b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Analysis

max time kernel
96s
max time network
134s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
07-06-2023 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

open.gif
Size

43B
MD5

325472601571f31e1bf00674c368d335
SHA1

2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
SHA512

717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 27 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{06619AF1-0518-11EE-9F91-E6255E64A624} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1100	chrome.exe
1100	chrome.exe
2096	chrome.exe
2096	chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	1100	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe
1100	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2116	iexplore.exe
2116	iexplore.exe
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE
2116	iexplore.exe
2204	IEXPLORE.EXE
2204	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 1992	1100	chrome.exe	27
PID 1100 wrote to memory of 1992	1100	chrome.exe	27
PID 1100 wrote to memory of 1992	1100	chrome.exe	27
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1316	1100	chrome.exe	29
PID 1100 wrote to memory of 1368	1100	chrome.exe	30
PID 1100 wrote to memory of 1368	1100	chrome.exe	30
PID 1100 wrote to memory of 1368	1100	chrome.exe	30
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31
PID 1100 wrote to memory of 968	1100	chrome.exe	31

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\open.gif
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefad99758,0x7fefad99768,0x7fefad99778
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 --field-trial-handle=1384,i,10308997171404538353,15351199417454877616,131072 /prefetch:2
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1384,i,10308997171404538353,15351199417454877616,131072 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1668 --field-trial-handle=1384,i,10308997171404538353,15351199417454877616,131072 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2204 --field-trial-handle=1384,i,10308997171404538353,15351199417454877616,131072 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2212 --field-trial-handle=1384,i,10308997171404538353,15351199417454877616,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3564 --field-trial-handle=1384,i,10308997171404538353,15351199417454877616,131072 /prefetch:2
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3660 --field-trial-handle=1384,i,10308997171404538353,15351199417454877616,131072 /prefetch:2
  2⤵
  PID:2328

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1004

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2116
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefad99758,0x7fefad99768,0x7fefad99778
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1380,i,12573187882800490246,16462761778222091911,131072 /prefetch:2
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1380,i,12573187882800490246,16462761778222091911,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1380,i,12573187882800490246,16462761778222091911,131072 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1380,i,12573187882800490246,16462761778222091911,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2304 --field-trial-handle=1380,i,12573187882800490246,16462761778222091911,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1484 --field-trial-handle=1380,i,12573187882800490246,16462761778222091911,131072 /prefetch:2
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3220 --field-trial-handle=1380,i,12573187882800490246,16462761778222091911,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4036 --field-trial-handle=1380,i,12573187882800490246,16462761778222091911,131072 /prefetch:8
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3920 --field-trial-handle=1380,i,12573187882800490246,16462761778222091911,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4156 --field-trial-handle=1380,i,12573187882800490246,16462761778222091911,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3912 --field-trial-handle=1380,i,12573187882800490246,16462761778222091911,131072 /prefetch:1
  2⤵
  PID:772

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1980

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
529648e1f0cc05df25cdcdf3e7d48075

SHA1
546feee9799fac2c83f1f6e6a18903ed3dba64c4

SHA256
af0bb2c6cab7a54ab6db66f7a54d6506565e0fbf471e1b563c02f066c38691e5

SHA512
72a655f985f5492cff8171a5863901752e32e0f710f18668677ff97daa922bf63ffd00e87c0684c0bbb86984b16fad2c2db792dea0baac700a9f87244b385064

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d6df569ffedb90c41dd57a16006f303d

SHA1
02494d17ad66c14de012d06594b9537fb45f2d37

SHA256
45c2fb9bd9c6409928729ebf592bc95bca81b3ad20ab690ef8bc707a1c10a996

SHA512
f1fa975f4913096c0948bc811c2f3cadeb1fb48ec9cee603c20d8addd6b1709bc5b3a31d49fc87813c8e227eb86ad25d3ef26a16b2aa2fccc3613d5659234641

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f5757fc08b6abaffa5112bf2c156424b

SHA1
8482828aeed5e4a5e2f476ad4e5bf2ea486cf340

SHA256
1acb2e01c24cb206bd42476d62627ebdb04cf713d1de97bac44a4139cfd6afe4

SHA512
1d30d329084f2cd44dd41b618597315db0af19e3fec6a83f8089edbc30f2bca0c0b8a6ff8a0836e4712598694d2d0a5191a6962a641d1bc046d8b4b2da6049d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e385be96aa6a744a7a1a7d2aec8d74db

SHA1
68d7b7db1f337f566ed47a8f5f481bce2e90df13

SHA256
bd0c6188c21353398de73d203ee82f0b7938c359b4e4f6322fa4b21313d47431

SHA512
a3f57b8e6e48b5bb5d969342ffc963f5c98b8b45a598656d3d88adbbf243170d7cd7296d5e37fb493036e07c89196435f409132465955e98fc13cc20487c5e35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\1df17d90-e0b8-4199-b1a6-c1c220e80b98.tmp

Filesize
90KB

MD5
278c2ea408d60efb81ab471a747c029d

SHA1
285dd680e82498dfe19432eac757171866052494

SHA256
fc44369986af0f5a25553f1934341930366fbbc934a8f853c02419fffe22c4e7

SHA512
11b48a7188875de2a54ab0a9d3e43a3a8ee590385bdc19a36d5f88612094b0e7538eea22c3a3e714ab134c87203d2f39f7e0945f1e5b85b32925c944957a43a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6df79a38-919a-4055-9899-7778c3de1a2a.tmp

Filesize
158KB

MD5
936cc9f7f481ada51a1fd62a20de9b85

SHA1
c21262490d4ebc4ed144a535ec8118fff300af03

SHA256
66cd7d7b415b1544dbd304308133b6b1b3639c84e0391d39622bd745582f15fb

SHA512
94a4590db759a2edbfa96b5e6be27074b79a860e7e3291f0fb9dd0b51af049ff49ba5d7ed76092fd848548e7b66fc7eba367566a336abb004b791a390dc2cfb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4e466fd85d75f2dbe028b3928e8d778f

SHA1
ec495673585b78f478cb124657160be66a6bad31

SHA256
0f540d79e6b6ba7c07aa6390d7f3e0f9a1484ed30e9ca5c092b954468fbeb3d6

SHA512
501c696ce4e26a74e7bb0ae863e068df41db65148d2ef6502a8427ccb8305dd68976713519bc4472cc023f792c1543c47be8bdd3dfbec9cfbd34fefa7f1ed964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4e466fd85d75f2dbe028b3928e8d778f

SHA1
ec495673585b78f478cb124657160be66a6bad31

SHA256
0f540d79e6b6ba7c07aa6390d7f3e0f9a1484ed30e9ca5c092b954468fbeb3d6

SHA512
501c696ce4e26a74e7bb0ae863e068df41db65148d2ef6502a8427ccb8305dd68976713519bc4472cc023f792c1543c47be8bdd3dfbec9cfbd34fefa7f1ed964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
eeb8c90aab39ec6f148b1feb783a8e14

SHA1
749e963d77a19b568e5daafe85ad4036ee74f253

SHA256
9fba91fd6721f964d63903fb1753ba10cb502023c429afffa172264d1d30f045

SHA512
c876f7a32ae91ff8c7aaa92af1ca01367087889cdd38c25835272360cdfcdc217986f8c45c4ab638c16798c28a0b89a4f71d1116013a8928843f819b30fecc45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
247B

MD5
d21401a04aa77d1e72dab118b2c03b9a

SHA1
6accecd085073bd5b51bbbad945e0f8c87d9c116

SHA256
9059f75f12c323f31b4811a8613315c3d60686178d78c77a4e53970ed87bf11b

SHA512
38991a2cea3eb6606cbb5b27eb4cd4fa4c4ab008ed51774553a40e11a79ac795b45509eb5760fb5c2433ad372159633b6d5a10299de4e945a21e8f016517e3ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000004

Filesize
50B

MD5
494e626a5079642efed0f0c7f38bd4ef

SHA1
0cbead74a33ad551eae3b25c213d3b080535589b

SHA256
9ce8bd68fe0b86c0bf2067d549e7b93bc1c24f12bdfd227aba521e9d7e704436

SHA512
659bc9699799757dec5b257d78949d378caf03001890f7ae24d28055cff7175d85f8ea14393048aab1c0ba460082f568e5f4bfacdb8921f006f98989293fe78d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
489242c9a91675bb36e7c4c1f0b3eb71

SHA1
5376d7da3f6cd5319ce44070d13f4ee26cb235c1

SHA256
dc91ac6909790e2626f96b8f68ea3a3ea2041cc99c93059a0161caa51cda9d02

SHA512
51a8509079f9b21b8ec19e53fe3d0a1cd6d58783e8a00d5f1f45fa316a0fb4996f0829e89e029a5c6b600c446ad4f0c7b573047fd3381b7c787d90ad716f4bbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal

Filesize
60KB

MD5
568c8491c9bfd359f067281d50245038

SHA1
edddd20c6a13a11eb785d699d567aadf3af9e21b

SHA256
11d96d6978f791ecf2001dbf87179346c2671393faf80f9cc3e2ed1034752df9

SHA512
817578ad55080d5316e675852ba02caa9959a50d770fcf178cc0c41894a3ee0034e8f582584cf39b6f406624619077950e643905d4298a9144638582b530071a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
1ff3ded0c36eec88fb66ac6d0568894a

SHA1
1cd8505b7e08aa352e55c42726f6a9a7850e6318

SHA256
9393c648d941fac426689ebd94763228785ed5a8f2e2d32941673c8b517eb9e1

SHA512
bdab982fcb9706a8a6cefb34318558814ec8687143be31c3cab44e711be198ebb98747ace1e2baa0e095b4a220b547e6655a5c1921e7923580efd9ee296a9ea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
629B

MD5
afc9f55911e6192698377f927ddbded7

SHA1
08507fa5911af9f53d714a5bacb1a6db0dbe53d1

SHA256
244fced98d731c7950e79d0b6a27307ef600c07958afe6019d87f8a28e2ddb24

SHA512
d05c8eced212cac1f6520353780882d1412ef5ea6f900ad07aac59916f35b34a4d556bcd4d975128248a4604d9757a26af009379adf8e95a3e7445285eded845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
19f1d6696744a434052e237b7119b496

SHA1
107d4a431d15b17d7d7bb73b2c0dd9249249904d

SHA256
4f1fedbf49abb44487850b9459e38b7cd65e5e9f1292dcbe2eb5e4420a1e0bf1

SHA512
f9837dfca41f0f365fdc702e60aef84f200a79b8a9b4691865ac62c09078436b8ef2bbfb7a0744d569cc7ea75984ea281f1e27bc46bade5ecccf515642b9e3d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
8f65a0a8503c58e7bd8dfe48452f427a

SHA1
21ad99c093052d47ef02f582f5fd28312aa64898

SHA256
38f9664350a1b38bf7b11d4091d022cb922d5c15706683ae2eba17de8f04a0cf

SHA512
e5d2273b04e9917eddbcb57834d678a8df764bcfffc18d02125196eaf9cb85413bfbd573107ece6c2f732af05ea9faa7bc4c38c17617588e8d323b19e1f23c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000005.ldb

Filesize
141B

MD5
38fc535a8f11d7e955ef58cc63158eff

SHA1
c45ad3ee106dbfb65dce7c09b53140f34454cd0e

SHA256
085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8

SHA512
26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000006.log

Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
249B

MD5
93f648112fca93fb8de717b23b6d4e2d

SHA1
4713fe2c6ec666e5f3eb089f2998620f331dfde3

SHA256
a94f3909bee3e2cf8e63b687f504e4c6072087d5dd2a3bab280378a088bbd7db

SHA512
e252fa138881ab4db10d1ba5d066ff4f9f93e90042ccca5ba7932dca1dfb596d33991215bdb35a76e1a72703285bcee665a407e9db4969c0c4979af42431ff4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000004

Filesize
90B

MD5
ac5ca65c3ca57b518ed4b2967d8bb535

SHA1
2a120e38f4d5b88eef5003739731e3244b9e104d

SHA256
736bbc68d3228bcee4e4acfb6719cf67aac09f05745a957123658b8740071790

SHA512
aabb0beaab621117d70e29804b611d5296ffa799bdcb85ce8165ee28e87eadad975382c46d2a4a3d1bfd7843a20c19a9bd8bdd47ab691a86677dd55a56a45cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13330604715926800

Filesize
1KB

MD5
8f64cebe1f73009be65e96c8446e3891

SHA1
8d7e8ac057be6791168ee318a1ddf64e770e09be

SHA256
cfa0ff197374cddd68148116ffbebdbe93bcb9c37e8c60682b717b204e346398

SHA512
ff76b3ea333500e1e291384eed91de9178d9b664b818712e13d4de85d7f7372158a077595989a2536d60d14859492b0cedada2973af6d83355b90e8ccbefa248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13330604745855800

Filesize
925B

MD5
2433a45c2fa4d13ade34f03cdcf124ea

SHA1
c89033df2ab7f750adf60ad996cb47cf2f4dc6f6

SHA256
1a91c673842c38ac7cc18aed1aa051b44ca5b50df620605f2a071f045af214da

SHA512
fa69807e4473363ff92a37eeb15e0e1b99a493f6fb28c439c66de0dcec0cae795475319d04e7136cac133482218f811286b445b24096eefa0042bbaa06ba2074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000005.ldb

Filesize
130B

MD5
0d30bb8b60f3c477b7f5bee76de87a5e

SHA1
754db054cc38503c0a7b261489b25208749dce50

SHA256
7d66803b525484d42d0699ed1a2370028b7aa21ce173ea3cb9331cb80d01b695

SHA512
fb43e45b6676ea12643127731a1d3fcd783c16b4b6aba0d31ea93af19020248d766ea877a7abfdfe484e70bd4c2ed8d66f44ac2c3da38885b3edbad41ef68c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
249B

MD5
1ae0c131a3ad78cd78f16e3755019f9d

SHA1
c2371537405336424263123995f303f5327dd328

SHA256
6a620aa97fc82091194c84817b56f47605bf065a4eef1c411cac8584063450e1

SHA512
1a246f8cd2b1bdd2776652d1c55dff5b963de98fa5fc72dbb91711ed7ba59971c3a74be9ec04ee649ea53639f7953c346f7696b8e5c1c020facfbdd746ee59eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000004

Filesize
107B

MD5
f3a604cc1687a04eaabc91b49ed90eac

SHA1
507d0c1334e11f23da43bb9c8702652511893d03

SHA256
628a12f2ebfd6d19731a8a362956c95803f1d909293f6936542fb458d8be1a39

SHA512
a49c1632af45f2a938c2752aeb67e254e92a04bff91affe95952ba7960a60ec143639565790898d55a5ac4d5eb34c2dab1b93e295840d4e30cf3b16d913a7806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb

Filesize
136B

MD5
fe382e791274914bee5950777e4f1fd3

SHA1
53b523b5fc87e66f2520a0b5f9ea080072668f4d

SHA256
935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132

SHA512
a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
249B

MD5
c12d4f6882fc1845a933010011d88d13

SHA1
fbb866ccc025f91b76c6bef00b16c077ac268579

SHA256
c8dd7baa8a10c2669117e4060ee8d12238159d263979935f0cc5d26ae11f879e

SHA512
44a673130e89c9441bc92bfafdcd1753b56e6a45aa052f5450a3bfe1216698686d9bb60c93d4c23c6a3a304ba6eb87224b9c46942cbd3a3524a71e5e823c4eda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000004

Filesize
117B

MD5
63d832bd47d6e550eaef754596d8fdaa

SHA1
3b11fd4048f84fe5143057e7e90a42c4220e1807

SHA256
4dd9ab33b9f8a5aa6b190ee3a88133be4d10b5dfdeff0c3ca060b825ff6420dd

SHA512
586287b26249591e5ae5ba0847bfcb3c3c4bbfb0cef433ecfb2052bbf0f37527bb72ddc57447c37c6879f50a28c96575b911fd121c3f145a061ff57ccacf479c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
5d5d5ad7fb6036656fb9aa70311de9aa

SHA1
8a7607b8748d81900d55f51eeb93d6525897bc8c

SHA256
38dfebcd7d0005d86aebff6ba775ee22a5dca26a94bd409b0107a660afc56886

SHA512
e16acb45385c1ed9682b8b4e1f995e3decf36f297ac89a476deaf9ec3ec6c60374e880e396a92d66a552a5ad22367655b4aaea793b5bbfa8d8261c4db36c18be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a09acec8-7fa9-4114-99f8-a666dbdbc208.tmp

Filesize
4KB

MD5
eebe626f24d9f315b196adee04995293

SHA1
d074eee83b6d1ee782a2360206559924d8e1ae51

SHA256
2329cd002cdc9b229b9eaf0f4e957d697d9ce147d915b75d2ce5be3e25e510aa

SHA512
5a76efd36ad3ebacf48a5595fdfaa50c9e5d296e2a4d5c1f6a612b3ee4bffa47d121c1a74a7021a5a227e6ced5f98788957256fef7a6c43b57a0a9b8dcc9f39c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000006.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
247B

MD5
f4e584087d25a997e3ad5891893e0aa2

SHA1
f44edc8597a6dce96955e990c6e2020350ed9d45

SHA256
51db529466688e82686b9c0b062ad75b1fec5e1f4c9463656826f0f9392fe8f9

SHA512
8ee1eb57d1261368ef0581884a9be0a8f8a585fa254e9c7b99259c9b268731994df2482d67239c6eaae4967c2bb7321779cbbd9a2c3c6268f12e5525ca8631a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000004

Filesize
50B

MD5
494e626a5079642efed0f0c7f38bd4ef

SHA1
0cbead74a33ad551eae3b25c213d3b080535589b

SHA256
9ce8bd68fe0b86c0bf2067d549e7b93bc1c24f12bdfd227aba521e9d7e704436

SHA512
659bc9699799757dec5b257d78949d378caf03001890f7ae24d28055cff7175d85f8ea14393048aab1c0ba460082f568e5f4bfacdb8921f006f98989293fe78d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000005.ldb

Filesize
172B

MD5
fc496fa0be2ef759d8f66ad47c4e8aa3

SHA1
68b12df8934513df301f12586a6bb59d5f7acdda

SHA256
22e9bf1e2d01ec2b6b809206dce898fcfb5d25adf821535c48285ff55c63b41c

SHA512
082c33facbe89998d8ecea89fd11c76c68cbaff7da0449fd64bf2df57ec08629bca2efa0da006e8483dd985292b8df3f5c46cd15cb95db83233999f92449a27c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000006.log

Filesize
34B

MD5
e6cb57d5ff2bf19c00df08192817ef6b

SHA1
bd8c86bec20eaa0915605e7d850cb5805854a19c

SHA256
bebe07ffe315ac15b01f6c6e696ab83075a13918d37f860e7b0a8f91a5d9667c

SHA512
0f6b83a5ac94854550b02dcf705a6f65745311c10335585a761896aa95a3498725be27bd3067a1ad455e56533317cb4559d3c39fe6ec38063102ec9d64076745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
abf980c476cd733789b593633438b034

SHA1
bb5e6a6a7c86f551ce18a3f3e8c821506db5898f

SHA256
463437ff2707b87ce36b1a253c2592ede31b7cef6ea0db4756151475bebeadac

SHA512
2e9a79d3dffd29d13db5e2945599443f3cd86c51ef471a2e36d95f58bf8b8223d13a741ad24803846666007c37b2823cd6cd3b04d9071573ef7c160f0ef8259c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000004

Filesize
84B

MD5
be2a12b06745bb5de6254b2592d8ab20

SHA1
19a3dc035140689628e54095af6c4b4dae44b55d

SHA256
29e140732c7fc2d81fb1f506cc94386ce55f27446f9277e66236080cdf6f5944

SHA512
fad84027f46c0d4e4fb0357c15d77f7a86c941042ce538e0e89e5b8c477ed3cb46e262e3a3da186eadbb266c9288965c7299b4dc2a7ae1b346230dc48a7ecdba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
a52ce6813048836e637e59bfdc62640a

SHA1
0d0c16ce75749e8ffcd5c6059a182edfd9862c17

SHA256
9ee7517c43c094d7feea776452c414789e5157c00633b38751c0f4208327858e

SHA512
0a2cdbf7adbf58004160addce890d994c50f16d440fabc83b83234cec6c48550b60e121b798667e20467863624cf43f3cbbb5fe32024360d76337f1212eaf74d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
158KB

MD5
936cc9f7f481ada51a1fd62a20de9b85

SHA1
c21262490d4ebc4ed144a535ec8118fff300af03

SHA256
66cd7d7b415b1544dbd304308133b6b1b3639c84e0391d39622bd745582f15fb

SHA512
94a4590db759a2edbfa96b5e6be27074b79a860e7e3291f0fb9dd0b51af049ff49ba5d7ed76092fd848548e7b66fc7eba367566a336abb004b791a390dc2cfb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
90KB

MD5
94fd06101f49e850c7012ac344b4701e

SHA1
9aeda7b1799a3cda2797cce6b7785f5a467ae069

SHA256
0463b6afcb98cb38dc73f32baf73211ed084cff74de98f14f3fdea09dca50451

SHA512
73be32b69e153efbf702211532ad0a9f763e3fca962abbd247b6ab5502527bb1c51a449ecf253f65d96fb333df334354e07c54feb8f33a8da54b0730fbc8d068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
5B

MD5
313ca6eb28f25ea171e83eb8717d9f86

SHA1
539848667855ed4a3bb474a0569e8d7ab4950d6e

SHA256
746e213db7d64aba70854b5268abd4d331e455f53e021f981e1a131c5c082853

SHA512
5877e180d8753f03a99a88a1c1c65b8fc3478eae18928c1714c2986a3530335a642b2f675681995c40525939f7121dabf0b204f5a10448e26f25d57e2e5abb87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7783.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7870.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7923.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF984FD1D5719F422D.TMP

Filesize
16KB

MD5
4c91e6f57b9d87b7797dbdaf161b6861

SHA1
8d984ae07314ae5a6aef8de820149aef19b3f0ca

SHA256
899c1b546b2b6e50cfc650e8feaa63a058fa7b615cc88e3b7d71f891152f1ec2

SHA512
7f830ec17fe8dd445a1e4e67869031a49179ae64de2f11f35d90c42478ff5ea8a2eba7c567166acbde63ed4eb1d79e866b358f5e31e595bf4058c5e4bac53c64

Download Submit