hxxp://thepiratebay[.]org

Resubmissions

14-06-2023 13:55

230614-q77vtahg66 6

14-06-2023 13:51

230614-q5vsgahh2z 1

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2023 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://thepiratebay.org

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133312243421054908"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4238149048-355649189-894321705-1000\{803FFF1C-B72F-4948-82C4-4A63A011881A}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
2888	chrome.exe
2888	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	2076	chrome.exe
Token: SeCreatePagefilePrivilege	2076	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe
Token: SeShutdownPrivilege	4532	chrome.exe
Token: SeCreatePagefilePrivilege	4532	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe
4532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 4832	4532	chrome.exe	84
PID 4532 wrote to memory of 4832	4532	chrome.exe	84
PID 2076 wrote to memory of 5044	2076	chrome.exe	88
PID 2076 wrote to memory of 5044	2076	chrome.exe	88
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 2076 wrote to memory of 3804	2076	chrome.exe	89
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90
PID 4532 wrote to memory of 4476	4532	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://thepiratebay.org
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90d0b9758,0x7ff90d0b9768,0x7ff90d0b9778
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3820 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4844 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4852 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5492 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5932 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3048 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6016 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5764 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=944 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5476 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2244 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6080 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5612 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6220 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=880 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3248 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6268 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6504 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6176 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6000 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6156 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6092 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6760 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6232 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6176 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6512 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6772 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6544 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=3224 --field-trial-handle=1828,i,3695652282842446369,1219511908706494706,131072 /prefetch:1
  2⤵
  PID:5068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90d0b9758,0x7ff90d0b9768,0x7ff90d0b9778
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1824,i,16114931946681001103,2541177550999654552,131072 /prefetch:2
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1824,i,16114931946681001103,2541177550999654552,131072 /prefetch:8
  2⤵
  PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90d0b9758,0x7ff90d0b9768,0x7ff90d0b9778
  2⤵
  PID:5080

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3364

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9b77ed0f-1f31-4841-9655-a1cd62dd489a.tmp

Filesize
5KB

MD5
e9f18dad07f286de541cda07ebb4562f

SHA1
dcd915216ae733e74e47bca16328ede169d0f2d3

SHA256
fa80882a86f373f222ece043f24d6d8929245b01b056afeefbc6078036648a23

SHA512
80b06f73fedae271697b7cd0934b164e7ba6a4fa959147ece73b27de278ad184d29a63b531c9b6783b840016d4eda9afdefee789fc539868bfc1bfc7b68da2ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
26KB

MD5
249d5bb8f8d5fd948efc1354d88c6817

SHA1
7c912d3b06643207404fedefff09fafa13366c0d

SHA256
f3bfe89639b988ecb00f0cfee2f14749541d67e96bd6b6308d6e934031db1352

SHA512
17e97aa8dabe8bf0bc4219c23037cc3a421bab469b75ee05e004d47bfd6ea55034110641c8ecc44d01bf18dbe4755c43d394a3f6597d0eedfcea2a625523cbf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
38KB

MD5
1e450129c968afdf540b2202d2d999dd

SHA1
4574b6440b074d4ab92dd8b85cb62e8e51733a30

SHA256
50c5e54cfefb45f1537c13155d2a8f69f2ae386b45c39967370d994b3eef2343

SHA512
5e51fd4009ec821b63d8b529fbb4216b2985cf8c26cf8bcd51d2d5caab922701cbd969e8f59ee6923ce0a345417de4bc7f58195aea863f392b6ac35fe7ee04a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
26KB

MD5
7f8aa1f2bc14e58093cbed973afa8141

SHA1
88c27b380b4c903e6115b8625991a011182baa13

SHA256
e36f1580b12ec6922cff8b0e0fe1d4f4105b42a30d20c0888f50cf195d74f6e3

SHA512
77f282bf043af92e204b454a6f93fe0983e08a1e424695e1f5e1baf31999957e310efbbafbdab1b2c1de6eef5f7c4ca48ffb49e8a9254311c61b941429063928

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
35ae7c64ea43298f41fc349ecd203fe7

SHA1
a344c2d4c1ac65b3540d7afb6907d19f728de77c

SHA256
9cbf854967e825f083deb092215e8a53b4a587b53dc49de1f6ffe20771842582

SHA512
8def7dbdb8658ba64260f04d6678f4c2b3db8ac03feb095e28773c00119c58014156bd52196708e474f4a58163e11e3f2f2a7078199e6c2e2163961ca0fd0f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_thepiratebay.org_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
cb22835d12c74369e822f00368b35e30

SHA1
84d252d8c9079cc989b410408dbe404dc96e26ea

SHA256
1dc55b31182abfd0c9f9d9bba0091398226c29507bab2c0c2a93ba37dea0d62e

SHA512
62bb5e42a8751688fbfe0353e0877d849c1de24af5a9959b57e69c123a62ac16bac34f60d5ce4fca669efaf4717b125f7d31dc110d241538cf8907be28e54abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
463d32b3a7ba66f28c41dd3b25a4fb1f

SHA1
422fb500bea7276db558e5e84c281ffb7cfc3468

SHA256
608dd40a7da3b7d3aa20281b73b72fe678c7517a083eed259e5e3d25a657f484

SHA512
38134c83d3e0056798721a6178c35a11ddb626f621d6ff9b3871be9449e4274669cc440332e50378bf10fe683ed22b02d6de5d116b89662094e8fe9b00c21e43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
0955800ea3ac21445a5517f8021622c8

SHA1
8efdb9ee5edb21a93d468f7df6723a390eb56764

SHA256
ef3bee662baf91d902b956194d9ef0bc51af9616133fe49256ba20f480d50e96

SHA512
c580f2af5fd60b3ade27ca0a9323e64ddd3af122b272145896620ce11138dd62988d9a86baca21591e98aee191c56ae21a69bf4c22e2b5f2fc1fa3c81bf8a02a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
131e4dcba798842f17db7d470f6a9995

SHA1
0a34299dfc5f9839e1afe6acbb6ef1aaa71c8aa3

SHA256
256ebaa56c79c7af520d2ad86ee43df965868c709ca14c6eaef26d9d9ad059ba

SHA512
50d35d23803364260f4cbc483c9c3faac76485fc46bc2b93494fe2533e75d70c4fd7697ecea281bafc2b58616999396bf9d97b9f5555c5787e45d56ae5d9a416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
fbb03515b4146e21847c32aeee08db50

SHA1
0fb81ec30d17c5248fd47224951ee7b7fd7853ef

SHA256
aacf90d56b231d3271c9099e8f671543ca985ceced66ab8e4bee35da8ff9ba49

SHA512
aa456a1d2281b66665a38d4e9ce1eca5ffd9894db91bc03010e0a7bb3e4fbf0aae1f44f28435c7393882d8dac97c269d82402f42c43c3b71b5229d35f2564f10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
8a6f2c2f07ee71e8ac17e591ddc6dba4

SHA1
46377b68364881bb3120cd72b3492426c4cdf68d

SHA256
20bb789b279a8fb182c1387c9c6f56dc64e13dd46399e2b7ce0f60205019f664

SHA512
66f5328f557d49eca62be205156e670abd9919d1ae2448d3c918f284dcf580e36e399a0f4e3dbe026f833f609a18be34d7b79bf54b76c949b473fdc48ed87cd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
de529bf571cd22b2ed630bf77d3b0457

SHA1
61417f9e4ae10077a76ba3f92def6236ccaa1832

SHA256
527a7baa92eaf59637404337b1bc50559419a5d3b1b421d9dc69ea4eeed9265a

SHA512
a757151449051d897e0bfb815f4c6944f499163a5d548ceb31f2f0409c1495ca83163d47b4e25b592fb5b4845528ebefa6a585101f079afd61c6ecd8e53d1d15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8b8a50033c69bc427901a9cb0f9ffff2

SHA1
cd7581dc0bbeeafb614401234fdbaf5cc0c87ee5

SHA256
55ccecefe3bde754d4033f1da61549a02249ec3497c75e10fb2fa8a348d3bd6d

SHA512
2e9af554adecd27f146a5d65eff9e1401417eb1d78fcf6d9c582a54b7e1f8346bfe2978ebb8da722435e98f519001cf755a5611af60e58b4cb4104bd320cfec3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd6b38a495c8bed30bff3c76db00787d

SHA1
8507bb8962ab9cdad7287dc627a85891406c8c0e

SHA256
a1646fce54283672fa31f419bc6cc4f98043bec808b00ed730c167d88b45a96e

SHA512
7c53f36e08b04b166ceec8901c6affccc02a0c91961ed314f6115c510b9f295b1c5c2b134f3cdeddacc1f6bdbaecea2a725c739c5bb5c4361efcaddfabb6ff8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0ed688f9f1ef9656bf8d3ea82b80d370

SHA1
288efc708ac657ed4a10e618933446d9cf75c414

SHA256
c5a735053ddc345a67c6dca90b232a12d937648e79ab7dafb95a1b283dba0da1

SHA512
739153c204164d7060ae3cb3695b1d7dafa1b600de995f2fe7b64cffd065f2dc1268d0ad1af5a64d5a8d2e72516239da0366d2a905d787630377c6b8ca11d618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
445d149dca6705c819fb9b8cbb65dafe

SHA1
9be5e694d0a049d138de27ff85cb9bfd7bf1aa77

SHA256
bc6e874069e1b3f96a49870c13d3d00033b23e4b161d559125187c2b01db183c

SHA512
7bd6e4c14ff7ef220d59b1554a1782c77101c9d7977d13c0d254bd59554ed766b8a999728086072d16d24ba5d2201b294a766ea6757fde00d76925435230c8a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
fb73d2cdfa4c5cd2a2ee4d9de42dff2a

SHA1
43c4082ad6e3f2f1a0933d55c16d03247754512c

SHA256
73663303c8b312fee2142710f3636b21bb6673b9c6a40f471e03d546cbf09bd0

SHA512
4d8537e4b92d4fe1e4be8d441b6bc67dc42c6390e39deee75897b74e366a7b3fcaa20de25ca4e566549754febaacc8f991e22bd0cd6e028be80891a36a61b0b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57801d.TMP

Filesize
48B

MD5
143358ff82fa4a2c74e85f8a63feaf53

SHA1
3c417a354b5d7caa2f56fec24b0a4ffb94b53132

SHA256
dfca137bb3f590c7b9aa10f1fe9244cbb6de5dd4de6ab1f16d22268d803fe8da

SHA512
78ae4d96dd9737bb7ace70dfc018c8320fc477870134b32b550e284b264292cc74890fc0e985c1075305a1a53bb5c137d9c26bedcb88b2a4392470e0864e6fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
f1072145d1357604c453b9eeaf867065

SHA1
caaedda78c0197b3d06888dd61e243082747087b

SHA256
4337a45b65fc03e76db27d6a10f11692d6dca88ff57fd0f2174af184b174036e

SHA512
e5d59cdd68c0573857c0f881c8900a131dfa2aff64959348c55ba794dee525db9ef1dab66f6b9651f22800b9f779742e771e1f646cf4b413f0ec7fd1bebb2ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
68fec7399134e25e0301888dbbcb4fae

SHA1
602113241930ba7be6ae65115b9ca9bf49be941d

SHA256
f5b580e21d559770b5652ad427a9ea6bc3e4b5d186fd6a4bc840d809210fcf69

SHA512
fd7d626e81f7ec274f4baa85abd2b5e006cc54c70ff400bc5224ea35046c2fc1ca705eecd8adfd739b0a3092f1b6191a34748f96998881d9ed9e6e39f9f31fc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
f1072145d1357604c453b9eeaf867065

SHA1
caaedda78c0197b3d06888dd61e243082747087b

SHA256
4337a45b65fc03e76db27d6a10f11692d6dca88ff57fd0f2174af184b174036e

SHA512
e5d59cdd68c0573857c0f881c8900a131dfa2aff64959348c55ba794dee525db9ef1dab66f6b9651f22800b9f779742e771e1f646cf4b413f0ec7fd1bebb2ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
55f9bf1b7e0f23e9e24a53f628f641bd

SHA1
848866ad04b7b5585150445ca27e67eaaac20a91

SHA256
14cd5b9b610d86037fc995d6f624c17fdc7e7696ac27ce621ffa83ec788bc4d1

SHA512
329a1adf842ec4072c3a06a484254aa1661b063e8500878692bf9b9e474b71affdb46143b4319f6b9ab5ca5194d03a176f2fa2f8412c85d0182a6aca43f764d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
ed5baaf757341e9fc8ae4ecc35d94143

SHA1
3ed9b6fb6b3a7eb427f62b58ad8505c2d29d5368

SHA256
98a2552666586b9dbf8f09f9902ebd2a919ebd809c43cc6e8acd74475132befb

SHA512
e991759ef330fe58482f0ee3aa858d0612efff8123e0817c5707cd5e21b1a695971182db5c46777da91477c75ef459a6264173b22f74062c29c19c3e741bc4a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
4431c9994b71963f26a086a8cf23f978

SHA1
624b4f20cf7481b67cfbc1b4483e1e3f46fb3e95

SHA256
05fd4c5b5adc1f2f079c99f56709b9b8c78c7582b3be2534c7ecb221ea7f8d38

SHA512
c8782c77c574b44514510aeae93a353ff61a566709268b834949f7daeb77dbd74b6c2bf60edc4316c864e8ae610402a342973a9625a9161667f1f94e3cec8be6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
159KB

MD5
d86b7854165edcb21f8428095c6774a5

SHA1
689b9a66bdf92f2e29404dbc5373d4125e8d0201

SHA256
ec76f419a3d43052e27ca21fa0bd7782b91f00cc7903106a4fbc36dd041b5fd1

SHA512
c13e7d08d1ccf6afc662d0c63feed315f9acc1bd9df5f2a9d088249595629bacc85e14ea6a1cb3417a960773ab2d8351a99bfb672777e91e37fcfa8e8564551e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
cf53b884164ca0e63b85913aae894c9d

SHA1
cb0022c23ebf05476342211396d5880cb9262f2b

SHA256
52f89be5d4fabf39ef568f883d901795358843bf18f49d520dddadd8243d2421

SHA512
9b49839431c54b4c267d580af7f3ed2c1c283bab112910a0254df6b1c4b14fbb11329176a644b375d1a53e617c9c220a1545c9abf2b3443d4ea11dbbce1d0b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
9a47670be3aa9e6e3cd9476e9774000e

SHA1
713efab6ca7d6b03c84031c63ecce3f5ba7767d4

SHA256
58dc5620ee3053efa299378605bd95babc49860e8692b7896cf73f91a75c34eb

SHA512
3f919e8a417d19f5d588cd55dd961dafccfcf2a3c4b56eff53cc51edefa8fcc17ea29ef5079b9f2a2d345519facdcdf765a15457dd7be2428ee862b5da5286b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585956.TMP

Filesize
101KB

MD5
2d26eac14e5d29d7cc39c90cdde7a0a2

SHA1
64d26000fd273ae71792d13a661ae3664e09a1a0

SHA256
2b0c1d5b0ac91fc131c0bcd1248e3c57b5e9f59b71f2766ab69f7b9b59535abc

SHA512
bb128e659d2f0bdf8770a996f42f5e9ba4233c0f5a34071c038b3ceda8bb392c745fdd1e09e8319f785feb73f8b8452d73fc3a60042006b4f7fc3ad521c828c7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
096fad6d83ceba7485db0f88489bcb47

SHA1
b0d17681b8a8fdec5b269f77d527808b58352871

SHA256
30080553b6dd47c6972a599a47c56e6a9026c20c61c7d7170e1e15707758fc84

SHA512
13f6bba9b0f66abccf959757bcd8e5d47064a977e7471d44e94259e85c4389d564addeb5dc51e925a2d59a73dd82bc6c5f20183afe78c5459349e3a34b2dcc24

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
79eaf0850ee687ddda0a7865d2a526fe

SHA1
b79798422a01feb9a536cda7189038d8d7c2ba42

SHA256
61616abfe93d72da13512c90607e902da1f50f5521f53a8be65bb482e42bbab4

SHA512
0e7a8c526fca13286a0ec847d00d07f895124161ddd0f96ff33dc725cf12f3b51aa9256be6c8cdc8ba849080fa122830561c0865ee6587281ba3fe167018c00e

Download Submit