hxxps://freevbucks2022[.]online/

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2023 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://freevbucks2022.online/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133320841285331540"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3456 chrome.exe
3456 chrome.exe
4016 chrome.exe
4016 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

Processes:

chrome.exe

pid	process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: 33	1556	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1556	AUDIODG.EXE
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe
Token: SeShutdownPrivilege	3456	chrome.exe
Token: SeCreatePagefilePrivilege	3456	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe
3456	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3456 wrote to memory of 3460	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3460	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1664	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1412	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 1412	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4532	3456	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://freevbucks2022.online/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a8cd9758,0x7ff8a8cd9768,0x7ff8a8cd9778
2⤵
PID:3460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:2
2⤵
PID:1664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:8
2⤵
PID:1412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:8
2⤵
PID:4532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:2008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4876 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:8
2⤵
PID:968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5440 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:8
2⤵
PID:4952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:8
2⤵
PID:1940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:8
2⤵
PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=748 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5644 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:1544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4996 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5756 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2716 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4840 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:3968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3184 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3240 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3236 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:8
2⤵
PID:4556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5152 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5540 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:5028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3224 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:1920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3236 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:4696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3276 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6264 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6500 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:4624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6296 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6368 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6328 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:4180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7112 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:4056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6404 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:3744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7308 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7340 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:3796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7572 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:3544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7728 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6392 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:1312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7008 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7956 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:1
2⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 --field-trial-handle=1784,i,9604294126956684592,6333218922418194663,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3788

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x4dc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1556

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
293KB

MD5
f92d3f62416b69d4783606ee612d2f54

SHA1
8f16a4521c83521fad2a8006b6e154c7e04df500

SHA256
87819f1b09cd1cc19417aee75d30722fdcff389d0b3412c3f0ca34d70e8e4174

SHA512
26d6823456b4e394122673a2dc282359f171e05fbfe4bf07937cd9daa49c051e39714970b26270cde796622980b802471dbb097ea7425e7fb73fab690ec43519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
79KB

MD5
c45626af37d73b646692e69af119cc33

SHA1
0909db558ce979296a64f261694f8d6bfc243512

SHA256
459bab87b3a9033f70db0f0ab4c99e10e6564d89f463f05581da543fe04107f9

SHA512
92555c725985c1168f78d321ad5fb81d88481503be9afce0df839d5a37fbcb94e20af9e93bc1cb9bebfee65ef4802ae88fbab3af798571753b24b4dbd4049faa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
78KB

MD5
4668055377b5bf58a9db601d2f8fbc55

SHA1
80a126d95f2ba6f935f774c3838b3e01f39955e3

SHA256
4cb463efbb8853cba376ddc23d4c35b3d44e694f7380f03b57a93dbf8ff0e73b

SHA512
90c6ba1ca0657577a554993edd16cd083745bd2a68d04d60a759d712408dc8df852c833db56f1361494a363a4e908e81ad35dec0c684ee9c4d51d8e4229726eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
39KB

MD5
8877fbc3201048f22d98ad32e400ca4a

SHA1
993343bbecb3479a01a76d4bd3594d5b73a129bd

SHA256
22f8221159c3f919338da3a842d9a50171ddc5ac805be6239bd63e0db78046af

SHA512
3dfb36cd2d15347eaa3c7ae29bfa6aa61638e9739174f0559a3a0c676108ccc1a6028f58dad093d6b90cac72b4468eb1d88b6414339555c9f872a5638271d9c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
118KB

MD5
bd646f0d6da93f6332d4f1d86ee0942f

SHA1
6de9e58a7f4a177f8711cbbae26e7db92136359f

SHA256
dfaa8bf4b1c788015d7c0208419f1cd0776008beaabbfbfb1f4a86ebb7ecc57f

SHA512
82f37090c96668367f99aa76a35190a0ad9b72e6051b855a8142a03ba02ca76ba2cb31e8da98d1fa8a7a327c7e21237780dc24174ae962708be6a3ae5a1d1214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
81KB

MD5
18b0be617291025b3d502ceae36b2de5

SHA1
285926b29d7e22dd1523a9717c3da1ca386b94e0

SHA256
6a1bd1060beddc8b6c3b518b7f85580a57a8f3d843b44531d2e2d3e51b8846d5

SHA512
d0b43af44b78849ea6838af1d85560e8e6978ca836daeaab077c9fe5d5152089fdb3199a8159c3c561cb1f57ee222da81d81e43a7217c415de385743b7813a55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
30KB

MD5
621cf15eb9ee7413873564e6750c0809

SHA1
401421861f5012bfb116e5e07cc9d5e8bb03f7bb

SHA256
4e51d8719cc67c2d9106ea0e8a3e945249815b050956dcab3a6b9179e7e73285

SHA512
fdf1f0afc85a37bd95632ee102d506175ccfdb7bc4c7934bdf9cf6e5fc908ccdf80cb7ac6fb8d0aa60582d08ba78014745d8ffef4c78f036867b528c305c819e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
16KB

MD5
bf537ebef54c75143541dd6221ac72f8

SHA1
72ff972b044d607c2fe4b02c75038cabd4efdcf7

SHA256
f4edc5337dd3ee41165554445386df470b870f545e0078170e1fbbc96c6adc31

SHA512
b00794c88712d27308dde749abec77ffa067f7007063547951a8f1d436be3d47302e8a7b307436cb4c4d78ba5a8faf4fc8540b049c706cf3ee41746e5c9f746e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
36KB

MD5
5869c96cc8f19086aee625d670d741f9

SHA1
430a443d74830fe9be26efca431f448c1b3740f9

SHA256
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

SHA512
8b3b64a1bb2f9e329f02d4cd7479065630184ebaed942ee61a9ff9e1ce34c28c0eecb854458977815cf3704a8697fa8a5d096d2761f032b74b70d51da3e37f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
87KB

MD5
8fb8fee4fcc3cc86ff6c724154c49c42

SHA1
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

SHA256
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

SHA512
f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
70KB

MD5
1e3d14fddf0553e0b51f69cdccd4fd7f

SHA1
b36737e7d2a65815c40ac86d0502f0cbb8b9bad8

SHA256
9c04b5c034013c1a9ad5f9d9abcc1dd59e8237e3e09875cb15d328d20da961fd

SHA512
aa228ce8525b239c79f862f90846c050ad2cb918635d53115e71ff5d025a690ea240f7f4e57c5b1411388d2e952733c621183bc511194eb189219564d4c2dc94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
75KB

MD5
af7ae505a9eed503f8b8e6982036873e

SHA1
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

SHA512
838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
29KB

MD5
0e7e5f9d3a8ef121149827180b790b5c

SHA1
0e9f9333078e5df9245630ff6f68ba1d9da3c403

SHA256
e8e147e15907f25cad69b2bcf060213efad4ed04e0d36374715cbca17b2afc1c

SHA512
e6fb4856d43ac4d2dda6b7fefc89fe5e8d446bbb3fe187cfe1f49c8e24cc5a76bab505d5b6e7e70b84caa67d0052f02b136a9e99b5637ae19873d382e0432a16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
92KB

MD5
9ccaf5b58823d99642f35f2fcec71760

SHA1
241436e173f09a1692bfae7bc939cac4da6f153c

SHA256
db1f1626b1c241f172583acadf20928b0303f14ec55cecf932dde99a44bab6b3

SHA512
76ffc9bcbc4e09a9c0c1ce98fdfbb10b15e4803ab6534b3d8b6948cdb22b8bad12c447af524dd077a46583063543342a0f823d3f5a924e122ef51b42cdcaf073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
91KB

MD5
a57ed16ad7f6b85abf6ea8f76fc3af74

SHA1
64759c1c1c17bf8468b3a5e6f20cd6e0d57ac565

SHA256
e62d3a4ff8c7a9179ef11c1562d52e41f6db55520cf853dc071f986c9f8f4b65

SHA512
ea5f5f649b64bb6067e3e7c8e3feb7477ffc7acfd5c7ee4718a5c35a1b268f1e64752aac2d99710bf0817ef76f36ab10904fe0b416164613a8163d444c36c0da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\01e8482a6193ca03_0

Filesize
347KB

MD5
8efb966ab3aa92027c6c4bf90fa05f54

SHA1
9c7f924751ca1534af4f790a2c878238a4950318

SHA256
51af7d0937c356b876c0a08ae1802ec7127fc9e0a3d2e006ae3738daf2928dbd

SHA512
a0ee478ca8ec7131dc65724606131f49da1bde3d3f0733aac3223ac5053d620b62a314c04795810cc40f5f9d2ec5e0d9370d51c106d2d463c0bb29c718b52819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c63a2e5022db6a6_0

Filesize
257B

MD5
66d779d0fbd46004c9e617cb0b64e301

SHA1
4b16b22b4591ba0b6fe5ccf28cd6737673de30b4

SHA256
269e4222ff38ad1452dd1b6f1eb61a2156bcd2435746c0b41f5c1627e39a91fe

SHA512
d4299b3eee53e16c52e6196a7c3a4bdbf9d8850e45604728858664db88c77c9aa37bb58110084acfe4db45da852cbe7152e05f56876fc090af9b1e8441fd2308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
68f5fd9590e734307856b30d8e29e86d

SHA1
154c813c2227a71e5d4c350a1c8a1b8f1e5bf14e

SHA256
e8773c89cd441023e57727c5088dfb1b6b9fb3610d8276a0812d9cb43cfe2068

SHA512
a0f6f4523ea1da4fa39446045e0f8c1daf7fbfdfbce4010538af6390e5500ff19f447741ad2d330396db4c0071993cd854b8d1eb712ad18074dd8a57d3435da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c61ec6ae5ebcf5c55c5358ca335a1382

SHA1
da3ac0093eccb5fa7d759b91ea06308f20d11365

SHA256
ff9d9aea54ebe9106e68ce60251278d38bf438dee8c5199824aef44164cba5bb

SHA512
7a5f27dc533b81d4b5765605033d7b51f81853e4225c16d0417aa1e5fa388bb318fb74b22de00fcb2a042b6e1c1db305c046ab8cc675191f8dcac6e90bc4b24e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
6f1543257c510ba8e405642f598c87ad

SHA1
eccf54458d1862be4f07299721a5e796fb34eb65

SHA256
dbcc01c5e478ec5bd16c578631e27fdd8c3f9d34f5ca8ade9c520881a907e9ea

SHA512
7d7fb6b9df61fd8d5f2e8c6bea9a2c736f531191997ef86c4282a3c8db5e1585ef7d2d46252569d99742c60be798da9545b918bcee681da5e816558ec1014766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
828d85bee3b4367a8f1c1f2c55cae110

SHA1
f3d35be6729e46beb393ea66c0d2bc06f5eb76b2

SHA256
664ed3d8a43ed6f20f01e09d0d496e2f038d0630e7fbc5d461605398ca70a8e7

SHA512
92642794b0148949bd8d205c8032701fd50ac7cf7bdbe823a1b4a0eda5ef10ddd385bffb5bcb728c78e493e86bc5e3249d91f31954af2a4057e22c361d3ad3c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
361421e2b2b6f9af5133cf3140df594a

SHA1
2cc5b545f628b62a3407a796c0d89e10c0b528ba

SHA256
e0a88cfe0fda807ef4ebc9ed79b723740fe3ccd6fa8e5257acb133b71f11d2df

SHA512
d659db4c5223c96266255cac485c21e0114d8b6fb08a1be23e43b8f3dbfabcac011bce1c4b183bf8089a4fce2137576c52e71d3c25dd807ece834efeb93b8b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d880655da5df8dee7b49584a1a596c9c

SHA1
783af47995e13c30d146dd4a936543e0e20e93a6

SHA256
c4c8bf566be5fe997f14d9835b90933f8d99ce91a87fa31805ee3dcab962e530

SHA512
c1c10ddfa2a5d25e71159dd36bfd6669cd7b207a2b3d87e53f1248a9fbcfaaf8d07f84f13111af71cdde55d33f3849fb91ec89e95bfc046b3e4d0b2fc9b7b950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
3b8b1a035c814017e0854656b2b14fa6

SHA1
dd498742bc67c495fadbc0c61ce8f20f5b70d4d9

SHA256
2cd031357ef823a686fcba1a57cec653fa8492a3fdfbfdcf3a7434e8b81845f5

SHA512
d82ef2c68d691d1ed10b1bf50715a16e20c9c61671a1f6cf01a7e26768f715d16407ec41920bc7c72345e05809cb3b8d394769878b74f7a6f48e85e3531ff6f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ff2507fb18907d51699556388e9a4ed9

SHA1
d617a46730800113fa1b447276d03565ad319439

SHA256
82b0fa93b71400f3fee68dc45175d3590effaf2516bc5dd862e36c3451908994

SHA512
aab20c1a323f6f4acbd1ea3dca243a1d28d4aa312681a36df2784e7d0ea2d28f4f6e4e2241877a89e354cffcecaf8f945de630d312973efa691550841f1c3149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
996e6c6bed9b95d86b18cca7b2f41c3d

SHA1
0cee1567843a1c0ef0804366fa9e5e8060be4913

SHA256
04ffe1906021708e9d2add50de837a0ca2943c07a26785758040997126f69f6b

SHA512
fd5c09672dd512b0eee359e449ff14b04ebd2fba31af60d020dceaeb1399915382d58a25552c2c494479b18ca5757a26310c1fc9a20461034f32e8981b8415cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
92c4311205fe1d7e7304db9202da581e

SHA1
53af7c3cc7bad3aecd4e86689adeb875c892d34d

SHA256
458d5ad576394c8e7f35f5014f86c37b30db74dcf63eb1eecc476fb5ee472432

SHA512
ea66196bb84e5f815eddc8c02d77e719d4d00f890915275c68a231550a6459c09cbdd13139ff255477c576b9dbd45c635937224cc9bdf661c0918f35ee70601f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f14079afad3d938a1f71cd5d2b83936e

SHA1
a1069142872227e3d68c6ec5c3e0530329e8221f

SHA256
d669364739f9302a00165de0ddff4760caeb0ee94849bf50cfe1cc9138b6fdbe

SHA512
d60e976cea23643bc95b642158ca102be62d0de8d9d3b6f1e2feb470d26a33ebbbdf39c06269faeb54463aea32db15d3bde3c89106ff4bfc56075ade8c5ed674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
30c53c66c1e56829cc58a5c15a027e73

SHA1
af2ac22b18b71a508d7a08859f82b70ff77239f0

SHA256
7936ab68526c1c47b8a8618f60066d24c63d8b1672e781e68f2aa5de1b2f0beb

SHA512
f27c2d176c8f4ca55a5509887905d02efd1044c37a60a7be33aa3db76ed93105cb53c536a06382296957b9acddf3fd94da7c3db731ef7a102d211fbbead52402

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8b6aad9d5106b0bcb92f28c095a9351

SHA1
d41a524df6ff66fa5606bb7c03e10567a93b2614

SHA256
28a29c22f26b6d322ebb64059d2223d5f57fc30acb36eda1ff7b3c09f735b9c8

SHA512
47d039c5fd634cdfda4905e8fedb37f63e69eba19750491cddcde1e1b4551fd03b5c3eb07f037efc49245665d31b694e537d3625c8c16ff920ac2dd48ed0e5b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
977023a7e3b64fb8ae54e6369e672b1b

SHA1
35a8811522d196658632df0fd81bb86ed93034f3

SHA256
d3dde17e2cf2b572a815db1fb3b5789569789c54e28ffda5f9a65ca2e4dcba58

SHA512
b13a6b14a4e7bb3741724266d94b611314eaad0f5eabc58cba12919cfe07baccba61c7c88f6eaaf3b0616f1bbd80e48cc07ccc6ae9898fd511cfce58860815da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bd09afc007130a231653bdfac2f33292

SHA1
71eb7f514b4a6bd5fd996ff6f619e8fad694df3a

SHA256
63eb60885e5c71ce875b4093dbebe6dc9e700028d20267cd86396b7f3edae1e0

SHA512
330410265fbd794c9b6ea70215dbdbe3aec715ff0a64b3ae24fdb2914a3d38a4f15ebd8c76e53e7d28712e0f39077b02ffd0938ab8677829b65ffac6563bc149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c24abafbe2268996c9b947177de12758

SHA1
caa2b10e62dfe6806f50c85fc638b125864f53b5

SHA256
0b4f62afc862fe5cae2370a3abadd513eb0b124ec41ac4b8341c5bfc595d5d70

SHA512
9d173669ea8ee8bbfb2532519b03dc107c818443781c5bdc83785ef86a9d429222a38aa847511bbf55962a68867e135a7556a6623d361b5175934f08ad5477c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1f93d63b3981ced9cea0c14bd0423f2a

SHA1
c1c85a1c0ba34d4a274b26e97dcca1e86801eb00

SHA256
e3a95d4438eb37e361edbb4db778a76c1dd58e7f82431f162c8f245887018db2

SHA512
0707c1c51c625f6a0505468c9539e54699da1f59d75ed886793efc23e9c2fd62ee589c157928d125e56b9f100f473a001c3309de7b420f28a57dfd488a0e8681

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
db573ee06882a568ff33b24544251e18

SHA1
d8e1135be8602330950fe235187d06642c1beb22

SHA256
72ff80a21445ab87eeafb95d475e7c84a4d2bcf55e9add143222e8144d517b16

SHA512
fa1575fc16942b139be95d3126e15c2a3f26a53a22425d88f203f46b34b79de44c312246a1f2a79939f6f967ccbc72324d16ed7347d29192031811f740467eb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
22924f2c44912fc44ccaf4171125c473

SHA1
98870d6be60030399b1e0da9f1f91c701faeae4c

SHA256
7fe1ab393f2a53072f60c9fe502586435e5f9b1c3127ad5b95b54048b1bf1e60

SHA512
7c270f8c8abc915ae6bd8c1adc21b9937ba4d8ffc4d8b347900981d2928c2625c41cd947642670f1599a4cc16d279785f63fe1c953ef1e1e2d564b03ce525aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586666.TMP

Filesize
48B

MD5
49b069ddda4b6f931629787a1702852d

SHA1
348614cf733817f33ae03df972afeedcafe02eb4

SHA256
c61b8c72dffe09e6692183a55c72f7c410d61d92bc382a54359bfb178d5a4597

SHA512
068fc971d19f9a9538ab5a66eb669fc4241eabf0c4a746e21d3b6f902f51dedee8d843c304c83551a095fc9277d9d581b3542a7c7d9c0b29d1670832b4051edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
b126ee8701d67350d9d18f9c4dba7c03

SHA1
739d4465b44911823bfa9ca6850d4ce9ea48b300

SHA256
e3ad08c5976d0e9a605bf4cf2d6e5f5035b712b4322ce17868b148c0059aeabb

SHA512
bb3fb8c51c048d39080f3ef902780f0ea32e7105ded619f982e94c933e8fd0d459ab7444bcfb9985a81fb4bd655ef219a81fe3b7d65afdb045f135fb4658e218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
df0c91c53efd88c9061d87c61a1cd7ff

SHA1
a8640deb4a17275fbfbcdb19dc9054981f8a0c57

SHA256
84aea2b3a750dd92e4fd919570262087c52a0a7f8bc30932b8111093c1e0e54f

SHA512
c8819ebdb58027159b9b97f1319f740e3b6f4347f361a07f0236822a7bbc32b2ba74e487b3b466e026f8d5f410f4a4e6013c4593c62a9914c99b399fe9f7b435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
c3d56e1c44dadec07f899f5ba84879e9

SHA1
40d7824e2b421291e905f5fc6f710558eb5ddea7

SHA256
5fc87b2acdd4531fe4d422a4ac05f9a22abfcfeaf34153700e226575eb1de74e

SHA512
fc7678c1ad2d1b6f23e1f2b1729da6185d844440364687c2319f2d05666bc6ecba0b4ef002ade5bd929945ab632d3c8446850543ab717625486a955f05453a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
92e75fbf172dce730a4d975a74893875

SHA1
e4319a0277b85c12239318a249fc2bfb9ee361d4

SHA256
709afd77e9bc98c9a4d5049be701a7c68dbe178bc37f1b971f2221470add7711

SHA512
940cf59b47838f12f9ab5dd576270e4198388507592d38114178507787854faefeab29cc9b436224724a72454da6ee24ca43f17f1d195ab95ac2eeddc876aeba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
b2a1094bc3967d5778383536b8b83bbc

SHA1
60b798bb202ad19bb365f05d30eef3e6955b3636

SHA256
86419bd51782ccbac3cf21f43e7902a7cc56a3d4ca30f9560675dfef0b3674d3

SHA512
ac51a34cafd79ec5aa013ae85172282df456adfe77721efb6e39418428a5e9bee319f7e4e53036565979e6a657dc8466f56b83263f3ebafe14e98365010be100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
6b2178dc8bb07d19a32191fddc335b58

SHA1
157b7a3222bfb9ba183a6ba705e3db08c010d7f7

SHA256
70a11939392c57c63c56c02c5bf9ec05e4dc98346e5f4735370a5904a7ca11fe

SHA512
055a90d57fd4a13863399498953126ca52860295079dd6a3cb14bdbb9eac131f3d84020c655032c16b8a48906b8e78747f300379d8570aa44cb194c16c93e9c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e659.TMP

Filesize
101KB

MD5
ff0ee99156cc715ee522ebf7303e8858

SHA1
eac8373d1ee8634be3ec91c38467d8be666d84e3

SHA256
8d434ca5bbe3604be9ef7345b8a02901d9d8baf2bf00e60b1743f0c7c963f917

SHA512
ecd2414e4cd65f6162c2ee17fab67c0a2630f5e45aa56d756e8fcdc8bf643038a69ea5260fa08391806bbdbf8430a71084464d9de543cbc35d65712c0981ba95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_3456_LCXWTYHUUOKXHKEK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit