hxxp://atkncvs[.]me

Analysis

max time kernel
133s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17-07-2023 02:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://atkncvs.me

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133340342738877789"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4176143399-3250363947-192774652-1000\{F72D6CA2-B326-431D-9D5B-BAEDB123D429}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
5280	chrome.exe
5280	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe
Token: SeShutdownPrivilege	2372	chrome.exe
Token: SeCreatePagefilePrivilege	2372	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of SendNotifyMessage 58 IoCs

pid	Process
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe
2372	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 5064	2372	chrome.exe	37
PID 2372 wrote to memory of 5064	2372	chrome.exe	37
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 3384	2372	chrome.exe	86
PID 2372 wrote to memory of 2044	2372	chrome.exe	85
PID 2372 wrote to memory of 2044	2372	chrome.exe	85
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87
PID 2372 wrote to memory of 2920	2372	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://atkncvs.me
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde4119758,0x7ffde4119768,0x7ffde4119778
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:2
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:8
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4928 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4960 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5560 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5728 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5972 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6020 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4064 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:8
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=820 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=980 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1860 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1612 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3268 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5644 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6132 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6512 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6252 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6248 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6800 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2720 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6216 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7292 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6676 --field-trial-handle=1880,i,15624806031010152963,11233383173923375695,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5280

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x150
1⤵
PID:4908

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8823ea62-4fd3-4b8f-9a0d-c99f4a4b97b8.tmp

Filesize
5KB

MD5
451425cda67119aa4b5f63f3a3926aaa

SHA1
ce18bcb38e48ffd0709c48e25fe413820e9ef556

SHA256
fe069c08b3dbc885824534a6ef57bc363b73316db0a2664b58bfe2ff3b778960

SHA512
9450daef733e2db3565830000a30428b3f0ce6f7a2bb861ee7d99a07966e72ad43248c94fdc9db0e05b5c0d0bbffdcd86e95912ad8f43866b629a42641927947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
672f3986a380efa58bc1e878a39b3e63

SHA1
47deebdaa73417bfecf2841e409d511146a8c28f

SHA256
f59997a50f2c2de3cd209916205a8dde23607e3ad1b38d3d186ae57400290379

SHA512
3d6c6b2cb8942b875073568e3d942f13012761cf718b0c51b4f3c0c979e9fbc1f8507c85de49a27467a8484b39b08b877454984ef628afea412babfdcc22d125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
5bcfff6abcf50c9eae38b757aafa9ed2

SHA1
17a272c9a164676aa6d4914ea73dfd712d76cc7a

SHA256
e469b150c758c81579435e9c6e4e0e8a8c7ffcb0fd1ed26a9b9bd5be4ea6d34d

SHA512
e79ff86fd250a0b24f1c7692b590e003cc23db058867ff832233b24e408659e58ca22ffd43c18f585ee7807787dd89bb172e86c3853c5de6aed56f868305e088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.mcafee.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1fabe85a-6550-4893-9fa2-563a6d523186.tmp

Filesize
4KB

MD5
74a10af5dfec952fb8e1c82102807612

SHA1
6c562c83af757b4b7b22a36e3d0bec2c53b37fa5

SHA256
f6f98eb0cdf4f8294bc5c08f3fcac8625a1ea54100f7347f010e08a454071579

SHA512
d3c11def7d0f95fb738dd41db2c1603b5699dbcbe9b281153425e3ce8df0f9db39ce07c3a9ae2a21909158ff733cfb289c70a522d7fe0ec56547b413a8caf99e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e0dd0a33ad0e17ae59a59ccf4e04f133

SHA1
4e17a26aa13611ff45e53a40753b972abb6dd255

SHA256
bd9bed5f62ed4e4634f05dcb1fd4c43c2937146ed96d0cd55b0d7432ba2c4256

SHA512
3f1145b5c5259178e17a59000e156152ba654e09258cd78b076f02fca7c4051df674951598d1cdfaa3f1068f93464b0a5ecbccccdd0936714ed19d6d42ab27cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
be3954235a09c06a9e51aa200a9aa392

SHA1
86aebe344aa2e6eb1482e9a38f3a13db575f9d84

SHA256
14dae8f0780546ab901a591c67b1d046ad1fe1e6b9814c1e5f286493e1721e0a

SHA512
c12f7077f325e20b201cd3ba5f59295d209ee008e6a6a7492f2f25de79d83dd42e106cac8b86c697a513a4793249f7ced1cc3ef5c6e2ce55ddfb64b0be8c79c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1a0f17f211a5d287fe350e73fdc395b2

SHA1
9ca3dcbe03a10ed05f6be6ea9a4ec06360f8a979

SHA256
c453ea9833e8bc7ce2d6930a6b808cd299ba564a7ffe5e3148c24a0868d05b0e

SHA512
fc50cbaa32f20c612932a69830fd50841fe4307f0bfe2604041216830d5ed313838bc533cf621324b10412a1de6ba9473ae127a53bfa6aeee2b92c1a1a3abb1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d5905a26f040d600be20ee9437533b2e

SHA1
cd932f8e3e61f1f89630f29a80560b2091863cae

SHA256
bb94fa7b807f41b1e06c5aef486b0bc78037f64058559f0b34938f3fe43908e9

SHA512
220cbfc7660269b916f19f00df7c1baff3ae6614eb7c83b1c7dada54ee2169b2b754ffcf860ce192d66ef71157ecc08c15e430577e4ec4009f2f716e7607d3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e41bb77da3e99de817de61878bc37fb2

SHA1
318f2568584bd663b0391ca9f254d32eddd5e482

SHA256
45bccbe44e656bedf21ac8f44c9b73e1c220f8ae2ec30afdc6b4b83a73bd1403

SHA512
e5f86608df9fd7ad872e81797b88352fe72773ba8ef93d930e44d4f1b5370c42dcfaffc80cfb66abc8b07c88a1d1f4105c6ddbef28c0a3db7d3357f15d81b396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b13a8b684d6cedcac0f9906feef152a7

SHA1
1fa7ea9327f5c5fbe072e385a8dc2a97e2524b5e

SHA256
e011241cdc59e2cd5ce2673ccdb74875e2a42fb33b8c5e5b9ec632a947c6a775

SHA512
a1fb7ba79d8819e604ca302f19dddc9b1f830c1f2f518a698c591e3661e3f5ae3d4f8108e00566b11d95ecec2b8f0caa264d4af25d2785ee30aa0442092b010d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
39c5e96cb21c4097d1d5d0cb244ec739

SHA1
c47142d8d59acb096c218cb82eeba7a17dd0392c

SHA256
425cb92045d5eddad0dca9c0a2631f7f18b3c070bcb32efe08d72ca5e71245f2

SHA512
bc245192ea8b04f67d45c7c09c6c262a82bcecccbfcc5837368d8b893ebabd5b87e14c625324fa7691bd650df1c2432c784285daf929a95ef5d38962a6a71c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8dbf7aaf980bc0274ad3630e370de46e

SHA1
9e05538bcebbb738acc69828a5d9dfd05284586f

SHA256
96cdd11ff87e05e6b10831680726d6f70fe02ba794fe63cbd3da0180fdec5c0a

SHA512
53ab9ef3b49271c14205a9e5fb7019c1870eec48439207e2f4813b4a292e81839128b7db258771627a424bb096fb249f1d0c30a0366b26d89808a7a27b121abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
734137f2ce1397fe86c1aa91f17de62b

SHA1
58bc827de24bf05b71f58c5f0e37e497ddb4f685

SHA256
3ba73efc707ae8c4aad7fca4fa475eed7dfe8c44e16a5928409ffef5d27b462f

SHA512
861b31bc4f47c35d6555c189d9171b9029ace794ca1536440e2364357edb0002b51b622d144d2b4d11984193973e13411c45c3f606a8f38b70b822d7e61c6b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
64c2a7277c6a6e8fdb6726da41de8ad2

SHA1
58319cb61c3313e9e98040001f911e8a0e8aecce

SHA256
0a5a098d41e297aab39d0d6082c68ba5aaa6fd0126e7a11c06ede3adaeb9aaee

SHA512
031aac1a942ba3163fded63ef1bd9ba75a741d21e4195fb008a6182450c51bf1372b2581670ea2899ffc9f7ea634c3bd4f6840c4e60336f833aaf0424c4b0ca0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3006ed23caa694d1584d438a65cbb136

SHA1
556edf5ae582fa03d6b6eb15b8a0867a089f38fc

SHA256
6a89449c83da7d39416fbd550bc724fe877eeb2f9f19cc495313ca46f2cd5fe7

SHA512
06ca83ac02d3393f6f0fd08ba1fdf95b63840420c50adda652ebaf016ee62131d3177128cdc24ee6ab9a6849bdfb65254149297137fd642c7080de4fb323d40e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d7aea6adcd708edc0501b726182bc1e8

SHA1
13455306ea973ecdf1c3007e930671be518335a1

SHA256
c9ea84df159d8744a116d7d5921bd6e8954641e28d4b64594f58ee749b3743f1

SHA512
d119059b56ebe10e485b12dc496390834809426e3015e47281e1aa8127585141017e9ce955c56edc58f3c916cda9ad42b1e265cd698ab9a3884b4234f4796a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
bdbc991e1e63033caf660725a862e909

SHA1
54f9a6a58eb3285a1e8fa8f3ce5816efe8f68d5b

SHA256
46d56cb94ebdf05b1f3e25bd5f3f2898959c153ba70057e8ad06aae8ee057d6b

SHA512
9dd3573ddeb7e2d2a5ad3bf17c9958ab49f008fed6a9744eb9bb555d129035ed897ae6182511c35bdc8ebfaecb1e240259f6152c9d84f5277ff9ff0239c0b0fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c238ffc2f828fb50cb346f3365b6c7ed

SHA1
884e89cedbfd87332472049dd9161db914f96982

SHA256
8d297fdef5be6b275428545ac8ad4f144dfcca953f322505d915b9f4c661f379

SHA512
397f086f805fddac763b8062ad897916f775daa8278532a50bf4956f2e058dee1020018f4a90e9e9798b0dc376f28a70798b6d86830e155708aaacf53d3f5b07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5865ba.TMP

Filesize
48B

MD5
ca33ab73a123f951f8b50bd8e4f71b4f

SHA1
6ac33619b43d573bac73fb7e01c793792bfdcb35

SHA256
26b3d999c5efe109eb4081d1afc1202ffd88b6e2b6cd0c7d9965952efd688f87

SHA512
17d257c1fca3f09146f25a09c3a7d9362e2c6cbeab7c5e0f6126ca29edfaeefd878fc17e201b0d5e595738fc2f771d37f5d42044c12182cf680d650976540db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
83c0ded97f2ad7851b7e90882cf56478

SHA1
919e3f0c1bad99cee82d2ddd754a61f951977c16

SHA256
192dba1a56872eee9a8d6838bc3882235930656d4175dda9dd315ab2b8c0944e

SHA512
efa596cadcbb720e057d2dd663b170c1117f48515f569237acabf5b887b520049b0fee5f8b375d20a4655cf317bfaf6465e46645cd5607e0cd75e47dc0c136b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
ee6cdb894644860a5f3c02bcd735cdd5

SHA1
d91f37aba34cda8611267b7d23aa7631031ca699

SHA256
2259b007901ab4610313d56ac179b5fa700209b6234aec45ed26d14209c6dcdf

SHA512
455f4a7b9e50ed9944c49efbc35bbc4448a56bde7d8b8c09c10720d9485a5e3d51d4b2b9deb1d19be395fc6f2e94f99288cf386987f5a698e04f3fcce9a5a254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
7b5ed5d6227b12d0e6fa0ff7cc8889f2

SHA1
4ac1735baa9ba99a6546f43a333a411fa67c30c3

SHA256
0d0f27190eb14760e8555c6face7e85aef026d2e91d2fbd348b6c2226e363eb4

SHA512
cb5afe1610a896b2543e693c1ddbc26741bbec9d06d6fd49a526a35f4d61b33493a434dcbb23ed1352c5fb4dd2954283670e42964132f49940fce828bb946949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
bfc840865937b605732c5f672ce08eb5

SHA1
23df93f7d87a6c553dd1209413ccda722d8135a5

SHA256
71791ad67cf44b6f616e0138c31ec74fc43f82c13b3a71ad1d3e0e2002e6fd96

SHA512
cc06d9ac0e79b0e4724f22785d24a82c9cefd628976165ee828c1e4e5229080e8354002e30f9acca7282b02b9c955036133132e1c6aff27d75b95694faccee12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
df2fbd76d4ea108afe0ffeef51996927

SHA1
560e235207b7ee996d9dde1ea51b6c101e1b3f1a

SHA256
5a9e411fed0507e5789cc444d41f80e475043d2c861c7153f677dad5a4a7b1d1

SHA512
fe2a92348962103dd5891ad64b012df5ead43dbc651c08161a6fe5e9fa457ead3023c642d437ff8944c869a636bc6eb1d4192682675b2a2f2a879d1956bb5b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582eac.TMP

Filesize
98KB

MD5
b31e0a94d206db93d4ee725cd761caa2

SHA1
b6fdb6196290edfd57b3f49acf30e9a1eda4101b

SHA256
13b82cea83b8a58825a53d8b83dfd6944ad559876d07d296ed99f97bfedfa20f

SHA512
4c7fcaa7f3ffcf787a4c3572a7c2ddd58f3c8cb0b27e79b2084a17196b918c9a73b6685411578181c20ba07391da751464a68327714ca5f49fd12df96493330e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit