hxxps://192[.]168[.]22[.]107/acc_MOG#/login

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2023, 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://192.168.22.107/acc_MOG#/login

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133408397046250864"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4828	msedge.exe
4828	msedge.exe
4276	chrome.exe
4276	chrome.exe
5408	chrome.exe
5408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe
Token: SeShutdownPrivilege	4276	chrome.exe
Token: SeCreatePagefilePrivilege	4276	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4828	msedge.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe
4276	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 4476	4828	msedge.exe	86
PID 4828 wrote to memory of 4476	4828	msedge.exe	86
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 968	4828	msedge.exe	88
PID 4828 wrote to memory of 4676	4828	msedge.exe	87
PID 4828 wrote to memory of 4676	4828	msedge.exe	87
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89
PID 4828 wrote to memory of 816	4828	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://192.168.22.107/acc_MOG#/login
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb36b346f8,0x7ffb36b34708,0x7ffb36b34718
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7445143034637533160,6090048663736776475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7445143034637533160,6090048663736776475,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,7445143034637533160,6090048663736776475,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7445143034637533160,6090048663736776475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7445143034637533160,6090048663736776475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb27749758,0x7ffb27749768,0x7ffb27749778
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:2
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4664 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4824 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5372 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3804 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5116 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=media.mojom.CdmServiceBroker --lang=en-US --service-sandbox-type=cdm --mojo-platform-channel-handle=3084 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3268 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5160 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5724 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5620 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=media.mojom.CdmServiceBroker --lang=en-US --service-sandbox-type=cdm --mojo-platform-channel-handle=5620 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5340 --field-trial-handle=1880,i,17518105293308651414,16608905654625789298,131072 /prefetch:1
  2⤵
  PID:5128

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
330B

MD5
dc534a2a126b5933d3d60809da67b184

SHA1
dbd4dc50427fe02c5d09642c592f600b97140bf6

SHA256
773cf7aac9f3017987f4e82bb1d32210a4862cce0c24faa9c8c71657c7cc9879

SHA512
1d0765481cf1e419bb59e8c978a2f107817435cc0e8931439017a4c95f808d1b101ad065343d8e5b1e47139d87a9d7b9e4ab7466d9da8e53539f37ddb8908e58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
45988055fe322e46123034193b55dd01

SHA1
c20d8d8c66964c69601097cb588d5df58c400bb8

SHA256
11f356223154ced5cd70ca1f381db7036ddb78bff7be25561eed7a7f93978c60

SHA512
21033fe8709aeb449b3cf7caa2cdba70c70135d5d19199b32846322eec14c921660faccb6433791713437fe1ca83e8f12c58eee186973862908c9f9d52fdc740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3fed48dd-45a5-4ec7-bc61-2e5861a6cbf8.tmp

Filesize
6KB

MD5
81f97fc8f01b423295adb858efb41bd1

SHA1
38c76a3b275c424f906886533701ec0aa002b99d

SHA256
08a511d57fd271758aeb4843337fb430daf1ad04871bb45d460ea82f33af7268

SHA512
bbefac5c2e997e1b8a27801d856cc840b532c8efb5f4930fbf42831365b09e80d746023daa8f91f5d0cfef51f1213623c1dc41d80fac040de5bb057fc8b3ac95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
82KB

MD5
f7b12903dd7a2d536ceb2b7cd1dba2c1

SHA1
82d12ab89c971973141475ecbefa5da97ad57195

SHA256
3760e89dfff6078afcdc5404e4735e266a4799babd9fa853ff388c702e992c5f

SHA512
44d9c92af31aca7b1c60c1a0ef9ad1bbdf89bc5942b0b82b3a5e66dd8ad822b1868565121a515758c782d34b689c898ddead14a15629772d64bed4a1eeae5339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
49KB

MD5
1e4dd02151e53f21f3584d3f9d73fb0e

SHA1
e13631e91430cee601fa5af2d402a1c88b5dd862

SHA256
8d15894575b4ba71a61706ee5f5a4d6676c54fe8aae96ae01b4e45424e4b7d53

SHA512
2bf542a236a979872ac4a56f845d1f3391c0da04e3724196e560018f0b39f7679b805672df1aa8f76165068aad9ba2dca8ccdf34a983a361e8b382f1537fa587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
87KB

MD5
216b12b5a9657850b1b324e158454f8e

SHA1
b02b14e1ed70d323167efa295ceb8ba156a37fab

SHA256
81c0ae5eb7c7ea1bca274d51be67818e3f2577e63c9f2ee766b20e8964335db9

SHA512
c65a2a379f846d40bff192e2686eaf20c784a9b446a9d99813abec3811d0df96e842bae9c7d0801ab743f721e1281c9f9b77da21275c1e9765de26ce66c51b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
85KB

MD5
db1a27b35e26398fef4be920ea96078d

SHA1
436a76d889fe34eaf1c213447d3d94a5dc3adedd

SHA256
847a8377ef2e424408f08c04f34697edd3ceca9f8a6455678493dd69e5d0bd47

SHA512
7fd36e96c139892fbc3025b4d6deb222f29babf1546e3c731064505c0d04415b9f04fe9db55349f1aebf02212e2f5e85cf25c61b4d788f6118298aaeafff0666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
83KB

MD5
0e196bce574e01f42fc686e3e6dc4f76

SHA1
330b633667a9533638955e725e53a760904170eb

SHA256
94591008ecb9d40b575e52b72bd30dc31bab0b064ba132766fb80f95f85d27aa

SHA512
c2a70757135c34072bdf62390a10159855e40a3f7b9be115ce0864a03bc634da7cb2a4146862e098f8f1283c86f985f6fb058782691ac7bd90f9cdbd5c16d267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
55KB

MD5
3b7bbfac9ed3e75d426728e900579aa9

SHA1
baff27e32807b7c8c558e2102aa2e034a47c1561

SHA256
d728648c3e1d90bf50f0e988787ce26ea1111fa697b0a9daeb95d6724842a9c1

SHA512
438403ffd352acd27595b1b7679129997905479d03aaaccb032013bb4bd5d34e6758e73e5cff4422f9a74262b5f03a16c61467fcb361161a6f3b7d343bbf97d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
28KB

MD5
21a68af4bb88d3ae0143478dd30c72f5

SHA1
2e3208198aff0ee631e47afc367df50ed82eda32

SHA256
2cb9ea7997398002b61ac5d6afe3ac5194dfd399dbf725c3c1000cf6cddb1bc0

SHA512
56b422d0981b0e26f46554f3ff03deeb993dcdd0ae480fb07aa66a0a609b6c7a1d8e08ed9327c85ce1a0ea670e1dfd33491f2fd0e0e02b0118046ca9519cfb64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
76KB

MD5
48f2d3d495059b2dd518675fd35a34b3

SHA1
f4e3f1dba560bdb6d0dd062ba153c0b1f78660c2

SHA256
81e5a128b155abab4f8f7312490531b73c417d7adf57c31658572b3c9f795fd0

SHA512
230e2c8df4197ef67941a34ea30cbc9bdfee82ed8a608184b6897d2abe9d61c42bc9f3409b3eb5600a0a5d860e5defa91c2716fb270f7b6424edb070d165594c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
599KB

MD5
f02e1634f254116e6c53c82529739c50

SHA1
c082b56c4f2717ae8dbabf2df2f86cf76a9c68ed

SHA256
cca8c680fa6dac201dd2a55787e5ec4d3778fcaea060ddbcf695e2fce7eca529

SHA512
5ab242c4a31edc3156cbef9ae5711f9882abb3ed3a73d0c58316bd116b3563cea6ef281a5cf24a5f810c16ac452f932eb2d02460485d0b597c6872c3a2823563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
868KB

MD5
804f85c06b21373f83e1f06020233bcf

SHA1
68c10b9c79ef69c8485190d004db19a346eb59f5

SHA256
7ca63ea52ce4f5f256daa4bb23c1d660d478114dae10a012fee952400a3be9f6

SHA512
2e90ebae47c22b02256e3c96b668d4e6407f9ab8007ec6fddf23090ab510e13eac9fb3063ce35af2f3f724258ccfd07623aafff46d9e33fae651c2ea42edc506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
18KB

MD5
85d2dd7a48e7f81389de37c53e1d911c

SHA1
84d7c0162510f03f7f352d56aa9f665d1c4f3b4f

SHA256
2b4464161d644bf8c4ea0f8e9fac91397ac1cfdbb1a5508b73f9f68807ad32ee

SHA512
cffabf32f78123f3a36501643026b54bb5d718ef7f287c278522deeab79031e8adef274ba68936900778519d44a98c620a5d0e25dd3f6af0a790eee04a6f8fc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
185KB

MD5
a9673bd087b4e5e2cd21862f8b7d8054

SHA1
0854f56b37b3c7c3938ebdd75a79be32c94b281d

SHA256
d4226b650de255fdc92e6ba1b89181c445fa23e82e86a1de62059ffde35081b2

SHA512
3e919945421b284915da26cd49d55db1e4c5b0530cfafec936982e2b6f400e372b98df78d1f07813a473cf9f26699e9c1ffa555904d6d2b4fc819b2c202afaba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
9170f6b2e66de9e3e86150797a9964be

SHA1
f1642bbd945dd8f41a325cfd76bd74599725bb8a

SHA256
df4653bc49694e645b55a2763996c7997a77bcc898c43c32805760cd7e4b2e72

SHA512
cd7da4ae2681b31cfd4ea65faf3a83a3e3b4ca62a937702dbe4638672df921b70f8bce327a90e01e44d768f067628e80927369014cc376bba389ed0aeb3a3813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_open.spotify.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
fc378c54fd78ba4d6b3a6c99a485d1b5

SHA1
81ea721a10efe55d0731f76658948acbd8163f9a

SHA256
7beb5e3710b64cde5845d3308505d250e33cf26a44c354b0ffa47ba34a6b4e30

SHA512
8e39b14a2c84fad09b618ea6ab9c501ce59660269ccdf577eb0affff4f3e52ad1f8069e02e638941e00d8091ac086a0df0c214b519b3f5efedcfdf061b60cbe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
af1168deaa3cab4079206f1675b4e312

SHA1
3b6c6548a67f2d9dfd6d122e44459815b4801350

SHA256
029bc54f49236398c2ba0263fde8435819cf0524c191e83ccf419bf70df533b9

SHA512
b1fb938167b5ebb10932805a45ef4fd5f6689700c1401892b20bb0ad0432f9611e1743e4993068e391f694f2b3d4e3805f9746417bd271b39f8c76532b479a67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
cf9ca955b6295e7dac25475abcdbe11d

SHA1
0af3ccea9385fdcafa568cd47db8d19ccc485b0d

SHA256
01c81a5fa651368b85968ae180e11e7ef652add27a2706fa29e68150bb993a75

SHA512
3286b353fe155d6f83f3b9b1179a15518e530946e1ab254dfba1d7fb33f97183cd545dcaa36c41ed5d71c626b50188aea1ab0f1e13575cc2372db7a054290e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
121692c438deac7afc19786e2ee79e6d

SHA1
559f1115b36bb1694b4a7feb86937ec68bdc8211

SHA256
df6479003f0b9cc931e106d930c49e6d40836213e54a93ae1b23f0c8715b516a

SHA512
8e9436db27ac8a14df564552b843bdad5b3a454ab48c7fdef6276a46627f83e6e7ac234c92d42e310184d8af2684a168cfafa1dfc5aca049ad00ae6b6d24d561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d0220237bf27ca4db716851fb10632ba

SHA1
1dc512d023d7c764e5844ea63e7cb3adf40b420b

SHA256
ea446294baea037460093d563d194bc5c7639ac5265701ca9f60a105087903d7

SHA512
0b5b7486d01f06a42d93b7a3ac4611b5c8db1f71ce718f77edc6ce5a544ca0de59a79a5a9119868ab1d4c1a46c799f2dd5aca232748d4567e1317842c15d051b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a79c2b61111b4b0db4e3489c63b48055

SHA1
8c88ac0e47347aa821feeaa9756a3057c3a2fb97

SHA256
4c49f64b07a68d23a4c76fe35e0dcc82693bc5d3012c74655568d4975e19ad7c

SHA512
dc17f9795aa4979bf14cc2c5a7396bcdd59f6d4331ff748367670f72e3a3de910cf1e5067d5eb75bfbd897c809a3dc2130195d93b2d9c8cf7c2cb242d2712097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6e73cf12420da3223d8464996f393b3d

SHA1
9100e3ff2073ad932625b43f840c649e22639974

SHA256
447916f745f1641b43d77b653730d6cef495d841f06d2c711675a33dfae2b7e9

SHA512
4303479fee12771b817c036adc158bafe4746c29dd8c61d7224d104e6e8a0a680cdaecec17403c900c73acd5c767962a084b07b0fe94fd026fcccb1d74682d28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3a80062d1df19c7d1dc2577ea3f03d1a

SHA1
d4fc036de679ac0b612dcffe5b447e0e6c910b07

SHA256
e3a9e642164f9c4827b6d9d487db52ac177938ba46f1817d9f5132460aae1ee5

SHA512
5a6b23e1e6a49aa66031192bd27a32890182c5ae7aac7b89aa3e461f2d43313c6bf09ba426a13434a35420d1c1f08e2c4264e2862c8745ffac4f59bcc105274f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
25d841286642592c8d1716d354220292

SHA1
9b5447930c918cb59e6f349b015ccab235e48e1e

SHA256
ec7609bbb0ac94dfeafc0748b27a040832614e325b7945c646ae18784690fdbb

SHA512
93f0b2b0366a5525507d45cd54a34fe49f7fdfbcfd8933d38e66f57bf25a03082b13ef64ffefeabc7398769f4b874c1709c8fe060e608bf86ece7a4fe104c1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0071b15c1beb03171c679f032e1549a5

SHA1
2c842c53bb58baa0bed2f849cd88c1088d3fef67

SHA256
75bc9bf85557d4803fa53797f0cb0b8d20a7f69750a0903d4183d3336a1e3471

SHA512
26f0a9ac2ced7ac7ea89bde5108cd81b050b62a32bc53ddf6d5e8cda885453fb29bed519f69c4fa5fbeacacf3f0da09149c25117ce8cce4667fad9429345bc82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c1bcb4bbedae74ddb794d6593ab30488

SHA1
5bf19be6299ea86a0edd59ca7e2a88b42996bf30

SHA256
1f3ffca6309901792b7191fca93373b63ab95400e10ef3f19be2383058705514

SHA512
58e1c51892eea0c1582fce7371daf3faf45b6dab567a9bf749aaf52d14b6bbd04c9ba5758781984e1e5c6b26474687637c767d37c46df02c09cb8ec4d51637ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
828fefb48a7fce26c73275bd2896f777

SHA1
a670b48fd6d1c78f656ac3d2c9a8e886091f98ff

SHA256
7449763e0d632c3e4ad723f1b0c5f8e5a37ba643bc656656b647b6815212bc87

SHA512
dee9bcedf641f4e93c27780c770ec5e5517ad2eb762c0df28c44aa7ab566966f6d838bddf14c58f02bd19c1c5e87a10795b31ea8e2231786178906581ddd1c4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\5d4a497d-cd16-463d-b9cd-1361cf171b15\index-dir\the-real-index

Filesize
3KB

MD5
865f28ee06e7461de8d9f276c85c589e

SHA1
172e1f4f998d1849b2c51c4338f0bc944da7ca87

SHA256
edd76d8e9fd74c8a112c9eb59bced39ffa08a6d2a74229a5d9f578656b8ad14a

SHA512
f7ece3e444d918e7dc9f0c0b1479bdcce11752d6087b664f88372e49044e8ad064fe5ec7255fec2f9750e3a06e5067f4e57e53e115650eb1143118eb1dcde0e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\5d4a497d-cd16-463d-b9cd-1361cf171b15\index-dir\the-real-index~RFe584ff0.TMP

Filesize
48B

MD5
9a6b0ee914ce7caec9479f2335d6a161

SHA1
55b31ee8c73b442d0531f65d18f66a0d6489c3c4

SHA256
eb135ccba5cc8436f000848e11bc08bff7b379416dbc7252984cabb9053b46b2

SHA512
9876d74bf2f0c53e63ee9f91bc2d0fec98270189a06999a171888c7754373ca76f6480715088327e886389561c79146e77b87d9e60e525331ea24360502d8207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\9aa38661-dda7-470d-a47a-1e2fff56eeea\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\index.txt

Filesize
337B

MD5
5e49cc16820b95043c4a3946bdf0456e

SHA1
6e8c96a8e13a8ff249e87d52c069ca6da13bdbdf

SHA256
2aa056ed949ca980c2a2c9a765b7d0348ba65300ec779d095aaac97f6bebb10a

SHA512
18a5a2e6a7c1aeedd0a8f9ee39f911e7f42f86d9879cc80a7e6ea56be33cfcd7dd90ed4c626c7a5779ecd7dc3490f3abe15bf83d9659157432317625c40d9d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\index.txt

Filesize
399B

MD5
5f9034f99dde67c14e47723186f6a197

SHA1
9c7e3005e2a68b8add6396fd1959d732cc4d5bf7

SHA256
682347dc31d52d4f5713e14c5a2d3894100dc7a8d60638fcd8eda27df07618bc

SHA512
f4b5ec9675abb983b240fe030ed357ca6a130002a78995e97da2b0f1a7520d131b4c8f77a6ed2028184878945152ee2e1ce897c587f8d69e1e9afd88bfa9efab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\index.txt

Filesize
154B

MD5
93d07d12c72433ae1163eeab46c6337e

SHA1
ceac46cf95e800fa244d7e55bba23018663fac37

SHA256
d2e688b8c4946caf40466c00951b5ee04d804e692c9c041288064936de68176b

SHA512
2bdd96147ea5c3b3853d50d237d1601a833afadab1c27f65c27ea3c3280f6fc5f8fc71a12853771e3e00373dc390ecf7ca247be9af57196c8b4d6f49e423e78b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\index.txt

Filesize
279B

MD5
bb1c89935dfa9b3f38d870fb4402ea61

SHA1
6e72380d26f18045ebba57ac66d3f666668ba8cb

SHA256
95c98e2a4298305ec494c75872c10008b123bd76160aaee7f57d64095eb9ca73

SHA512
a9c8463b2ec15cac088b3e70902d62eaf78fe23312a38bdd9e64764329cc97e1705318469c73a247cf4fa6f4d495723423fb502468b59220de4cd787d0bf9e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\index.txt

Filesize
217B

MD5
f23f7c5350b6e61938d5ab249aee8525

SHA1
7fd535e219bbfc6fd11a8bc38d156409e4af5a58

SHA256
7cd849b41d4e740122c605ca2237bc987b2c73d1cd8779782d61c4b58b25a936

SHA512
bb7e5520225ddd0c54a4d03e93aaa87bcc1f05a47fbdb0efe7eef347143aaffa3070682451ac7c0bda9529e47e0c22c14c35af6ce15b925866be46a921bc1f23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\397e5d81bdb71a423054f3b5524da80fc3c2e3bb\index.txt~RFe58501f.TMP

Filesize
158B

MD5
d72b87ac42f2e4691cae44f0af6890b2

SHA1
aab11903a16dd5fab668b2d3e378dfe46fe7666d

SHA256
d2893d5cd06461ad2500e7b3bdd5997880a668b4d0a92e56c601ea083a96098c

SHA512
7c3ab159e409ab1a1d8d2482dab5a356776d5d66646099fdbfc476b3583f9ae55c8a5f8b59689a034efdce23c0bfe60d41cb41e66525986f0012a47d31743555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
28b98d388165a4bb9f8e3e47dbf02af8

SHA1
5e41162cf4a01fe7add752c081f301d47992c5ff

SHA256
fa5e52741c20c26252a80bc6a5313f5550b4aa7db1dd72ab8ca60f6a41ee69ac

SHA512
70dc54da37371e79ced2d72bc8ffc1dffc2a82acdb576d7d90be0be924eae9e7f55216fcbed5bc1c66edbde1ef2b80928783b4b627d17ecaacd52fe55756a569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58213f.TMP

Filesize
48B

MD5
f1c98a8871a5f74d5adb1f400e51cee7

SHA1
72db050fb158a9bf5cc2129def8b8a164d119778

SHA256
34f769cb3e3ec0d4b61284772c229604d3a160dcf055d0e8625e0d688ca94853

SHA512
13aed8bc26a53e1230090b895c422f1c1373264655936bd351f8af3fca9b78a66e4ccac93da64ea302ed17f951e578f8b5bd1b6cc30bda2ee90be7b834ee23ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
8d215e76a2cd1c5b2a5b45a0ef5f9533

SHA1
e297c0e97b163811b7fdeb4a72ba6f060e447b3c

SHA256
20b813da844ec1a98b1f6971299f0cdb5c349c773e281e2b9a01e60b5a1fc58e

SHA512
33da653747239ea66c6d9bf3517b3da310808b81e573f62d1d18a2a988b8d0dc719095843750e8a2302d59fe84cec244b403d738d8060d5bff0f2ed3022283b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
653bb654743d30557901fa87b13ff040

SHA1
29b75488857306f3d28b4aca16dbe2a959308fa9

SHA256
2b25fcfbbb5e0782a3c898f1c994fd6f340de69b78e2b65d27e283b5f24b58d5

SHA512
c3320d9ee1cb62b920d6bdb5991fc64c38799e75ba2e00a857d4a0f7962dcc68d9dc118d749b52fc524e3288dbbd52fe74e73e3dc0b9eb05b7480b82b7095a97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
3bab509aef48b22283eb713f98399ae7

SHA1
2796fb72c23099d2e53c6f8043f0f64ee2714ae8

SHA256
e0d1fd0cf531fd4dee9c978df41e032ce1c8ac09d72334ba9336e8cf3b514745

SHA512
6ca63ff0743fca1610b9e2135581f3c94d502d9acf0a7c17b7d2075042062996f3c608271a6048deb751a9c1dc530731ad9f023bd15ef687354c11240af065a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e484.TMP

Filesize
97KB

MD5
e6abd2f81f6e13f12f2ca5f4b2463194

SHA1
64b53cb70128cec6adcb9c5fb1e4e629b0c53cfe

SHA256
5432ed94e5fc2aaf98a7e5a62147e11ec8f0690d60d306aeabbb22efe5c4d795

SHA512
fab32eaca3e25f1cec7b0a43eaa8112bb1171650aee5af0ee97ebed12d49128f213aedee7f085c8726c80c6bf98d0a742fdcd2593005a5d90fffcc25bd201c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bf009481892dd0d1c49db97428428ede

SHA1
aee4e7e213f6332c1629a701b42335eb1a035c66

SHA256
18236c88bc4fe576f82223cca595133aa3b4e5fd24ebac9fd515b70e6f403ab4

SHA512
d05515ff319b0b82030bc9d4a27f0432b613488f945d1dae8b8dfe73c64e651eb39f4141a5d2e157e2afb43dd1dd95b6611c1003ac4e2e80511e6c5cd7cfdf11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7c3ecf4b3c9309db9815d6e75b2c0e30

SHA1
2ffc9d0fd6b3f22200638ab2dc13f04228ab96d1

SHA256
be833c19ef392dea0d0d6a852254eb816e1c1060d657f1fce32ec38480ad396c

SHA512
89a523df3293a519b659ab85873361633a3063acbb29e48438dfb81e016fcafb31d63906ca6435086ac815cec1a01cd96d4c781342bcb290a664c4810a7f9909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c8e3deca803f832035bc19d61ed15215

SHA1
b6083af27648e029af08303b8c0883f93f4cb322

SHA256
f28354466ceae52f1dfb0049f7e502b12773cfd72802448d5a62c016c2c35a8f

SHA512
791fbbb39dfc17a46af40b6baf533ba15625206abfc092223690527d589c5fac7ede8a3ad087c81915d09c6485e45ca0c5da20b53358ddaaff98ef05788fc9f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fe5ac5cc-39be-4eb5-bfcf-432d3c77ec54.tmp

Filesize
24KB

MD5
b690c7643af8bf5f3a96b59e33522135

SHA1
204ca48a942ecba4d2f2ef844275c3f5905ed453

SHA256
4577c23a112c820b430e2b16d0283f4715b06f64164e1e5bf883034a7201c695

SHA512
f690f6f5cb19c2e7338feda4741c47b107e48e86db530829cff7e4a0737b813051d31625b1f3108bf8a2f496fad14767b6c255bc816a3e8a3bc43d4c2b63036d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
29bfacf0a75cceb2f6ab6a6140c5c997

SHA1
3313a311647d43c09ff89b58cd2ce817e408043d

SHA256
5baacfb5c3dc2ffc03af83d51fc81b34798be83d24177a39e40a0cfebbab2c5d

SHA512
85b47094fd076044471372d2cb69cb3e013cf3ae94182947a4352add7b156900bed7b10a0e30e7b7a73193f0c43dc117ca1941c1e3f55414a41caf6d35df983b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit