hxxp://dfgdf | Triage

Analysis

max time kernel
1799s
max time network
1801s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2023 06:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://dfgdf

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5212	1984	WerFault.exe	154

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133373336748197988"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4712	chrome.exe
4712	chrome.exe
2908	chrome.exe
2908	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
928	osk.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
644	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe
928	osk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 4168	4712	chrome.exe	82
PID 4712 wrote to memory of 4168	4712	chrome.exe	82
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 4860	4712	chrome.exe	84
PID 4712 wrote to memory of 2188	4712	chrome.exe	85
PID 4712 wrote to memory of 2188	4712	chrome.exe	85
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86
PID 4712 wrote to memory of 1860	4712	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://dfgdf
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff950019758,0x7ff950019768,0x7ff950019778
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2860 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4556 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4716 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1692 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3144 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3000 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5056 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5556 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5656 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2300 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6020 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6104 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2272 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5880 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5716 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6068 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5740 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2828 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4640 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5984 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5944 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5712 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5848 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5524 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5200 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5636 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5492 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5316 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5924 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=3896 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=6112 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=5204 --field-trial-handle=1896,i,2072499570712562488,1757183126711963858,131072 /prefetch:1
  2⤵
  PID:1528

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4100

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:928

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x348 0x4a4
1⤵
PID:3540

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:3060

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 1984 -ip 1984
1⤵
PID:5192

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1984 -s 2916
1⤵
- Program crash
PID:5212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6bf56a0c-9ac6-4275-87f6-60ec4fc075df.tmp

Filesize
87KB

MD5
e45e5462e13d723ad0d47e091b9cd290

SHA1
3958d9409cde2287483c4ee884b20ba1c07d63dd

SHA256
069b050cd5e53b271fb5a049b83c1f4d890523f09d5c1924542220cb9c4d61be

SHA512
58bf333845933f43618debd96e72dacb49f9215afd0728673246ee9a7a3a9b6ca2594e519d42d312674d5fcbb9ef1aa9fc465132bfe7fbb5251a5585b75eb0fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2e2b65fb-51d9-41ec-a2bd-ac8164a1884b.tmp

Filesize
7KB

MD5
0d775c23d7c775ebc5ef6103bb265817

SHA1
82e8b90d91ab4e4db4842dde38fbdbcc60a36c87

SHA256
0f698d0b7610c3302dc614fe47b271f6dcab4b79bc62fd7364577a6e662a76f3

SHA512
6ea7caa9a41c2a4fdd54fd96b27bc95bfe8ee36b531f46b88c94b44d66972b555b32c816cd8be212ac0f4209872d239d3c57814a9b8ca8d131a9f399187ca3d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
ddce469ebd34002b77c5764dd54bbb57

SHA1
ac9c0e22cf9b25dff28b00016df62b22c7a2407c

SHA256
de7924244cb7b2714dca362fab7d2d17b2fc8d48442fe4935c4456a9f606de51

SHA512
81011af18a98de5d945f5791406ae50f483509b9c8679289a262972d548f4f97087919a977c3f0a16ae9d6fa654c3fb29be5a67e17a162180c354ef29a59d133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
b34897210af3d17a9e7c7cee2aad96f5

SHA1
c16d386b39330528d59f24beb7105bccbd9343db

SHA256
494409a440bd49fe9b27e4014970e161de51b43f42dbaf5b38dce5d48ee82ceb

SHA512
b425a10b8799459991b73dd3fa97fb1467ce4e8ab4ec6003780230319ff42d79fefb1a41cab14645d54d88e2659b9357725603619da671d4008e8c4c9e6b4e8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
f5c46e2ef8b6195589e03051b2cb1a36

SHA1
30bf4ec256a636b0533cd8b66910581504487983

SHA256
f74ef4e9e80a6a1879886080b14bd3b5f8659449a14caf94c58106ea9e24f963

SHA512
6949765db33317e7b593a0ab3173846ffa4c2e8474d01990a5dcbc14fdaa749034df40b4c6d436bc243c01d6d2f058a366a18e6823b80b914f1b460f7c1622d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1499585a479a832c8464ab99930e3299

SHA1
c4df294e39db56cdfb848bfe78eed37938d09110

SHA256
1904394bca008c0449c1c9ae6f0c6e0907bfb9f9062f95a90a6acf41e7f64600

SHA512
4ce78479295bcbc287ca8fd167a7d7f5f6cb387d9cd6e3fbd8dacb35c7b822c205d97f60c78e32d316c30b8bf999e2ae6b96be29daa1e77f43adfc7d1c148436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
819e9870b673193f36d5df9c1bc365ba

SHA1
a19336d4ef813d4188b948205b9ee8b724854faa

SHA256
81a39164a4ceb7a0e4fd9e21c3563d666d3a98477cbe5051e137eed56d8ff642

SHA512
3052d60b7ed88f6a9c54dd24a8b81aff20f6c2689220c5054352b993878e08d2fea245c56a5846f6de98d07b6ae37995c36c63acbbeb72540c5b641fcba1dfb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c2cce5ad24f774f6825d832253ca5b04

SHA1
ce32c942f6f5fd5ae19e886164b49e06c579966f

SHA256
028d4c5c98ff5e14edcd78d0922b13c91daf444d0c8726565046d491656fbbb2

SHA512
a731db2b0d383275bd6eb290bdf7c9eccf5d8d6a5cb1bf049c3a20808c9e1f063dd3e3a02c129669943e7335bb01b3ea641521aa9c40f8d4ac63fd56e138c954

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a5246892c2f1986cb87542d0f5b2cb78

SHA1
c6d21823b38538d09524d0735d1c60cfe5c52a69

SHA256
d981e2ac5c90089920ebe2a3d7b1336a5c071e9468d7256c59967fbd0da0aaf0

SHA512
6c6b1e902241cb19220eb274456aa8a4ed64073b6eb16808aec1f5610648b7da9b898254bbd1db600c40f0fd36747a64456168f7d9dfa855d71e27308fddeb2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
83fa5a6aa92e420b07d50287b32b4083

SHA1
685cb10ad68979b86cdc7473320f1a02cae3d3bf

SHA256
85adb54a58a8188d5b300f857dbe912ca1a9e577488ed66caa74726f07c6d524

SHA512
9b79a8e43c916ded6e7c2588b12ab77f8d08003c0db63f9c374c793dd7b419b844290858feb9f272f04d98c6d9f27587c4c0b1e0909538710e84c109ee11e881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7a4733df51bd5f61e2aab10f61bfb76e

SHA1
0ff730e7737681f1cc2b1fd8abc684f5e0a250f6

SHA256
8af5abb9321b6a0e860e5d6c281b7e213f0e15772205f56bd009fb0f47c21654

SHA512
d1e300c84a42b22cf93a033a799c8df627b3a604a6eb4cfe6d9ff9b79a8153b43c10d85cfa0f31bcca7cbbc5b814412eb2536af0e62ddf6587315664cf7ec192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
07ec1529d1c3581291ce45e1b186a408

SHA1
6ad79bf547498b06dbb4e64800d917045c4fc916

SHA256
4c10ede0b2555649782fb158405c305765d5ebc584b2835977062b7a5aeee41f

SHA512
193a8ff0f22abb81eb48e04f1bcb8d66e85541a50c3bb856df9b38e9e5ab8929a2616a24b8dbd76aa49feb3f174221ccc1f6d46f6f4c7bdeb2f6962e7ed3616e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bcf2ffc8bcbe44559f67f3abaae52407

SHA1
19ef2bd9a82040ff6d926e2f58b0cd709a429afd

SHA256
4f09e3f920ac7e76356dd5af7e18c53fb8bf3657b073fc271bc7449660aa0978

SHA512
d0828bf61222ef9796e6a792fa829d4d414613c290a886989b1274c72e8ef2bd34278c632ddb139c6278ecbc97b438729bfbe29e6aa9de07f7a586dd8252e2e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2339c4122001ce0036eb259f379fb83e

SHA1
ce9bdde0b2758ebd214391cd4c7b9cb985b6ee2e

SHA256
f29c264480d9b8836274f9706d7dffd18310ed336b0a4d627618d2cd031e24d3

SHA512
1b452eb673230a47774454a584cdc9cb5aed7d79b0052e72100608bd8a95a9f7ba6ff771dee346c54b82b2c8743f90418cda9995e52752ebd188d2c912a694e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6eb4f0e321ebca98242a22361b28cc99

SHA1
c6ec9697d021a3f0966529e5a88ede8494cdd387

SHA256
c0bff4ffc642ba45a4d70a3d7e510fbb46aed553522c55647033978216addf1f

SHA512
eb85bb451a6c3e5a985891611ffcd1e48c20597c8572fcbdca2b788926a93eaa1227b90845dbe2ffcdc485f33d0f317f53503deb788ade142c6e721893c038eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f324106d488ef8bdf1e1a17f725dc549

SHA1
d18768f4e3c1fb5717c3c0597979dc8df14aa88c

SHA256
6d2226e821d25b951f423f72eb641060a187ff78bb489203622311acc2b3dc4a

SHA512
b39f15fc51432f6afa4f72914e650111d89ab78aa22e8448dde40071f993a2b96f1c41b8bb02cd604083cf36bcf3d9d152780c67317fa81544f0ffa563de9980

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
728f490d54691ac27b23e4674d501e14

SHA1
c66b4b8485d4f61f976d49157d117df7d5e7c3cb

SHA256
3ade5d624d603487aeb4c31dc02b9bd9207cd6c9049e19ae7f17d1820c28efe0

SHA512
60c3d93cf18eac9a665b425613e379186d1fb5863bd85af4a9b034cf44cc00bc4a5aae133f85afdfa6bb64f687e38375caffaae90e4ac07fb65e9796951a6053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e3b3b7325daf0a7e7b5b6d761b40c604

SHA1
a5a10943f67f6d621d9eb667ade4718057acd8fd

SHA256
7d3edb7f3e685b9718a9bfe13f764d7f20f2c72b3f9779244ad21bec38255d9a

SHA512
95654d56b22c327ddb80f3d50c50741091bfbb4b6058539233fa0da14faf9b8f816f2c80f8313045a1e80a6de40ac36412acc370d78509498030ed5267bf2268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8e9e8fb424001513ef12920d8e0c782a

SHA1
0f60b55e30108da11e5d5182a42af32a067913c0

SHA256
ba449358a1db9af314edd0666c9d7d2e5489c5ebcd1d6b9f89774cf2121c1973

SHA512
0d612ae75eeb9ca305b52328dcdba389bd200a1a21a1dc2f792ca8b83c74ff26ff7e2c3a8eba19e74c3f38acfcd7c6e62cb949b053d899b209b07310ce0ad3a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
ed2702a1d445d1aad780eabd724a2678

SHA1
18f48591b4e35012af65e3d53a2be153a5f0c1db

SHA256
c51b667be287833f6621f575fbd5c121dd8b2355ef1817f6aa8d3aa1b72af86c

SHA512
c4dc27d87355a6e7f42c4112b72b3973b6af5b8dee260c8774bba7861366ec04e1cd03dbd295ca4ca4eb3824cfd407a1fc598c86446b8dda07d4e77cb24684cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
b0251aa82bfad1a69c8845ca21297f2c

SHA1
3c105ea8561e0f4e8f1bff4c0c1353819f5a8ac4

SHA256
917c9a64d3b750e0e20374f8c562351e551faf2c1c44a31ebbf3a9c5d26bc4a0

SHA512
1a5c5f0a018ed27fe7883ce51d940cee41db34e94ea4e3083da81cffd10b2bb354d0470797afcf09a42849aab755c01c5288b5ef1417a793593af395db79c1ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
5feca949fa5c46017a098f84ae005d57

SHA1
c455b2459697b18ed3626dbf2e81229e340beea8

SHA256
2edf405f89ae8632c4b01984cd16c191b47cdc0f32c1b9a40fdcdfe261a5e143

SHA512
ebda0967de0776c30cf10d2698ab8adbd44ee2cd59eca4ef62a171e953039e228dfd577349ac6e838c5118c3f0b325020684f92ab3ca124329641edbf47b5777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
302aa40a83e29382ca2188d349e1ff6b

SHA1
4b178347152eb2259e2a96b8b032226f1b8f488e

SHA256
2467ee17d90c828b48ea34663a5360e7390065c7c07ef49c4c1b8ba50032258b

SHA512
114080006fa2f36d195f5037926e96ed7064f7612ac9284a655d8243032567a1e5c6bc1bea1a4c8a7eb6f1d7972117eb13375b634b847a07115ebce802206c6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
743e1fc40966bc918b4d4474eba652cb

SHA1
e87e4cb3c58fd162d0161b501674fd9b4b575c33

SHA256
b10a9a9cad90333c3385f021be0f90b5212374d9c816ace0236442e2fc06f1ba

SHA512
d6ae7c796194424ad6bc938efce3b3a7a7122517da31089385b138e18f346fdaf62de73f81e27cbe10f53c2f4cc84c3b5f072ad3f6a39a141667b784232e1c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
34ff8ecfa76e07e7117c51773340f19b

SHA1
0d52d30f6397d304e2c8107aafd40969d7970175

SHA256
744e2307b7d02c5e12c0c7ec0f9f67a336ac914eaabc64f12b12d553593ab4bb

SHA512
f31371104ec1c0bf518facd5ed5be45477a380194b2117bd3394b5dc2c66af35fd3403b7a5f77b0a6098a323dfb6f3ab04c35e919349a54d6d0a532e94af4eb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58fe9f.TMP

Filesize
99KB

MD5
6ad48034a9eff80893bdd5ba9b2a71aa

SHA1
c5346eb86b0d386c758cee0d44dc81e8eefd1d52

SHA256
6535d872c208c2b8e5813bc8109750531761216b599f7ceca800a88b333cbaa9

SHA512
ed6c9f92dc08e0797fe2cc0b11d857b16cf06385b79bc2bde075a0ff3393bbb2e19c72ec4bf13651f7e1f11e51d1b107b5497c72f90716cdc20dff6ec33acfeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
44cbcc02d6a445969a7d13ee6d44401e

SHA1
13f1a53a2ccf9b168a015e162b81e73789284d2d

SHA256
1c3bc74543c94b765fa51bfb14c77a4e2ebea77e107511f940ee4e5438523d4f

SHA512
4813a2336a5e044f659b8dd01e11712fd3ebd9a8d54dc92e6b4322d10270b5205616b81f1bb3316754b03bf3d24e666101de93804540cab1edf2e4abaf5b8f4f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
e0ed2e71d3ad866603817ccc24b29a0e

SHA1
0530110434924b23e0bc3a260aa97904627e5a90

SHA256
eb97284f4e9e00851c049c30e6315d5ce73ebb8c6338cd54829293271ccece26

SHA512
eb77d51cb8534f5b90a0718f7bf2e3440adb3238fc2e21c4d14940e232ba71d879381dde4c879549b4197dcb1fbd226cdc8dc19ad15769c9b0f36957eadd1083

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
6KB

MD5
36ae296bb861157e1e506ac86dc72b67

SHA1
cb7c054fef9c1234fad94a953bf4bc74fd94c51f

SHA256
17bc6c6429980e4bbd2ba8ffa7a43acb2801f628ca1c6ebe41d17a4a26f47f9c

SHA512
3e749e81276120e2719366ffa0d993083fcbbb653e994ab7e5f5a370adf3f78878ef9823951595016e3d3557fcda77568ce13dae40e63fe73911a4fde9f73799

Download Submit
memory/3060-419-0x0000025D62E50000-0x0000025D62E60000-memory.dmp

Filesize
64KB

Download
memory/3060-456-0x0000025D6B560000-0x0000025D6B561000-memory.dmp

Filesize
4KB

Download
memory/3060-457-0x0000025D6B560000-0x0000025D6B561000-memory.dmp

Filesize
4KB

Download
memory/3060-458-0x0000025D6B560000-0x0000025D6B561000-memory.dmp

Filesize
4KB

Download
memory/3060-459-0x0000025D6B560000-0x0000025D6B561000-memory.dmp

Filesize
4KB

Download
memory/3060-460-0x0000025D6B560000-0x0000025D6B561000-memory.dmp

Filesize
4KB

Download
memory/3060-461-0x0000025D6B560000-0x0000025D6B561000-memory.dmp

Filesize
4KB

Download
memory/3060-462-0x0000025D6B190000-0x0000025D6B191000-memory.dmp

Filesize
4KB

Download
memory/3060-463-0x0000025D6B180000-0x0000025D6B181000-memory.dmp

Filesize
4KB

Download
memory/3060-465-0x0000025D6B190000-0x0000025D6B191000-memory.dmp

Filesize
4KB

Download
memory/3060-468-0x0000025D6B180000-0x0000025D6B181000-memory.dmp

Filesize
4KB

Download
memory/3060-471-0x0000025D6B0C0000-0x0000025D6B0C1000-memory.dmp

Filesize
4KB

Download
memory/3060-483-0x0000025D6B2C0000-0x0000025D6B2C1000-memory.dmp

Filesize
4KB

Download
memory/3060-485-0x0000025D6B2D0000-0x0000025D6B2D1000-memory.dmp

Filesize
4KB

Download
memory/3060-486-0x0000025D6B2D0000-0x0000025D6B2D1000-memory.dmp

Filesize
4KB

Download
memory/3060-487-0x0000025D6B3E0000-0x0000025D6B3E1000-memory.dmp

Filesize
4KB

Download
memory/3060-455-0x0000025D6B560000-0x0000025D6B561000-memory.dmp

Filesize
4KB

Download
memory/3060-454-0x0000025D6B560000-0x0000025D6B561000-memory.dmp

Filesize
4KB

Download
memory/3060-453-0x0000025D6B560000-0x0000025D6B561000-memory.dmp

Filesize
4KB

Download
memory/3060-452-0x0000025D6B560000-0x0000025D6B561000-memory.dmp

Filesize
4KB

Download
memory/3060-451-0x0000025D6B540000-0x0000025D6B541000-memory.dmp

Filesize
4KB

Download
memory/3060-435-0x0000025D62F50000-0x0000025D62F60000-memory.dmp

Filesize
64KB

Download