hxxps://www[.]uptowngrille[.]com/_files/ugd/1bbada_e4c34b9268204f6b8f9dd0b372b8229d[.]pdf

Analysis

max time kernel
269s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 04:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.uptowngrille.com/_files/ugd/1bbada_e4c34b9268204f6b8f9dd0b372b8229d.pdf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133398310233766194"	chrome.exe

Modifies registry class 34 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2736	chrome.exe
2736	chrome.exe
1572	chrome.exe
1572	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe
Token: SeShutdownPrivilege	2736	chrome.exe
Token: SeCreatePagefilePrivilege	2736	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe
2736	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3772	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 2844	2736	chrome.exe	41
PID 2736 wrote to memory of 2844	2736	chrome.exe	41
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 3660	2736	chrome.exe	86
PID 2736 wrote to memory of 2776	2736	chrome.exe	87
PID 2736 wrote to memory of 2776	2736	chrome.exe	87
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88
PID 2736 wrote to memory of 3472	2736	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.uptowngrille.com/_files/ugd/1bbada_e4c34b9268204f6b8f9dd0b372b8229d.pdf
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8899e9758,0x7ff8899e9768,0x7ff8899e9778
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:2
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4704 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4860 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:8
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5616 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2296 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5660 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5676 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6060 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1588 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4516 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4816 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6456 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6500 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5580 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3816 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6512 --field-trial-handle=1864,i,10540271693117132268,376429484595299929,131072 /prefetch:1
  2⤵
  PID:3008

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3908

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x2fc
1⤵
PID:416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\217f6b04-a5e5-4bf5-a9dd-34eac05b89bb.tmp

Filesize
9KB

MD5
480ee49a6287d935098906207c1dfb87

SHA1
aadf5ea97f8763b52f384ffe850695b4540fd2cd

SHA256
f04401bc62fe0f954ad3be0c8da5cc952b76f21ba455fc0e82b3ba7126fef91b

SHA512
207c376e846cb140901dd35333acdc3a1309521949caeba8fadc3a62745a86b063b056257674291d7ea84a70d630e687ef1cdc756b3001aad8e17df114d11f4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3411e803-baa3-47ac-9997-b279cb4b48f8.tmp

Filesize
6KB

MD5
ad9a8614898178760aca2a67dbaa0082

SHA1
e354e7c12746e68f452d771649b0556701f76a35

SHA256
538996507f86fea0e513b302bde8d82b5e10a357cf10e61ef66a07a26d0e0812

SHA512
2167d13bbf43fc4dcc7dcd670a2b163bb773d287aa7cc452685133424ca69ab9a105a04352b22a0f4af02f349c3e0bc536bf456c2b4f3e91ee442fbf95c4c979

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
8.3MB

MD5
2000be9879ba5503692b07b1a2be4989

SHA1
fc8dd0db518b4a5095a42ac1f8dc84057a48b0d0

SHA256
9f497455a7d7afd5335e1ab0ceac664eea0bc55b4747011d15c4ae808e9486e6

SHA512
e5c9f1a877ec6f227297ea287ebfff0ca56c86d978444b2ccd84039f92b805543eff293d6b91189e460da53ec9822256cda59f02e2a6af3075c34c4e22a20715

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
1024KB

MD5
2cfd6bda83cc5078a8472782c2a2c31b

SHA1
7ca8c8eac485ed0ff09b8b2bd03b7f856976fe2e

SHA256
a01bc557b0b5fbabc48e8bd3864f3e50809659f842b33ecd9e01c8bf1d893948

SHA512
4386977b9fae568368cd88446fa90d3c2b7b7ea22e0e05ac0938a1b2e1e68ef77953859207941ab847f6050a0130e88488f5f6d1f290dde774eb2aba952c4347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000080

Filesize
43KB

MD5
4ec5650b53ea04de7a4a21bc2aa4e156

SHA1
45615cbeff4c30b283ba802df772a6f4b0710778

SHA256
e6c17831328a25c4eeb1a2f7cc9238b578087b4c42053be983554b6cb6061b8d

SHA512
58ffa0ad3ccfe651947c6d0e7910e4462eb51502fa3c0e52e24ea821ecff9673a8e59a42c196576e79fdf9ea5be3456e2ec41efe93ddd5ec6a8482de72b85e98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f

Filesize
133KB

MD5
61c989f74688ef3d1d3e07094e1ffe42

SHA1
3a153761e8f7fd9790ac84e6763015b12a28557d

SHA256
c1f1808d4b5087dfb86cad5e174961c94cb8babbc3516241dc556b76643e1c95

SHA512
0b06962c619d4419df3d8a0995cc8bb81090705c9d2bddef46e52128d8649d719b2738b76b19d4350eee09b0eb9a82e4852f996a529fc689bc08da55788c0fdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
af88ef5750dcc2adf05d01ed7121ff7a

SHA1
759b221d5bfb46aad06e23296541d3dcecab8e25

SHA256
ab80d632a79e61988c5bd3d7f4b945f4c0720e25690b236ce0a92743c92b6151

SHA512
9eaa474a92d9025028f2cd08789f72abe346e53cea39c2f74afa53b3f61f6e11240305ee638436db20fc2367284387c6b843248e453c476b8a9687d1e0df27e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9eaf02d03db2f465a1d9716cb247adf9

SHA1
8113a1b5f26be28a2c8d00d87d21c361932b1502

SHA256
867e9f25a598a7c440e665ea545c4db54b84cfb1b24480ad06e65a976747a1ee

SHA512
7980b0ec9d1e22b6c898b6eb23aee3c6905adcce72659b83bfb0e8c6aa88fbe9b420499a22c47b01e6b01190d619aba5a99d6b8a566760a9da6c8d78675fbf1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e6a9a0803d5d0051e5b0da8e9f1f9482

SHA1
4b2d965f7b29b36a1e0b86e4c467a9cf0454783a

SHA256
0ce4c7793d94a8c85fe83071df5a7b59376c1e970144dfdc454afbdc7f1a594a

SHA512
f99a845f0765365679b4b787c89174d303ca5fae17ae4c858174f02a887a408b4512494639e1052c87b23f184955e109f0ff016f651dd729ce888e28f2971a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
84B

MD5
32b9dc9cc81d0682e78627c873fdd651

SHA1
46c486386d3e153c3e9b11d54cb52cf0064b71cf

SHA256
712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c

SHA512
f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
966420136ff827d04bee5200eecc8cb4

SHA1
dc88a6d0cf2aebc0d29fed6d3772530381440fe0

SHA256
5526aca22e34616046581424da635548acd4405ff31ee8079300ab3a66d8f163

SHA512
dbc428c3bcd4c82dcea43594b967a97528c3a5f9d5cd9888fe812939045662d3ad9b924bcf9dce306e4562137e666971e5da08291cd31b22f77bc3720a72d622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
37B

MD5
661760f65468e15dd28c1fd21fb55e6d

SHA1
207638003735c9b113b1f47bb043cdcdbf4b0b5f

SHA256
0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e

SHA512
6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
e59f88101e410e7d3d0eab5713bf4bd2

SHA1
933e88aa4cfa212dc3411d977ea8ebaa2dbbf726

SHA256
e5ad2f9fd8fb2f2dccf4b9f7b0095637b7544a3514d8d19d1c25ce1e73bb438f

SHA512
0bee19ad3f0f387c4e846019c4aa0a83ce8971ef1dc3454d32b827e088bfd12b88c7bcefca41fdd13a3f6fae1587d191e9c4b0ebd3e555d7a76180ff973e5913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
6e4093520868ab24a25b51fff312d8e0

SHA1
7baf1cee97d227626ccf1a192f25f54255ae72ed

SHA256
9e07c9a3842a94eac8c525220fa0833f388fe58db2759de49749103677277f56

SHA512
d35beb39f88f1463fa6ff944c6cde6e4f4b06386023a356e348fbfae8f592e844932967587efbfa4d7167484a059f114c7b7920521665d2e1dad1040ae1417bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ea2bc83390c6a24654deb194f5e4ef83

SHA1
cd91bc033c3d48f1b4e385fafba347772a8c0702

SHA256
27166b124ae9b973b63a963273f79dbeab3a31e1652663c7805d92f20b2dba71

SHA512
fef69b87c11a0aa92d7df1e45ec39e698de1df5d68ac298f0989a49a655bc1e8b6a763f9045817165fb816b98a3f58f742d499b40f59fffe5cbbb82e94c02501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7c4e3bf296ac00720cfe0f78ccf1b6f3

SHA1
aa11ad0086793763ed5e93a243427bc5edb64221

SHA256
97512008a5c0be99a53ae1f1912a2898824a49be4c7425dde13bbf015f6e6d29

SHA512
160c88626499e52fba04f14bc2e7ba1162f83628d5b71fc713d25ffd2b48674e20bce5976c6defc002925220cf68eececb3c76fac946d591d9f35e1069e25b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0f4fafc8fc40de170c7643933b07c919

SHA1
3fa67571810f1dcd5998e1612577ba1f92ffe553

SHA256
3dd3b0f3ec35a94970f47ae23aca8b49f4cadf93be9ab2b82dd162c0d8582977

SHA512
75c285245aca341693112d634059590928329c5c456a3510fd03c7063ed858c023aa48b92e0f2bb212d56b079c712a7fc92ef0b2ce62342d98f200b7bf855ff0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
40f8b632a8b343ee5a7b9dc639afee23

SHA1
4f939a469c6b54e6dfd550dacd493a2083c43e87

SHA256
c16b3adbfb6d0eae0ba24261bf7b4642b9e696e9a1eb396d3e10b028f0cf5b90

SHA512
5c3482c127cc57d83196e7623c059edc7f04f0b7e256de30eac824ab8ea9cb7351b30e55bed9beebc0508eb2eb3d20b636177088a6dc2407aec95b51c2c0ea3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7ea81568eb80effb9505a99a0d667bfd

SHA1
333a0fe9da3d80ce7a2aa1704d2ea840378481d6

SHA256
f1b21ea7045708b37111aa5e78f94ed024d612c4306c92a932a6566c3ebcb673

SHA512
5521f2b4e2d6e5ba50fb1db96ba44460575109b056907b34c5076a208b68bd00076d03a40c21910e45e2d363b14c3ea2d736a8fd63cb11359ea6fab6001b608b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cbfc157bad560a55d681c5c2246b77f6

SHA1
f233d4b77ef4dde3c6cbdcdca393c83d5167be19

SHA256
4d9ed21bbf4d4d411e09a23a9d3f02c4d4676a33301f60d23d8f7c584c286a5d

SHA512
c8957436c280546618a40722e43b10bbbb87308b7359cea13e4010f236b12dba204d0e33b18288d3305c6556cdaf6e736f5a7d0d1580cbd2ac2dd1c27aa1950e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1739d013ec5c3bce9d44aedae72a7c81

SHA1
b287216ba6bd84a487ee280f1c90dfec6ae37113

SHA256
e7941a2b3d613055c72e7e14e26fbf1cebdbc7608ff92b1ab594c128ee62fbc2

SHA512
ed3efb5aaac4744fcdee4354ea3cba8131eef581d0175024fecbf7f9157f501a178a0171e50944bde4af82b12d857ae07c4ce572361de71e9c9a6bb829675213

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a62e83ee0e3b42033ac2d2a67f55d164

SHA1
f55762209fddb0662bc486c9b315a2f0c9f91e6f

SHA256
a854a9edbcec4b980a912656e20b7a340ba9e16d00838e39d893572814f9003f

SHA512
d6cc5c81a64b2668a6974ba52bf5b0d1ccabededa9dcf733717228e4eaa7370452572acabccf80181f68544156de6e2fb1428becfa8a32638b71723f7c4ecd8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24de02ee33df49054d70f0111368c6d8

SHA1
0e18d97186a81520c647c57e0388b113ec029433

SHA256
fe53dc70e3760a7d0d014ec531a03ec5d9129cca22531c63ad56338860a88628

SHA512
1127d5cb29ac8adf56620faec573c252f4f2d9cc929d88d7b0025e0400f56e81c39484ee7ccc945877c3b373969d62ada57b6c8e25dbafac527008756f7ef938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
740311509659430cba14a63c03b4d15a

SHA1
7ccea7c7314585048c8f4827ac907d855b178a1b

SHA256
c00e54aa3cd0d1b9c374aa9ed9a1f2ab07d139933c0bb9091d183c12c70b4255

SHA512
18d856771065835fb569985e9ac05b05d02af14379f9d862062accd5a8f8266870af939564f1fff2c9bf46dadd40664a76a042e7afa3159a2468b410a99c3eae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
3d523f5df3b34285148ec4925a054005

SHA1
4c88c205762beaccbaabb10821fd683027b5c93a

SHA256
0242912cc54aee2a2c5488f16dce6509565139a5d6e8580c6b88c3037c01207c

SHA512
e69b96c43d8f05eb04300706e3de7faa3f3aa8a3bebf55d242dcc1faca5069249b5afb9937ef627026df020a4dab6eef88451d2420d9362f95bd07c90561acf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
102KB

MD5
261cd7cd76a90340458e7c483beed200

SHA1
cdd450b25cecc7507b158248e38c1736ab7c83d1

SHA256
d7f4029f6493ffa408717658c31a69a4d2f6f03f4a36cf1ec522ca46ce4a8b4c

SHA512
a9f0d62399819c74a040eafea4c2263f1dd31f98bda39a9fcb8dbaf795136eb2b341c1985777852929887f93ebf9a8e7a6551a6d9b9670344e615efa4c6e9cea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
c8c64aa968419b77fe68e7350efcadb5

SHA1
c22705993a8de1da80ac4ed1a242029cf908e222

SHA256
e0e8f93fd2778a8747ae600f73f8cb9d31f9190bad660a9150798b54d299331e

SHA512
6b41e45aee9df5587279797fc5ded827d46ecf3195e22d46f3867b20e527822737e9e1acac4c1d25bfaf696af0f728a28191a9930a00aab9b59ae481638070ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe592f05.TMP

Filesize
98KB

MD5
99cafc95229fe5b249da14cc2a890cea

SHA1
d6e86ea523c500e30d422773d5ebd446e46f0042

SHA256
87baaa4c5da668f4d207f6858755525a796e3d40b60a5dc0769021ec280c111e

SHA512
1808ccf8a069184e27387594e1fc74fe39a6b2fac20222593ffa386b52d5e127f886959657df60f0f542c1ece357cfe940d9396533bed5ac47c9d3f449f517d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ad64553b-4eb7-479d-8fc1-36ec1765ecf7.tmp

Filesize
102KB

MD5
71d2a02d9c42414cbf7e33fac4e8c2b5

SHA1
f65935778436b6d57d2c4190f6cb858dd51def89

SHA256
a80a7a6bca6cd5576641d71df9a2eec574570c54b1562eb43afbad50a9c07823

SHA512
27b730f71bf17ef53c54d84c33c5889347f7b3ddf09d2cea2e84cdf762a7a28ae09de32ac2ddd58d82842ba42454e82d65d14daa7d2e192f6d6917b779493c41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit