b4eae4a432b105f53797fbd5fbcc2bf3989c23f90d779e49d4c3e44aae855930

Analysis

max time kernel
1800s
max time network
1759s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2023, 12:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Gang Beasts_Data/Plugins/REVOLT.dll
Size

216KB
MD5

04c58bd2e83dd1aae1ab2bff988f5451
SHA1

39274dc210b3dd8c7f0bf2d18b51df3fd4242f60
SHA256

fe302b9cf000b5b56b8f48df9a6737fc43b1c225db91306e92c779cae0d2908d
SHA512

803c0bea494f4fbbb7c7ec57d38185966a668d282da82d41cb2ef18ef5432e77655dc5799b4ce6fd1b1782099d056591bf77130bd71675468660a83cebb2f390
SSDEEP

3072:Ol0fitglyHjj+QqRMD8r33pdT1zlJwnaVQqqf+EhpdylEICR6x2RacJsAj:Owitgl8mFd339bwJPdybCRG23eAj

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4768	4896	WerFault.exe	83

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133324300909629972"	chrome.exe

Modifies registry class 21 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2890635272-812199704-3564780063-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
3760	chrome.exe
3760	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 4896	4508	rundll32.exe	83
PID 4508 wrote to memory of 4896	4508	rundll32.exe	83
PID 4508 wrote to memory of 4896	4508	rundll32.exe	83
PID 4556 wrote to memory of 4852	4556	chrome.exe	105
PID 4556 wrote to memory of 4852	4556	chrome.exe	105
PID 4440 wrote to memory of 2152	4440	chrome.exe	107
PID 4440 wrote to memory of 2152	4440	chrome.exe	107
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4440 wrote to memory of 2200	4440	chrome.exe	109
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110
PID 4556 wrote to memory of 3112	4556	chrome.exe	110

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Gang Beasts_Data\Plugins\REVOLT.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Gang Beasts_Data\Plugins\REVOLT.dll",#1
  2⤵
  PID:4896
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 612
    3⤵
    - Program crash
    PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4896 -ip 4896
1⤵
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd8fc59758,0x7ffd8fc59768,0x7ffd8fc59778
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:2
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3280 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3756 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5032 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4920 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4828 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5360 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4532 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5364 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5276 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5272 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5360 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5368 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4796 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5376 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4572 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2696 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2692 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5604 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5348 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2756 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1504 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1504 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2760 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5228 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2924 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5728 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5648 --field-trial-handle=1852,i,14393346357620855527,3557354570879653647,131072 /prefetch:8
  2⤵
  PID:1640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffd8fc59758,0x7ffd8fc59768,0x7ffd8fc59778
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1392 --field-trial-handle=1832,i,17679955166223099563,3259303584660322487,131072 /prefetch:2
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1832,i,17679955166223099563,3259303584660322487,131072 /prefetch:8
  2⤵
  PID:4008

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4596

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
30c8f6f3f0969a7fe5389ae215cf4c60

SHA1
bb5b1f9e19612588deaf6e9f297defb3049c02de

SHA256
abf5d86e6c69fdf81cd65d86ac9e8ec0103df5a1b60ab7be04b0babf87cddefa

SHA512
a186a00ec9fb9730979211b7534c5c157765e453f68182729dd906e309bda2ab595a826488d1190cd6d54519ae8fa4280b0814ec9e97b3f1d0c95db097348e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
30c8f6f3f0969a7fe5389ae215cf4c60

SHA1
bb5b1f9e19612588deaf6e9f297defb3049c02de

SHA256
abf5d86e6c69fdf81cd65d86ac9e8ec0103df5a1b60ab7be04b0babf87cddefa

SHA512
a186a00ec9fb9730979211b7534c5c157765e453f68182729dd906e309bda2ab595a826488d1190cd6d54519ae8fa4280b0814ec9e97b3f1d0c95db097348e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
30c8f6f3f0969a7fe5389ae215cf4c60

SHA1
bb5b1f9e19612588deaf6e9f297defb3049c02de

SHA256
abf5d86e6c69fdf81cd65d86ac9e8ec0103df5a1b60ab7be04b0babf87cddefa

SHA512
a186a00ec9fb9730979211b7534c5c157765e453f68182729dd906e309bda2ab595a826488d1190cd6d54519ae8fa4280b0814ec9e97b3f1d0c95db097348e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
53KB

MD5
908f31d9161795706460bdfe9198329e

SHA1
be109906a6f29f66183eb3279a5c10341104f928

SHA256
144d8ca174b9d23cf9c86310cc8b8389d3c20959d13cbf68d5686158ea2495f2

SHA512
95732f15a85c1b4221fd040941472c557a236d9cda760a3975db33eb0e1cd81994606de76563e8913ff15ff7b8c247ef4f891205abc1b3dfd6157d910637eb60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
8022d2804b7e86f94cdea644d7f71ea2

SHA1
6e0e619cc8c479f756dc51c7af25fd11bd57361a

SHA256
f9cc25b62a9b5dce67ea811445ea6d82c9f290f821c638b745a4f68143761d0d

SHA512
85ea0bdf69b7df0879bf0e98b47b2ba6f0e9d549ec09a9e3e6e2e485eba42ec72fb39a30aa7e8c23fbf87f78d54da3cdfb5eb581deb0a814ac69da349148bd41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9995a0f856de9800330e98e1a0c22b02

SHA1
bc557e850377ca603e326c50673367b40c305989

SHA256
f6a92a60aaaba509b267d3adb9002b6e5685cb148537f7d5e4b96006e87d66a6

SHA512
86233b2c4c25e50737f634f35c26ec93523a724c5f1064e45512d9a54355ce5df44fdd2126151890fbdcbae02e24a7ecb541395ceed349c9e1516e93d96aa670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ff179b00f7041d23e61b7dedd937aca5

SHA1
41cee5644ba9a18e9b8b67b65fba142eaabcfc11

SHA256
fdaa23a822ba10010ba719bf2920530300363c1b38aa660aa7d5d4da404c0e12

SHA512
bde49fab9f5b6bf56f9df124a9ea2a5149a84ce55d27cc15b4728bb4b7e5385ed14b48acf7d5cbcbab341403b26f6f4f7c8e751096d8fcf0874588a2e37689ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
31931dbe3d8d2077257a1e0c4e71cc7b

SHA1
be606b66e8a99a769d8a7938f959ab6ce9e0e453

SHA256
6cdc018a1c5a9a3b83ffb70704ded84e2f458260825156509bc70b79c6bf4c58

SHA512
90f952fdf2066dd61c937f23eb373c6a25beca97e1c6f120f1551d4c8ccc2887c30ad82a4fbf4f1e9b4f9ceab037f54619e33793b3403aae01f0d522efa6d5ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b9defc31b9ee4ba62a97bad5a41c2f00

SHA1
7e9b455e5698f61e3b7134940a2d386ceb343beb

SHA256
9ed07db2fd1199b19fdca05a2c3c88bd6c372a707cf6387dc23a494dc6ba8a33

SHA512
f9662ad1f50ce090f988697a4847e23fe240ac429b51b2040e2af8d15dd5aa22aaf36b3a8a19d6f5a0d83fc21553c918189bc621e7766589a4fe9f5fbf6d68f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce583f5989442c7a0de3cb2c9eeb3659

SHA1
67af513f20b1723932c1ad3d0e595635219eefa8

SHA256
af9d4ae6660b7a3cc8a6488efca573814f966926a6aea932609de9949f6e1bd9

SHA512
c3542da1b129ce6d04eb6003217ab18a95e74e6267ca2e1bf037fbabbe484e1e36de0d144e4d387f0b96bbb4267b5698280aa1bcfc51c4bdbcee99864d97500d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c24a36dbbf8aad0746b605ab417cdeac

SHA1
fed6cc837b1b1dfe5143132ff5fc92cad69fcf21

SHA256
58e0240bc9ada9f2831008d5f2690ee09cf3966e310f0795200c1081721c09cc

SHA512
f98aeb6b6df43d5457b6168db4edd4862180e6a10b0fb7cdb3ade96b88e622931e9623bb7184fc1f5025e419665137963fb0410cccc54b2c567d36d85f29b730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
f3af988bc4896de87c664e73df052356

SHA1
00e64c12c3b8141f4d52d493361600f104dc4338

SHA256
506ebbaa8e1102017bbe16fabf047167eb4dbed201ee9cf409bf7eb2523905b2

SHA512
7f9a48f765e744ac9a5379f1b11c55e271e270b47cf710f1f80161bbae2baa899251534961c32d5d5d5238e35a32d50b95bdc99f5226fa2b1441512899bf89ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
02d3852764d446b50bfcf6ca41e0639d

SHA1
5bedaf3908d63778e24b568cb2e560191f9dd481

SHA256
73921a95910821219554e4e479e3eaa7b7b270e64a9004d560ae701e8a5bdc55

SHA512
d95927182663198f34c67d65aec220d9a7196dad3efb19ffa17de7d6865ca6bc06b5907f437e60ec60345b2cb403e4296c800e72a80a03f1efd7178a96238d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b4efbfeacf7b89ac7b017f63731021b0

SHA1
87b31f71239aec211a11686e483afbf2a9ffeebb

SHA256
4e84098ac4459baa5249b90cdc93089649c073789ae00d39d685eb9bfa558a4c

SHA512
e091bfbb7a1753f806be9e249492727a36ebbdca499f55ad01e1827501f59f943fa758b551deab12de22da6aca8cd5432117d45c75bae4a4f616a0918fcc8646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aab5c60abb8a9dc57d06e7f8d65b8ccb

SHA1
e4c4f8b64c3abd7c561beb8e7e3a5f241ed75b13

SHA256
9eb7010bde9f72011b79052a041518126e36f5b582e6718cb8d2a153c9090b69

SHA512
04a0d69d4268d135b037ca266bf03947809a4b8f2deb8c850674def9bca946d0065075bef0c75ba1630936ce89f76191d3948a8d1dbcda43f59233c20c0fff35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ba16364a81a57967307ec972ac995595

SHA1
2eea9e940f82b00cf905fc173d6a59786ecf941c

SHA256
a8b159ae20471e9e8f8c8686da01e6508fb8a5ef755e5657305ed6ac5abcceac

SHA512
2cfbd120a9cd656cef354de3926ee31649fb1c9f9954e18e5f63f97bcbdf72cd2a190b4f14591e5f2f39c748b15df84ad7bff17dbe0d934f8de834e9a9bfc025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7867e06439ea954bc0252a08ed481ed4

SHA1
f83c4823cb17dcc14dd86c2fe1460a8074452636

SHA256
9ccade6867904e2a1d6d4597beb2a5bac55e2cc1f24ac8024b3b0d9339b12b19

SHA512
991abecd7ff454e09884078f9432284d84ed7cc9f0712bbbfb298ff72570f68dfe6b6c8ee17eb6b970c8d8db31fb1c5957253d543ee7b2b1ab1458e5a4034cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cbc9b0dc293e1953794e00c847331d16

SHA1
25321b958357e5d1f367339ccf24728466287125

SHA256
d39b4a0d253b30a7640607f6b1f3ec39ea2096e7d0d4a74a409a795ebeb88103

SHA512
1968150ad5860128614f68e6d2021197ece0368b148b2b240b4c498240978646d1472cb1c907253aa382fde332e17cd711e8e78f099f91598d475591c963208c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ff4dd68164d6703025d10abf01692569

SHA1
91a3c2a0b5cc5d57a4b12dc6374951e19a5431b1

SHA256
f69f794390894d0de3428a6f01d28baf073bb8414c659b734a1bb66400b11dd1

SHA512
e153f82fd75c61cdac3cace550cee75f36d730a6889bee81fc00f0aa07e68605f5beb02319b7d0602465abdbb7568dc096cf170dd7693019755cf17712525860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7f30b7674cb74798259f8cdfa14710af

SHA1
bf0b901793060ef95c5ae1b7a8773bc74f85949a

SHA256
c22cccb2d25e1dde8169584569a876adb48e2e9f9f84cbb4337f4b3a04a7a225

SHA512
6f003a9b829d6bb714bb2a5fa6a5a9f4eca85e78508641a084eca5f2df18d47523a909f65918074a99e773120c80e474adf55d00c56b323bdd95d00c2d8b0223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b9edbaaae51587acf1e6fc5543c59417

SHA1
69f3d5da96fba03eceba49edd89d8ec9a3fb2b80

SHA256
1605a1b0fbb8a3a45984735af1b24a1dfd2ef757a688961ef74083abc3e90abe

SHA512
ee12b0db89901d6408bbfe8fee826ea5156869bb7bf3badc3407085dddced64716bceae99c95bd016195d485d1189486f679c52b5d68e02f66f57b9e76f98f8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
202a33f47201e0f043ef05c99b735033

SHA1
03ff4620ea5b57e290435aa70c4dc318ac4b9b18

SHA256
b67a6b552448f9cc66758bdb7983a026a78b9eb6291f793c37086b4e5500ef36

SHA512
bfd7396ec2b3869eee8907ae57c9b16cd2da85eb38c6fba901e0396016b30f36f922d96d39d6858781b81618d11cd5755c6cbe7406a3e337282161162e60e06f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cc60cd2088d77149bfbb445af55ad2a4

SHA1
6c96ed80025966988ae0c812b7acc9b876fd25f3

SHA256
d1b8ae2ce38250582bbc9f81da2b9c6e55335e8197673b7963408e290562cd24

SHA512
f659f9bdeb87a5bafc02adab8964d0a358124328b523c133813fad6d2ba6c87f85bb0194f07b4136847d65f81ef1b4098b7b06e4805403175f141bfae4f550cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
99a0a8e5ab59124857e8463f92107968

SHA1
4c2a5c0290e6009a8cf1196011d6fa05fc4cd40e

SHA256
28ac40b5e9e93258d93ea6c041b95c1d2740f60876f04474f1ea2aa44100b536

SHA512
709cb2f1f50019c40ad2dc2d580624582731e3792912184ba4960092006b9f248767d7046e94fd606dc293d081c8f96accf7bf5b7f0f84ef34fdd7b3442234ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
20791cd2534ff4af9f7c787222ea921b

SHA1
a92cbef86b6384bc1993fb0a9dc5c2e3db6f18f3

SHA256
a1140616b6532518dceec29d19b2e362eadb26e99ab7b7586b8e85eff469474d

SHA512
04810f66848e031124a4a116baf980ead78cdd212edba4eed3b4180667990c1a1f6c6ac72747506230c43aa2a666df1aaed1f22ef5046b8a63684c3f6787b24b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e98d50f8d23baac67dceda18525e103a

SHA1
d00423dc2bb25a047b1ebfa558f14ccae5ad3c71

SHA256
fe447471fcf5e6a866c2bb70519f89391f5d835bd9793a04805140fb3f1e302e

SHA512
bc93e8dc17d640813a316a1ae11293f12649f9827d80597342099c8a5bb462e6d86d740cdf1f8896585b31243d63173cb0eeed02ac0a048fdb611c6bbffd28ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
85423e8e714b89b7fc979e7f911a3c6c

SHA1
8f20b380ac9df4cb2aa6776eb63cf083ac2f6502

SHA256
b65fdd0184b37e2c0d44d39c4a57340ae984e42796cb2aadcefde9e8b1ff599c

SHA512
937e7a874a66d2d41c145a9911b11a4a094e561cce7820dadb706789d436db23eb5b36b035a3ad1ac98f09e50fdfdd7dd0ec092bc02bff76c39c773f94ad2881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
88KB

MD5
4d9351de28e7ae9a59ebbaae1b0cbd7b

SHA1
3769689a2d38bbd024d52074b957bf1c651c524e

SHA256
89df2d19aa35bb1f5475ba34f97c8fb2f7937d0587a869bab4a4ceab5792c263

SHA512
e706061d0137f9762573b5476a4c6f77827c05be6636799bf1cd25aca13be2412edd3032431f9c0c81ea58338c175606c89530548776cab62bdf2d011494670b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
88KB

MD5
4d9351de28e7ae9a59ebbaae1b0cbd7b

SHA1
3769689a2d38bbd024d52074b957bf1c651c524e

SHA256
89df2d19aa35bb1f5475ba34f97c8fb2f7937d0587a869bab4a4ceab5792c263

SHA512
e706061d0137f9762573b5476a4c6f77827c05be6636799bf1cd25aca13be2412edd3032431f9c0c81ea58338c175606c89530548776cab62bdf2d011494670b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
e31f738a3e2dbe2ddadad567bfa35a26

SHA1
c5dfa001d9512de35a90a83ab70a2056f11c1f9b

SHA256
246738d24eada7981736f033574a04a8dbb1ac49b606e89eba7ab602c8680fe3

SHA512
f18e16422ee38ef3e2bdff17f7f78d9f256a8408c350532b32fe10804ae4bb10c556523c423a0f0fc68563d400ab592e3fafb59539cb0a6c006066049f6dd4a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
d0ccfbe3c316e43e3590602dc6199b4a

SHA1
e7f095f1393340c74d4ddd20678ba2d2060a3fee

SHA256
64930cc6e957ff0d0170c5ce72fab094b24916acbffb43c33458c152ad769fc1

SHA512
f8b2790ab8970238cf7535abdd61f2e524f93ef5e24079fab95cc4adb3c0402afa848f2743c9ccff8f15f4ac7e0de4b5f692113aeb37c8c28ce5626ff9f14657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
aaecb8cc106eb55c917eddf56dd50388

SHA1
18910dbc891318808dd3dd1cec60e814def39c26

SHA256
22946f7e69c3b7c23513e3fb504658f512955b2df35d009925c06cf6219ced83

SHA512
6b3129b8c824f9187692bc01d7acfa1ed23ac3a55ff655316a702aeeb8242de35498c91b6c836948c342a23f41e2c7d8e382d06b696724419f1c29ad71225b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
272bca55bce11c7a26fb22cf4da12d40

SHA1
f314d224fb324d71bed7ecd313d47778b6ea5516

SHA256
98293bac1afa72b71f6487c8ef9d9a576261d46b189fb005411a1013779aaef5

SHA512
2030f70927563d04737443919500eed4810da6c9d0101d6f98077b6b5fbec7cf19fdb7dcdda4912fa71d0a3d357cc65aa9d2c3e4f4a5ad748f9ab780f4f4674a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit