1cc7c5968d8bb64fb741c13772986779834eca8293d230cd88aa305c304e89c2

Analysis

max time kernel
1188s
max time network
1164s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
29-08-2023 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

modest-menu_v0.9.10/modest-menu.exe
Size

14.3MB
MD5

f0851119cec15d35a8f206f1ba446f86
SHA1

5ff263672af7e81a344846b3bce1ff4e59f8b6cd
SHA256

19a82f12d86829e768d226c0ec5e20a664f349d1bbabd3aaeade3ff3d7237282
SHA512

2ccbe9d55b59bc22ce615f23a09baa66d15e88f7c44e8f5561c54b410d02cb309d40865fd22694470fc9cfbda69ad12fb699427778347e49db63d60a341cf5ea
SSDEEP

393216:rO4LKZjqtG+kh/JUwReHLsLjbeeE8KohlBM2Dd1rzO:rrKZjLhDUHimEJhD

Score

7^/10

themida

Malware Config

Signatures

Themida packer 10 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral2/memory/3560-0-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp	themida
behavioral2/memory/3560-2-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp	themida
behavioral2/memory/3560-3-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp	themida
behavioral2/memory/3560-4-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp	themida
behavioral2/memory/3560-5-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp	themida
behavioral2/memory/3560-6-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp	themida
behavioral2/memory/3560-7-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp	themida
behavioral2/memory/3560-8-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp	themida
behavioral2/memory/3560-9-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp	themida
behavioral2/memory/3560-24-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp	themida

Drops file in System32 directory 1 IoCs

Processes:

mmc.exe

description ioc process

File opened for modification C:\Windows\system32\devmgmt.msc mmc.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

modest-menu.exe

pid process

3560 modest-menu.exe

description	ioc	process
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe

Drops file in Windows directory 64 IoCs

Processes:

mmc.exe

description	ioc	process
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File opened for modification	C:\Windows\INF\monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File opened for modification	C:\Windows\INF\pci.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File opened for modification	C:\Windows\INF\mshdc.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File opened for modification	C:\Windows\INF\volmgr.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File opened for modification	C:\Windows\INF\umbus.PNF	mmc.exe
File opened for modification	C:\Windows\INF\acpi.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File opened for modification	C:\Windows\INF\spaceport.PNF	mmc.exe
File opened for modification	C:\Windows\INF\swenum.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File opened for modification	C:\Windows\INF\vdrvroot.PNF	mmc.exe
File opened for modification	C:\Windows\INF\mssmbios.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File opened for modification	C:\Windows\INF\compositebus.PNF	mmc.exe
File opened for modification	C:\Windows\INF\vhdmp.PNF	mmc.exe
File opened for modification	C:\Windows\INF\keyboard.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File opened for modification	C:\Windows\INF\volume.PNF	mmc.exe
File opened for modification	C:\Windows\INF\hdaudio.PNF	mmc.exe
File opened for modification	C:\Windows\INF\printqueue.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File opened for modification	C:\Windows\INF\cdrom.PNF	mmc.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133377767109713913"	chrome.exe

Modifies registry class 1 IoCs

Processes:

control.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings control.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1420546310-613437930-2990200354-1000_Classes\Local Settings	control.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

modest-menu.exechrome.exechrome.exemsedge.exe

pid	process
3560	modest-menu.exe
3560	modest-menu.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
4596	chrome.exe
4596	chrome.exe
4112	msedge.exe
4112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe
Token: SeShutdownPrivilege	3444	chrome.exe
Token: SeCreatePagefilePrivilege	3444	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exe

pid	process
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe
3444	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

mmc.exe

pid process

4684 mmc.exe
4684 mmc.exe

pid	process
4684	mmc.exe
4684	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3444 wrote to memory of 1580	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 1580	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 2788	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4700	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4700	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe
PID 3444 wrote to memory of 4672	3444	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\modest-menu_v0.9.10\modest-menu.exe
"C:\Users\Admin\AppData\Local\Temp\modest-menu_v0.9.10\modest-menu.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:3560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdbaeb9758,0x7ffdbaeb9768,0x7ffdbaeb9778
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=584 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4612 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5128 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5156 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5516 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6012 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5700 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3320 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3260 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1724 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:1
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5772 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 --field-trial-handle=1920,i,12654960031144355955,6587585488952296317,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1380

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9ed81964h0816h4fd9hb158hfe31a5775b9d
1⤵
PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdac1946f8,0x7ffdac194708,0x7ffdac194718
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7573284984576856123,5108100035132571083,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7573284984576856123,5108100035132571083,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,7573284984576856123,5108100035132571083,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.DeviceManager
1⤵
- Modifies registry class
PID:4528
- C:\Windows\system32\mmc.exe
  "C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:4684

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
39KB

MD5
6a3bb9c5ba28ee73af6c1b53e281b0cf

SHA1
d96e403c99c1707f82ea29c2c1f134e792c64097

SHA256
2f5adfc38558162578ffe112229f10417fbc4b3df025d153d4e22a0c95177740

SHA512
6c4844f70969938339cb6716a834a79e1a8379459c87b983c2518b9cbb560cb2f101aff980f682989928523be6cdc99bde3bfd8137f9c54a58191b900b580fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
8a2b4711bd7f850f5abdbe2a98cbcdef

SHA1
39eb2ba0fa132cb77e1b378d974a7da470825d6f

SHA256
f4289275f4e4a7fa6db1841efba77d53b0fdd9c01bd45b9aa989b1522c7b9eb3

SHA512
14e1d4fb16afc9e3f75e231ba76fd50b38bd7982c84842735ba2f5911eccfd08de9e814d524fc59a2b7cfc4f138f6f412ffd71eaead9a59cc0f2ab6e251fdfc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7817dd5e7987b7798eaba5ea8a5b5a14

SHA1
b6eb1323cf26a13ae907843e07f3a641ebb4442e

SHA256
363bdcb78433a6c933111117fe4c547eb3b2abf304861bf4e0816f48975ed4f2

SHA512
57fd99e787766191cededb762313bfe6c3f204b47d7e700cd80557f9dab26a0816a17c4fc4a94848ba518361cc127170960f2a8c4c53a7e52b7e51de3b975d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
78155ccaf0aafe89aa6326a8003e2359

SHA1
c0478be95df500f89d8dfbe13e2ef3e3243e58a9

SHA256
d06634e97c19996f512c7f32cb9ccbe402367a6d4ce63a2cd72f95378ef32030

SHA512
5d8dd90d269965425c33d4ca3ab03a3cc79b174571c338806875484dec53dbdcd03753929aa6b7b41987cd1c1a47f347dbbdf68fff5acc643c2e2975b2eb01d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5d54b9be2a0c142cefc1bc138a83dc28

SHA1
c4edd6f7223e28b31092fb5e5d51eee133b85470

SHA256
51c55aa02960a7aeedc7db2a37fe95f3265c64f40677036b344a6a0ce384b3a8

SHA512
60dac68ec4543da89ba68ef67534599ccc2dcceee18fc5821430215f7b06c3b9b8fbb025266f33f9a6b1bd208ff5c7c7d030dbada4af3e355ecf4fe48d456d45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
924902c3491b4dd314d69ab39a7a2127

SHA1
f68c5531f046d9db06adcbea57f051f50fd7dd1f

SHA256
89e3d47980faf1dd899621f6eb0ace75ed750edc6cb9c0dd582c303181ee44d6

SHA512
1409e4db6950a4d34029cc501d41236aa0e2db83f0e8bab8b599402e928cf4f899c6e2ba8b62212cc4b20adfc1a0185495e7dd2e47ff025cbc9a6dab83d0252c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
2c7e62c9ff52c302ee4370933fb8ebdc

SHA1
6812519ea59e3c32987e0a91f380645264bbaaac

SHA256
5e83dff8da9b20751e5e77c9cad2bb20465f9597623b2c75067dcca09e668c34

SHA512
92214e719c286a2470f4bb76abf15df5f2ca71970569f0d5b1bc899a032ffa472c229483d4ebb490c4943199b6c99637acdcc41b294460774735c274ce21ba1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3146fe19a67ff7b41bbeb5851803eda3

SHA1
558c57ae17cf1e14924fd4b7c4e5de379dcd6dc5

SHA256
648d02c59b79975e5e01f6f4beef1d5f663b31fe8a057c2fbceb87e2973d3166

SHA512
38d5d25fe4997c0b1c3fd47306c0acffc416d6d49367eae39306dac0e4059d3c680be95c6d413688d67caae65941f121f8109837282e08edcb1db41652de37de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
13632c47ecd071a6dc14e699ce415f45

SHA1
7afe8efdc8bc8e5bbc3b32ba2cdf308c1973a8e8

SHA256
0f2d42ed92e47c306aa66aa43e0fabb9428d4a2b00974433cac7a83abf42fb09

SHA512
289abf490b74c216cbf5345bf840657332b2a7422c62d14406ea8a50505ca252dd7aa9d71d7d8aa852a018a7cf796016571a275f34febf173f008db58af7ad87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3f103fd38e8a7e771685df39f848871a

SHA1
69f89240b248849ac8a95545edf9c3bb89ef4d93

SHA256
0429dcee96b32d150b64b8d961034dfeb4fb3692854aefce5a2881e626b65816

SHA512
d2dab269da7190d6b9efafb3cb830a8810e014b03489efee6dc51afcbc7b90c93e89d962a92e5e755a5b4388814dd97e677f79234c6c8141d27af84ec369b937

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1e827d6ff655e54a40d7097be96512ec

SHA1
3934c9b1ca9384744d42e3861658a90d999a948e

SHA256
dfdcbee2e02fc4f32b370f6e7068f828e1ad161159d85144ae0c32c408f471df

SHA512
6bdf1df5a1721f0bf240cd0bcca4d70bc62fb7538fafe6f63b545d06beb6c6d4ecc2307ea235f59c8f97ae7a3928f99948759df0132e80b85a2699c5d0c63465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
284f43415113bd94f8110492fdcf8a1e

SHA1
85272bd71021addfc762aec2330bb4b087d97f9d

SHA256
4fcbc802bdba9b40c325571daefa844302885eac076039304640b2ec9eb4e477

SHA512
cf4d2d0aece73ff1eda519c80d1e0f72f4fa38e2121c0f29d85d3a7bf3849ddf0455c5be0f98bd74bda872fabfcc4579822728a16a4ec93e45d7529dbd8e0adb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bfb43f526049b45988f7e3e8707136cb

SHA1
c4cb9dfc3bd0eb5587e828d62072325a3d84ca4d

SHA256
7e0fc51f1323b29c09dc3a4db23b19dee3c84bdcc28b612ca2f54efb59b29bc0

SHA512
aad30f4e8851837eb2f4883f2600e8fb37e856f40bd86f3d9d8dd9fbddc5fa4e667fe0a9750bfb8de56a06d2f5c9ef84a1fdaf97a3eccd1b9553205501b41b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5dfe4574073e782ec5d7d55e662cac2d

SHA1
7e06f6e332012b597bc5a18b63f3694550a48b9f

SHA256
2ecdf1d4ff8f3da0ec93b222ed87fe7154b0ae23296ef498d2ccbce1ec625756

SHA512
1e1c7843efa323b6c89878be3de665554777eb09d43705793da3566208f8dd0e185f92affbfb4de80a42a5a640c463848efe09c56ba7fd0b6d100596c981faaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0af4877e59caf54879e46b3bc5c32412

SHA1
ee950f3d30517e3991f29ba2165f0253cc608312

SHA256
3690c76f86ad5c86a3dbfcaaddf7e6225a5c13d62ad630aae95eb345d221ba62

SHA512
2ebc12edd4f108a43954f0d5f0d86f5cbcf53597e5d96cef26a453c5cbd1cb060156b3eab32f908d325e271ba2a04ed2308ee5358b3838fbd16a5c1c6b0f3f38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b887754249ad6053cc59f00f64ecac83

SHA1
a69f7b242b649583493ef32b82dfabaa5c6a54bb

SHA256
fec89ccb236203b80a51eb57d5814a43622aea88e6e75bf4e8820d48d1506827

SHA512
1f649f6909d03319db8767bb48c02edeedef7465f05b90471d3b8386927c12c68dbe3f2c0d6f3d1c3e7c8bcf95558cbe0aa755554ba87923976f78a4edf5f10f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a829e934b6e2838fe61c81634cb9a9ef

SHA1
c3f84d87ddcf9e95c28238198d6dfe067b3ab95c

SHA256
4b9583f29cc21504b14aab68ec1dfbf214b0f1275b0bb2027432c88c5f576730

SHA512
42e6e0f04c19655eeae2e3ed5fc7722f984264ac31425fb3adf9c470d4e42a697541fbba666b875b56c9700d806d884054ab8bd1b7807e6cb053a864a93f16e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
59e742fd85ff35ef85afe0194a1378db

SHA1
977a4aac64bfaa6c22c98714310f08243dc4af0b

SHA256
eaab1b06500d4ab8157ed3c1c4d1c6bbcfe813764a4862b8fb646e3dc806bef0

SHA512
51bea072a04b982af286c1f615de6b6d5fcfeebf23a6909985e6e96814af90f7d06d15b69e2e66b8167e2c0be4979b477bc6a9eeb91751fe64dab4ff6ec3898d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\2b7f3092-2f4b-442e-9fc6-633bf4e16097\index-dir\the-real-index

Filesize
72B

MD5
104c1ac8e161aec93473fbda53161b30

SHA1
43fb1ced368f18997c10ffa24849bcdccfd3568f

SHA256
da82c9da7a0d68ecd3dc071fe48a1b7c78625da727b15d13293eb1001e984b50

SHA512
6d44ab7acc46bb5d991a12579afec08ee90d235155fdd0426b7883abb451c9c3d6fa21f70579279df849e984d3d2a0ea8cc03896e029ffa3613f8ba67b65f463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\2b7f3092-2f4b-442e-9fc6-633bf4e16097\index-dir\the-real-index~RFe5b06c3.TMP

Filesize
48B

MD5
0670264107798afc9485341581152859

SHA1
557337bf459e49ed451068a2ee9c4728bbbd6920

SHA256
cd5f26e2cd7b3e44fdd1a30b39277f0e2ba26387e6427df087c828dc709f8491

SHA512
4a72206e78c36f5188240ae65ea9d03f789f3516d67be544e6fb2c727d5af6a510644aad5128203027cb097f218c22558e35273f955ac059b5f4205e9144bed0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt

Filesize
113B

MD5
ab9733b8036208f8c18e915ad5ae79d1

SHA1
b820b70ed90e42415d022119838f9768bea91438

SHA256
897f2b3f64355971bf734a2ad1d125b65e5f5d55efecc778fdf41f53dbd13f2c

SHA512
c23d4f826d2e4b33b0b3ff2c76b3d752f10fba5f7699986a7fe1438bf927b474dbdf6b84565985694e9c893d0f4734b423a38501dbc2e05fed091e6bca0c700c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt~RFe5b0701.TMP

Filesize
119B

MD5
8b2bb1b2c0e0dd9571ed669aee5e773a

SHA1
3d2d96feb950bbf06924924baa2b70791583daf5

SHA256
e5dccd3a793cbea428b58f6d75734411a8880704189c86488872dd64b3d3da3b

SHA512
08b8d6e2e772c424dfb8814cedcc009b3914b054503eae79b3cd8faf32251371295c7b1bf4f637f01d681ab541773943d1572c210454ad441982d6721975b99b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
77973969324c52b6a59e87d144eef6f5

SHA1
963eca1dede3165d0b4c393116ec40d4d2ca6509

SHA256
c854e586385cbfd1346e07bd350180e0f866e1a2b68d387a6869402555bee699

SHA512
7dc774c6b5ddff59cef561a90d6c02d40236d3098254141be46a78f1e15b1a852b264c6e2fe0ae2b6771c551c6e081b88220137a6b4dd1f11538c0722b96a0e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b0684.TMP

Filesize
48B

MD5
0bb823aa7ad6178e403b95fc9af90ec8

SHA1
17d6a07115e76ed890b433f1bb70418e3ef4e3f6

SHA256
042679924babddaf944b54cc3ed8525ff7a99da3eac1b7d978345689d02ee6a3

SHA512
64e09aee792126ba54979ed9493b0d69be5ceed219537fe48af4dc5adb2ea35441ef5699972adbe512cd0700397cd48d5d9449ddc3bf6bd099448ead3b391b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
180KB

MD5
5099f8c4d0758c2bff25f1347f62470b

SHA1
fbd48ccaaa180937c500b5316c07f0498089e958

SHA256
a88044fba43d0a6b2b6ddae20b4a4a25fbf9e6ec00b061dd7c9889d5faa94ef9

SHA512
d3c3c857e054c104821ae0a3463726168545f85f45d5df54b52b9966d3104d2af52f5f83514c55bb6f9d51816292dec37016f5c1bacbe4139cbf388302c3e597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
89KB

MD5
e55edb7b46c7bb0750e0d5adda1c05aa

SHA1
8d922bb6f0500222bd286cc41f428dd3a9a8e32a

SHA256
5b688f43ade558c864d564d75bb87a3a63e1831fa31b77d62dad816d94d03d8c

SHA512
3e150c7ae2fa4141a7398c2da0102124713c1dbe69780429657720cb4bda366687c247704bc0d46c03639b7a81b5b9bdfccd869f077f295de6c9c86400edf977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
180KB

MD5
215612a696fd09b6dff442925f3846d2

SHA1
53c73448975d4431e22d0ba9e1a96d0b8a1b5fe3

SHA256
f57c4fb75170b900c56b715015b0706863ba0584a2da4dbdea6824083925984a

SHA512
3cd9410896bc61e730c90f368cbfe017d4945c78bbfed6763ea5b6d1d49f4bd7d61d944c435a30bd97ac76f32d740e196661dee785c409626ae311347e59e3ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
179KB

MD5
f6c658e79fb198739baed85707f10721

SHA1
cfe5d0c98388e23142cfa7e676951cf136a479ed

SHA256
f2089779d16d05fc66f8b523c7c948656e089748b95409a0a27c5596ee0c276b

SHA512
b6eb7fb60ad1773b93a0f19cc920e812d83d18207a33df70ce9734f2671931ffbaf9226f7b47cf57cbbd5594ed9f04994fad2dae4b1f53c0c1482f65ee49b24a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
179KB

MD5
0f4463428862e8b7586b3dd96d3c455c

SHA1
c215277fe1294dd24afc6a1d99b09183f908f15e

SHA256
f25b88c3c3f2e4c288d452828d3bd440e1f3f723b0799410b5760f909cad719e

SHA512
3efc3e660401a2c4d6b84e4531569f93e783053416cf16628bebc6b7a22cc2b268642f054643cdb271dab28f64098ca2b36d93c1d2a65ed624772ed5677865f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
192KB

MD5
1c3c3bffaea2e5e797e72adb97dcd286

SHA1
763c8aad40b5a428f81eea35a15794fdc8dfd1e8

SHA256
dad85a035081673bdf1a1b5dc071133b67c70aaaa6c99a077e505eea361801ae

SHA512
c4d2636b7deb3c697ada63ec8ce73961a38fb48f5661717838561c93953d1e6a87e1beb2645eba36404520ee762a38c65785ca2ffbec341c2c1cc93d0612d575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
f454f96393d1b907cdfde42a1a52814b

SHA1
6a64eec1953b5b4cbac89ac840a6f9291242471a

SHA256
6b773458d072619f122cf2d0895b1ab3739b93d421008d4000f73f7e78adc98f

SHA512
77044597644c9ecaf76a6e83c51d881c785145beb6e3c55ba1ad6d9f866b10d9db62a05ef6b6d2f51411638c058572e85d554716bd10a5a7ebb0418ba31f6a5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
54398e341a587e39d9d4eb036a877a75

SHA1
9a2cf4ad8fb9c67580c325c8c4d608dfb44bc3f9

SHA256
cee359dfd69c6110bd7b8904437a33804d4d8ddf0c563ec40e48c160a8ad85e8

SHA512
37020f2f0e9899a79290e2958c8845d2b5c643a964fe0c38ec10da76d34eea5ab27a47d7ae735b2df92bef65fade90a06ef9419fa758ce38125f9156d2b0d888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a3cbc.TMP

Filesize
99KB

MD5
721175b8522364b0a3f79ef5cf92c635

SHA1
3efd12bef7b73c694fa0e5c3a7f4578ebc5c57ee

SHA256
01e95468d60ad2f3f32167fba739377957b65e6eb2a632b6387799a547d3c41f

SHA512
b16c623fe26941f83e1d6837d9be1d2f8904273c1d4f0dd157ec0ea7d82c40909db57e3e8a2f2adedda4f6b7c3cab90c3459fb4378c691fde16a5153b2c9695b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f2664f81eaf2a18d7752ba13a9424f00

SHA1
15d7be3c3807d4d9f5bf1a35f80d184a2a3148b6

SHA256
d349b592aedac5adde470feaeb71f63009497738df14284eecea94d6f6b0ec2e

SHA512
9bfc462c89ce45702c4de94c01cfa8ca4d6cc4347b2dee1e0cc997554b956dd088d4288379edc5e8a6c0da03847e4d64c64cba092215c02c9dbbc7e5c457d48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9b0b6f207fd08e323d30bca1a4bdc44b

SHA1
b9adae84d916ec6f42de8e4430f67104b3e3029e

SHA256
3015885ed78cf879d061794e0aa9c109be749375bb45c71d226b5dae5e8fcf1a

SHA512
b82459d67eaad76721c7ff6fb62ecb61a8e0befcd68418a790184502257081fa8d438c14301ecfbf8582aa21fdcb9b56c0aeb565f9584289a4c5b5c6c412aea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
97f7661b290bae5d6e0d853cd10d7fac

SHA1
362fac93137e2ce1eb77580db5e9304726b49d92

SHA256
f4c3638db744a2b62221a6b4b50ab8c7d813d7357fe249ef513ebf8e3239ba5e

SHA512
b4f0de4a4e157618666cfd75d4be3953fc4e1eecd0fa0f9cb54b93c5427cba51d702c8a355f26d8822b2a0f0d2c72cbec0d27d4b1124a149bd30c1b6b350e332

Download Submit
\??\pipe\LOCAL\crashpad_1684_XMSKBJWONRUJZADD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_3444_SOGYCSSENYCXOCKI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3560-24-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp

Filesize
36.2MB

Download
memory/3560-4-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp

Filesize
36.2MB

Download
memory/3560-3-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp

Filesize
36.2MB

Download
memory/3560-5-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp

Filesize
36.2MB

Download
memory/3560-6-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp

Filesize
36.2MB

Download
memory/3560-0-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp

Filesize
36.2MB

Download
memory/3560-7-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp

Filesize
36.2MB

Download
memory/3560-8-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp

Filesize
36.2MB

Download
memory/3560-9-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp

Filesize
36.2MB

Download
memory/3560-2-0x00007FF7A8360000-0x00007FF7AA78F000-memory.dmp

Filesize
36.2MB

Download
memory/3560-11-0x00007FFDCD470000-0x00007FFDCD665000-memory.dmp

Filesize
2.0MB

Download
memory/3560-1-0x00007FFDCD470000-0x00007FFDCD665000-memory.dmp

Filesize
2.0MB

Download
memory/3560-25-0x00007FFDCD470000-0x00007FFDCD665000-memory.dmp

Filesize
2.0MB

Download