550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3

Analysis

max time kernel
150s
max time network
153s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
17-05-2023 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sa-mp-0.3.7-R5-1-install.exe
Size

14.8MB
MD5

f7874cc8637e5ddb98b07ed40a24de58
SHA1

0a9eac60f516a8661b5b2ae9f1d5d798ee7fecef
SHA256

550321da5b10c472bc719bca2c0df74b240f80eff828079eb5253598fe112ae3
SHA512

c0e2078d8bd1d6aeb8d6cc77ea935e41fb31c271f6503a3625d2bcbebf9a8b142a1d7856816381fb4be79a45e1ea6dbe8cdb8efa027f29c32faf52794c49f2b1
SSDEEP

393216:suNmflaNtY7G8t+LdFyBV9DVimtbA9yRbABehQtAuGuSwcBk:3NklUt3Nd2VvimtbeGbbhQtWBk

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133288473529294107"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	sa-mp-0.3.7-R5-1-install.exe
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	sa-mp-0.3.7-R5-1-install.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
5044	chrome.exe
5044	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3440	sa-mp-0.3.7-R5-1-install.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: 33	3084	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3084	AUDIODG.EXE
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 2116	4444	chrome.exe	68
PID 4444 wrote to memory of 2116	4444	chrome.exe	68
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 2584	4444	chrome.exe	71
PID 4444 wrote to memory of 4168	4444	chrome.exe	70
PID 4444 wrote to memory of 4168	4444	chrome.exe	70
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72
PID 4444 wrote to memory of 4156	4444	chrome.exe	72

C:\Users\Admin\AppData\Local\Temp\sa-mp-0.3.7-R5-1-install.exe
"C:\Users\Admin\AppData\Local\Temp\sa-mp-0.3.7-R5-1-install.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xb0,0xd8,0x7ffc445f9758,0x7ffc445f9768,0x7ffc445f9778
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:2
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4448 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4604 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5128 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:8
  2⤵
  PID:592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:8
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5448 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3232 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3056 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4452 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:8
  2⤵
  PID:68
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6004 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=816 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5196 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4336 --field-trial-handle=1756,i,14419176656453764100,975831599469245522,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3468

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x39c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3084

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7c48dd2f4e33b67ffa3236b9ea4aaff2

SHA1
f66927a44e7de0c0038ce744d1d1d7251742702a

SHA256
b496c6028f1d5fe18f50705c8108ae84820748a3a2286cc9b56d2bb5a38aab02

SHA512
6ccba975ea123b1f59ddda5ec486be685df0ca1def0d34ccd160047a3fc9b126ec58092ed3f98b0cd6cf9df53a95083ddd979ed311d06fcc70eda216501dfa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
47KB

MD5
70388d1d15f80f0ddbe58dd2a9095949

SHA1
1f6a1d916905e2dd0347b22085cc1da0fb646a5e

SHA256
395c789048e6fbf5c98ba7562a8b8265885ddd0eec339de55173ab83d3aee618

SHA512
8bdbd091852af9cbca6f9e1c69727a067361c2718cf575f7c543e88bef92da71979ff073d8071386ecfc6be3d7d5ad53253da7f5a830fdeff5ecf6a2b6f43843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
738KB

MD5
097fbbb12e898a12b149ad737e95e1b8

SHA1
aaf2a434409144ac83f980d6077477c147333ea7

SHA256
e8c8ca339336c4ca79764b01b065bdacfb5f57dd1891e65c05eadea6cb794dac

SHA512
2482fc5ba0c49cae040dfc4366695880ecedfa0de9633c00f3ee234b765777034e664ca412d65a3eb03c345e1d44dc8e579180d32aaa95370da610488e8b2971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
d14d01083aaf4aa1afb67e55454b2bb0

SHA1
4e9ecb37ef8814f3ffbacc15abdc12e8f7299441

SHA256
970b6418e27b4724ff52581883c5999c8f2a3270c1c16bed002b5fd834832db1

SHA512
65264ae5f63e9ce0c3adc67bfbc256383feedb06694edbe6bbd1850dd961b94d8d9ed07a797e9d648b4ab0f61ca5e498e281eb241104d1747970dd74d71d1e6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2260cbc4d9e1930a405634830761e03f

SHA1
b14ef190e910fade75aefaaffbb7cc662546a8b3

SHA256
97da80c29840096ccabb6fea5c1bd179137748036990ebef9f8d845ee856b219

SHA512
83d6103e27d6c491c5be49b0b185e645540519143c3df9f9b61ec9dd4c8bae3eac504ef945b06b240193e11261fba5359eb515e39e9ec5e5b50c922f84487dad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
d563845c721c7d582e2d577cefd256ef

SHA1
95d612fe6ba81a1787d38c267ae17d73e9d6262d

SHA256
53d48aff6ab816c7f473c4542c5faedba8fe3d8cfbcfbade3b76ed95af30aca0

SHA512
95b561daa48e341945162c2e25a76a1221650907914babd77206e00183a40f873a12aa55afcd840db68895ded938e21d3e1511f0f137fa3f7ac3fcea225f8f41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
74bae90bdd1b844edc7c503de8af1d93

SHA1
9e746453da7c485f5602114d4a97e15fda49eb09

SHA256
601cfda8c4d126b10e14b9efef42d6cddd1318146c5fea8a7421e75ebde3507c

SHA512
cb2dd6969efc773dc609515eca46dd64112e1ec52246165af5ea80d2ec5857d910a1657190810115cc57440dd5eb5e4e4a6bedf45057175464bf1095fc08c65b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
010a0b3559711699e42811b031c8bd59

SHA1
400fef43a80cd6471f7bb11466e1f2234fff0ab1

SHA256
823b3575519bdabafa9461f49fa49c505944c0e8fd4d3c14512ec3b80ce0f252

SHA512
2bbf622596e4dede8500ea12731a84efccdd211c72f4e7261a4e2bf68c923724a3d6f84a3472fee8d8d2a681fd17dd8a7e3aa5e4e7dfe394917e59df0fd26c71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
16fc7c4af8b53c9466a8860b4b6192c9

SHA1
a773dffba37eec93efa979ab4f192d2b96bc1c21

SHA256
1c6f43cca9b83345e234d56bf28b31d3d07bc43403f89bba0779bee218ae8d79

SHA512
b87307357960c3d2a9708781916ad712d4a5294c0e744935715517a4a01c5e7a895b108e65998a19166f3e301de2ba34dce4717d31c937d8a35fdb603803d1b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
bdb5cd544f6ba88206a1249e7789febe

SHA1
2d4bd8013b07a16023479ed8582321af9ef7687a

SHA256
cad6d5b0918b821462f52df5ae89cab2fe5701e9684231e54709905e072a9345

SHA512
2a4fa79d0932374c4d4cfab58043128a5590809151845694add41e9b0affb966612f9f9495a45122d6437be1777ed890d4d98ddd5fbce07f8b8e6d3c2464c6e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7147edd3b878b12281eb59edd954c373

SHA1
14a777b7554635c8e83ae04610c7979b803a5595

SHA256
ff9e6933b95bada4f621d96f632ffa61dedd0f6ec365a99c9edb4f1422d5f46e

SHA512
67f200dd9721078ca2f804cff2cdd0b54fc48173685f183c85091d16bbe72f034581d3173db09f2990157aa021fc4fb457f83d4b4109fcb8dd5bc4dfafbd5cf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f93daf9de2a7e1104a4a8c546c476a3d

SHA1
4b40f3298876a662c78d2c365f2a9a5c4e5dd1a0

SHA256
cdffd4475eaa51605029778ca23308d8e1a5b066a264635c9b5b2553810d87e7

SHA512
bcf3850bd631cf7ac6e58d8e2c551e3e2d1f678f2321d558e131ba5b7cb4c52dd8eaeac00dfaba1dfb114381e75414071cc8271af31fe891905c6a0c35771c81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f1cd08a524a4aca6e71e70b18a9236c8

SHA1
53c12048b0666983441c8d50fc855d54cb3f6060

SHA256
e23356745010b2c98e45db38c14813c2032070ab3095d5dbc4c1c9ab75f6465a

SHA512
e9dd2dc1f38910f7072bcec5e6e7c3a0b0309580f9d256248c08456ca2d02ad985b3e6cd71849611bfdb4a258df7078344d7e562a302cc647c50f750c1285a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
87670637ec84b849aaa14d807d01a9e0

SHA1
d1e1d5bcbe20b4746f129857dd345634edd1c4a3

SHA256
03622bb90989c2062f30322f272a360aecfe561e9e8865f822df61b3ad01a73c

SHA512
c0888e97ab787ef490d3e4e4376fba4f24c762b64005ce94ba927f272c018069ea5679910b738b34ecb53edc4c5a287c52af68e92890c42a7b2142ff18ff8ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b87fd2d682a49630c949422488a45f6f

SHA1
24c9072b125cf4575e1f3ea9650ff85a511f650e

SHA256
870e3be29cb6c11f83312a666081500b58af2eb4cea8df652bbaade3d9de159e

SHA512
9ed161fddff59e4201a45caea99d2f9ad616de7271cf0e671561e869b988c167b6befb8213688d381d0b234e5e0e7ce6429e54726c6723a12dd3c525a3fed8b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
f653f6daf62e4e8edafb3d689c0be096

SHA1
792c3207d407c77116969c3becca61e31c851454

SHA256
357965d21faf46d3d984b07699f348eaed1a2cb1272fc8898f86d6c0bfe257c8

SHA512
5cec2a2d792b49d94382d15c1e8cf6b9df729e00eac5d6d1b8b7ffaf7417b217f81a46d9b576e9cef710769545d9e093e49e205d5640712fb02d271833e10989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\46ae6a8a-cdbb-49de-aa7a-bc9c5a62aa78\index-dir\the-real-index

Filesize
624B

MD5
2f1b5902e21b2f0a7f6564c4561602c8

SHA1
fc9612e6966c1ee01741ab03bffc47dfb67b5c98

SHA256
113a5c20e4e5f81282dcd433f836ecc3e0b1bc2c44b4009ca682eed67914cc0a

SHA512
c10e87d1d165096acc0bbb5927929b799b9775b75702b90f6288c187862a49d993a07b60c1d4d8f1225466201633cd5a7184c2dc55a499f77fdaa24adb7df300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\46ae6a8a-cdbb-49de-aa7a-bc9c5a62aa78\index-dir\the-real-index~RFe572896.TMP

Filesize
48B

MD5
22fc19cd3927183989ef029acc708ce8

SHA1
83c6008584c6d52ed684582a32667aae10eda403

SHA256
76afd1ec939bace861fc596b00e3caa9487368fa3da7242b992b13889891c5bb

SHA512
dce2be9a0ef8adf350a8bcce7fad0652976ccb2a3ffbf87f45ad6f2388474c267e5f7fcc503a88221ea05040ee9bd8c6d4a0ece7798bc3aac6cea627b3ccbef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5d13f1d3-617b-435c-9455-c9d613d0c8bd\index-dir\the-real-index

Filesize
1KB

MD5
da8d60059f444342d13fd2a743548296

SHA1
1e0fc85147b53b8bec664636177ae3434f6bd1c8

SHA256
d285e1bf86f2cc9e100989c48ea09fb455bb49289596d5aa6bc858ed4d3b5aa0

SHA512
801c00cb2eac89862acac0d2c617bc79a214d4b0e1edb644d404897974124d71111dcffc91a3155a29bb8700bb68a8377bace7bb9e375c02091c0c99f2254afd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5d13f1d3-617b-435c-9455-c9d613d0c8bd\index-dir\the-real-index

Filesize
2KB

MD5
de86b4fd6d8edc95fb0268b299ca7245

SHA1
81a4033e8f7ff47101e00b61b759ec80219d992e

SHA256
e1bc8f9e0b5096e74748e59b2ebfe49d9f8ef409632e53e99822d36cbe9c8780

SHA512
2cb956970c0d8860b6fafbce1ca84be13aad51034f81f4cd21d6d483b1dff74ad39bc13033f06e4d873690a4a318baf0edfaef9e0c27396b6a8cff86ad0b834b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5d13f1d3-617b-435c-9455-c9d613d0c8bd\index-dir\the-real-index~RFe57229b.TMP

Filesize
48B

MD5
b12068f3eb50ebba86fc178062b10ab2

SHA1
836244057616de47f3f270dfffaf942d46bab840

SHA256
d7896e3c9a3ef71b7921142218a514c921b3d645213b43b9552f224a326a0b75

SHA512
d4133c221a1595c5f1d48da3079cc504a7fc7d2a1774e80460299e04e89ebd2b8ad701cba3587523996eacb94cac26085f165692ee6c2efedf31fd79b1dcbce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
955b2f08243976f1360870a045ecde1a

SHA1
7568771e53633f943fa8f6eefa6a31693573c63f

SHA256
c9ecd5d99d88b5a345687b2d44f9870fa1ca1097ac824d2d7ca772093294d680

SHA512
ac1a513b061a508006d2a1e0544cf63df2717ace0392567cd8262b8a9e1d10e3ea671150c1a49aa3ec9fa650d68a590fbfce59f9a6ddbcabd872b2601a226ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
1719fe09b90a388ba8b0ff2dde901470

SHA1
bad46fe4153f7b5f12f4d8c633faa2975e154b55

SHA256
b867dc032f5e2176e759381ae5780766dfad57811e019076bf174e7f63aeeded

SHA512
1cc1a419908d9dfa2fedf1e46d26d7e0b056665f861be4d8ca43b91039632a28de07e496dfc353e5171173fd9e778722b4b081ca3d5b2d2c55cc74a7d9b721ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
186B

MD5
7aef15508fd7ad6f627d0dee35e9eab8

SHA1
34cbed4cd307fad69801c79d495a209ef6dddc54

SHA256
39f5971eccc10632bff3f9c226f2c727e561bd494353f3decf6ed6b8e70f46b2

SHA512
c756af2d65b0860b4ee6b882d692ce424d4ddc9bf50fa15dc06bc46e39e6833f8299191364affce8a1c48f5b8303d168120aa1eca3aef8e56db2dfe72e3efd74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
c37e29541bd515d971f774aa047f9ab7

SHA1
82ead22f9a0c8289862169ba88ec988a04d2a9c8

SHA256
beac5254b4b05cc5c3414a8b83556c1e57e33d447e0c9365b9374d7b03fbac8a

SHA512
3318759de75214a76c1eb015a08eee40f46d90dbbbcda4ec8572207eb3e0d405e52e74ab3ffc75c565ee3e82992030e0ae3309a78fed98d340b778bc2a9a5bd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56c643.TMP

Filesize
119B

MD5
f74abc377f2e5156693af0c97fdb3328

SHA1
ceebace12301c4f7cf6af510bc63d732ac252c8f

SHA256
6431b55800cbf7d0334eca85f35d0a891d3192e48ff3fede282bfe6fde3f584c

SHA512
40fbbfb37d32d2ebec171075b2aef5e95d8e3a18224dc8b891b283ac8c26d8cecb55e68b5bb8ce04d149296a348b96f46a2e056df679ac406bb0b0d31dc24aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6aa66214e3f2f1698559ba2558b790fc

SHA1
73a55383a3b07a8104f355a07f3cc5ff20a17eb0

SHA256
ecf0a8722eb98f3b0278449f4048289a576adb244cd220c04fd4e77ee09d9e68

SHA512
6f995ec6764cdb062006a2b719c447e3f43bea03ad3883f36dc4e46be7ad7b63a66656591c6ce3c7f6b16654813b6496ee78680a8f3c8f7aadef2f02a797695e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe571d1d.TMP

Filesize
48B

MD5
9eacb0abf38979bde97fb9ddceb6cbe7

SHA1
dceef794cdad6fc18423dcd872e0461ff1b38efb

SHA256
5772dafa395774e8eeb90610b24f7e6a770174d8e1315ef335a8ed61a997a117

SHA512
bfb6adebbe8cbb03bdc227157f956818fda217ce88dffe870f96a258dda33e27c746684d2b5c9e9262360691187f68b68b7c4bed957697dd3d5011c532f7cdf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4444_444273746\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
28a182136d5a5024ad1d310f41fdba52

SHA1
71cf89128405a17101cae840c37557965ed95505

SHA256
1cd67bf3b7996f7f9c0806eb971d8ee0c9cbca82ada169ccb343f87d721df8e3

SHA512
7d51369d91408aa2bb985279c93b6de0ebcd9556f6f021f3ebecf7144f4a7594ce633b3cbf272b64d5b3070b101385a3180288da881aebe994fc9c64f15c7815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
06383d476ca0ed0c829c0bbfb8ad1ad2

SHA1
3e4ffb250b44d6de00f308427c6c35c928d532db

SHA256
fb1a3dd1c978c716c9164cb97278bb340a236d43f3617dcafe953fc8ea32c7aa

SHA512
a5fa6ddb48eb9aa529b74e70ecfa8d30cea34c8355f40e37ca4f5f144afa779784af9f8d3b6de80748906441de00e7e6161a9a3952fbed2da29cee9f562fe419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
2b3bd0b599f5e50afe0f7a0fa254079e

SHA1
5872cee59bdda1f62e606014bfcb8075b16edc4a

SHA256
24e61a518093037b9ded8430791bbeddcae54061737e5d999b45f00e893f8470

SHA512
8f7e7df884702d91135b83f7acbf20aed8d670acdb5c1f1f5a988c81c8f8eddd2b5d2d3195ec4acaaa71991f87b834d4224c2aa25ea521e09823f27e186858fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
fcc7190a08eb5b3ff905f667ad9b5409

SHA1
83e6db800842e1becfd97ef9f1163079025c1e4b

SHA256
247305ba779e72fcae0695f042cee270ac9f3c2405f60620511ccca00ee6954f

SHA512
f68cb68e135e071c163d52bf7a5e370d17a6b4f0f59469494b3ba0a807ba2cd56ddc15f9cb7961312d8114f45e2e2bb41799e63bd3c71abd7fc23cd89342da49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe575544.TMP

Filesize
92KB

MD5
a0b267a4d44e787ce5da484e7c4feb5d

SHA1
3133ca5d386bb48e625de24efa9f75ee8f1b9491

SHA256
a74520cf9137b39e4a546a3a8d858dd0de65feb111124074d5f1e58d43eab828

SHA512
9bd76f583de5560b6cbadca2a90f1d04b74b3caa458a15f0e72495639454f2d3b598eac553da6ac304670d9bdd791d16de572dc98d4099666053d38c49e7808f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
2d3aeaad499e9e110dd66a89d5e4de0c

SHA1
9035ee09c574d8f1ec4e881a1d2b46a8209fd4da

SHA256
44a8b652670bfb82fc586a5c99e6b3a19efd795bcff7334cb65416c3dda017c8

SHA512
0591c2d7464422badcc30e9aea14c10eeab21969acd1cdd9f51d78e30eca91c61e6ecd1c190c5607dfbe7348c9943c6d0c517b6e2cab4aee324bf38c22675b8c

Download Submit