423a7

SHA256
1ca51ad1128a7be40d3be315ac5dd634a930e48da765d8003e86083115a356df

SHA512
bbcf025179988349336f131498a971b589a646add1cec7c5162ed8a38f469079e78fa6bb30801250ea9b9e5018899bcdd3564c2a629c8b8f5e24bfb07d7f5a82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
3b5e1deb92875b9bd1e696a6b7897f3e

SHA1
33d10a346a4d29356b42320c92d838223137b9db

SHA256
34208ea35a4aba051047bf4ea09c90fa56bf923c972d8866c62e915bfd6e71fe

SHA512
69652a77c1652a9bb8e5bd69a9c303fefd360025ff8de15ad46209e419bd4df593a40d3b0c9905fe814004f5815c8185259df859962b0d85aac14fb64e939081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
e53954eecca4c1bd37354d46a16bbf66

SHA1
21dfcaedb069bc20068adc6a9a2edfef856cb292

SHA256
0d4ab0779756765b370a58876c09cd8afac1c264d47c6fa3e27f2d373c499dc3

SHA512
9349d1f5bdd85ccf96491faeca870d9f0f2f5639bbf7b2eb2cc1459ca01d128cd86a23b556a8633cbc7a1f6e5ccf32f1f173d964028703bb632e0d3d05b11c77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
ae296649e5499156c463ee5b23b21c09

SHA1
43c906497671e764accc6280963991465193317e

SHA256
76d68c7996bf1d71077050f934fd04d548656a5331b55ecf1fb659c573737930

SHA512
bffa645ea5354c7f2bdbba7af8226c2ab3094383ab19cb205bd2e681e972b1da4d0a06cf6dc0f2d7d053d672514e80c00bfc5e519aa9739395115a580d855f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
45KB

MD5
78585df458f6d5226c81d04a40b0107c

SHA1
ef182aab29f4935a3f1d231502a002a04cde4013

SHA256
8062c540b153d97a990b6d5a15dc0a76e2dc346006b3b73fc3b28e0e9c485f1a

SHA512
121423489852cf0bc91e3d86c3119a8eca266822e7645d1b6710cdb0b846039bab7be3fe23311789a783975a52a8d69f781641766ccd8e47e2b75bd03d2dc35b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
283KB

MD5
de6fea88ecd5b30b04e64f733d2a27ce

SHA1
bbdd64b56ffa1eb1eeb910aff33fe8ac22ca7fb0

SHA256
64d6aa125cebaf502d250f3f879a4c86a9bada7a7cd7007865a9f1b039a57c69

SHA512
a89d81fb4401270e5ff8638c24fec7985be96a67e1bde65da95b041de61b6e774143dc232fcfc52a282dbd58786dcf6892de0828017cc7e8eaf7cd4f48250621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
286KB

MD5
e3fd9a1e3a285ffb18f0fd62e64c1aa5

SHA1
5931379ebe5996dbc72731dafcbcdfc50a5d3507

SHA256
24430c1210a6b3237a1d3cddf0d3739574464d50e5ae1bda5dcaa3d44eb31bc2

SHA512
b8a1ea69da64c374f5b84dc839045d9e18440ddbcd2424c13b6b403e334b86eece91fa9c739190f2f39362ff374a2d0294e4e0a01275c0765013747cc36bd235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
67KB

MD5
d53047221bc75dd26e7b5286e294993c

SHA1
4c2ef47b2e16fe8410537ee6456b15e38393fbff

SHA256
30423e3426cfa81562d06275c25a1a41dc0bcc5451ca0766782987458e53d9d7

SHA512
0a9a845888b8682e73677c4555f49e10e084159deee1cd3498bd7f1c3ff41e5c4ef4354300bc452c8dd5ced1047c1534df3be50d55f441ef68dad16c02600e98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
21KB

MD5
099d8b46fbb6ba808f6f4b027bab82c8

SHA1
82669b356edb3fc444c7ebc3175beb232f45bec0

SHA256
dacd0e50d9482b01b3193748836d9c21909455a72520189d1b5db2824b8b2426

SHA512
5d7e845977c8e71c633fdbed22ff5f77fa5670b6aff6585abc1d287730d2c540c921fc44e0669e6b10e72bbdc99c7a331666ed2b68b9c44afc5b331389d6ef3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
64KB

MD5
553fc1fdde5378d5c9c5099a6cfa2791

SHA1
cc09b114362bcee8b362cd87adce01cded5ba888

SHA256
556c0627df685ccaa1a152d8a49170c4d53c6ca9da977ff38b63971eec81423d

SHA512
c2a31df05448d67158e281bfcf913196685d2a01b089bcfabaed37f61ee3e5b42361f230dbfc4ee42daa1051218f4ba8797abef84771fea70e00a6ad23803c0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
74KB

MD5
ab8fd5f4861204beffd7d1a9bff28d91

SHA1
4806fb22c93ba59eebc27ed433c908a72a48b84c

SHA256
3e1a52309f4a94c757f4c9cd36b90a6a39cacaa69f065b08a4ac96f914f6c594

SHA512
4e2ab05cc404c5b9b645aab15ef95f1c6bd3167a679a4e6a5b1ea4488308cd870511e8db278977cfcfedc620484a4c84c581eafc071fe4ee39818de51c1244d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
76KB

MD5
c148b1baf86c3aad4df8a13b7ef8701a

SHA1
4f9e1d30e8b5dae8d5d340277f6a898e586f3bac

SHA256
698ff8576afca137692627e5bfbcc0f49d20267e7ec9ecaa2cfc59e3a5653e9d

SHA512
d57a2ad5d477321e6e7e5e2f55abc125e7134a30c7bfe72e7cdfc2cee65d33b9373c1f98e1b982b0dc781dd6ea2b1572b776e6e25a973392d77e05816534b8ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
93KB

MD5
1cd16d73e6b858b8aa7c6ad2806378ce

SHA1
7c6c90079c18d79e4c8a655bcb44aa05fd4f3c84

SHA256
76bbdecfe49597768dd26ee7540fb4bcc5a5b918fa1edcd30f394fedff0a9fe4

SHA512
6bbe24c68fb6a9717bedc26fc81154dc4ad8ab6353b6375688f4e6d99c9f02f51c4db06b80c7550592273e1fc2b70035449532c4ce36c8ea2a51dcbd31046977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cda642791d73282c_0

Filesize
378B

MD5
8bc986584bc7f972cc2d30d573def55e

SHA1
2fdbfe1b43ea6ad67851d71b78c02f9101e7fe77

SHA256
992d53c4f11455f68c9dd211b3f900092096df88ff788a4ef0dcfc9a426317da

SHA512
d45acbdda71adddc37f577fffa8f5f220213c60892172c1788dd9d36eee79381ceeaf295e916aee4e568a35b8eaf577c2442da4efc5e82a0eb4b41c74197a24f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
974fcfec78ea60f37673d322ddb660ed

SHA1
f3496a97dfef40582f50c72ea73fa6e704df599d

SHA256
9085b95f068e9167b70e16c933f6e1806def8170e7c6f0d0152d7bc961436525

SHA512
a9440b9171e1db47f682592f3d5866131bcd8e6f5beda591444388fc1d130e5ca990e6047f0d168818d699088611a09e54f37a90b13b637a33a50364d843c809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
974fcfec78ea60f37673d322ddb660ed

SHA1
f3496a97dfef40582f50c72ea73fa6e704df599d

SHA256
9085b95f068e9167b70e16c933f6e1806def8170e7c6f0d0152d7bc961436525

SHA512
a9440b9171e1db47f682592f3d5866131bcd8e6f5beda591444388fc1d130e5ca990e6047f0d168818d699088611a09e54f37a90b13b637a33a50364d843c809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
eb7f5bb6f9c33362fc550016ae57d1cf

SHA1
896e1c05f59eeb9fa7e8457b6aa8c87c3060fbb3

SHA256
61a6def25c2763b47ef6ed112a9bc1a7d121e6242401bd11b7050e156d1a0827

SHA512
b1551c0759066c894874921fa6582f964d319a10e5fa54835c0d6064bdd13fd2d6bc65de9ab656a805b917d8b48acd7d2a4d8ae9aa90bd65a2068df010e036c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
3d245d05873b6548ebd3db46c3070bf1

SHA1
7509e9dda3c068b28fb359768bd7c950d3ef5083

SHA256
284240e76d43227d36da31231bd2f6461486b8e2e3f43cf22e430ff73b0d55a4

SHA512
7d1fde06c55aacf03ec8832c05914949a08150cc5eec62952d814301d7a9894f8773ee63f684d320a7c685ccca4eb0eb58cbfc51062a6a87e58fb35e9ecb7f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
17KB

MD5
e17b3a63eefa509318dd9f84fe46362c

SHA1
8bf19223bb9b42ad8b5f9c1b979a4d6eb192363c

SHA256
1526298dc3ce267081bcf6dee0f978d5f321ee51eda092c6a86f964b26b6635c

SHA512
a31a9a448811881f110af4f5c48fb7c8de2721d115a78ce083f0eeb2ccac7b208f874a9373d0190e7d86bb580292fed1971d70192e4d8050efcc9bd3e1b145c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
0551f83204d2a9121cd796b0c6ed1f0d

SHA1
afe3cb4e6aa2d9f6da8f945f0d6417c660160e38

SHA256
af9472981cf969038167066417b2c416ba71bb68ca615262f6148fd60e6c4330

SHA512
e669901e7f467b0a046d55986d281c4f377d7e4c609ac5d4775d9f8c5b0f486bc92d78eb6f07a8f202c6cfe69f7da5a9b4001a070d95e06054312f3ff1bda344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
4a9f2bd6fe82db8f021e99272a297bbe

SHA1
291f30380fc623224e45f05ec3e01f6b24ee2ea5

SHA256
0323fdafaf4fcb56683875971b0decb991ec845ebfb58e5781da5d9f9a1882ba

SHA512
f9700f60419dd493d67fedacbf5fc5b844e4df51ae474f9e281aebe04e3233250062fee68254af06f4bcd9bffc607161d4848d682319eac6fef56de0104e3b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3ad38c0962fb30e63eceaef010a31f3a

SHA1
afeb56048b6b8e27fbd638eec15a2ef92a5d1aa6

SHA256
c621a037a5268f0e5876e17cbed49d84b20a39db683b0df896575813701fb7d3

SHA512
face673847fa046fcf0e101931e4f3dd0c9a3a34e9b2922fede73daaf7a5a52e077c0f0fe0f81115784b124b9e43fedbab556ceee8d6b0540bc5732cdbf4bd57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3ad38c0962fb30e63eceaef010a31f3a

SHA1
afeb56048b6b8e27fbd638eec15a2ef92a5d1aa6

SHA256
c621a037a5268f0e5876e17cbed49d84b20a39db683b0df896575813701fb7d3

SHA512
face673847fa046fcf0e101931e4f3dd0c9a3a34e9b2922fede73daaf7a5a52e077c0f0fe0f81115784b124b9e43fedbab556ceee8d6b0540bc5732cdbf4bd57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
ab71e0798e2255163172a07af69c1f5b

SHA1
43cb16bf5fa81451140634ccf4f71f54f9a1e4cb

SHA256
9b87f0641811b2a6a016ab27a9f742ced51fba61459a5d52e3d26f75cb9bd970

SHA512
d2044bd05d59d4e08a81722ea8da58b9cff3e699d4ed5b49d4df48792af34e059447e268a48e12837f858dd369fe9c4d508e7f28dffb6baa21b17b2b476650cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d05de6105971301e54221c2b3db9ce51

SHA1
e8ffee98f505bfe9ac530e4d26ea6c0445e5d35c

SHA256
660ba1944061d3b8b1b7557c135fe664e92694fa6e460852323b049e0a403f84

SHA512
340de0d1ac0b8815ad21e86ae1481d092136d97b3a91db3c43828201d655d62d8af3042eb88ff31c28c5eef26ba192adaa40f34af5ac660f577e45c66f93319b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d05de6105971301e54221c2b3db9ce51

SHA1
e8ffee98f505bfe9ac530e4d26ea6c0445e5d35c

SHA256
660ba1944061d3b8b1b7557c135fe664e92694fa6e460852323b049e0a403f84

SHA512
340de0d1ac0b8815ad21e86ae1481d092136d97b3a91db3c43828201d655d62d8af3042eb88ff31c28c5eef26ba192adaa40f34af5ac660f577e45c66f93319b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
43b0f685e55b07bf30f0d079ddde256f

SHA1
a6a7df399005adecd737d93af3f61004adbb4f35

SHA256
538e00c06c16f512b6e08e05f329fdc7606adc3f824a3e3b715c973d64b7bb9f

SHA512
4aad63335ca5cc6e9a3c520626656292fbf80aedcbfd10d008ae196f92f50c3dc32eb66b31fef17ae08be9ea87e0f238366f265bcca6bf407fc433ef48919e8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2665669ebd96c415487be1be020ffe4e

SHA1
41858c8a40f818e26e0604223a164bfb3e9eb4e5

SHA256
0c023447dfa37bef99ab63e56dfa37f40c59b8fe44e62651350bc3d92d7b09ec

SHA512
fc5bb9e4e75025783b4d150e91ff281b20d5fe91cd3de849b8c9de579f7ffd9a512ba176ab7ef981b646c26000ef698be173f14855774ed180d01a51cfa28e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2665669ebd96c415487be1be020ffe4e

SHA1
41858c8a40f818e26e0604223a164bfb3e9eb4e5

SHA256
0c023447dfa37bef99ab63e56dfa37f40c59b8fe44e62651350bc3d92d7b09ec

SHA512
fc5bb9e4e75025783b4d150e91ff281b20d5fe91cd3de849b8c9de579f7ffd9a512ba176ab7ef981b646c26000ef698be173f14855774ed180d01a51cfa28e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e3d9b60d5d3a98ccd8808ed5950d6104

SHA1
4568690ec6e942c21ba730c694a755ddc31fad1a

SHA256
88cd9e5999a95ad92876492b7efead9fa58c044694cce387c8bcda19718c36db

SHA512
7fbcee3d968591119f378e637d89de9a6c7a2b252f909e008fb8ff38f6b7a0f4678f2da8ede99e69163365f00e4bea60a5b5ccda1539a5d78ca16aa02f774b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
af2da3c1639878a49ba3056a7f5e75a5

SHA1
5c2f790b471fa7a62741dfaad22164e0af5c239f

SHA256
c7c9f4fa61eb8548d66fdae9e1de4086020815732d716b109583e964e70b0b4f

SHA512
2c3cf16b3b4c0a9a4eed8fc1f2805ef7c7f91977f741f7a745327671d1c1d7c72fb146ebfdd5de6e6748c29effa5ffbddc1805c5a251b72f2b20d994cfb57f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
7f5b6176b2d3d43f839816c07e320c3d

SHA1
d5d8c7d4ce3340e09559014941c72ee3ca4c2b93

SHA256
31f6e7508f0c6d39afa5b6a8bc53305563e35ab3278c026e439cbe8c743880a6

SHA512
672839fdfa0d7f6a158c87c3c2fd333df915d9c2ad02f4812b714c5a0dd0fd4b93232c2414fc3ce7203d72f9dcb96fb43b063aa90ee166ec44b78cc43a5032d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13328063003858376

Filesize
3KB

MD5
4bd289272e3f50781060c17db2f99a61

SHA1
e3df6912928accf2e6e6460013684cfd7616beaf

SHA256
e5802ed0cce7253b4c192682b8583cfb21f3b055a02c94dc0424e5467f613cd6

SHA512
cd039c5f4de3eb603b6126b6a5fc83cfc82f3bc2aad949af5cdade2431b42dceba9fadfc18d3ce15b5f787a813dcb22f870b1cdf6051b3aed1fd7ef149e936d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13328063006707376

Filesize
2KB

MD5
11dda94012243ff52e3bec15b838b3c2

SHA1
b5a38243746d508a18fa6b2f5ec91f368cb32a21

SHA256
2cdfc9b2d14443f0b57b23d292a363ec22d49844128f3409a7908c33f3b5b51a

SHA512
2938c7883e657a1802a6d780f6858731fb7a8207a6116e7ff9060c894d83052ad7e1fdb15d8959b2a3585cd972edf2df602691c4931cbfaff526ef7c1c5200d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
d6fd9917d018dd260b46a487fcef22ad

SHA1
c64bdaee91a1951d372a1707b09c6f68fdf9cc93

SHA256
e3bb6321a3127b5ca6ebaa369c6fb98001d426046f09ec12839f3a073686293c

SHA512
e9e88e548ec421a0fce8805f7304c18fd6cb972f47e4e7ca6ec41b17de3c4ef8b552c877f1bde4124c36303a75827a927da8d00db452e85cd27e8369c807019f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
111671e56d13815554e17c3e4919c364

SHA1
298211a76ebfd868077fe226e4f398f531db3e6c

SHA256
8f2cfa436292a7224c8a37d202c4bc9fcc07dc6022783267368143a9affa65ca

SHA512
1d36971b1bd78da509f60e6cd97422d10695a0c54f70b2524a485f9e951c41be62ab5715451015307f581c5f95dc7e0b69f9a0d3a555ca6407be5e848043c088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
dab32c0f5b4cf34aac32d3c5cb5210b0

SHA1
706bac59f874617cef6cbdb78a4fbcc6481cc1d2

SHA256
94293fe61148da42ff0789363c39048cb9151ed7bef08fe9244f51db44b0a5aa

SHA512
8654a148240e8b8a3d6fb3578fcab4a85ade353ba1414e44f4658e335df9a1bb3b32ab74f29edf9fb7ad4a35c377cb7f3c8ddf505ed4eaf34f4755b68f50338b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
57B

MD5
41c7d1373de8e7bd508c548a70910e51

SHA1
f919499049571c75c7eb73fdaaa5198e6dd641b6

SHA256
99c59cbe7db56d56a286485635e4467004641c6275e708887dd35728eb05109a

SHA512
c30cb4ea2478fd816b4a160626b08cb63d2b9dc50eab694607d44d05117e6af8dd707bf4e14cf001cf69007a654ade55149a61ed07f9de6a9a2edcb51afa0773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
b9399dc936fe66908d96a7686c5869e5

SHA1
9a2c5c7538ecae404e83f06b08b1e7c93cecb9aa

SHA256
3503cc90ce91a44aa43dde5601d932ebf02f4f105c1e3d87f9d21c006e6147d7

SHA512
3de271b4a3085754b47e888f0d0818e31af59ac270587bfc455a3f78245a2e9c69c122e71bc02fff8945c89f55edac4a8c9c553585122c71e2e5581e8375b1ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
252B

MD5
548b88009c391c755cf4489e91db2076

SHA1
8e85c6dd4adb412ec357a78cc3717edc19bba1f4

SHA256
09924217836b8263b510fd56557c93a527a493d9661b7df2c353a85684cdcb87

SHA512
730e5dda9d2664c21f5915dcf6d654b93d7dfce6e1d31926209cc7957e44854f0b5562dbe449be435ff8e29c04cb93344f06377ceecc31ea9259869478c3dc75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
7204c8ab8958eee04f36e875329f057d

SHA1
7ed03e36de6581bcb319f3d35333f9fd254be24f

SHA256
aef31febea8e17c23811a71adeb8a346038f0c50ba7758082a0b503c75e3009a

SHA512
08fdb81b4cbacdd29a7afc7cb4d0f28732811528b5d84eda9324487ca26334828048539e3014997a1bfda7d6216949fd529358d28575a12a619a90b852795e34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
88d452720a6f8a58a91835431d2c49b4

SHA1
4150a476ae0f80e7a6faabb9cc08ca593f288acf

SHA256
099376525761799acf37a16f9a565495254320bcf0ecee1a12bdd3dde7820ba6

SHA512
5b95406ec92b9af542f1d6da8a453ec7a2f4d536773ba3dd581946e70c1b5b3ddd811942bb3d5893b91a4cb4a683564d3254499bab5584f58fcf7ed953c4d6e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
88d452720a6f8a58a91835431d2c49b4

SHA1
4150a476ae0f80e7a6faabb9cc08ca593f288acf

SHA256
099376525761799acf37a16f9a565495254320bcf0ecee1a12bdd3dde7820ba6

SHA512
5b95406ec92b9af542f1d6da8a453ec7a2f4d536773ba3dd581946e70c1b5b3ddd811942bb3d5893b91a4cb4a683564d3254499bab5584f58fcf7ed953c4d6e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
faab56e2fc39c4c1fd3f15fc90a93327

SHA1
128194b2a5ba148dc6258249c845ddee3c516d28

SHA256
2a211d9a5670ccd5c194f10572a9b913c3d1fec1313e7691ac755b7db7959d34

SHA512
8681ea516e0ab45f5ce7f4ee46ee7e4b43d5a193779991dc178d74dd8b24203a142f96dc02d3d7a644910e2dcaa45ad0864dda8608c501242faf4279ecc7445d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
5B

MD5
bf4bfed6cd5e31e686cc2938168395c7

SHA1
a860df0c65d3bcff2cc13435a6ab9f8f40a31b86

SHA256
4c504e3fe54e4f1c2f666daf12b720715de8ccb1d64f5f16bf84449b8ac0538a

SHA512
49f1c0579ab59413abd68e648dc79823c8ef84e425b424595821a59ac203200ac86cee236a7111fa97ec95572a469f79853ba5306486cf93b6d2145a15a7c6df

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{0A6AC72E-ED8C-C16F-38B6-05831557CF24}

Filesize
36KB

MD5
8aaad0f4eb7d3c65f81c6e6b496ba889

SHA1
231237a501b9433c292991e4ec200b25c1589050

SHA256
813c66ce7dec4cff9c55fb6f809eab909421e37f69ff30e4acaa502365a32bd1

SHA512
1a83ce732dc47853bf6e8f4249054f41b0dea8505cda73433b37dfa16114f27bfed3b4b3ba580aa9d53c3dcc8d48bf571a45f7c0468e6a0f2a227a7e59e17d62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_WindowsPowerShell_v1_0_powershell_exe

Filesize
36KB

MD5
94b56d65a8b7f7253aeacac345d4b096

SHA1
7e11e248ae804d3647479a4fe5f03835a1eee4bc

SHA256
0f312587a999305794730da6f2198c82a346e64211e2fb054256102ac70315be

SHA512
538cc0c1b4dc66e8a3c6ca9a17ddac128441874248589bcc6c88b64ad7d3b93ff143867d6fad0002cbb4584e951d0e82441c350396e6d59b73207a3ffe0fc055

Download Submit
memory/4464-144-0x000001EF6C200000-0x000001EF6C220000-memory.dmp

Filesize
128KB

Download
memory/4464-151-0x000001EF6C5D0000-0x000001EF6C5F0000-memory.dmp

Filesize
128KB

Download
memory/4464-148-0x000001EF6C1C0000-0x000001EF6C1E0000-memory.dmp

Filesize
128KB

Download