283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a

Resubmissions

01-06-2023 12:39

230601-pvz4rsef6y 6

01-06-2023 12:33

230601-prappsec28 1

Analysis

max time kernel
1539s
max time network
1577s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2023 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WannaCrypt0r.zip
Size

3.3MB
MD5

e58fdd8b0ce47bcb8ffd89f4499d186d
SHA1

b7e2334ac6e1ad75e3744661bb590a2d1da98b03
SHA256

283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a
SHA512

95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c
SSDEEP

49152:0x8KJHkctwJdVlgBq+q1vqtWdhQIajy4AsOLgVv+L3QXz+B7m1qyapDgJmeiTLW:0x8KJX+dVHvtzaj3xWgw79icXW

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1300	4056	WerFault.exe	89

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133300968740159013"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
1324	chrome.exe
1324	chrome.exe
5188	chrome.exe
5188	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe

Suspicious use of AdjustPrivilegeToken 44 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe
Token: SeShutdownPrivilege	5188	chrome.exe
Token: SeCreatePagefilePrivilege	5188	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
1128	msedge.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe
5188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 3944	1128	msedge.exe	95
PID 1128 wrote to memory of 3944	1128	msedge.exe	95
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4848	1128	msedge.exe	96
PID 1128 wrote to memory of 4308	1128	msedge.exe	97
PID 1128 wrote to memory of 4308	1128	msedge.exe	97
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98
PID 1128 wrote to memory of 4956	1128	msedge.exe	98

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\WannaCrypt0r.zip
1⤵
PID:2184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9564380ch6063h469eh9320h4e7c3adc4ca6
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc26b246f8,0x7ffc26b24708,0x7ffc26b24718
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5544355752733930526,8165898771821461842,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5544355752733930526,8165898771821461842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,5544355752733930526,8165898771821461842,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:4956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4292

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc28139758,0x7ffc28139768,0x7ffc28139778
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1832 --field-trial-handle=1844,i,14087937608615018489,9766993230062309112,131072 /prefetch:2
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1844,i,14087937608615018489,9766993230062309112,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 --field-trial-handle=1844,i,14087937608615018489,9766993230062309112,131072 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3252 --field-trial-handle=1844,i,14087937608615018489,9766993230062309112,131072 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3392 --field-trial-handle=1844,i,14087937608615018489,9766993230062309112,131072 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=1844,i,14087937608615018489,9766993230062309112,131072 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1844,i,14087937608615018489,9766993230062309112,131072 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1844,i,14087937608615018489,9766993230062309112,131072 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1844,i,14087937608615018489,9766993230062309112,131072 /prefetch:8
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1844,i,14087937608615018489,9766993230062309112,131072 /prefetch:8
  2⤵
  PID:5604

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc28139758,0x7ffc28139768,0x7ffc28139778
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1888,i,9385787567187601301,7368343957255611954,131072 /prefetch:2
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1888,i,9385787567187601301,7368343957255611954,131072 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1888,i,9385787567187601301,7368343957255611954,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1888,i,9385787567187601301,7368343957255611954,131072 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1888,i,9385787567187601301,7368343957255611954,131072 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1.25 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4576 --field-trial-handle=1888,i,9385787567187601301,7368343957255611954,131072 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1888,i,9385787567187601301,7368343957255611954,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1888,i,9385787567187601301,7368343957255611954,131072 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1888,i,9385787567187601301,7368343957255611954,131072 /prefetch:8
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1888,i,9385787567187601301,7368343957255611954,131072 /prefetch:8
  2⤵
  PID:4768

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3160

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 420 -p 4056 -ip 4056
1⤵
PID:5156

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4056 -s 5108
1⤵
- Program crash
PID:1300

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6d84e5126bc31247d5a3cb27eb467729

SHA1
e80db2073c0f2878d8ef734d5cee0454cd5ae2fe

SHA256
433e23a2c448fa9828a8cd1e25174fdeab8bbd53dda36bc7847e2959aa948bfd

SHA512
4a053fe5432f476aef9229a1fe084bd7caff8110d988759458010b67f54f4ba885fe2498a5316eb4aeedff81667e3c4e19250a6a5e842d0032a91614789f6858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
23e6005a5268b65e04e265f2be025578

SHA1
f833db7dfeefaf8f6f25915e827892c92d19b686

SHA256
3f80ae69aef897fa47ff71ad1d577d0701e2df8864660664f0e38542e843e2d0

SHA512
509ef0e05e21b1d12cb1bb1fd5f6bcbe1a093f1008d177c3d585e54395a01a6b5eb94f41b4d853f0547b94015cad524566974225e242ef11b47ef41ccff05d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
8eae42d2a1bf33031fe4cdd834781739

SHA1
6621804e8b45219e82c333489c064fe9a522d2d4

SHA256
762c8926c41241a632e79335ec35f2934d561adf26d14b2cb2c1251e22756868

SHA512
a28ecf27e163427334346783c5e900f79f9d1c495e322fbca723b316bcd05d4f12b5196daa04ac059f95713c289ce3383842becc3e90e377e5707ad2a75d725b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
6fc3cad8ec78e3489f14b34870cbc3c1

SHA1
91ec814ae1c3bed47accf808ecfc25bb41ce2c46

SHA256
009d2b74d3141465e65421e8d7fe065e4052dcf3c25fa579f845bf6b0dbfd618

SHA512
850ecc00fbed8c73c0e65abd2178bf52bf316f86d49e3a6ce38c8c9cd41a4ad1d3959546716b40a82070481d9a9298920cb72d0326fb505573829652bc9afa78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
7bc9dafbd6a6f76ac265d2c3df227c62

SHA1
78f7ecfba2517033a162f1a4d82d6ffe27394431

SHA256
e609d7e55fbed9f64d5415215d0497cffcab660412f778120d9f031837cd9595

SHA512
c97420c76d5a0046dddeebeda0c3d7ff8c6039ef4a1dad1b50884147d84cf1087bda8b7dfb32d036a1337543f39f4a75f4771c8d2dd457536c9a184bbb8351bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
48KB

MD5
bbbd271f3e5e0d894a4655c388b59796

SHA1
8a1882d0416738405a3984134e81011406ae0fcd

SHA256
86946bd58f593945696d6cea89f921f151048fdc1104d97d748a3a4812afc4e6

SHA512
a901488c4b0eb9362b2b03ed6ee7ee78233954aaa92665e8474aff72d1315546c4edbace156530a4224873be5527113936803242b90c6eb0b37a369c407a11e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
5b0c0d429185ff30e04c93f67116d98f

SHA1
8eb3286fe16a5bee5a0164b131bc534fd131f250

SHA256
f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d

SHA512
6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
d33da11d43598eaf76d309fa9a0b2d83

SHA1
5461e6338d71ed75178eb2118f74ed2082dcc6e5

SHA256
a567aaa7b137904b281768c0b77b6811c005088868d1fd8775d3ea80e76be9c2

SHA512
3498e992081fe0a9837386a553e0304bd3f51b2689c721b36222feb908dcfb8c99b8b5809c26841b1da0028fc4bd7f2fb94e4ad4dcbc65160feaf70ac2c1fa2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
330B

MD5
2d7d8767f63ce9016175cd238d061a7d

SHA1
4f38fcc3714d4bdeed28b8941dee7fa071997a0a

SHA256
d15f28de935019f30be3f32cbb5f7ecf43a5b7cc4acc9aeeb517b72aa97d11db

SHA512
fb4fb04861c4d908c76fefdbb257fdbe584539048aa6b6b02cae8f57385ccdf8bbf76aa825c262d7ac0d34757ead121da1edc55182606027ff9d6db55f402c8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
d0a59ea5cfd201a90a30c5ac1c84255a

SHA1
1d5476fc76ebda7ca306936b92603e8df355563f

SHA256
978aded6c160890812abee0d64e618e253a9c973ffb73f1ebd438d60d62592c5

SHA512
dba7b2dd65bf38167303fcb5681880fa152611b097a1b2c3325f729083b7c6a5d4ca7a50000fae3415e299030f91d6fccd47d6d8e07936beefe1b5d7a1c72d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1013B

MD5
81298136bef38537b21b0f8f91b0620a

SHA1
4a4824c3633a74cf6471b83f6d9a288466db44cd

SHA256
cee8c114d716922ae586d3e995fc109f1ff1db6dceef9815b5c019179804ece7

SHA512
acb483b2b09322ff49585a45b3d85d1d5f6057b49c8ba3208036e03ff627b1ee8a0ca80a688722b5da7f8a98c56753421545bba1e9b43901cfe4ede259052a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1013B

MD5
81298136bef38537b21b0f8f91b0620a

SHA1
4a4824c3633a74cf6471b83f6d9a288466db44cd

SHA256
cee8c114d716922ae586d3e995fc109f1ff1db6dceef9815b5c019179804ece7

SHA512
acb483b2b09322ff49585a45b3d85d1d5f6057b49c8ba3208036e03ff627b1ee8a0ca80a688722b5da7f8a98c56753421545bba1e9b43901cfe4ede259052a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1013B

MD5
d70f711c0a6c8b5cd6ce6c71bebdf533

SHA1
025c9777e41ded01bf3dee4935b74e0f687deca1

SHA256
7662378926851efb13e9ab18419c8800e46479be5c0044975b031a947ea7ef17

SHA512
2eefb6e7b02ad3fb8402de460a3a176232c8184d7e71db729675fa0a85fa243b73ae78310fb682ecaf125cd457211e7c1dd7653271b371b34b7caf3c5680d343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
34dfc78801d2868804907fed088a204c

SHA1
0f46f73e1b5cabfe3cb755ab7f8d2172468704c7

SHA256
60e8f8b42c535b8a2d16d43ef735d4dcb121e477a31cb18db40891d7b1434645

SHA512
d34683989da34e808c67368e0c098f76e560b8b0472653aed1a6ea9dc53107c9f58a4c3a88493abdb3d7be40a4c810e5a5294f76d1fe5061c24b24515f887ecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
7ed5a3fa7dd5515c0035c4ef528d6885

SHA1
1789af99869cacfdf8c7f08978decc0558d34031

SHA256
e9a4de92ca11ad2844cd7b560d930decdf48fa9dd5b63da7ee777cbeaaae8605

SHA512
aba0242a00e831035106c1d4135f82bb8d50908630e3fa6b9c522d0d74f53db9a6ef9f4701ee680015cda6e336321ae091aa217b5d3cebcda16c4691314b0f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
7ed5a3fa7dd5515c0035c4ef528d6885

SHA1
1789af99869cacfdf8c7f08978decc0558d34031

SHA256
e9a4de92ca11ad2844cd7b560d930decdf48fa9dd5b63da7ee777cbeaaae8605

SHA512
aba0242a00e831035106c1d4135f82bb8d50908630e3fa6b9c522d0d74f53db9a6ef9f4701ee680015cda6e336321ae091aa217b5d3cebcda16c4691314b0f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e55a6888-ddb5-4b71-b756-10fd77e8a3ee.tmp

Filesize
371B

MD5
34268fbbad916eda258685cf5fa8ea90

SHA1
85fdd6f4ff3de067a18739a2130582c6da190e92

SHA256
5ba1d3ed1b3278488027b635a4cfff319d3a48c9b9ac662643dba9b90f668d95

SHA512
0fc4f0f83307bd012adbec2dda328c7d0e85af5276fb434878640ca4c432f56954a1fccfbe1d0ecd0d218b2d1a543294038ecead2e894a463c68114bfcf0ff8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6bc46392e9323d5b9b8cd3942c10091b

SHA1
862ee3ed743cf4488a7e91a9dbca6ca58a1d00c6

SHA256
67758865e9f721ae70abcf4015c05078899959d2378e033375f2f2c64f72b1dc

SHA512
e3710adcfe99e23745705f0c97beeb070e66df3edcf92a87c9cdb1af4a6d6e202b162f753db45dd29b0935eda181d346bafffae55ca0970509916611500d9afc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9b1800b1cf3b19964ff85d6c07b9d48a

SHA1
8e987219d381e9259a9d9826aed9dbbb58e848c7

SHA256
055de1b0bac043d9ef23a4a800fbf681e240b919e609fcbd3dcee3ac285ab3e6

SHA512
79bbf59d506619c0bb3990aa988b76585a656fd29a6a53741c2a35d7a6cb298b3861128c340bf1e24aac2bda33e21be164654e8da8fdcf701a2ec9bb8759bf60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
edb8315d41050b46cf0b56ad043a525c

SHA1
88540c29044d18ebda2b894b00262f4a89d361a6

SHA256
c29047dc2fda21cc95978c257342b61d369b0b6ff64d0e000b2568545d9e75e4

SHA512
6219bef43806342cee4451fba2a0552d6b98b222693f53005a8e28d758739e1fb6dd0f1eb1e864ae639f22acbe8625da4d62ad1a34eb6f62bc6a6376c42991f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
edb8315d41050b46cf0b56ad043a525c

SHA1
88540c29044d18ebda2b894b00262f4a89d361a6

SHA256
c29047dc2fda21cc95978c257342b61d369b0b6ff64d0e000b2568545d9e75e4

SHA512
6219bef43806342cee4451fba2a0552d6b98b222693f53005a8e28d758739e1fb6dd0f1eb1e864ae639f22acbe8625da4d62ad1a34eb6f62bc6a6376c42991f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
0998bd56297ae5a5cc4242070332bfa5

SHA1
82b30ce8743a0f421cc1fdf06c76d9ed34be86a6

SHA256
a1f3c4e4c7ddc69984a7d923b9ba16fca0581d603b3fd64f1de87e3ecb96b68d

SHA512
b7f68bfa30f9c68aebcab37fbc66176eaa6d42478ada562172fd4c63619505eb687e8393bd057b66a067c3892121ec1ca3ab611293cbeae73ce8982f51df81e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13330096871409350

Filesize
4KB

MD5
94d152d8124d12bf79e952f3573baa96

SHA1
664b862214ecc830176ec4c45781a304a2b750cc

SHA256
74ea7e47da057d6d51aedc274319f35ba9fe468941f2999ad2d523d4acc76e03

SHA512
c679faa2ffcd516edc8b9cce74da9a6111a4c8148d198950deee547eb7c9e3e2ce629da562db6402b203ac108dc1c4fc200a9f5753197091ea8608d214e12831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
9629a069152764f2398859de26b84cbc

SHA1
f9f13014370bd89c363fb9c1b92108991f6b16b6

SHA256
36b9893e92eafd47cd52f714c46a9d8b8c4e8860abf0b196636d5f4972ed377f

SHA512
697ce09d0ff57f23cd1f666aa8d444bbe7720d54cb8c11c2b53a645aefddc34a3ff0bd3a401f4f6801a451ef7ece7a9f1edffba4787e5fdbadf8cc812697cbd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
ddda18675c6357e0471ef46a8456f583

SHA1
2980063ea3e9224138423b8043fc9ef630e8fbee

SHA256
85e5cdb363d861f8578287197506b48e964dbd02ffab66481d99372932af1e50

SHA512
e7ebf94c73033d3bf3898b56823fb71d1217b367d1bf4d74967206f92f87ffffcc880aacec460f04c73294d6d574b617a7b51851a3442a733626fdca57acc89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
bc12b7a23f9941997232492b713f805f

SHA1
d2123adb1eb60382dfc7f00d81e22f4031209799

SHA256
8ffa71eeff1a2c8b34b35dff49084c75b53dc7cea79b8a3e053779a823c8bda2

SHA512
5ee0c40705cb958dd801408f889d3e8488844f36a6fae89b4d2fff9a553f8b50f14673221e20c95a498260846ade041b253f0a893d7417f140a5c4b3da146c17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bc591b7c-0cb7-493d-9eeb-82fe26f53120.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
751B

MD5
ff8e7c78e9a5b9638a73b8567edc6ce2

SHA1
4e1a373a89820403e06d24688ab86825b43157af

SHA256
0310ace08a1f23fa32072415423f0d24059528622e4e73a94409a299c688229e

SHA512
dc4e0dbc826933c3a6144789954966886ff5cab6caf25c08d104faa7da98d41f74fafce2565487cbfac759b07813af5873b0b2ceee7c2e8c24bea0735c9e8da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
7d89d12432ee778f546ed4fc0736e78a

SHA1
ac37a973bee85dcdc1431231a137f3d023f90ba0

SHA256
f5411293ab005574b4abd83f62f404fa7b55c2b45de85b4932f3362c3c803c6b

SHA512
c1d751f78829d16583f67b510feac0522c7c5c0e1db6627ea5833b3c92f2d72bc577012375ed4ea6f61bb0a16343b528a347d1aa61eb237b516c6069a8c3b223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
884B

MD5
cd72096321e07a136625a3c4e50e8621

SHA1
b9b435415e180131fd34205d92afdb7729b1f939

SHA256
e7bf1ea157257c43ffc89f41e3491bf9a295dfc22d9e8d8c482399cd887bb93c

SHA512
0b3d298e47649bd4e6ad999d397fd9b4828d07760a7987815d002101e37393370fe53a1393a6405660ff1df1c7d68e1060d9f633e7a01733912f2ff6bd05d28e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
b71796c9995fe76a83e1150e355792a3

SHA1
0b5df46bc09035ed16bd4b48931679aec9202467

SHA256
46994d5e085b28f94641115aedfdfc142344bd1ba5d00525af746681b9c552ba

SHA512
8e9453fcfe197b9e3e6f5c720c92ae213ee660895098410564c6a332d30ceb842f29448c82c303776b30f8e5a62c658a4241e2f6716ff700c74aa6470f605daa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
ee19aca89b75fc2bf37cf2e44db79fcc

SHA1
c6727838c4c68a152e3c791110adbf3b12e7524f

SHA256
bb9f0acd0205679d2d1268ac38965b779843c26da28527b08a34ea4e053e9f27

SHA512
94f806b3d8c11c394f0df188e35486fcd3d2dd1b74f19596fcb367a69001184c56412ee5cf099b8646e135ea3c4d45471d6792586d1176c5f318b979b015c51b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
ee19aca89b75fc2bf37cf2e44db79fcc

SHA1
c6727838c4c68a152e3c791110adbf3b12e7524f

SHA256
bb9f0acd0205679d2d1268ac38965b779843c26da28527b08a34ea4e053e9f27

SHA512
94f806b3d8c11c394f0df188e35486fcd3d2dd1b74f19596fcb367a69001184c56412ee5cf099b8646e135ea3c4d45471d6792586d1176c5f318b979b015c51b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
6987c50ddbd38a7a746068b440296405

SHA1
c42e7bf4c87f96ed1f59596ec1248a06310a4b28

SHA256
872b2da0a1d97b5cab72f6226d1208d255926213fe47399d95cf0f758be168e1

SHA512
1c37fbd3ab230546123fa7012824bd528e4904dad093d3158532c0852015172b152b55ba28e9dc751de20d4c2b8136430e63f99e53cc46657f75c6c624e394bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
e0b94dd525d2f093c4dcee0621baf931

SHA1
ac5b5f66d8b58f2f0eaa50b0c82e897687f27e38

SHA256
44121ef2f5c2e98ade807c0aed420a07366fb1f434895e267c1ca0443f43f61c

SHA512
171d4fb70581b9ce12cddde59261fc4bcffa4ab2b05e6d04d7cf7b044b2dc08662f584bd039748df1cc9205818802132d0161976881a934f67ff2ea62be7f53b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ead94440-b018-4c1a-8227-b5bc24f29c48.tmp

Filesize
89KB

MD5
f4210a0ebfb1d8a8f55d0150cd533591

SHA1
187874f4ed07071d24154b7785a9f77196552081

SHA256
b00b3f083a26d0d7e602ee28fcd9c0fae4fa9fda3285d466d4989d23e3824f16

SHA512
9389f21baafd50f0dfe5accb3af14c2e31d6fe160ba4246328d0b84a29cb37b45d4ed31323caa195e60f5a3d0ae8e20e20ba49984e0f673c9c337ba005c9df60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
3a97115d2fba7a7e09f9db7785b53f73

SHA1
f29efad5413c7911c955c82af1b9643b82d2451e

SHA256
71f55f425bd5a863975f4b24be787f05f55e5965432cbb1f707ebef8b08bd782

SHA512
e4b1c5039add730f7e24c9ad7627ae889b3bc5135afb3a57d7515ce62f10feea9eb022bf489142d3c55d0e79b4ed680ddd72e58fbc7eed3a98d77f03027d481c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
3KB

MD5
6523785761fb84bc68a9ecc1029a0637

SHA1
3e86cd17cfbbe88663b420b65ff153f26fc26486

SHA256
745c663b186ed81c6f579517e0c3afb0151a695753f39f985bebb9d1bb3b0c5d

SHA512
2f46f0ebab6979963a3d8b5121a5438be7f4a06ac921072e8120fabd7ef7d981e519fb5afb95ec729f92cabc4b7fb43c8698ed688092c20a29b99a6d915290d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
6f8a698de719823487f95d171329e739

SHA1
4d73ce74a009420323c6769050d6b366173dad02

SHA256
2ec4e5bccae6f2ae39347022e2f8d9041c5f8f17dc44a08e0e58715b22fd7783

SHA512
faaefbb9ff458fcde6d31897bc41d7938ebe33db3759075a1c904f67efbb36d8b8d756ba7c9bc83486a6236646ae4ba807c08e059db222d8de1ced1bafb318ce

Download Submit