44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Analysis

max time kernel
1051s
max time network
1057s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2023 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

X2Download.app - Reise, Reise (320 kbps).mp3
Size

2B
MD5

99914b932bd37a50b983c5e7c90ae93b
SHA1

bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512

27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
178	api.ipify.org
179	api.ipify.org
347	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133400386316531927"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3648	chrome.exe
3648	chrome.exe
5664	chrome.exe
5664	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2104	unregmp2.exe
Token: SeCreatePagefilePrivilege	2104	unregmp2.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe
Token: SeShutdownPrivilege	3648	chrome.exe
Token: SeCreatePagefilePrivilege	3648	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe
3648	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 2476	1532	wmplayer.exe	89
PID 1532 wrote to memory of 2476	1532	wmplayer.exe	89
PID 1532 wrote to memory of 2476	1532	wmplayer.exe	89
PID 1532 wrote to memory of 4120	1532	wmplayer.exe	90
PID 1532 wrote to memory of 4120	1532	wmplayer.exe	90
PID 1532 wrote to memory of 4120	1532	wmplayer.exe	90
PID 4120 wrote to memory of 2104	4120	unregmp2.exe	91
PID 4120 wrote to memory of 2104	4120	unregmp2.exe	91
PID 3648 wrote to memory of 4712	3648	chrome.exe	94
PID 3648 wrote to memory of 4712	3648	chrome.exe	94
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 2068	3648	chrome.exe	96
PID 3648 wrote to memory of 3752	3648	chrome.exe	97
PID 3648 wrote to memory of 3752	3648	chrome.exe	97
PID 3648 wrote to memory of 2260	3648	chrome.exe	98
PID 3648 wrote to memory of 2260	3648	chrome.exe	98
PID 3648 wrote to memory of 2260	3648	chrome.exe	98
PID 3648 wrote to memory of 2260	3648	chrome.exe	98
PID 3648 wrote to memory of 2260	3648	chrome.exe	98
PID 3648 wrote to memory of 2260	3648	chrome.exe	98
PID 3648 wrote to memory of 2260	3648	chrome.exe	98
PID 3648 wrote to memory of 2260	3648	chrome.exe	98
PID 3648 wrote to memory of 2260	3648	chrome.exe	98
PID 3648 wrote to memory of 2260	3648	chrome.exe	98
PID 3648 wrote to memory of 2260	3648	chrome.exe	98
PID 3648 wrote to memory of 2260	3648	chrome.exe	98
PID 3648 wrote to memory of 2260	3648	chrome.exe	98
PID 3648 wrote to memory of 2260	3648	chrome.exe	98

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\X2Download.app - Reise, Reise (320 kbps).mp3"
1⤵
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\X2Download.app - Reise, Reise (320 kbps).mp3"
  2⤵
  PID:2476
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4120
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7fff2d029758,0x7fff2d029768,0x7fff2d029778
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=584 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:2
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3292 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:8
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5184 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3508 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5776 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4552 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6016 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5748 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5752 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6564 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5904 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6732 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6228 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:8
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3160 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4660 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6752 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4724 --field-trial-handle=1824,i,16684686202086640227,2606699273825180192,131072 /prefetch:1
  2⤵
  PID:5004

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
9785afc87e1cef75d8509288beea55cd

SHA1
73d0fcfe6d8b2fbf6a0cf8495823ffb4190486df

SHA256
daded2b4ad0695182d8c26f7a67122e973f08ce97381134ea9fd1ce1b750256a

SHA512
f56cc6506346e85ae9fd3177714c0040ff5a9397c3b74329e6581dfd59a838bc1dc893578d5ba8370ecbadc260033edfc84e94e65e5440a916dc80b9cc5ce36a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
9785afc87e1cef75d8509288beea55cd

SHA1
73d0fcfe6d8b2fbf6a0cf8495823ffb4190486df

SHA256
daded2b4ad0695182d8c26f7a67122e973f08ce97381134ea9fd1ce1b750256a

SHA512
f56cc6506346e85ae9fd3177714c0040ff5a9397c3b74329e6581dfd59a838bc1dc893578d5ba8370ecbadc260033edfc84e94e65e5440a916dc80b9cc5ce36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\342bbe16-a94f-4276-8495-313ca23cf5d6.tmp

Filesize
6KB

MD5
14d6e4136fbb541fe07fa5b24ed063a5

SHA1
9c26f02ee697169e690a5835aceece95cd097c75

SHA256
37e6f9637c52db108180836a709784dea0ec9e2358da1076644bcbea1f7b8542

SHA512
606a9de08845bf0d3524fb0869d274b7e04ac991b82f5db31266d2a5a57c2305337b44361e3b5c773d28110cfda081e47468019e51a511f68ff5f4d0e336e721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\76dd8d89-35e7-4219-be24-a9e587eb7461.tmp

Filesize
6KB

MD5
16680325e1dce29ea78efdc94cfea050

SHA1
f7cccdd683e985848dcbdb155158750710faa4c6

SHA256
3ddfb1a3d96ed4c134ba0ca65ec2e27778230ae0e24b7419b5599a9c778e91f1

SHA512
ffc265a2d1ca29320b776a69ff0772e648ef4278ea3b9058bf8e8e003c6427f8366415a358f0ef6215f3ce703d6021188ac0e241abded613777e1f27f26dc82a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
21KB

MD5
44129a82842153ef9b965abfb506612a

SHA1
c0964eb2ee1a76d48e4e09e31915415d74e18bbc

SHA256
8a3908fb32a414703eff3e435566b1e5598eb3a5d50c500e70eb1a5c20d003d7

SHA512
77d149f19343d765834f2bcaa02bc160c75bd42db1fc431aba87f78257a83c4c8a7e5953c247cb7cbbaf4ae44ace269eb0a5194dfd7489d66f69489ce5dd78d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
68KB

MD5
347e09e993db68aa7ec6684f8cd16a04

SHA1
110e24d1327b235b26aaec3a0c1de23a15111381

SHA256
11e74f4b27c80013a64579ad8986b5ed71f78f1ce21b8aaab42442c0938a11ce

SHA512
8ab30febac669aebdcbabac43a23c0dffa81fd4558a58aaabc02e8d8fe9d40171051954cb4df6e14f7af79ce80ac6d95c0ab36bf891c975b13b94ffdc79c949a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
614KB

MD5
1d9b165491822372783bead7b0b0a3b9

SHA1
31e52ecf6b4022c5747ca1ebdcba51e72dcf9542

SHA256
3b44b30e4221c4ea8bfd5a0ad6a69494947d96e2cd40593890a1296ae727d22e

SHA512
77393fa30d49ffaa461f8388debc98c48b8f318ee865dc1d0c98c15550036a01c3ddd393fdbf045f0bb7d4578a3ff0fbec01a23d5e89975b7334fdebbbdabc2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
36KB

MD5
703e3729744d260cac7d93835c4b1cc0

SHA1
cdf7cee6a85a0d37431a3fa1a66af956037682f6

SHA256
55aa183f96cce853235787b20ebe6afbaec756f449427879c6adc76350bc4dd2

SHA512
e719c67271282e18433b0a83509d0f8a25fa8943e2fae5d39e4ec3838ddea3c1f09aba04109f716320ba75fab8ccb094ff62d660e2204c84fc34edf20699ade4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
67KB

MD5
b61e2c422f618c290300af9e29af1cde

SHA1
ee6616203b35d0db512f71c644c8352a4ab5bdbd

SHA256
e88ec6dcb0c78c7d43a25b7a53db852270441dc4caf216247b137680f5e2a508

SHA512
43eb323ae2b8d9a0fe4acc156ec7f2c441972bbb7f640d16a235ab1cc77150b6905abfce8b3ed61a0f821262c3aa0b4691a9f63298f7f1dba984e606bb79e123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
29KB

MD5
fc0b256e587043402788a705207f0f3b

SHA1
ea467b5e521d458febfa8db30b046890efd2f56a

SHA256
105515cd26a8d4f395356c28000c8c9fb4e4cff98c0c5ea5dc9c0ec831c03003

SHA512
5a4151d0bf32b912fc66cf405bd8a14751b1fcd737b4e1b95fbdab08624e34b5a12f43e8bab822ad33f32e58218902be40692365750209c0d4b69dcb17f6c498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
21KB

MD5
d26428e32243b028dd2ee0ad46d5fb34

SHA1
d5659a129eb4cdb63feab7724939e91f9ccfbd2d

SHA256
6a356b5eaef281b2b346749b38dd5b67df299f8efb23389f150fc67bea475a69

SHA512
df985b75fd0c46de03475b014e48dd0986da10b658256f121376a83f3321936ed1a0132a6dbd7dfd3fa0ce80ea38240d6257f2037b3f6aadee57c1d83ff1d950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
89KB

MD5
65814f4a89e66cde7603c896d92b3dc4

SHA1
00d28b48c9c676c99e88c5490add979b2cbdc85b

SHA256
f78c20e469d85409a30d179388cda8512ca8ed49c65ca92ddf473b35679fe811

SHA512
772d9599a5c64c17c5afe5d364ac8a2d0fdcd5336dd02c603484be25e26bc20b4c335c2042bdda3f6dd7d433d9bb275da6bfa088b3c689105208ee251ab6faee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
89KB

MD5
20f01c37d93e6ddd0276c4f26e791d83

SHA1
fb0de5b1bd636ba885f1b04289570168cb110df3

SHA256
48532b0080b2a2bfb99c2436393e2085a0c992804235e8dc5e6c4696eae55587

SHA512
1d544bf7b0799f99305c0cda7b23cba31ae2b2618acb9b3cf3adc55b736d63383dbdf5317a61c5b46b7bee907b814ac08a1f4b84be712c90b80e80502b8e5e60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
218KB

MD5
e89a02bf5a150e28f099d84529c9c655

SHA1
f453fa81358fdcc14d9cbbeebadcc8861bcc78dd

SHA256
036ffb3135128ace76142370807028ab7fb2689e18603f4ef71511b7141484c3

SHA512
d0250ad00cb8193cb338dc229d614146615f5b155a4f5f0dd90cc033edde71d36c80715c99f93921047c3eb882acc7810ba0ac048c0fdae64e97f43a7df119e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
44538f830e6172eec75f74b917652be9

SHA1
e17b179d14776226e68d4ccfa6700092cbf5eaa6

SHA256
a63203ac146f1798c752f2c7428fd11636b345691c643d281ef64a4dcc50809d

SHA512
2b944ee9bf3072bdb73c86eaa34380c27ef6a556541c18883511027ee8df46e9fb4746148453966773ff5db4ed6824ff32ea0488283386cc13627076276a4f91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5cfc90fe94ca0a4402f4cefd36f30450

SHA1
766ee8fada2e00b44ab36eeee2409db3d0965a23

SHA256
3219ed41553c2530f048e9c5b0a702dc4acdb417a0c1014262abb266910002e2

SHA512
986d63845a0c13cca1e05fe47b3d67180bac4f56ed56eb23aa0cca564e76be98810046f9bcbb3e5751dff3a5fcea4e9acd62771d4e221730997c8c617adb0fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\02e84a40-6574-4a43-b7b1-19ab11ac0d3b.tmp

Filesize
7KB

MD5
f0348f59dd961e7eb4feb35047cf5f86

SHA1
4161eef39e7445327b632eb27b120c80e62bfcef

SHA256
bac0b5d96981e359bce912c4c416d05e7af8c8f3e16606417dd5653f2e9f9fcd

SHA512
5fc61a0dcabe746cf0931843464d357a67a5a921ddcc8c1429b4aafbc141abee9e15ed4f305e32bb2694aabd0ca320eb5e92c005f401c447280ae330951d0841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
5b64cc9e0bc87eb0b5360ed56fd700b6

SHA1
0a49815eb112bbd338817a6d33d50967281b2820

SHA256
121e3a0bdb5196c287f5e6278105af83b09ce3eb9e2353d2e68a624e24697e3d

SHA512
27b1883a6ed363f1ffdb5240d08d4687e38cf72fc8554ea2e3ef4428a0e90e914305666943e127d73df6f4f6c8285ffb48b522cf4a08005ba741ee41dd444b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
9af4ba38107bfb576f967a3aa8219098

SHA1
37c28a9216d4c1f5bc993242f3a15f1863adca48

SHA256
b1b1951e203bd7211e6badea864249e55cb520cff8f99b1952d966626cc2ab8c

SHA512
907cf8103e5facbfa74988846b0aab644a891594d2386f6a15fe26b20260bf77d0afc572c0ccdfa7e1d3d3747fa678888ab07bb274e4071f184be8722a094bd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d92249c696c87b705d3535c8924ad03b

SHA1
b89176feee0b674da18aed19bd7810ab53116608

SHA256
84dbbca7c543f54bb3874b81a4e6b5ed28847e181881e0266ab9fd57bec5bfda

SHA512
f5b940e112f0b086f6f093be4d67835006c20343844f7e66c482c0ec6e5986699c2ba1c2c6107267d2c804d0c3180e710aa23a122c92216212fd1a989bb65fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d4f1d0b5f91769007efc7b6e997d0775

SHA1
19e4bd245d2504755689f5d01c303f4da6b40b14

SHA256
457c86b1331b2e5222c2eb64f3a842bf3e5f0991a98d3551ea2e1848de2091f2

SHA512
500c8662b093ddd1f4fd8506d17f33ab951190e1351b7fcc73c663876066950a34f26387eac838cab18c684a834b18522a77dadf373bfbcc5e55de9f21ea4c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e39708ee2b851e08948eebfeeac336b0

SHA1
8e18532c3df98295ef75a15c1346d2fd0cccf8a8

SHA256
f8ed9c7bf9bc531cd4a2fcae7512a55dee620c9f67eb4bc5bac5875fb9526b3b

SHA512
ea71359c940c83e730d98c7000b598586c7bf12f45c2f946497682178786150e6dce3fc076ada5a397a36ece363961f5a2ad32dc6800d06ca1cb2e2d9e8554b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
acb7419d1283b637ff67f02b4a860842

SHA1
840cd854a1567264c49b89b59bc96da5a007e0af

SHA256
9aef496105d2b016e7680f05b63c6f50105f6964a2089d30548f5d5ad3f6a2f8

SHA512
2f68fc37bac4844a89126f08fd1b8c2efc7ca4ce4d7d5aa9fdae92e79044aa3e4c397bf227ea940b6ada303756671edf6c06aa0c0ae42075d2c464afa182a580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
41d9e2946a7236be8ac1646cf9a7ee0c

SHA1
33970a01451766187dbad3c362e22d44a8240687

SHA256
4a4380fb718de0529b668d0b4625adf11fb35bfe6f45f373efe43d0f7b2bc9c5

SHA512
42647ae98183783deea47e00837b4c39acd857cffd979d67b463c375e20a1babe24873c047bff8477dfe8f38f6b827c10313ff84706109f87d027fe9c9901139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0925f7e5d5256f2a8d727dff5727e226

SHA1
1c19085a6417e8177d8dce548838719a5975553e

SHA256
92bded3276e86effb762d29683ee0e226df8c12cea4921324b4bfa9c97e023b2

SHA512
42bad2197c9d3be5bbdd7919671b5d93d7220ce0b62897dababed064f213db811606a235cbb1bc2c1b814297289e9255ee883087d5b30ced38b9f9d6a1e2a5e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
550551e6fa4729405d8bba2ebd3aa868

SHA1
b6d5f7491dc045bac4f5949062c43c937a452c86

SHA256
1d2f3c5344990ed24557388191da0fb47aafb3c71043ecac190be0ec83969087

SHA512
44f77e2d8aa13b3f49fc7fd535b72eb5e0827f1babcaa9cb66df0b48ee38f81e37e04c8e618301bc33834331b489954a34182c174b06117b1206e6113fbede6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0d38c423eedbd96123aa9a18cae75460

SHA1
defcccba151ed212080f68af3394f4ae94c7660d

SHA256
319c18ed272792890a889a1018c85f79fe0119811f15affa7fde5750f8260b8f

SHA512
3fe79e80377f97e4be80469318104af27bd9ca0b07401eaa697f6ee66dfe840e14dd6f9bcb2c87755326bf5b226946a1add0be3ef896ed529058ef6e66155586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a5234e11ba07842831045f5241394eb2

SHA1
03ef6a6a463f15256e0af57dbc7138faa5289d59

SHA256
50a20cb4b3ba74b33dde124c9c37f650f2f3ae8e361deb9082842bef2ac3c460

SHA512
5d10169c9ab2555dd8f308cff294d834ab21a4c713a0146b2dcf3770e9ffa0bc8ebe1753aeed1f8b3fa79a32004ffd9a1e10441ef5c38d9e99e344e429482a58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
cff732e52d0e0eeb4ee9aef6ab5046c1

SHA1
31a5ed8aef4b3d4293abd4ff0ebf16ccc733c992

SHA256
4d9f11dbf49e9158bba3598ef38f20752bed898b152faae5c30f526e02e5b2fa

SHA512
a05b7084fcdb5b3b8857801c2023f7a67582ef1af64d59cd7bc6e70974495bb10b6ffaa1eeacda7a1c535e046cc937b96b22e2b34960e31903e691587f253858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
5e6788d83cec6d527b86f8b63ceaf163

SHA1
6873f217ccaf12e383606242aff644cbf3909bd5

SHA256
00bbc98c0ee0ec7fdeabb494d339fcda12c4e55238a701656d3d506d48d71443

SHA512
b48648bee203bc10ed787a7bf13461dacb1734fd7304e4d25f04fe676f058e2e98de7c843a0c27b7d691dd0410019a99f0be8fa545dcfc9ca6da2b2b5688cee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
4413d175870431ae0a946dba98def95e

SHA1
106e097bd088899e16bf286bf75386180338eeb6

SHA256
5d77ea05eba12209d90df112b3a4db94097033f48eddcfb96f19ebf381469dcd

SHA512
0e3504d879949cf69f8c4ebcd63eda1d49818e4577a01af2930e71ee89fced935d4e08ac7ee9ee0837ba219043ffdf0cd6e0c682bb2d91ab9d7b9069c8915ff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
30842d48683346a729c609582abe9992

SHA1
6419867ca48946dbcba14a0606a1da4ee745c6f0

SHA256
33559a5b2d9a9658a449d9cf4cd7ce0e3afa314ba1d84290d98970b5b032f2c3

SHA512
3ecf4fc1d45ee3c3c7abe959f4bd08606f747ad69a045ed677b492dca26af9dba0321883cc5d11d266e6cfcd67f817891aec3c26ef7cb3ab5352832d07a5adca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
71003c0abfe4969d655d94fe0549c1fd

SHA1
228a7dbc323ec63f2865fd0b442ed8764baecbbc

SHA256
53fc9d2627578b52321c891dbff74e8478bfdd9f194df7f3fd9ccdd4b488f24e

SHA512
55c5b65936da0cf9b8fb872789b5da5b1cce12e02f610e17a047e5c2754ad2193c033dc979c6a5b68e5bfd86049db8e316b194b16f89fcdd02dbe4f7f81aab8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58700b.TMP

Filesize
98KB

MD5
ee0284d6ee80f250265c98d3d99a3fd6

SHA1
350ff8edf14f356a62b44e870f5f818c32db5f15

SHA256
36effc2622fedbf11d77ecff1a6f66bf89c686cd25063cbb0d74d7ad72d6dd8a

SHA512
c908f5ce01f693c35d429ec63ab015f00c1c8f23a493e87ca3dc3edc0b3fb1f9f6e0a9749af25f1f13c8959fabae3b0cebbf159bcc1d9cf72717aa9b649b2b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
fc240c081ec382df4b74d591d7d37a45

SHA1
396e9d8accb2ff8b32e6c3957808cb87d23ad47c

SHA256
8cfeb277627a0fc9f2596c83dc37f9a3d8871293cd88dadd08f32098bf936038

SHA512
d8f83773c330b88b43f9ebc6220aa98368854e44a75b73a8575e7171f6c32e784d404e5a2e2e7787d3c71c0cfecdbb983631b639d9fee879b374d498d2ef0ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
27398738801e50081f7868f842155a18

SHA1
5879709801c57861550a28a28adba927b38d0154

SHA256
6de136e0f30aa772d52b8a7cbdb1e8096506a98c2ed9e0eb3b7018404e13fd22

SHA512
7e9adc32a0cb474710e11942f6494a1a15e58a445b48090d2bd3498c24a3792513facce4fef16a6080cb359bf2aba8145e486fc23b752007514cc07f41d65e32

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit