hxxps://www[.]reddit[.]com/r/GenP/wiki/redditgenpguides/#wiki_[.]1F921_guide_[.]232_-_dummy_guide_for_first_timers_genp_[.]28cc_[.]2B_genp[.]29

Analysis

max time kernel
1800s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2023 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.reddit.com/r/GenP/wiki/redditgenpguides/#wiki_.1F921_guide_.232_-_dummy_guide_for_first_timers_genp_.28cc_.2B_genp.29

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133328002964092140"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-508929744-1894537824-211734425-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
3600	chrome.exe
3600	chrome.exe
5612	chrome.exe
5612	chrome.exe
5612	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs

pid	Process
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe
Token: SeShutdownPrivilege	3600	chrome.exe
Token: SeCreatePagefilePrivilege	3600	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3600 wrote to memory of 956	3600	chrome.exe	86
PID 3600 wrote to memory of 956	3600	chrome.exe	86
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 4124	3600	chrome.exe	87
PID 3600 wrote to memory of 2140	3600	chrome.exe	88
PID 3600 wrote to memory of 2140	3600	chrome.exe	88
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89
PID 3600 wrote to memory of 3032	3600	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.reddit.com/r/GenP/wiki/redditgenpguides/#wiki_.1F921_guide_.232_-_dummy_guide_for_first_timers_genp_.28cc_.2B_genp.29
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa44469758,0x7ffa44469768,0x7ffa44469778
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:2
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4548 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5376 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3352 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3972 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4692 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4824 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6252 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6584 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6468 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6500 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6832 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6800 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7276 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7484 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7652 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7604 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7312 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:8
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4944 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8096 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8516 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:8
  2⤵
  PID:5968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5748 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:8
  2⤵
  PID:5964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8484 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7640 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2728 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:8
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7892 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=1656 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8592 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8768 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8804 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8600 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=360 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5176 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9112 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=1784 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7096 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7896 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8728 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8752 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8568 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8896 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7188 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8684 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9288 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9280 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9496 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9500 --field-trial-handle=1812,i,15382171725078002791,2798185037798392971,131072 /prefetch:1
  2⤵
  PID:6000

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1324

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6092

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ec87e197f339946dc0faa9b85ea11c9c

SHA1
a2a69fb628f1dfc0482d91833f2d1b2be7b4b0db

SHA256
cb2cdf345748b4645f20e8c00fac9968abafaa1966fb387d68c3e532b70b2dbd

SHA512
8db7660d39a53cb5302b65f2c964980254258eaa49956442500060bb55fe0e6395f7c6faae5d6fc441b53637c1fa14584990227966f4a64af3731d5f23d531c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

Filesize
171KB

MD5
7a88e1edbba1ad7bd345eb14f1377a59

SHA1
b299cf2eacc2d17d1f2fbda9391079b6f05fb022

SHA256
3f6aa29738172f431b8e2af2e39cba0c2f91583d7bc23f988c7b7b35975bef2c

SHA512
48870540a5e7aedf4513610e23dad5d37ff48dde92909345771f7235d4526893e65d11915b46191e62dbe6e9bed4626215703fc90932bdebed356568c1557f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d927dddeeb1cf8dcfc0f5f90945e6ad1

SHA1
f4eab87130a807862b07d424edee90765d95cf2e

SHA256
8dac9b875b5048ca6529f6eac214d119ee5991504c568b47ede6a5f90562adb0

SHA512
ec3c665a8dd51a3e2f365c2a54184f231d96fd3c7ed91084879e6459d439c4abc0484f60298ecca237726becc89bc24d14ed0a7f13c28b9e0da0c2c402dcef45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fd5e9dbeb4db2cde121cf887a54a4724

SHA1
3a0296623f7db42d0293014b5a203e0ae7cb1bee

SHA256
d36befb43891b3e13cd2dc24b62b2f95c2d65142b7e8c121388c95db232a341a

SHA512
307693d54a18d673e75e1d7c9debc72eda2bf4cf8a78417b5e906712268991df505711adab42928f25b81f4b27a8eea95180938e5cc29e0d488512a9597763ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fa0f47dc7853913f71c51b87be6f30d7

SHA1
eb9ddc416b20d730fa197f46ab949c51a6b76e14

SHA256
770bd75825a33949eabdeeb550faab01b0214b69cda5dd7f7a84e84de173a89c

SHA512
6b54bae16a6f6d03824e61e59ced3f5fd7e74bf602f6544f72e6d26b8738dd484874e427f82c627967c150b1e152711bc8b1f57ef5f71f6d60186eafa8379007

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
eb8cbb5ec91501910ab3c2b9c2c1fc72

SHA1
ed75d71d9a890660c50807224efac2936a4f06d5

SHA256
9b65071cc554506f7c462a08c08e72922ac07e66ab1f296633b39e9be74c70a6

SHA512
ce08e1dfe5a19e24b30b8c5bf7327feb3d94c91bb19bc564d4fcd66bfba6c529994f977291406ea2ea42d63634745de1eeb06c92f55ab2728875daa6c97cf687

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
8a91b24ff9cf5cca672a00ca90f36bf5

SHA1
91eacd22777db129f61f9e49b5b62c13642bf8aa

SHA256
6ccc4f0518701b948f1e415cb5e1499ce6924798d83cd427fd436d226e15a163

SHA512
73612dd2b5117b461156f07c2f7f53861434e0d9a9dd1e777e906a91f01f4f3158cebd8177f2109060e6b554b23bae150b1759815718695b002bd5284c5a9be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
7348d2f8dfd08b50d95495bf0e6e0d2b

SHA1
eca03ec70f3efe90dd45eb7ee2715ee25d179b95

SHA256
0addc3a2091b97d1ff5fe380fe2d0c523a8482a8a36a9da67fa4fd600b5ae153

SHA512
d6e15c0e3e06ee5553ea8ca230901f5557828caaf9f4bab55579c0e673be50213ddc5999ed6137fb784e3c60db3c9fbd8f69467a948dd2f6301e37fb89438dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3f64d707bf3999539cd10681eba3c267

SHA1
385b7f64ec985a4576a99ff0f0ef288b40b42238

SHA256
373285ed49476c613aa7f3b1c3340c5bdb3a1615dea2fd0aafa8b0bd96616c2d

SHA512
bd6d724766f2e572333dc221e90c789fa8ea8495d6e34d7bc28a73cbdc5622c21567d26feff6c98af7f061c6e6091bcda21fc9f9c145bd6403587c22c20fe13a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
99a44d8895d199a39a93837541ad9aab

SHA1
c91d0b3b3388c91232347876c3ee95db56f85555

SHA256
c5bbf5480accb654318ee3258aca560a4cd41159ebd68556a7ee332b9679dfb9

SHA512
3b2b21618c1e44c914017e1553428de4a70f6912e3a1eb984af5229a3065dc296a1382ab4267c1e64e5cd27d47ed5f907c00d030f454be4eee3a13c430452e8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
91363c838a5be45f0c00048e763f7378

SHA1
3228ab1e7f902e2b6d7deaf9392bce20b6e93e40

SHA256
6a9b33904227a7546d16291906239e94a2ab03f0f43a98a9f267d118ff59a966

SHA512
53ade0391efa33f5a8907c5942ef47aded037fbb436d70fb2654f506d74ff771ab3fdd3ef269fd76f53dee67bd8347093ceb5b44ad6e743f1a67b410c12961ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e8d87b1aefcf9bec4e4374958fbddd92

SHA1
5fabdd33078a52a4ffef6ebe7f63aab7d1a7f0e5

SHA256
8c550d40b706dcfcece3899a7656def13dd01d570d21f3180fb9ddfda66b68ec

SHA512
d3a2bf78cfb01300450d101ce64e91d521ba661e46c4cc2c8abc8d7295597b4c8a797e4c9ce5922fc9ceb2f465087713c7df4cc4e054b4bd6d6af0aba78248f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
72444466f5a943fcae7dc7af7d0f8a4c

SHA1
914b91feb9f047872cc66b977386e9bcec423404

SHA256
81126112774063c0d9b39c6072746ee84aa88714df0692caf4fa7b6a694517ab

SHA512
6f447b9fb185bc70fd395d06f44956cc525558034a2cc4adddf9d54ebe93c6736c2610d5341a0743dea84fcd1307c952d7cfd8bdf57df65f2722ba0d149d7882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fccc6b97c6ea1f13bdb74abb8cd35c06

SHA1
ee1c914b7e1e6d9de9abbb89b8ae4b57a590050b

SHA256
43760dcedf26b1b7a506fcd3f51731be8b6cf69cfdb65ea075866b1063cc62f9

SHA512
37aef0fed4eb7d67ae05b27e35c16749bc933e9a972322ea9145afdbb5c8b3f204ae4108b4a914577b3ff4300282205a9f4b5077a73bcefe5e7651046e52f9da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
5666800beb0b8ed80ecbd54433e03b5a

SHA1
1cc20c5b709324b8f026c2b43385689e23db7991

SHA256
86a94ca1251d7053b6a221469240f6853607019a90bf33019af422777642d95f

SHA512
a4c9c161e2af4a7a687aecd681a65c79e9fa9015d2a66765f732b925278344c2a4f9aaa0f1e179d5ae391c3c3c75c68c219a3ab7b1a234716f952a334ae5e2cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9c8db84447f688e6a042fe99fb2001d2

SHA1
07012f6b22aa091377a5e3df3f99cf52c3757114

SHA256
14a2fde13a3b6385126117d2ec9ed40865827aa4f48de67c98776cf60e689a45

SHA512
030b750000892fa893b7cf9b249a1dcfa7e5d862125330c952d2380bd45fe47ea91090997345e759609e5714bcd9827735d2d6c5a42bf4446d0ec38594710621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9a81c9739bc01e8c533ac4a244df047c

SHA1
bf568c175015227d10fa7feea6f8ae929b780e05

SHA256
f38cd9c478ebbf2de5e31bf9469f8f1c4bca8a018ebfd72456df12123632b81d

SHA512
62f54519fd675eda20f503688b19046e92401174c5e673e85a68a67692d478b0f336f17545858a60d82d67449e7f91729941489ac4d769dfed68780c168296dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
66262ed3a7d965051abd10c8eeaa7358

SHA1
b2dbb383a323bb807f0fcb7b1c453dc577998935

SHA256
0f1e45ee1dfe94fe6ef8050a2587d7afd76d32ec047f6fdd6170ef9e48906dc5

SHA512
8508f4bb002e42f477221a66192f5bde08399cdbeb1ab05758a6941eb74fa1b53ab3300b5021f4b60790ec5954ce3674f37af5c251dd4f3a1294af557c76b942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6b612567edffc68decb8b9d2aefad1b2

SHA1
f73921537418351725949e6788257edb8011611a

SHA256
628a3bf4e283c54e5f8ea111da638407b926cc6b5c60c2399412da2ccfd0bf88

SHA512
d0f2d90a5466f3bd7b876488089f7393d3f5f0b729b8654c80d11e9d8027491716ae1a26f4beaa8261d1b9d4da2cd406aa7e2cf154f5e0ac0d6f0de3589268a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a71b92d46ba0df319d39cc3e00bc3a89

SHA1
00c61fbc70f46bd45ac6cd295cdb22642800ca33

SHA256
c1bc2b487cb279dac23413737ad188d062521067d99e7eceaf80c32243353a2d

SHA512
6df6a4a07b8906c9b81be1547627a69bbf47abdf5274790ca28f27dd0c2df772035306330cf72576e3a746e94589e26e7e0c4b36a05749bd179fddb7f6f6c62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c560c030b28dc8641d00595e276bb4ff

SHA1
347009ea235fa443eb5d63f3591fed1632238a04

SHA256
9a67f58fca32ffdca576266839f5ab0d26b9d8fb0c4812d5bebe5d902ec68795

SHA512
4f8c062771c5b10a12791750b347041fc3a57fa7a91450afae128b0f29f27358d7c46df74b6d3d4ee2e3718e6e1c323b3f2a75de7e559324fb417cf1eed25b61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
866a27ba6bb9fe7a62af387173a349a9

SHA1
4776df75e4750e120f4101af5684890455df79a6

SHA256
d9b790664a644eba630123bee0009263b5861430b26a121743e05fb0e46fa66a

SHA512
55c0af85967a6f4e3922c23529fb4bde49a639195de2d3ace905018d09b67e0d590690b90b6e57a5392b7971d3698f2397f3adb740f15fd7a5a5a5b9a833648d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
fe97a5d99b5c851aa6c1528de592f92e

SHA1
9de8f9e472a7b64f77f2216ca8a34ea8d01811d8

SHA256
819f66604fffa10ca44829b1840ef817ac2f6dd0524c91bf017621b6c59cfe71

SHA512
0ce924c2ffdbbd79efea1a4d8b69c10aeeea51cb15acc81ba0541aea235b8638e35457e7027b48829f3050cce76fa960c1a27466606ac84e4c28176ac1d3aa1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe572599.TMP

Filesize
48B

MD5
6ac3c46d0c63ea0c55a41667328174d6

SHA1
c6df017051562a97f29912b6be208c8ddcc597bb

SHA256
ee6a3fd5360eaf05b0c0750718b727abbaea03da6c2f38c629212e7b14bc83cd

SHA512
a8b1c997855e3c959a6f422616e07eb80c74b1d5d390e063786aff7b9b34b0c3d6685269cb4fdd43e4b780171c22e23e2f4a04842ac14848ac800ba5721f217f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ee75639f-f9ae-4c13-a46e-5de65b147a56.tmp

Filesize
15KB

MD5
982fbebb74714b36f638d9f3b600c513

SHA1
bf02de457a99d450796715bfe397289a144703ba

SHA256
7cd1e4e9141ed1c7f90b4e5f9cdd797aba1cd4a4b3e0bf7682bad7f53d9ec2ef

SHA512
1c47c01e699c3ead9fbfead4094438aa2ba2e34f23e37d762c4d33188caab288721af627ef8af4e4a4253f6abbe625ac2a568e055425cda1d94e15a09cedb00f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
e78ee9e23d00d6c81286f44f7eee3fd4

SHA1
7c02b14f2de9422796d61521a1aecdcee6ea74b4

SHA256
7222049be6daa180d9b9e59950f6e3f833a5934b478cfd0752e559487812bbe4

SHA512
3cd51eee39ee161f8aefad48b8907b003fa15af05504bbb6aa11f24e605ef5684496ebe68b03eb6640ff42cb8b4a7e2f72224bedd96054b64b2c4cda8d650c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
448b37329a48f56e8f96ab5bdc340ff8

SHA1
f8da3cd8811d146d09b62d05778f7b4087a16a81

SHA256
97e1c20344705f6bda0e15a79304edf8b5e3c0ff98126acc12e3ee6829ee2901

SHA512
820720f838b7994cccd982635e60cf963f2ff480ecbd51641a91473547684691a26b6417bf028b6599042cb6d1664cdca1468eb12c07de92d29c0d8287a009c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d2c1.TMP

Filesize
112KB

MD5
8cd49c5570b864ea6dbfb97f2760417b

SHA1
8e6a4bf413116d879ee0413feaf5e9bbc2f73b63

SHA256
c497914cd6eb783f4babe19a1c8472125a9bc2553e4e39b885f194098fd4ce6f

SHA512
091417ae1d77e34d86f43c58928c856244d963c0d8b3a77299b8e4383ad00a91d097e0b80f05844fff9a8e28b87651d1c5c436bf3182ad5624a41339a0353f42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d2d3ea49-a02f-4414-a45f-2a1c45e1ffd5.tmp

Filesize
113KB

MD5
cb5a5a9b677796b231080cac939f2abf

SHA1
24b1497ce7e598abee46f51ac1dfbeaa613b7069

SHA256
632ae86df8a27504bf1a8160aebc05d5bdac66e9593cf812ebf3ffd99d0f5196

SHA512
e61f2eb427566da50d0649c47599a07a461400ddbe39857cebb53b7a13a67c64c09589b9c9e108549702f7b1fcb8c4846bd181e88da6a8ce9ea5cf11b8979b71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\efdceb66-2e9c-4db6-ab82-29ad5f119dea.tmp

Filesize
172KB

MD5
9f7ec5ad9cc04d8e31ad417a9640531b

SHA1
b6d20f6237ce45f52552447c3fda3274e7a68d99

SHA256
36009b61949e7139140d15e1a8505383b58f36c915694224f68c4951ece1b3bf

SHA512
2b0ee5b5e2a88e109cac0eff85b3b90cbb3474b79f1f35579470574efb02b79fd7d7175b02d368956842c7e27462064a78758be793bb04f0d2d43507224db11e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit