hxxp://dwrapper-dev[.]herokuapp[.]com/beetle-cab[.]cab

Analysis

max time kernel
600s
max time network
524s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2023, 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://dwrapper-dev.herokuapp.com/beetle-cab.cab

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133323568262334665"	chrome.exe

Modifies registry class 55 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000a893e3120ca4d901dc42a0a712a4d901f82bf48714a9d90114000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-922299981-3641064733-3870770889-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1272	chrome.exe
1272	chrome.exe
2068	chrome.exe
2068	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1532	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe
Token: SeShutdownPrivilege	1272	chrome.exe
Token: SeCreatePagefilePrivilege	1272	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe
1272	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 544	1272	chrome.exe	83
PID 1272 wrote to memory of 544	1272	chrome.exe	83
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 2964	1272	chrome.exe	84
PID 1272 wrote to memory of 3180	1272	chrome.exe	85
PID 1272 wrote to memory of 3180	1272	chrome.exe	85
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86
PID 1272 wrote to memory of 1796	1272	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://dwrapper-dev.herokuapp.com/beetle-cab.cab
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc459f9758,0x7ffc459f9768,0x7ffc459f9778
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:2
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1308 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2804 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5548 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1660 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5688 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=212 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3208 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5492 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4840 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2816 --field-trial-handle=1792,i,16395588727084348315,1773841786385519757,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4032

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5b9bae6f-480a-4ecd-ae84-19623444d9d6.tmp

Filesize
6KB

MD5
66ac89de9d66d27102ca100e7633bbad

SHA1
e56257fded7749eb1ba0422f4cb4a23659f505ca

SHA256
3901bdaef7fc8bde452a85c5dbd9417ab0b4a3727f0624b0fee2ca6f4d52ec61

SHA512
d0c26601d7fa7c551447b91b514ee5359469da4f44fb8ab72b75028e2a8c04eb05e99e8cfd6d90332a0b2c645f64978e3df17f6e48fc8d1041fdebafadc2b736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
171KB

MD5
bd9fabb2e7434eb9ebab7b28e33ec6e3

SHA1
a1cac8dd06b30bbec8c1f4c7348dd25ad4849cf3

SHA256
f6711de5a380979c740e0e42170aa58a07e1ed63b31a606b77844fc8461a31ff

SHA512
2395c72fb091a739f132ea2fcf8a34c85d5dd7935a9bdb0803df900b108085e79689f240acce0174b89e14387d21f8ac9bc1de6e3e85a13da7e96a47b05c830d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c08700d86829d071ce93fad987ec1574

SHA1
e308e28efdaeb153b680b5be4745ca9a71cb194c

SHA256
d4e747ec4d2925ac3c184725265f0916eacc7b6c274d13d60d251dc598078791

SHA512
5b923c36567862c85b979e69508cd3df95d646c1d05ed18f8f9220b23815648d4ee9f81896d22142450985ed3b0b2deb732f8830b4e0fa6a652632271664c557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
d15788f2d88d5651e28a19852d1d14a9

SHA1
26e266d319393e8a480a3acc4f6323dd532ffd39

SHA256
242b3a03f1c96991e5a889f11fe1f07bde86de1820b02bdf7466ebbeeae17dba

SHA512
e897d3f713eee2050a83ead6510724a27463d58de0c7c9b91b4744a2cf1afc96155b6addd91b3d43afb37329bc012f0948a7d326a7870dd02099fe0f2daeb593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
2bdd2c90df430a6f7ef1d185eb4712ec

SHA1
7cc0f378671f9e3bc0a6f266512d783a0635ca1e

SHA256
2559eca6c3457af982f4d8e3221d4cb8c29adf1f5b4bb72de855d0289db3639d

SHA512
deea5b1af45a124d47120dc085dbfbcac66abc72e9755b851f2b839601df83b3bf9a4afffed7b82db39aa1eecd6acc419272bcf919448fc1339e92c6bc7d2dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
bec2d1038d266d5ae11196cb2b20b25d

SHA1
9495d6f5edc5d6552d61d610c39a8088f95996c7

SHA256
0c0a8dee7b9af150a31a9731c25e886ec7a498c600ce4bc921ca0c0ec967dbcf

SHA512
6e31102786d2b79584806cd6449f9e0798787b6f9804e12b19021691de4b80207c192f05394d7362ffcf7eb11756d3bba466d4b290f9646ae66467e24f1b58d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5d8517244a2b4a01dbd542cf47301835

SHA1
dd7f9ccfe7849b3ec9666d18c65f2d4234888a43

SHA256
b4bde067a3be1d29e79851d32cc9f773048fbf1268731f83aab44e7f10d89a35

SHA512
65542c81bbb114184acb11cf3f6aaccc5969e4af63e04b9320bd7d7220ccc322844d1d55900ed1f741752d2e09fba5fada648f98c01523e8b6f1ae934c2b23c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c0b8d99329d740ff66e4825367e7c126

SHA1
42a6a6699510723ef2ce9a0267874817cee43508

SHA256
6bf78583cbb0381c846e820f4aa271ed0139d18c9d556a40d966e8ff731432f0

SHA512
e858c957cdb2475aaee0044684e964ef54fd2541018be1d5084460e6810dba56ce6fd85af604a766ea34854b8721a4bb229ef4baed3e4f367e2a587ff02d7828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
22c3c28986a1b2029088501d07806d36

SHA1
f5a9bd877fa4f8b18a929f59e29a3ee3347a7c09

SHA256
7834cda809f5544c3ff8c435230505c58ffe6c196e53c6313b654596273df2e2

SHA512
9a16536c59eed1f138db9dda752456340d1ba6e09faa68000b1bdce930315bc8911da9ed8334f30229d7bd47ef737d54aeffdecff13ae78a5e5ad30342d1232f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3907b35f78a1e93ce5b9f0f1fb8d35cf

SHA1
0f93bea56e99ccf966e4ea3fa476467adf65bf02

SHA256
b19d9eef427f33c9bbe7bccac6ee1a7e215fedf61245ffe7f56f0be1804394c3

SHA512
d5b145c18fd03a54279ec5dc197f3b26b3f3b1d6f1d992b6263e40532f664bb0f9f5384c8e6f8fcb1eff7b2b771df890083ea5f9275019694bef00616f05cffb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
4e7f8e9363d1f1a40580b1313e3b7fc9

SHA1
b477852f315401d5ff5d89b5733a242baccfea03

SHA256
4b77e7ea526dc8bec877f6f4570e0b2e279f11a98e1d172d7e663022109f93b1

SHA512
93da331f0b9fe23fdcfee203b38be4c08d997b847cf0f4a4f18784b728b500527e3fc6479c139096cc5255fe2baed9ca0f1fd0e3339eb7fd0367d112ee795022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a999574ce6a1209222ed98b33680bafe

SHA1
6a049f930aeb76f2188b057d3fee0b1536571f0b

SHA256
fff5f496be916eec04c231a2f2fc0cdd4f1b4af146bfd7e6d97aa58c8c6d43a1

SHA512
95084ffbf54e69fd94efcce26969a967ffba73c458de1578c970ed0c99eecc4323ee2f79d42b3069300b45ccf0eb8d44954d6c09d82ea73436debf0b1835722e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
807f8cd587147f253b3a7a920d140ebd

SHA1
7be4559c187a1d18fcd882617bb4c93d7596f68c

SHA256
900fa5bc2992ad88c6b69c99f31d5ac12a61f38b70bf1c0340d738ba68f610eb

SHA512
e3cfbd8507ddd9d79f4a31cb3cd648ba64b7300ca6cd110d372ea492d3a7652c7aa42951568e69fd79ec59da196f276588c421aaf04356eed868b412c3aee30d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b399915f91e25138df446df88aab19f4

SHA1
92bc90d833a544b5171ef2eb3fab2bc3405096b8

SHA256
8fc19619a9b77ce22a4367909d8478ba2ed17616ec417907e50ab2ad6657ac93

SHA512
ce4f943acb0a215aa9aa7dc109c2db9ec9c6a1ff594d9c3c2411774fe9b6e1dfc183ccf3b82fb18f398bc62c183302fdeedaffd68ac5ff6fd4594e889b583bf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d247dea196932cf4bb497724b3ef46ea

SHA1
40805fdc9afe7c0f1a139f2e7ded898cd380d9e5

SHA256
dacb51d0b6bc28544c4029c407f3309a63386fafccc4f184bf99046a6540a940

SHA512
8a3c0870dd5bf8d94aed3edab950d56690a8b2c6b56e1351153f732f8a3e814c9807c7471c4be5b3dd0d32623e2dba585d46e745394eb0b1c55e4c2349fb2b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b258cbf0c497dfc6c810638d3bd19076

SHA1
6c2d5f52bbfcf54a2f9088ebfd49caa4a372a260

SHA256
854cbf69875d5b6660fb0f1af04cd9313c69010a89df1861fbb97f32b8f8a62a

SHA512
1bf7cf1775c5e8d19947c46e1a8a71054a634ded34d7923e9309ca50dae9e7167126f920393c12f94ca829aba4bf439cf2360dbe468a5705f9ac3afabac050f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1e26b5f9924c1e3fcbe7df43c418f2b7

SHA1
1ad4ea6dc283ec615e7fb41715eeee67f9f2447a

SHA256
0174f32222b0d4a9e7bf225dc771bcf1aaa5435de1c79511625749ac22b4a129

SHA512
626910338dc05321f3944c1b3118e68273eef6d81c19129960ccad24995f96f4725a5acac8838dcee7fbbb5c1e627223c5acca1a5a2b2b225c07ffdb8b8ee5ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
93404594b97bc9e9487fadf2464e7b09

SHA1
325d9e71080ea9d332a3dd02d94b5d5f7f364e0c

SHA256
5348ef87dfa811eb253fe7201809d3e6a4ac61e8dcc8ae372c8e5ef5a93c7b31

SHA512
2f0f236c862d5843064858a413c8ad5e687bef2d509d14b43b58eadda9f9b9f3a2d73e80fed70c5b87d101f9dfacb52c0fd8b0297561fae3e43ea2bfdf623b49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0f7c260442d9c892a5fd02d82ed80c71

SHA1
8005f1f0329f699ca8eb23e042359cab7a8bd8c6

SHA256
94b968674538a15df54220318344fc29b4e914df85d68022a80e61eb6706a0e1

SHA512
20b2f15161db6e9972271835597570775a77884719360407f541225bbbbe2060b48349ea7ca73d4171403dd24d0caafa60240e28a57f0210add871472a8aad5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b1f6.TMP

Filesize
48B

MD5
88dc629edd3770adee71d320993c17dc

SHA1
140754fef99459967f23abd65d170a35458799f2

SHA256
af2314684d55a7d7cecb7775e473327c2df9a8887428e93934c0881748537eaa

SHA512
5363f3350ec868bc117e66f317eb5e3a710661c44a68c7cd01d73631669eba551cab020f5d9973c7a867903ad221e7d9c9e232bc572683e96e7ea9a1bc4ea708

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
7b88f341941cc754e0b25bffdc7ed13c

SHA1
5432095ce255c2a668369d2b176eca96ef512c12

SHA256
6f8cb58d710119702d4d573ba612b0e0f85699053c6f4841b7d81480b3ce20e3

SHA512
20b1869acbfd8ef8ce45032d6c5a141eca2d22af79fd52539729a500764ac4f7a6f4f5806fcfab71c6201a685bb021080efb2788bfa135eddcb8c06c86ea0258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
b6f380683f910dd2340a1f653682f8d8

SHA1
aa4446fc57dc649b5e242612684508681f68ea7d

SHA256
df20e1d980cfb786539c5780763de979b18c9555f8e2260642f82cc593d12ed5

SHA512
f75dfdd210897713fc7579f5c66db334d8beb82791f1f969f76a040cc79aef58adadc122225928f250bbf4be94d9d45ad258771c280e3cb77000f48ef5d06f25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\beetle-cab.cab

Filesize
12.5MB

MD5
6179e6dcdd9d0c1223a7dc76fc350e37

SHA1
856799db415ba9ef398d489e29e093f132fdc0df

SHA256
b5a91d9c0614412d975e2e2ce82d5aaa3453ed467bf011fdd1c8ae765d6c8c1c

SHA512
68932db6fd20ca6844be729217cfd94f6e715d89e74290a400c94f87a30bb08c83eb254d3d0e5b38e90bbd84870a59d37756cffda707f25342d283c251dcfaf6

Download Submit