9a6a575f3ede90e0c02b3aec16924ca07104163865d4639262b706b2bae2042d

Analysis

max time kernel
640s
max time network
648s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
19/07/2023, 04:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2023-07-14_11.51.25.png
Size

126.3MB
MD5

2fbd6b11036e6b33a637f69e85986b39
SHA1

00d1c70d12b407c52c61ec24b2da8763f1cb4603
SHA256

9a6a575f3ede90e0c02b3aec16924ca07104163865d4639262b706b2bae2042d
SHA512

f29801713a0f661200cbc21af4c1046ba8118c32be3a7ec28b5b5e944a733465cb70a1405443b316ea66c087d8be448edff08e47eae70353ebf815866c45edd3
SSDEEP

3145728:YdDP9K5XlDNFbtdQ+ayiDJVmK00lMdnoBQX3Qp:Y9P9KVxNphiD7mKhlMd3X3Qp

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
4400	winrar-x64-622.exe
5052	winrar-x64-622.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3708	4448	WerFault.exe	80

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions\Cached	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Internet Explorer\LowRegistry	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions	PaintStudio.View.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133342146982262685"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200"	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History	PaintStudio.View.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4448	PaintStudio.View.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
696	mspaint.exe
696	mspaint.exe
4448	PaintStudio.View.exe
4448	PaintStudio.View.exe
4448	PaintStudio.View.exe
4448	PaintStudio.View.exe
4448	PaintStudio.View.exe
4448	PaintStudio.View.exe
4448	PaintStudio.View.exe
4448	PaintStudio.View.exe
4448	PaintStudio.View.exe
4448	PaintStudio.View.exe
4448	PaintStudio.View.exe
4448	PaintStudio.View.exe
4448	PaintStudio.View.exe
4448	PaintStudio.View.exe
3216	chrome.exe
3216	chrome.exe
2764	chrome.exe
2764	chrome.exe
4252	chrome.exe
4252	chrome.exe
2928	chrome.exe
2928	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4208	OpenWith.exe
1544	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4448	PaintStudio.View.exe
Token: SeDebugPrivilege	4448	PaintStudio.View.exe
Token: SeDebugPrivilege	4448	PaintStudio.View.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe
Token: SeCreatePagefilePrivilege	3216	chrome.exe
Token: SeShutdownPrivilege	3216	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
3216	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
696	mspaint.exe
4448	PaintStudio.View.exe
4400	winrar-x64-622.exe
4400	winrar-x64-622.exe
5052	winrar-x64-622.exe
5052	winrar-x64-622.exe
5052	winrar-x64-622.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe
4208	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 1936	3216	chrome.exe	85
PID 3216 wrote to memory of 1936	3216	chrome.exe	85
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 600	3216	chrome.exe	88
PID 3216 wrote to memory of 5100	3216	chrome.exe	87
PID 3216 wrote to memory of 5100	3216	chrome.exe	87
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89
PID 3216 wrote to memory of 1152	3216	chrome.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\2023-07-14_11.51.25.png
1⤵
PID:2908

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:852

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\2023-07-14_11.51.25.png" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:696

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4448
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4448 -s 3908
  2⤵
  - Program crash
  PID:3708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ffeed3e9758,0x7ffeed3e9768,0x7ffeed3e9778
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1396 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:2
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4496 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4768 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5256 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3220 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5276 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5280 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5128 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5684 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1712 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5596 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6140 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5660 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=1552 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:1
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5076 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5344 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4716 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4544 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3128 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4524 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1908,i,12897731254835128327,6692128296558297761,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Users\Admin\Downloads\winrar-x64-622.exe
  "C:\Users\Admin\Downloads\winrar-x64-622.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4400

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4436

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\7bfed26de844445c9e9e645e643eefe8 /t 2904 /p 4400
1⤵
PID:4484

C:\Users\Admin\Downloads\winrar-x64-622.exe
"C:\Users\Admin\Downloads\winrar-x64-622.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5052

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\aa0ca8ef61534d50a376030d05dcbfaf /t 4372 /p 5052
1⤵
PID:4732

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:2116
- C:\Windows\system32\dashost.exe
  dashost.exe {1fffeb96-d05e-4b01-bbfa5d298ff929b6}
  2⤵
  PID:2420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4208

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:4448

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:1544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffeed3e9758,0x7ffeed3e9768,0x7ffeed3e9778
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:2
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2624 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4468 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5012 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5188 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4012 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2972 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2960 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3000 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2940 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5664 --field-trial-handle=1780,i,11665324247010143009,14420695399682074128,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4764

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8
1⤵
PID:4852

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
f218436dcb1a084af7e7cc6182c22e47

SHA1
04c5a1d8c18ee2600442ed7ab30add416fecc791

SHA256
6b0f01e1774e31f775f29cbbe4175593944b75979da0d7bb5fa599f6570650db

SHA512
4b78359e66818aef944376aebc9e0ca5438ffd24e6f97ac4f5af7ee5ed4649f55d6a080aa85b4cc7f7aa6432232c9419f21766b385d3b43fae18e4f12b805801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
f218436dcb1a084af7e7cc6182c22e47

SHA1
04c5a1d8c18ee2600442ed7ab30add416fecc791

SHA256
6b0f01e1774e31f775f29cbbe4175593944b75979da0d7bb5fa599f6570650db

SHA512
4b78359e66818aef944376aebc9e0ca5438ffd24e6f97ac4f5af7ee5ed4649f55d6a080aa85b4cc7f7aa6432232c9419f21766b385d3b43fae18e4f12b805801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
131KB

MD5
089febc38c1c5e6ec0830cc64568836c

SHA1
34557bc43c350a3564b2bf747e6d075aede0cea8

SHA256
226ae8cd487a3bd445a97c2f1fa3c1d04262a1bf5f882b3b15db20259b3b96b4

SHA512
b4c9cea4831b6b93834791c938a6f04910d35ed90df16ae574ba053e696c9e4fad2c974276abc40be31430a0f495cbf233b6b72946d0ba9415e433cfc453ddee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
317KB

MD5
e22e600823d598d4b8f59b5d3c795cb4

SHA1
c79fc58ae4a6563fb148bd980a4fd07b5d679c17

SHA256
fc34f406faea26528641d4a42bba9a3979eef7bb025482392c0116595e9ba86f

SHA512
0c982e96356164f5e15465e3e5a15b483cf05fe71c2e888266b0d05c7f989d5b130fc5115b9f38e82c1d5a54483bd36b5debfed188cb5402e4fbad97806dfab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
82KB

MD5
9db37bb069636ce25a1804a37274bcf0

SHA1
01ce3e05526168ee023c99b5ba442ab81d5df41b

SHA256
33ad8dd234c4ee7b7cd3e8d129e9a044f2afbb63b42c8f17e5db49645f10ff39

SHA512
a0cb9bacf03decd54d258afc6b7088971332b404f1cb94e5abecc87b20387161bef5675450026f4bb7f298256838c4e6e7c93df5b479e82730f44924bdd50b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
71KB

MD5
251dc2a1411d240caa9914343c6184eb

SHA1
f57d73244b598db7872a7832f762b98066ca4c5d

SHA256
0e9ed783fd6f340b62a96028036d4832680d3c48579fb0469b0008141dcaab18

SHA512
f9868280888cc75b95d3fd2e6d3d60cfd4ecfed8caf4fd0168468bc16b545ba244c953cb0aad618f43483c2451b378fc72efc27f6286fb46bbdf25429e669ab1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
155KB

MD5
4c197edf266b4c5c672b87e0d2e0b077

SHA1
76bcdb493ba697699ca6bbd93fb427e5fb2fc88e

SHA256
818ae752d963ad7e7aef2a0b674dc66b824023f03cb42c14549025a9fb6168c1

SHA512
cd7e48cfce7412cfd9a2c7123c13443934204a5b67c9448298819d887503742ce4fe07f556323bf71c371bae964ee1bb888783b8075121725cea17a59e204e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
97KB

MD5
382bbaf2f4d13da8af0e4691c0c3ff2a

SHA1
9b0c0355b3654d8acb91b0c95d17733c809025b8

SHA256
91073cb80a40d6eadb3f459ca4dde4c98daae27e8e507df0d293c10095d0e8fe

SHA512
11dc3f1550b0c6fb9aea659b32cc91af4ff0d54a91e9be7dff3a765a9fffd86bfcd5d6598a2ffae7fc94fa364aaa95a44447224b0ecae272171c48f6af10f327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
39KB

MD5
8877fbc3201048f22d98ad32e400ca4a

SHA1
993343bbecb3479a01a76d4bd3594d5b73a129bd

SHA256
22f8221159c3f919338da3a842d9a50171ddc5ac805be6239bd63e0db78046af

SHA512
3dfb36cd2d15347eaa3c7ae29bfa6aa61638e9739174f0559a3a0c676108ccc1a6028f58dad093d6b90cac72b4468eb1d88b6414339555c9f872a5638271d9c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
189KB

MD5
c09662370baad9ab2bf7f2d865d89d15

SHA1
20b439285a3e940da968826562f0a21e10ee9008

SHA256
ce999318f69032cef0b3520154662edaf039bb1a525168d5d8b6649965da2b55

SHA512
1e6a4e6ee65c9668ec2e1998f28d1ba33c13887f7fec953d6d93eece0d7f4ec71f49d475b0ab2c52eb87e7c2737578f9d4bcbfc34ee503ecf65283e0a03f61fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
30KB

MD5
888c5fa4504182a0224b264a1fda0e73

SHA1
65f058a7dead59a8063362241865526eb0148f16

SHA256
7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715

SHA512
1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
18KB

MD5
c5aa3cbfed432a93b3e613013dbcf1b0

SHA1
f9ebc7afcd387d3953ec78a8df4d620cdeb2c7b4

SHA256
ebd71c14a263c1cb6dcd7d373bcfcd0805b3f4ab9e68f3fb5e451154a48b8b81

SHA512
d147da648b26362c16985923b1aeec3f851fc70ca86838abca9028262df7317d932bb3388d0a558c4c8b64c9fc0d27ebfe88b4b96565cff8810a197e0523b798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
48KB

MD5
a91e77c533e6712719745b87c3ebf781

SHA1
c2eabbfd51c8f2cba46dd553b623fb47f64364d3

SHA256
19a9fdef96b924028954be56acced5b3bb2bcd5c922fb12b57d830eb60a82bcc

SHA512
9880e86b2a1d83dfcca4a077921e8c893f2f974bd7227ab6638c8c5190f54827864b03cb591a029e164e537bc428e4a2d85c2e3b0dd814be1f752a08e9ea0752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
87KB

MD5
47d5f5d2dd37c03828b02e3c8ce9d36c

SHA1
5ad95802bb7169633eb0cb730760d4798afa6af4

SHA256
2be85bda78923805dc6131e3316861c6d5b5b260f665e5e63619b5c2fa11c9ed

SHA512
b696bf1c447d75b6f33a5b5e4f690f393f6249f8242cfa522724731e08c41da317c4bdbddd0aa13615121edcc450f7ba07271bc0eaaf36ac5e9dc6fb815177c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
3.4MB

MD5
8a3faa499854ea7ff1a7ea5dbfdfccfb

SHA1
e0c4e5f7e08207319637c963c439e60735939dec

SHA256
e5e9f54a55ad4b936adaed4cca5b4d29bd6f308f1a0136a7e3c0f5fb234e7fff

SHA512
4c7474353dd64e1a1568b93e17be3f2f0eaf24b7d520339c033f46a517b0e048e88bda1b5d5bcfe62353930d8d76a7037ec6200882df8afc310322a5d5fceb25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000067

Filesize
91KB

MD5
ea67c6811adf3efb311273ea82f93d41

SHA1
5f7749f04e97aa6fe65fb89e8a1ad63231c661e7

SHA256
471495bde0f191b995dfc27ede121baebfcf00058955a996be2a19c0255bd45f

SHA512
80a9077895ecdc5a8d88a6f3849522825e8b812f6ef902a141141a3e494cd81cde77e40d6c4ab8c25e96712788d4fa65797dd55fe60d3ddc00b76afec2b70551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
105KB

MD5
410504406296d7df8b096a84546f482e

SHA1
94b785a038afa89aa2b4943dea35760140ff2a01

SHA256
d2c4429d0f3d44ca02ceaf211c10a3dac3ed25620079897d796a6af9a54156d7

SHA512
f6eba75a1c3c9264f8d12813e17d28f78b5268baa4cab59f2911a6028d49b2448de1a52a3b8455605741ffecf3741bc649f0ceb0974dd060ce90e9972d3d5447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
102KB

MD5
216c39ef13419fadd50b20460d6ed9b0

SHA1
54b836c14142ec0d92ae37e3e157649d4c715c31

SHA256
3537c2661288f5f6709b302dc06bca747a0b7a8d95757d16ef90e592d7df3adc

SHA512
182d1f9c425d107f36bc9f08da4ede7b3616426482e8e81da7574331ca69198f1060040d82d553c9aa8e70e2b19e40e2c362bdaea09966f3a9abdab7989a7919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
09f799774aca4b6fd8c8bceefec0fe60

SHA1
4edc4343e18a3305d7f38f5501ab79538f1c3962

SHA256
03301948c00defb206f768560ca143632a4fc6784439eeef9df079605e99ea1c

SHA512
aa93426c3a4b22f35847a94ae6a4a881150641ebfa7e20810fe5a6e3249a81d073f2196ef255169ed974edb701db81ac149fd4e443684336bab9080b38a1390a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d53e74471f4256480d64d961833a4376

SHA1
99550301acac7d86aacb3574860d4555138770d7

SHA256
809dc0b6f2e23fa8cf31c872b36496943e88fdcca074bb3555f0c98d0cec92d7

SHA512
b806956e4c092deae4cbdbd3ba66430b83d9cf421a4d2e61b9d3d70f50d5761040d55e8e805bff75b9069a2e89d2fcab33c33ff7eacc5f163d6a44541d56bde0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d53e74471f4256480d64d961833a4376

SHA1
99550301acac7d86aacb3574860d4555138770d7

SHA256
809dc0b6f2e23fa8cf31c872b36496943e88fdcca074bb3555f0c98d0cec92d7

SHA512
b806956e4c092deae4cbdbd3ba66430b83d9cf421a4d2e61b9d3d70f50d5761040d55e8e805bff75b9069a2e89d2fcab33c33ff7eacc5f163d6a44541d56bde0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f4ee9cce1a3ef7b7b7658b729e3eec5e

SHA1
b6f96d490656e3ded6f67480b4e1e270389ce462

SHA256
66ead2fa7c7925e5a32a36c016356d1a8453f4585616177fb6be0c8fcfdfb837

SHA512
5fdd66e21348b46bf4ca4c7745904397a4fa992a6b638fc0892d55dfe224f8888664fe38d5992faa1d082e1ac17a27197f8e2891bda8086bcc9194632da5580f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
28KB

MD5
ded355683ca2dc45c965a7f72e7e447d

SHA1
7e18605730d0af95d2637a536f898db1066b1fe1

SHA256
f6cf87ca008187db2a75b569934eabd816d0ea452e7aa489cc46d3225b567634

SHA512
6a7330d3a6a5087cd4ec246f5895a93209fcd038e69a775fdc6e1123f13738e578cdfe502eb2f85004e282c808f196f4b58aece31b6435b33e2dcd0fae64224e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
718275117dffaaeda3772085d869203c

SHA1
49fe69d8ef278ebce56b9c55e6dfd88e2daadfa8

SHA256
ff88cfab8dd3b718a2b5ab89c5086b5b37843d45d9791007ff2fa250f3f54470

SHA512
c581aec86a9da6ad0e483b3e6bb19544b6c2a985bf25ab047d3af7d293f9662b48d5ce57dfbb3e561dccc2c48b3d117455a940ec893a8f70ad334a4eb6bfdecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
718275117dffaaeda3772085d869203c

SHA1
49fe69d8ef278ebce56b9c55e6dfd88e2daadfa8

SHA256
ff88cfab8dd3b718a2b5ab89c5086b5b37843d45d9791007ff2fa250f3f54470

SHA512
c581aec86a9da6ad0e483b3e6bb19544b6c2a985bf25ab047d3af7d293f9662b48d5ce57dfbb3e561dccc2c48b3d117455a940ec893a8f70ad334a4eb6bfdecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
e6a54bd4f44ee255bd1e14ca23f863bf

SHA1
efa8602a533cf00a85b96c1fdda6a33fd3ab8c26

SHA256
4d0c5a1503b3cb62720fbf554c9998380f493d0f4de66142e2ee1402371d438e

SHA512
dc05666574f3fec520dee68bdeef745627a81596bdf6e06144ed5b10d6281c48a286b206b853e74d626cb57b575d5d82fea1d0d236d7091f08a772c42310bb6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
33KB

MD5
c6ad6dddd3213c7dfcc0c6a2e19c9342

SHA1
fd2bdc3173713a19c59eefc259764bdd04b7a04e

SHA256
0aecd802e451285c1c9c5f3b7521c2e0954bdd65c08356f587c19124e7845293

SHA512
268ec7d824b18773622ecf47a36c04a3e1f06c070bb7b81dc61709a4644c2c34ada5f6c3c77a8206f20376fd7a18d70215f1d40a9f00d61ea3b08e190f4222ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
a3a620fe8aade6933832e04bf745afa2

SHA1
93e5102221a431d93664066b43b21e22f81d66d1

SHA256
158d306420018d684fa6877a961c9f0c3fe0ac0483f165fb0344e5e47412fc57

SHA512
1953b3172c87b9fdf38e9d4ad80dcb8f50cc6cbf0581fe729df8de1ee10687a9c80f8fb3c29fd5d70e31707152e00f9f0af710cfede684f1609d7408469c29ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
b264a0dd29cc6f034d7865dfd17cf41a

SHA1
bb02ba0da518dfa4c66f895c01b0d3c2afbf2487

SHA256
ee59b6a8c44bdbc4d50e323f2077453b67b1547555bab7116e9ee1acf3fde974

SHA512
81130c7111b45229344956f4d4505bd80c8c58e74b0c7c29792c74ba2d0eb9401205fe6296cce0a09067741e792cd7524b6c7a3065d0d2cbeebb9fdb28e589dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
0c0005b0757dacbac55880ae032d6408

SHA1
aa8836975239e967de6792092b86d92c2872f873

SHA256
9e10b8566c8f9962b2f7c3de0179dd1b0ca7e6784b2ce632baf0f6689474c795

SHA512
39c68e0db39d278ba9928c7f3cd57b7d123f3f488e19d8b200d40d8a423b7ea45c28e4cc2e115755e9746150e663c9edc06192c5b2b2fe071f182324e78a249b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a7f1a88901c2012065d99b0460ac4a43

SHA1
863e9b3160bafb92373c0a4e6c5184d046757c36

SHA256
d2dfec08af8fd8ba891c74f7e2ddb49bf0182d0b1a691fe861b6367ba41f30c8

SHA512
e33394940f39a7d0533de53a00b1625531ffc9532e9f075a816ba2a54ec760ba8da5d29c7cd2586e8e1422178e54834e504fb92b71ac9a9e9af133585315835f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
96b32d2c922d70c7ccb986e6ba8c831d

SHA1
3971dad5529408b6e10526d717d62fc7da9b0cf5

SHA256
3f9c9b74de7bc059f8923914e21a57ddd24f0c277ca9148a6f6e23b90acefb67

SHA512
fe8200990304e8ab652d1a0250c28c73c66d5e7e3071afd625d10ced1bcc2319851afaa5bfd2c330ffb2bca9dc355368b464af213911b1c2d7687a2e395b2ba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
af5901b59df20162df29f378996916ad

SHA1
7e4eac3333052ace66a6bffe6357bfc88c1b3921

SHA256
545932efdd075412c7d4062bc6853b1ac7f21feb2b7057d24eb040570aded1da

SHA512
b0315d4eb6ddb4026ce0811a649749ffeba42b501d578f5e5f3a1cdace719601cfdc4da4d8bbb935fa8add5087c6d9020505df6e4fe96c2736c18a21ae919dba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
5ca70e6aeecd67fb9b0051fe8c96f591

SHA1
75a34b917fb83fab7bccabe54fc686858318d77e

SHA256
4b0a6e3fd79b298a9470b204ec3738f5e01e2234c4754dc1e3258f3f2f7d05fe

SHA512
b616e696aad2e6b377ab8cc892bae3e18b7ff910d17969a6cb9a5247bc01ad0f870077755adbd71ce78d6ca5d9cd9f231d57dd5591cbe8274984e69c1e5dab05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f7582a473bbd1d582304d30f33189bb8

SHA1
fcd07a390852483edc9866274b117e3442f41c99

SHA256
b430bde9488a614d9a8cf42991fadce7bbbbcb6391c3db7513041d3565ce67ce

SHA512
e027a15eafc9f0b46e011926d14f1ed15ce671b8edfe6fd2cb6585cbb27ce29f20d287ff563bbcf8a26f55d2fc065c2978050d725f9186dfe4be5a9d6f15f323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5d02584f28c2ed15c59a75dda3d27de5

SHA1
c8742c6836fc90617b86c36876c4e4c1f5916b77

SHA256
5e1881ca62dfefd3bc9f27d75ac00dd366ab20064cc9ed65ee43722d3f4afce8

SHA512
2e7d3aa68bd661f350f3811ac837d9754bf1650561347425c7106a0d10f2d780c5a5a7df25188c740cb5bf8ba15e34cd72dca64f961b1da642feb79b038060ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b47dee5271e6181603e4f55a68a985c7

SHA1
974cca90c396945709b19908cff57e6ab1fc86f4

SHA256
8c468b94fc033c34339b7b0fd8275da4777adc145aaae54c29276baccf9a60ce

SHA512
c2d8888e94187a53ab4746fb5b0b07d74ee57d0f41ea34f0736c88a64ad214e2c01ae9f59c6c4c0b1cbd532da555d688e8d6a53c9fcab8edbfc1e81bcead66a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e574b7012605f22839e2c293ee3ffc6a

SHA1
b6afd8083d38746f1f674524aa9a9108b3390df5

SHA256
6ff1c8d0dcbb3a709f061e8b7c855e68d9cdc8bea199ed5159850a3005fe37bc

SHA512
2b75dea366fbf2201b857e24c69d2fc133808005eaa9ed8146f34729709547f2569c97dd263131c2fb4a24ce176c1ef13662aac06901ce7840daa3bc74de3f54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
b90afc7fce731adea5114a64d9eaa67e

SHA1
7de127340db1c5ffa9bdababdad620584e4c3439

SHA256
3b3763c5ad28ff7c663a18697ce61348d3e40d4480e25ac46e6a831cbfcd7746

SHA512
446a0af69657821391f42cd7391ce49eb65516313727b054cf35380cd1f923e23f2748b34184a9f9cf872f820f05e641460db30ae9fea7ca605807aa8973f68b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
36769b53d8641d53a2761c1a8d92df3d

SHA1
d6e2cd26ec7ccb15063c69fec41921c88d005394

SHA256
d5bb8fb4848e73c14b72e4f41227a1e397e53ef3c79c0f2b8bb96d19f68b3e4b

SHA512
5d3f5c4990c435f7adc02381e0d3a5888d47aa8c773afeb900fd101958bc90d490e1103e373701fc0804b6c963fc57997673c6af4bf2b6b69d51e6bb683808c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
6929be183698635c299c259c35b8c329

SHA1
d678664a610cd3a02dcbbc389d66fb1136956151

SHA256
bb52c8756eda97034d2ef4805178715554a297d7151c74a9a2a6ce92c89f2fd9

SHA512
25e448e2ba97083ac0c24db9b37d0d6bde60b222f357a23a197ee98f7661d45f506c8aa4671890827d24dffc4108b7ad3483f5d0c06ac197a92beef382496349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
205a28e539b4900e0fa186b1e848ed35

SHA1
debb944a6d5ee160a89b69f74039cbc7fe37b12a

SHA256
5f5bc3cd286264ca26b34acd7bb5620b4da14850b065aaa867edeed145d1f8fa

SHA512
150055c2376119b6e27fdfc3df85180879f4a22640973657c9a81bb9cc0c3333cf94613f7b72e1001d1c1a228a5feb20c754bf6cf1cc81e480f557b8eabeebf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
add18d61e833f6a3178ecb26009d4442

SHA1
0911a5dac8be6beb65d64be3a750e4b4880baba6

SHA256
1a2cb48adcef1adbf4d73c18e53e90cbe97f253b62352d0c92fb70b709b34a10

SHA512
c95c4e72d3260d1adf8b061b1812753187b9fabb9ef94f1d14a056e0c99cc7d30781e3844784927dbb6e000873482d6039551c07c597f2aa703ee96d38381472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ed270983a5b23a8f4f8202a63aefe74f

SHA1
c71eb36cde5ca928d8f0f937fac6d9563800a906

SHA256
e296f3455e169a883ac42453a80fd09c6251d7121c02fb4750f554e369dbed42

SHA512
2c056b91f0470b3558bcadce7ea1814a67b73503e3d14e7471f056dbb487a74e4d64841cacde3c56fede730403873ad33ae142289af826291ce362f955dd0912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b76bb608d07aef4c9e8bff362aba9d75

SHA1
df390810e576432be61456ffab6dd3da0f7fe4ed

SHA256
58980743ae07c71f0164e9d8e46fd740515ea209f13d3efd00843639a2eb9969

SHA512
825cbef22bb9a1993b0966c763637b592e4b0533cddd27b69b22bfafbda2af8d46abcb8d45c427429d2defdbddc5ae672eb45f13fdb46614eeacaaf55b7ef8e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1b74f7d8c94afcdeb84fa68b77dc23b8

SHA1
8593ae10af06300928118326cb1ba2b0103daffc

SHA256
097727601b839c9f680642355fdf6011059d59867cc80a8544757780f4ef00a7

SHA512
021b2a1e49eabcfdaf2e667b86b673576ef23b782bb5ab7cffbb9ed28b9023d21c722502891c124f833aca2c205868088a9bb8b14ffc26ba151cca65d5da46c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
edbef9df292197c758d31e98ebdf2cbb

SHA1
f86ccaa83f399eb1e4deaa0e8f27132121d29b97

SHA256
2d5c0de61b5ceccf4cc90046a3e4ccbb48512cc713fec2b49e1e73cefea472cd

SHA512
223327b0f2827c0e79c15aa6db3bf938ab5f5cfafd312a663ca9982c9f923999b8d2923b39bfc98d91fdb374d13f6893af9c29113fc2f4cf5ef20883ffb5da63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
26ce3873a918e82bfd2b24ebba69f963

SHA1
d96e677d00d496d2bc1eebb0c575e21690622edd

SHA256
b83c5c1298ef85244821db24b9b640bfb88c154f16fe4bde371ed16631c4a95a

SHA512
d1d696c8a82ecaa181a46f5c397080ffd4d05c93497a25727629299481b7097c33bd0daeece472febc2d1ba75275e9d6901102b38c639461a7c78e6e07ce7682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
225b079c089b7fc105a4698355ad9896

SHA1
358f52b0171354b00745c6fac8977a8300b1ddd4

SHA256
7f33b934793c8142ce45ce07429fa0b1a74792ef04538ccfd637f4c275cdba4e

SHA512
f27ca650e9184ce2faa34711a587941f2d3af284219c460fca0f86fcf5b2d4a84daed70414904c1b09d039e345893f5987c6bc687d9839313e1c5b10ed4ded1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ebcb13c99235115e0894b7ea408e713c

SHA1
dc3fbd5fc0a767c23709c630981b18eaba4c51e0

SHA256
698d337c16e5d490e7ae4af21d828a48aa4c94f6d72823d1141a67142d10c4f4

SHA512
7a1bee8dae883adc5d860b59dbcfdbf27ad658c60047deb0797f357ed479f57f97db21e15e3d3b0af0e185543db9c94d2fd4889ab9b97dc6adadd97e828f5efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ebcb13c99235115e0894b7ea408e713c

SHA1
dc3fbd5fc0a767c23709c630981b18eaba4c51e0

SHA256
698d337c16e5d490e7ae4af21d828a48aa4c94f6d72823d1141a67142d10c4f4

SHA512
7a1bee8dae883adc5d860b59dbcfdbf27ad658c60047deb0797f357ed479f57f97db21e15e3d3b0af0e185543db9c94d2fd4889ab9b97dc6adadd97e828f5efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
33076d10da8a678707ad8a8eb2ba680b

SHA1
faab10a172ffdac1432ef930d1b740741040c90e

SHA256
18fdf2da144da73668590c8b074d06f2f8ff99e879a009fa454e567a6c543522

SHA512
68b51689d0d3cbc2c9c3eea236e1396653760681529b073f7fc1a7bfd5f414b4d13d783b329849c86bbd245d885292643ee4f441bcf5eb9646c8e64555c44b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
888d7ab12f05044e29328c40c52d6455

SHA1
a869ab1cdf6b92653c5d61aac4a1cf573d190bfe

SHA256
eee8bf2809daf40b97fc01a6c55c562bd070ec4c47a7269ec48ebf1a4e847af4

SHA512
9ea2ff73fc76f37d8e31ea7fa50b8666e2bd7d4b0d89838f971911dfa29710af88e967635969bf45a9b61eb0ee0f33d4e84edb260554bfb02a999d3f023aa5a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f89e5e0183871a189719b671ac13ebba

SHA1
218bed5a89c21ed5309036d23991586d6894af7a

SHA256
1f3f4500539f3c54947511191671e90c0e8a1d4b3ccf16f9fac7928436bb61ed

SHA512
1b520623657b0a2ceff3eef63bb1521f0aeb0e93f0b2ec0ac080ba209e3f73523241a4ffaa9882d8c3d4733c9ec886c489fa1957142db9d4f76e04167f8f0f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d66d2f270dad753f852cdf99ae8db080

SHA1
94d2c92f45ede156bcd1dcc34e102f805e81506c

SHA256
fba3a4ddf36f93d06ddc1a413ca70bb5f0e274efbb52dfa407f268b5e8f64eab

SHA512
46b2b27252bffe936c276aeb1e5050926a75b59657152b3352dcbb0d5675e06a9a512096cfd2aa3315f68f1fc55141e035a2e92cd3f55cc375e2d506bdaab3a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e114e77c6130d38eb0df7e2d2828ecd7

SHA1
ad7e53152dd6bc16ae47fd7790e0915826fa0c94

SHA256
9444f3998c7ed3a4cdf34fc009ef48a34e1db1376d36e7c95d12534bf48fd1ac

SHA512
7311dbee8285cc4d5a722239e1593eafe4aec426fcc2645aea8f81ea55908ec7138b521c03b2f3431eceef02eb23b38b0c436f26b3bb5e67f4f74e2d799ffd02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
f624b4fc2766b4f6629bb358ac13f9a5

SHA1
4c2dd494d20cf94eb77ad1816b6edbaf51e698f3

SHA256
bf774369bd4f8b5e81e8ccb23b1f3bab7d4eeb38fb5f38dcabde0b92631ae1c0

SHA512
3587d3354bb0600df725baac66043786923d1fd6a945c89eaccecc9fa707b7367472f2cc3af8fd001095688f059f5c8963e42ef16a7c67c08d4e6b0013e695b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
f624b4fc2766b4f6629bb358ac13f9a5

SHA1
4c2dd494d20cf94eb77ad1816b6edbaf51e698f3

SHA256
bf774369bd4f8b5e81e8ccb23b1f3bab7d4eeb38fb5f38dcabde0b92631ae1c0

SHA512
3587d3354bb0600df725baac66043786923d1fd6a945c89eaccecc9fa707b7367472f2cc3af8fd001095688f059f5c8963e42ef16a7c67c08d4e6b0013e695b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
af9acf6198f19fc878c65a405f2df2bb

SHA1
9e0da8ef1fcddc379df0d4597dc9a885e56cf93b

SHA256
19dca70edb5caf85362058bbb017d85fd5862bb51f67289cffafe9185ebc289f

SHA512
f9f9cb5e0c85ada13078a78468350055058ee6ffdc680a4533a530cf28866ee10b397fd9ccef48738bb6d2a8d8066fdb851bc83eabc60f9119169e42877d6c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5aa191.TMP

Filesize
120B

MD5
3278f66f8b7c44c3d53553884c3defdc

SHA1
aa3fc915cf83fb08c99a5133de64e650f12a0755

SHA256
dfd88ced37da5eebd16b464c341e713dc4bfdf17e7ccbb1d9610fa9497f71659

SHA512
1601792ffcca4e65057eb51479c18fdfb53e12e464ac1a4ca8897faa0b59a789edcd7ec422937d848345b8a40eba62e17962bf71719ee197b5b2a7d7e03143b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a8d2194c6e2adf42a4b122e1b43b287a

SHA1
3c5515c6bd21102a34a38a31b100f1f4f13bdb53

SHA256
858c2ef5b8b04d05c711df314a584e9e7d169a955bfab78aa6df3cf6a46b7466

SHA512
6377faaec251461c91c2f71f63fd0801aebc910dd5df37c85bfc42304b0915870127d74f2a92621bee7a73691c1397684461b5ac8ac13e44a9217ef2075d3a27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ff3a0.TMP

Filesize
48B

MD5
518970b648de2cfeebf765d6c103cc67

SHA1
5e883c8811b260092f5ec463434d14f1e6b13833

SHA256
939284e0c493947be93d203c30fa789747f3f2d6c127838f72f6a8a09b22eb4a

SHA512
3e04c95571a23568889edbb33b9c4b011741a0024eba3cd4e71fb18630830122a18192594b1b963f20db614b56b906f546466ed4acb9e05319446a562d2461d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13334214845235697

Filesize
9KB

MD5
43f9a6bd279fa1703c8b50d91f69263b

SHA1
f7253e925c2940091049655a53cfefee8bff40fc

SHA256
3b5fa65feaa3f211b2f40093c16e8815271547d8240d9abb6559d5781761bcac

SHA512
7aaa64d5acb498e1b1abf9217ebff5900535eb492bcf9d25b0fc52f054fe738d10f0048985d60c64eeaf4b766068045113a459e340ed816acace8880df3f383c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
376B

MD5
73c313fd3a24b21d1bc1aa278fdb5cd9

SHA1
6b323767fd7e459738ea1377c9e5b870e7b331b6

SHA256
af93b01047edf696c94e30d062bb728302ede20cda3830eb23d70f86f215d1fc

SHA512
8c9540bab6422a3aade6cc5a8bed3646d3a3043573d28bdff9667df86981cc3c565c37e23d707716c489eed8c72c15b6894ada6cbb25ef896f77d040f65caad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
d26a6ec049682649570a63e5227ef3b8

SHA1
bfe0c357d6b500df9c3a6fafaa34131a5b38deec

SHA256
54288182309a89c18bbcbf5e82bbad83e48b9d22b1b3c4fca0d7b2beddb92372

SHA512
4461e9d1dfaf6cbf5cdc02d56ff1ed95415c41a4709ba284027128548bc2424334676d9ed145353b0643d2724b0cf859780b042293605bf43ff78c81b71a020b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
1028b65c3194db3c3cc81426318b7dbe

SHA1
c866ff80810b77f4319426708bd86149f034370b

SHA256
c5aaf854863956488354c7171c2a23825aaf35637af24119c7bfab1ca1d1dc34

SHA512
e8535fbe5b9f35d5315064ae4245a8e9b108065f31393476acef52b071734046c200c9aca10c7490131f72036c0d8c0eea9435649ae90a6ada77748ffa629477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
a2e000cc482ad184ec84e1848d252179

SHA1
63c644188d8681ebc584f818a3f766853c3add48

SHA256
8281a4347a5ee6262fa07c1c77551527ce11f82ab07480bcf297650f1ba229aa

SHA512
bfef38d85740f3a0be0e5292a892342dac1ed645607601bdd546d3c7e673bd4927d532e99a31aa8eb2590106a45c37f6a7c330ceef462866146e3a79e5327402

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
5e8b065b4737bab5edcffedf49f61a19

SHA1
f9ec3eed43a7d5a49d8630b0951666e0b8e0f973

SHA256
5ec5da2053c29b0fe7ecadb68ac3a06341c8d9a6f12f5fd3a1feb12e493acff6

SHA512
f22f11bf5815002c6d66cdb87cbaec9851303eff9b074ec4ea631b5f12c3142f7681ff001eef3515f8b3d009e691ae8adaf1d009338cba3812ff03300ae45322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
835076d9e39cd9340355c8920828298b

SHA1
15f978575a47ad58428221781ca450ee110b10ae

SHA256
f83b30d6fbe2a1989417890ec66ada0a81ab3a60ffcef2b754b70fd21aeb2042

SHA512
8a8557b8dc95b66fd24f4d6f7bc8d4a4a643e9f953195891ca989ef07978a163eea2effd740c97688e0f8cbdc8bf4f67f180fd6d9dfd6b207fdd24fe76bff6d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
8f0cda144b8a16c70cf2815348ce2647

SHA1
261bf24a0b4e531e93910fe468fbdfac0c9d7371

SHA256
294a68420413937024c772ce191d8496849490b6247a50ad83e1e624fdefa065

SHA512
ea1c760081311a72b510c53647fa2df0925e0c8d0f924a502af257fe29549c27a86c1518fd639bbe88947ab47117e77e7d580fccc8252ff5fcb5704c5c4122ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
a38e279000d1b36529e9385d0283f74f

SHA1
7249b68d612cda6bc6143c2f4af3b65b6764d8ef

SHA256
e905f0a8ca660a75c725261f965ea0dcf2aa80240e3aef81399990d81d1b1472

SHA512
2215aadf15a00f597699de2f7900fb9bad8cf0ce1160663af944d42f6adeaccf75959b88110733b4ed899ef38f35916e6311c19fd0965028d13dcbdf97e8505c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
8cf469ac90f28c02913de8ccbf4af673

SHA1
c3940c384c693b7b21b4eb3593e542ca6af3897e

SHA256
7d24825a3c8866f73e15697cc6e80238f33d2b945b57c3be1f77d6083c2e3bc3

SHA512
5ec34b7b08a3959ba93dd927847606c38e06c9e259b69e7b5637ccf27e729db0e8cb415cfab6e34477190e16e942327198e4279214e1688717e8b136f383ce08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
94KB

MD5
150b4ca4dd04b0439adb1f6f672a7efc

SHA1
b13821f36cab6ad2cbdcdeb2ef0422da58960b5c

SHA256
c39729eeb8dd072b7473817355fababde39c7c56d8925c91c91c9fedd6a911ec

SHA512
17814ba2bd6a8f64b467bf3cdfbf9d87021299165f8850e93ebc5120e8e08cea0de66741ac951f8b06859259e6f632befd2f2022cb06be6045f11efacd376403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
8b70a35355159e71e5408b0bff4b8037

SHA1
736a7916cff5e953ee9c98905c6b6c00f2e30e00

SHA256
051c31483b761930381f6a4184272aeb60d65985a8acfd68469c96fe6d32e5c7

SHA512
2d2ba6106c6a82936c7d6e3e568963b0a475245bfaa20884c8a5286dc2035f8d2394923e89eea3afec34ad8ed0510892d1287a7f53b142e25c8fd779701957e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
8b70a35355159e71e5408b0bff4b8037

SHA1
736a7916cff5e953ee9c98905c6b6c00f2e30e00

SHA256
051c31483b761930381f6a4184272aeb60d65985a8acfd68469c96fe6d32e5c7

SHA512
2d2ba6106c6a82936c7d6e3e568963b0a475245bfaa20884c8a5286dc2035f8d2394923e89eea3afec34ad8ed0510892d1287a7f53b142e25c8fd779701957e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
9e85690285651bb6c872cbe84985c3ea

SHA1
ef3db6c0dfd33030b32247de69838712008f0436

SHA256
cefd5cc7cd576476e2c103b1423b5235d97c088054b060a03231c351ed85a6f1

SHA512
837fb22ea2d4cadd3ac91e5b787ac730a6c7c7be78ee5b01543ae9a561eea4b4029a5d688dd745123f4a70edd7378bd0d5117fb09aae3206db3073fa5149d527

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
45751cf3ce1a580e92eeb7fd73352e57

SHA1
208fe6a2dc24a38fbc9f19a6aee20be31e83d731

SHA256
c15f3439f2c17bdbc04eb598dbc25f851649576db79383092e93dd0bcdfc7511

SHA512
31d44f92a157922e9b4de677cdebee844802df1a25d29141e80f49032f79b57bd5a110fec060264ab9cd68e2ef202f1700fd79965bc49ea2f48f6ff8b33cde64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
ec13587fde64a44e705016d59fc582c1

SHA1
0df65e71baff5d592dcb3dde1c7160863453e061

SHA256
753beb86cd6f3e30b673915bb4801cf4d6c1620dd88951d5264dd80a047057f2

SHA512
dfe9769a4d8afb58aab779acede10a00e0658cff3ae6180da954672f7ac0bdc9ee2c6a501fa5e34a48057e1cbeb6535fa654e18ff4d2b4ae0b1f8bf20bd7b92d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
b9061b8c24321ddf228961c2a0737d36

SHA1
2c4a9af54d79b8c4b6c723b247f2a02d5bc91a8d

SHA256
ef1788f1b01ad47112730bfecd741af6bebfa5c6608e75e12a496bf5b6429be0

SHA512
6d61910c64043bceb8c8fd1fa7698cb28db2552c292dab9c5fe6453672a577f928617f0e60fd9f6fe4f8aadd72054eb01d823eede737ce81007a852395c70b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
c487e28b7b5dd223c9531dd5d72b159d

SHA1
fd76f643d895fefb846400667d85dd572dff0455

SHA256
4462648e25299f6f223ee6a7c838bf8adf41571284e12f5c7223d1b9958849d8

SHA512
cde51bd0b9aab32b2a8570e6d417293a0b4e61cf6b69a2e77b77c4d18579f02aeeffd95329c5b971da616112ea8ca1f3d208ee0ae6e11804aedbfc6bf9b92b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59835f.TMP

Filesize
93KB

MD5
cae9bb0e61832e62080579c44504dc11

SHA1
afa9d4474e07077d0213739f30937f0af1b47a23

SHA256
661bc49168c2bce3a85ccd39c8752eb576f1b5d8d92fa037588b22c45e5ca369

SHA512
31174c0e16070e4a9a047861bb402e8ec9b7178c86ca0776a3a7593d2547f6a1666611a285326ca3f6a2c441ac659b43c0a23db5551ee9b39ae33d84fecd18a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
836dc0d9f98ee3e0170acbda090948e5

SHA1
71c423f2d7500dafd18fefaea267517e17a05316

SHA256
c085648d8325d719762ef1e476af4347c4057da8f0c99438ef4cfc9263c70e0c

SHA512
d560f3f178723baed62a17fc5d67c9b4757711723790944f4017e69e45e33eed94d31ef39e34e167814ffb96697314c155b440b1decc2695228e245c4015506b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
248B

MD5
0cb1309e2c0efdb230f7783fb777dc37

SHA1
33de7ed96255f9b3ce92179ad76655d21abfe952

SHA256
9eb41f8a9565351e1a66ac18d59f8af1db926cfce3874cdc38cc6239376efcfc

SHA512
99f4f4ce10556c04b12239d7de206561263ef77690170d021b2fe8d1c25fcdd52382e84e58a3a363ee82c3c93a63e243b1c10bafd7becffb50aee0cfa9edd8be

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json

Filesize
2KB

MD5
404a3ec24e3ebf45be65e77f75990825

SHA1
1e05647cf0a74cedfdeabfa3e8ee33b919780a61

SHA256
cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2

SHA512
a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5

Download Submit
C:\Users\Admin\Desktop\2023-07-14_11.51.25.7z

Filesize
126.3MB

MD5
2fbd6b11036e6b33a637f69e85986b39

SHA1
00d1c70d12b407c52c61ec24b2da8763f1cb4603

SHA256
9a6a575f3ede90e0c02b3aec16924ca07104163865d4639262b706b2bae2042d

SHA512
f29801713a0f661200cbc21af4c1046ba8118c32be3a7ec28b5b5e944a733465cb70a1405443b316ea66c087d8be448edff08e47eae70353ebf815866c45edd3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 224478.crdownload

Filesize
3.4MB

MD5
8528c559c66733b63b2542e193b17f0d

SHA1
039003369bb235d58c25328fa86ef308eeb5db86

SHA256
bc6440121c023a5068c558bee72eae5c2b2eea1580c95ef7fba354780c689f7f

SHA512
f73a6b37f96db444c8099c8f41c444bc216ce57c26b1401d3be44531ed28aa2e59802b71c6191992602ef21fe7a6e20414af87d6d3ba0071acc89b9167a1718f

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.exe

Filesize
3.4MB

MD5
8528c559c66733b63b2542e193b17f0d

SHA1
039003369bb235d58c25328fa86ef308eeb5db86

SHA256
bc6440121c023a5068c558bee72eae5c2b2eea1580c95ef7fba354780c689f7f

SHA512
f73a6b37f96db444c8099c8f41c444bc216ce57c26b1401d3be44531ed28aa2e59802b71c6191992602ef21fe7a6e20414af87d6d3ba0071acc89b9167a1718f

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.exe

Filesize
3.4MB

MD5
8528c559c66733b63b2542e193b17f0d

SHA1
039003369bb235d58c25328fa86ef308eeb5db86

SHA256
bc6440121c023a5068c558bee72eae5c2b2eea1580c95ef7fba354780c689f7f

SHA512
f73a6b37f96db444c8099c8f41c444bc216ce57c26b1401d3be44531ed28aa2e59802b71c6191992602ef21fe7a6e20414af87d6d3ba0071acc89b9167a1718f

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.exe

Filesize
3.4MB

MD5
8528c559c66733b63b2542e193b17f0d

SHA1
039003369bb235d58c25328fa86ef308eeb5db86

SHA256
bc6440121c023a5068c558bee72eae5c2b2eea1580c95ef7fba354780c689f7f

SHA512
f73a6b37f96db444c8099c8f41c444bc216ce57c26b1401d3be44531ed28aa2e59802b71c6191992602ef21fe7a6e20414af87d6d3ba0071acc89b9167a1718f

Download Submit