ab8c350bfddbc1cd0735f3b7d0ddaa4e239d09b47dda1511c2140c56e8f7a8a2

Resubmissions

16-05-2023 14:26

230516-rr2vasbb97 1

16-05-2023 14:25

230516-rrrdkaac5w 1

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2023 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.js
Size

119KB
MD5

90d5ea750ec3091d4ea6ffae75c50e03
SHA1

b974f50a9da21ed135faa6cfc1e7fa8992a656e3
SHA256

ab8c350bfddbc1cd0735f3b7d0ddaa4e239d09b47dda1511c2140c56e8f7a8a2
SHA512

c6fe29e5ba36bc683e4001363337774d10e7d616e3b82bf6dc2d5597e14aaae936b7690b69c8514fe0c59fc0b7ea99fb1a635f0b33b37ae839db778fc3f6fcaf
SSDEEP

1536:RBp8LdwtTRuki9Ue1IsQexE7nT/EhUDxExX0R+qy2RNcC6hze:p8LAQOjcbVe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133287208222122922"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4588	chrome.exe
4588	chrome.exe
3668	chrome.exe
3668	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 1756	4588	chrome.exe	93
PID 4588 wrote to memory of 1756	4588	chrome.exe	93
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 3784	4588	chrome.exe	95
PID 4588 wrote to memory of 4608	4588	chrome.exe	96
PID 4588 wrote to memory of 4608	4588	chrome.exe	96
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97
PID 4588 wrote to memory of 1972	4588	chrome.exe	97

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
1⤵
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a30c9758,0x7ff9a30c9768,0x7ff9a30c9778
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:2
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3152 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3296 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2900 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4928 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1752
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7682b7688,0x7ff7682b7698,0x7ff7682b76a8
    3⤵
    PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5448 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3476 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3228 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4848 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5320 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6008 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4664 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6132 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6036 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4516 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5972 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5540 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4664 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3328 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4488 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3408 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6164 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6280 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3420 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5800 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6180 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4704 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6616 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5988 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6224 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6892 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7156 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5808 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7448 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7608 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7596 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=3224 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6324 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7940 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6868 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6848 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7740 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6880 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7948 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=6016 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7632 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7584 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2448 --field-trial-handle=1808,i,9084233498130883114,13337016067269817196,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
41fe196c1e0c677435362ac4c21a0e0b

SHA1
d70a77a671199c072d4708b2f74b1821b215240d

SHA256
9ec7c7183776f0667603089508f8c030d2ef2658eb235abbfc728845eeae5a8f

SHA512
b3d7f2c802c5b23c44813d6dab19f1649cdb8faa68d12205643701cfcb5483df01a4237968395b15c5872a02cd57b456074d16fffc6628f8ce2985b7498439c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0d3736e887ca29c9b48e408e18788c49

SHA1
ea6b2eba64ffcbefc3e7778c58d68c08bdc49188

SHA256
b980a1d5f5f6847969b3a3a800e7f322657214c2e954a48ef7dcbe7e386e709f

SHA512
18b3c99a7c941f3b2e3ce906cb9bd74e0f5a04d8a175e8b4e3da64a0422cb8ed26dff2ddb051111bf8633837f1dd93f91227020f5626cfe742bc468936960a6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
a865c6b669d3cf1d06a32609a7cd6311

SHA1
e65f3a88e6bed22edbbc1797c2e5e5b603d8a229

SHA256
d35a3b4abf502aff3f934a5e17424908dc1f888a2702b4c5747188cf1713a947

SHA512
7be046332397499ecb1d25584d5b188cc4c4ffe1fe2f6fc4bb8a7d9f7301ef1989fa48e38ec20d28f5b0affec41c88072be8745986dbd53922c9e5bec4271da8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3f9d576bac60e7d95942b44d1c2b4392

SHA1
06570b99c395391c4dba01a8b7193c0d2e92c53a

SHA256
8f6deb989fe3b50a470ce57190dad026a0de7ca7f3c1e11a3cd1f339efbbd9d8

SHA512
c083444a9d8fabf558ba1523a992b1c4dca36b8d8e8e71814bdaa3a4e2c2be4a2bececd7d732985cd4606277fd39d69f6bc695a6f0c7e0ac88b7a40d23366db4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e137067dcb638fad660b3997b3182883

SHA1
7712fcbd504fb5927e4445c438fca3a1aac78327

SHA256
7a50f0a13421ac60fa8d88a653dd46517548f37b98a4a948d1f73d7d442c01d7

SHA512
4c18ce5726b892b4805abc7dedf8a3509995c997707631540d18be4d1aa28ec0550f83a99dde8598f09ad154cb690fa4c374739d1e60fd2a4b04ffb54a5fcce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9337eb6bae1748b6a12d8ffe8744cd47

SHA1
86928ae477f2ea68a332398231c662e6dcc57fe9

SHA256
7f6285e394ce0c588dfa68756d5c5c133d40f390e6342ac0887ea278420b3477

SHA512
b77f91141f6c9a2abebe720f4ee87f6771da52faf293fa097e87af41f894b9ea1a8e623e4d3090d4ffebed31188cc8e66bbde580566343e01681166ad69081e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
db5639e41ac72662e9d84f9e90330ff4

SHA1
53389a4cc27c133ed120dbc6ed2294b53a880d18

SHA256
98adeb19f26866360050f91084d9304f6236384155f690c84e86b987a0704c64

SHA512
2bd9ed4e5d5e2d69a00d5f602707451caf5f7d25bf5f019b648b35b441bf8d31237f6d337f3d77a6ab143dee41d7ed86966281ebf869df094a6ae638d25ee0ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7ddfdf1c008cc198188fb21b98f04d97

SHA1
cf7d4ad8be75f956e03734c2100d28ada886b557

SHA256
104815e5d3bedb0c6d45cf80e48e48e3709c8b4622cf9b0151e6dec976c6dcd7

SHA512
6b782787c86fb09f2030c75f5cc9b6aaa773f29b7b6ca2ac23ac8f80e5b33cc9c4c94f1df9a836238a974aeaca2d921d2de99d1e004133bd6bc676b65da1754d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c2d8acaa2cee2e3684d58b05dbbf6b94

SHA1
1c7fe9e9408613aef1d1dab9444a9970fc69fdc4

SHA256
a550272c973446669e2602829238b1e98fe6d7cf8ac88c06067090378f37d2b0

SHA512
484c61c30392a0ba0ee716b9def0f48e38083897f6fa892cb3a3789c6b15580a8416d90ad8a6584d3acd1ca7d07afe30deabf7456792c6e7420c5c1b40bad97b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4b79814caa6818e8ac6ad017367d0ed6

SHA1
17a0d6cc3db9961fcb83ec1f51e45a98a5776144

SHA256
757537fc3fb07bd86a9bc83695f128101ae49efc4856833860bd69a04e1e5504

SHA512
a4566f3f423173971d61e4dfea23cd1b1ccd66fe17f0c1ee92035962ed5513b22cd91472b06fd15893d0aa5125059dc001565e292c70cd69508bd6e717ce04f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe574a76.TMP

Filesize
120B

MD5
5ca74b0c0a4f2474e2c2a049425038ba

SHA1
0109c41e01f106cf0bd42ea53706a3637374b4c7

SHA256
7594dc54e94f63e762f7418e79680c4bc2b511f7f73213ca748f95c25f40e437

SHA512
2a7d63d576e3f04be9c0f0a57e6341805b231a29f00559669354bc6b5b1a3dca37246f9383ee6ca31d2f1c88c0ac10400ef2ecefa1f8566be28c1a0a9adc682a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
604b2cbd1e616c76cd0f996ebcbdd94b

SHA1
108e23d2f9758b9e2f771bfbe08d9ff4f26249f8

SHA256
441a3f1816a462964e5dee2692baa8448402057d46b6b747041ea570ff23776a

SHA512
f63a106abf7314dec64bf92f7845cc28d3284575db4d63592c372c65f353230213a0ac22d52bb2fb794af99e04e7340b3a89b2f5fdc99b18de871d85918dc38a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
d2e4e4f389605e1f196a865b49b59d1e

SHA1
043ac5ae24422f450767c25197b95fe4b85ae96b

SHA256
6faa8c4d72a49242d780ecc31ec81aec417aaaa733ac8a70107332699be6d849

SHA512
d605c7d731e492085007114ec59722d9ec1d6644ebb6e6a42497953ad387021d21e45711a1609df340abc9ed94b212e4c1e88bc367d71aa2e23b1a3f6cad9024

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
6bc663c181a66c79145a9f9d200a40ba

SHA1
146946518d546bdcf534b0287264142b7cd0f8b8

SHA256
9ab9bf8b6b628fdbfc83631988f15f313af67752820f427b299d296b7043f2ac

SHA512
8831a5b8db735bb48737b55a39b50784d213147a435b2a60aa83a6bb4751db627b12b66184c699be98aabca68e0f451d2472f4a7a4722316ac6229eabc735b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe578e84.TMP

Filesize
97KB

MD5
be9e18829d51b13dce1e6d4863b618bd

SHA1
1d18317e0c6710627d841146de83c2b7f1f272a0

SHA256
015655c323a5e199391d5aa1d73447757f8a5a5543dfcf91c01d57c1b820dbe5

SHA512
39b64dad472b82aa89f9501fbb516c556264617ddb7094817ba5e5a1151f84fcddec2afc84ac1d41ae0edce0d463daaccb78369bf026786cd308ebee0b843e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 931816.crdownload

Filesize
2.2MB

MD5
70f3bc193dfa56b78f3e6e4f800f701f

SHA1
1e5598f2de49fed2e81f3dd8630c7346a2b89487

SHA256
3b616cb0beaacffb53884b5ba0453312d2577db598d2a877a3b251125fb281a1

SHA512
3ffa815fea2fe37c4fde71f70695697d2b21d6d86a53eea31a1bc1256b5777b44ff400954a0cd0653f1179e4b2e63e24e50b70204d2e9a4b8bf3abf8ede040d1

Download Submit