hxxp://instagram[.]com

Resubmissions

21/07/2023, 08:22

230721-j92y1scf84 6

21/07/2023, 08:19

230721-j8ahdadd4s 5

Analysis

max time kernel
50s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2023, 08:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://instagram.com

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{613C48A2-2D05-4B9D-83DB-C68D7C9539C7}.catalogItem	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133344012271645247"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe
Token: SeShutdownPrivilege	1124	chrome.exe
Token: SeCreatePagefilePrivilege	1124	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe
1124	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 4228	1124	chrome.exe	83
PID 1124 wrote to memory of 4228	1124	chrome.exe	83
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 672	1124	chrome.exe	85
PID 1124 wrote to memory of 4808	1124	chrome.exe	87
PID 1124 wrote to memory of 4808	1124	chrome.exe	87
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86
PID 1124 wrote to memory of 2472	1124	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://instagram.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe60199758,0x7ffe60199768,0x7ffe60199778
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:2
  2⤵
  PID:672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4740 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=996 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5248 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2788 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5152 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3044 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5332 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5484 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5852 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:8
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=744 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7060 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7072 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6032 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6060 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6048 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6052 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6044 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6068 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2332 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2244 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2248 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7676 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7956 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4712 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:2
  2⤵
  PID:6200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=2840 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:6380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3144 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:6652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4736 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:6684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=2416 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:6868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8480 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:8
  2⤵
  PID:6904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8612 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:8
  2⤵
  PID:6920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8768 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8948 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9084 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8888 --field-trial-handle=1864,i,3738457058556562451,10996215338948174054,131072 /prefetch:1
  2⤵
  PID:5424

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:844

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:4180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
9d03c1aa4f6dac6fe56009befcc61d73

SHA1
ad2077a9b6529276cfa028d26c83e73ee398dcbc

SHA256
02b7f8681df640ed8ce184926ef73716cabb205ebb347156520f6098169e8055

SHA512
9a2f64966dd65b3d0f34b698d13c2285da9bb0f538df3f8ff86a972c22d303c77e082c470859efc6972ca06c8eb6050b87b8455187b9e00a18304bbe2c4f1078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
42fa7960131932d6e0bcc797d9ae6682

SHA1
1372483522089774ffd2bc6f5ee184c8aaa94fb9

SHA256
43ccdcbf98a5751245c0b5407bd85b10b1e70f956b0d5f15750fba4faccea901

SHA512
ddcdb38739e2ccecfcacdb35ae57040115597b658b1d74644298d33c0f03be8f9f514cef2e738831316c456e93dbf83327e037444ed17961d6f0d7c1cfccc0ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.crazygames.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4deddc5821d798b0568f08b13db9adc2

SHA1
ebac7534d97245399c2ca0c178fe6a6d246c03fc

SHA256
584221a33df544bb8781593e7e258e85189fb342aed6217d985cc2ff33b6a0ef

SHA512
952136e4cb5bfc3f4f92ede4997410221f7c8fcc658983354f32ba542980d632c174519a7c2363fe4dbd62cc6581bd0cd671e8c51555e0663f2b64cd413d6a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
325086713d9a50e544a3bda3decf0fd7

SHA1
ce525f011e0e441032351a0b38177f5d4c1a8c22

SHA256
4a75dca8070742073dfa554e5f1a5c3fba03cad82da99aa6a59a7c4f7c5a08bf

SHA512
15f0f750a3c6bdf703186557a5040611e9c63f360140d6f129b367eee8f9dbe8d5f23b0f776c000ab37177e4dcf18ebb0ad55e8412f4361a3e85d10cae09ec33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
a3b034f744bf44f73abe081d0b40a6c2

SHA1
3df790ec0e119449804d93f8f46442d7ba86e13e

SHA256
8fc09560340a9bec523ad597222446e218d00ecf9e46bad51b874ab1413ad16c

SHA512
94568fbbb10059fa4ce3f9e98e77599cb48e356b4396c88f29560a6f8133fe78b692e1702baddc9b405c1e11f0322d5084d29843522650e51e716df5885fac6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
532d533ad1e560c99d4c5692416ca906

SHA1
a6580bbdef107c9a52b0dd6f996c635168eae461

SHA256
edf15b865de0147209cee38905915ca1f62c3fa130b604bb6455a1389907f2ab

SHA512
0e9b24e12c1af4b4f9283125a02c8c536356ecc86d9a13617fe8886d582b35dc7ca705fc22f2dbc07ebf5bf8ac330fc9fe8ca548479b3129b40c32c3248da4ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
178c5d4502071d0a0c730f16f535e233

SHA1
8960ffaa3c57db8eea2ed1480381ad293b81644d

SHA256
891fd9511c83d20bfa48bba5731b46ca3a403c9ef6f6badc2e130b585a61a092

SHA512
f1eabe399d1fbfd40773a827ac97dfe737a92e507b0a68b6a297a5ca62c70042cf773773ecae5ea5c83d0e2b3401445a0ee0636d4934e702bbf2dee5dcad6fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
30ec61294d35e9fb81e134b447864062

SHA1
714788cab647990b36c1a9b4f1aa08d3076121ae

SHA256
7c0b2d4e4b792c57c335809592ce07d8de51f97993d74f53cc5ca835a510345c

SHA512
4c294ef78693a9e199c759b36da463d5c7cf82e0c3d778f81ee5d42d0432f4270d7f5705d9f2e43b735d5981d6e607dfb4afe221ce370d5d73e8cfcb7a34f1a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
aae2bee481ffc1d1f9728fa2f879b44d

SHA1
3161ccf32ab8c45449366d6ee5c85387e28fed2d

SHA256
76cc97f896f38c9339afa14d6b53de0b44103e6b957ecbb743a0b66d03fd4800

SHA512
a5cb431b9b4abd9315bbbdf3443395e2c530130900a80b10124f78865f337acee589b75f17b153f629253016e9d129124362d46968445c8781a56b6afbe36c73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a051635bb7d70299e87d01f9dd4da0cb

SHA1
cd736bde232de26f422c58ed5c6b4f6916265a33

SHA256
f177f69bcc602193a6fbe777751d60d100598600c98a301b834e0bf15363482a

SHA512
d502b3d3b79309c4c9d4c8cd544ce2d802903959c13797e5a2e718393ccee82787b57c85238298d370ab61da4b284717e7e3f645ebc3dbfbb7eff8304dea3782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
65aac433e8bda10c993c571b3cd03ac5

SHA1
1389cdc72fb3057ade6fed5ddce213934a138bb7

SHA256
24fcddcea6f2d7891adfe0e8732826df3ff2af94a4cacca8650b972fb7919f7e

SHA512
7720ea5f6f62fc2fcccd01b9f39354af633a890b2ed3d735df4f65a413b26aecdd610c93eb2bb6e1ed8b80c8d4eb47749ee1ae5b52c669483e1312c02876414d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5208030a76b5ca97ecbee63d0f31f14a

SHA1
9cfcafc40790ea921edabb88ace06d37b3657720

SHA256
ce65758a81ccfa2e52d5e5ea37bb171b6767080999439b49a93f499b6b9866aa

SHA512
fe65b9e098015d534cb46ff9c4cfd03fafc67e14c793297dede4d8174a833966a564b3162a14e018b98cd8029df73b6efb4462ba718c33a08cb9f4744c4e5516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
bf919616e6190dac4c519222a4c55a8a

SHA1
eac64a25044a7ab142fdf292e9071256f6323f8c

SHA256
60b68d84d9233b0c921b2f419307a547bbb9a7568381d5aeb95c260e2b46c536

SHA512
005c88236524924708d090bf8a0406a172722003ee0081adec7a3e46685f65b7b346485d634496efaed7bdea94679f8a95770271fba30aad17574e6f526b7426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3e0e2c696ac24264e6152005944b0c15

SHA1
ff216362d94133a896fa7418b558e8bac69f696e

SHA256
fd4a58bb224824ba98efa50f464b553159d4eb4e73efc00ccb94b41eff2ad92b

SHA512
4fbc27a448dc2d0bfef5cf16b05b7401dab89d95bb2140bec280d27923535ecde2987925cb23fe3db02cd4d831da03f264b34cb3b79db54a17ec68ff1bcc691e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3ac055b2bb22ad04cd0e210b9382009f

SHA1
17dd4223f6e6013a04fa6365891ebf601d7a7268

SHA256
799ca6a720a2dc5336cbbe188d4512b912d5f3404a0f098e7af601a27ff36c28

SHA512
3ad2029ab2bf1fc9dd85984b25e4c0fffb67743deb8d8fbc256d52d698473e4a8f4e8649817af6046dd6948d74a15321911e14b2537b2f4b789dafa19bcee5cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
399a6937b2d0c930275fcfb1331b6763

SHA1
8dac62ad4fc06990b2015a3a685684b5a96b72a0

SHA256
055b0f0cc6363c6471941cdcae833894e066c0d343aa971a3301c3a7e6769d47

SHA512
57bd0a41df431a81146cb5cd08b1a01b231e95473d445a82390b63591aef724dfcfa6e213f82e3b56ac9bee92fb30d88a18009f0289d7af8967739bee9000860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6ca25b2893803b6cb6057e581cd77a9e

SHA1
9055f880207ab5331e7f16a674c84da515fed6d5

SHA256
94f98794067e48a3c15cc17b32f74a5b97cfb8f1d7999daf4a006f559fc1661e

SHA512
a9ff76cf136c048534d9c896e2ba65f0cbdc2ffbeb46bb773128a234e97d48b6d98bb3609d1bfa5e00e712fdc717daa0fd8e510f7eb6afb8b4384cce4a1e9965

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d9163b762bd7b08987e230345e7be804

SHA1
7fc9a73564da23066b5e7d17c664ad078a4c3b63

SHA256
44f8b6a08c73118d3fc02680ee16484dce55fc710a82af363ad5aaa0b9aaab5e

SHA512
741503bb3dd2730f579c730b1fba345e93e05935fc9564c697613dbd507f78c0edbaa265822645f67327b5586e50d4e221825fefda8a8cecf8743d514e28a0b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5830a0.TMP

Filesize
120B

MD5
3ae46988cc177cb08a1f4bb12a4f487e

SHA1
4fe561c14ac9b984ea17a8a524c993a58b9da3c4

SHA256
0df8e0785c6357e71698eb7525971b7872e177e29f6616a5ef387edb90c36cc5

SHA512
f5b80077a88d74fc5afd85cc00bb76cccd25245afac745f33154b71b5c8d547c01d5b17aa3e21d5d6d1f8d257e29a1c09e526cfec2c8cda051dcbcc2abd4b385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
6973c0edd63fdf822c926f48c221a874

SHA1
248f8877009f9ca03ae000540af1889d42a92739

SHA256
ff42613cbe8045626932623232c84117b3bf8e8298f9171d52aff12546436dc6

SHA512
e834208b7226c6a21ef3166d0813939be9e02db446291d4c9f014f332e17dfcefa82fbcf633ed107e5e94ca945465a610c229a2e57f405dd9764b1ffb3af0a26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
352e914823de0b6a05fe51165ad4552c

SHA1
b4eca87808a9939e47bdd4eaffc8b9fee7765e87

SHA256
2541663387d16c927b967bb8acc73cfbffb613df21f8a383797fab6be4b1d86e

SHA512
07782eb583f76fdf716caf63c6f5a63dfac32e6ee0ddda82fd887ce694ae6ee6df379a13247f9868c8e6347cdfb3bb42a2f9efd0d4f10b494f6089d0f64b0479

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
3aeff3eefacd303b128360fabd0d2923

SHA1
95cd0be46830177958923560090bffb52604e087

SHA256
7f82f765652483932cad527bbc48ee8d343c9c43463503de9ee80c0d7fd4162e

SHA512
bec17e0bc5e1d0599e13f16ccace70b8f878e3f1e6527039ef1e824be4a8542312da82adc8779b246b881ef1399374c9a32e212e9dd580b5090e112058748323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58530d.TMP

Filesize
97KB

MD5
62f1c37b0fa24a58559b330affb79c34

SHA1
7848e4e8e7f6f90d32c5c4e6e9b343cfb214700c

SHA256
879e5e3b8734636389119e79e016850f07272afafb7f10a0e6b33d3c0e411f41

SHA512
1097878f8a4bb22c7cb6cc5cb0f8076c4741f5de86569c1d940c0248707c6161e6ef36cbea4d82a4ff3cdc08c518d71472d5ea6fd64b20099aa7c1a72ba7fae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsuB268.tmp

Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit