3de4b47aec26c8b775ec94ff06738ba5e8c27ae4f65bcb27c5ee60139895508e

Resubmissions

20/11/2023, 19:28

231120-x6z7xaaf8v 7

20/11/2023, 19:19

231120-x1jb7saf7t 7

Analysis

max time kernel
150s
max time network
163s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
20/11/2023, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

chrome.exe
Size

1.9MB
MD5

6382354e12b7f146342cd2bb544357a1
SHA1

fbc307c2041817e35bcac13e3becaca4bbca1c77
SHA256

bd3ec06befe61a965e15eef75cf52730905c559328a919e2d3076059ea8f3561
SHA512

bc883dcbb3f9f2b259c39197b7ecb5221c37f5fb173df6e60115df62c60af94cee551e746559ecb51dae5e4ab39b493947050640ed3d996d79f242f705fe4aea
SSDEEP

24576:CDZpRzNkFh1KSD03VqR+Td+dwIpt1LcirfHomK/5nlhtReYbxwibjzN93lbR:SkFHmk+Tspopl1eYbOibjL3

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Control Panel\International\Geo\Nation	chrome.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_534133266\us_tv_and_film.txt	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_534133266\manifest.fingerprint	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-pt.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-nl.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-ka.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-hy.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_534133266\_metadata\verified_contents.json	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-lt.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-tk.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_1640794032\manifest.json	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_1640794032\manifest.fingerprint	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-fr.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-en-gb.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-sk.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-es.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-bn.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-as.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_534133266\female_names.txt	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-und-ethi.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-sq.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-mul-ethi.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-de-ch-1901.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-af.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_534133266\male_names.txt	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-hr.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\_metadata\verified_contents.json	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_1640794032\sets.json	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_534133266\surnames.txt	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-pa.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_1640794032\LICENSE	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_534133266\ranked_dicts	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-kn.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-ga.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-de-1901.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-cs.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-bg.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\manifest.json	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_357148931\keys.json	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-uk.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-ru.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-nn.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-la.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-eu.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\manifest.fingerprint	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-el.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_1640794032\_metadata\verified_contents.json	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_534133266\manifest.json	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_357148931\_metadata\verified_contents.json	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-nb.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-hu.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-et.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-be.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_357148931\LICENSE	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-mn-cyrl.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-gu.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-de-1996.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-da.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-cy.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_357148931\manifest.json	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-te.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-ta.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-sv.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-hi.hyb	chrome.exe
File created	C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-cu.hyb	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133449822858594976"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1248	chrome.exe
1248	chrome.exe
516	chrome.exe
516	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe
Token: SeShutdownPrivilege	1248	chrome.exe
Token: SeCreatePagefilePrivilege	1248	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe
1248	chrome.exe

Suspicious use of WriteProcessMemory 45 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 1692	1248	chrome.exe	72
PID 1248 wrote to memory of 1692	1248	chrome.exe	72
PID 1248 wrote to memory of 1692	1248	chrome.exe	72
PID 1692 wrote to memory of 5088	1692	chrome.exe	73
PID 1692 wrote to memory of 5088	1692	chrome.exe	73
PID 1692 wrote to memory of 5088	1692	chrome.exe	73
PID 1248 wrote to memory of 3296	1248	chrome.exe	76
PID 1248 wrote to memory of 3296	1248	chrome.exe	76
PID 1248 wrote to memory of 3296	1248	chrome.exe	76
PID 1248 wrote to memory of 1224	1248	chrome.exe	75
PID 1248 wrote to memory of 1224	1248	chrome.exe	75
PID 1248 wrote to memory of 1224	1248	chrome.exe	75
PID 1248 wrote to memory of 1316	1248	chrome.exe	74
PID 1248 wrote to memory of 1316	1248	chrome.exe	74
PID 1248 wrote to memory of 1316	1248	chrome.exe	74
PID 1248 wrote to memory of 4952	1248	chrome.exe	78
PID 1248 wrote to memory of 4952	1248	chrome.exe	78
PID 1248 wrote to memory of 4952	1248	chrome.exe	78
PID 1248 wrote to memory of 4576	1248	chrome.exe	77
PID 1248 wrote to memory of 4576	1248	chrome.exe	77
PID 1248 wrote to memory of 4576	1248	chrome.exe	77
PID 1248 wrote to memory of 4588	1248	chrome.exe	80
PID 1248 wrote to memory of 4588	1248	chrome.exe	80
PID 1248 wrote to memory of 4588	1248	chrome.exe	80
PID 1248 wrote to memory of 4832	1248	chrome.exe	81
PID 1248 wrote to memory of 4832	1248	chrome.exe	81
PID 1248 wrote to memory of 4832	1248	chrome.exe	81
PID 1248 wrote to memory of 5084	1248	chrome.exe	85
PID 1248 wrote to memory of 5084	1248	chrome.exe	85
PID 1248 wrote to memory of 5084	1248	chrome.exe	85
PID 1248 wrote to memory of 2076	1248	chrome.exe	86
PID 1248 wrote to memory of 2076	1248	chrome.exe	86
PID 1248 wrote to memory of 2076	1248	chrome.exe	86
PID 1248 wrote to memory of 1916	1248	chrome.exe	87
PID 1248 wrote to memory of 1916	1248	chrome.exe	87
PID 1248 wrote to memory of 1916	1248	chrome.exe	87
PID 1248 wrote to memory of 4456	1248	chrome.exe	88
PID 1248 wrote to memory of 4456	1248	chrome.exe	88
PID 1248 wrote to memory of 4456	1248	chrome.exe	88
PID 1248 wrote to memory of 516	1248	chrome.exe	89
PID 1248 wrote to memory of 516	1248	chrome.exe	89
PID 1248 wrote to memory of 516	1248	chrome.exe	89
PID 1248 wrote to memory of 3056	1248	chrome.exe	90
PID 1248 wrote to memory of 3056	1248	chrome.exe	90
PID 1248 wrote to memory of 3056	1248	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\chrome.exe
C:\Users\Admin\AppData\Local\Temp\chrome.exe -homepage about:blank
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  C:\Users\Admin\AppData\Local\Temp\chrome.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Chromium --annotation=ver=115.0.5790.136-devel --initial-client-data=0x214,0x218,0x21c,0x1f0,0x220,0x74670978,0x74670988,0x74670994,\\.\pipe\crashpad_1248_IIITTNYXRNJOCUTH
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1692
- - C:\Users\Admin\AppData\Local\Temp\chrome.exe
    C:\Users\Admin\AppData\Local\Temp\chrome.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Chromium --annotation=ver=115.0.5790.136-devel --initial-client-data=0x148,0x14c,0x150,0x124,0x154,0xb783c0,0xb783d0,0xb783dc,\\.\pipe\crashpad_1692_HFVCOAUSIXNFTUGV
    3⤵
    PID:5088
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1820 --field-trial-handle=1664,i,4484294885212348693,12937352767917464137,262144 --disable-features=ChromeLabs /prefetch:8
  2⤵
  PID:1316
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1580 --field-trial-handle=1664,i,4484294885212348693,12937352767917464137,262144 --disable-features=ChromeLabs /prefetch:8
  2⤵
  PID:1224
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1660 --field-trial-handle=1664,i,4484294885212348693,12937352767917464137,262144 --disable-features=ChromeLabs /prefetch:2
  2⤵
  PID:3296
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\chrome.exe" --type=renderer --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2344 --field-trial-handle=1664,i,4484294885212348693,12937352767917464137,262144 --disable-features=ChromeLabs /prefetch:1
  2⤵
  - Checks computer location settings
  PID:4576
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\chrome.exe" --type=renderer --first-renderer-process --file-url-path-alias="/gen=C:\Users\Admin\AppData\Local\Temp\gen" --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2340 --field-trial-handle=1664,i,4484294885212348693,12937352767917464137,262144 --disable-features=ChromeLabs /prefetch:1
  2⤵
  - Checks computer location settings
  PID:4952
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 --field-trial-handle=1664,i,4484294885212348693,12937352767917464137,262144 --disable-features=ChromeLabs /prefetch:8
  2⤵
  PID:4588
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3956 --field-trial-handle=1664,i,4484294885212348693,12937352767917464137,262144 --disable-features=ChromeLabs /prefetch:8
  2⤵
  PID:4832
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3808 --field-trial-handle=1664,i,4484294885212348693,12937352767917464137,262144 --disable-features=ChromeLabs /prefetch:8
  2⤵
  PID:5084
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4016 --field-trial-handle=1664,i,4484294885212348693,12937352767917464137,262144 --disable-features=ChromeLabs /prefetch:8
  2⤵
  PID:2076
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4064 --field-trial-handle=1664,i,4484294885212348693,12937352767917464137,262144 --disable-features=ChromeLabs /prefetch:8
  2⤵
  PID:1916
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4060 --field-trial-handle=1664,i,4484294885212348693,12937352767917464137,262144 --disable-features=ChromeLabs /prefetch:8
  2⤵
  PID:4456
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4660 --gpu-device-id=4369 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4124 --field-trial-handle=1664,i,4484294885212348693,12937352767917464137,262144 --disable-features=ChromeLabs /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:516
- C:\Users\Admin\AppData\Local\Temp\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3924 --field-trial-handle=1664,i,4484294885212348693,12937352767917464137,262144 --disable-features=ChromeLabs /prefetch:8
  2⤵
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_357148931\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_357148931\manifest.json

Filesize
78B

MD5
443a81033b27a223c24cf48e4d9aae1d

SHA1
9ed8e922d5df302fd3d603e56e4376277fe999ec

SHA256
065ff5566111fe5be882fba23a9c019c0fe093e137f5b65b4a192517f6372824

SHA512
6428762f32ca76d822c3c84fae2f11b9f2eecdca43bfd50dac4ac1cc39fb58a8936695393ff48360477eb03b8bff8d5bd8ea1697257b07ed687a7aea062c84b8

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_534133266\english_wikipedia.txt

Filesize
270KB

MD5
5713cf8a57fe61cb28fc99a88323cbde

SHA1
688a076a14c9f659b21a22ca74eb6106afab0c04

SHA256
b29af10c62218f948eb299e0c68b176ab1c5ecdfe9813bd957bf2c434e90813e

SHA512
28bb4b59cb035160f44cdd19f6e40d94bb11a28680d430c359d086cf1b29de773a42a5d3078b862a8b4bc27d184f809c5c03241ab5aa7cbaa3b794bc353ed57e

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_534133266\manifest.json

Filesize
69B

MD5
fb195043cfc35ce711b45934e387267b

SHA1
6f1aaafee57a3da2687e9fc8defe2dbc7cba0e07

SHA256
aeb364b60303212808fac02eb490ee5b054ae843ce084376e5981ef8767e5198

SHA512
bd7fee1d6f8e51137c849d76ff53f3b501d60ddce83cce18f3a217703d3d8b1a1cc7696b656c666d4f6de62a17ea2407c857137d12e0b6ac7bcdde4b3c8ff86b

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files (x86)\chrome_PuffinComponentUnpacker_BeginUnzipping1248_72670006\manifest.json

Filesize
82B

MD5
b953f81570a4f1cd9709a3bd04c33a3f

SHA1
0e3dbaad1bb4c97bafc013751519654c8f798c20

SHA256
dd7300c96b06026b300ed42edadbd74f5ccb73049e2c0b87cf8e4ff6aa2b4fcc

SHA512
c7f901fca9eec5c8d81b1e7a38f46a71c9e3d0e36b824386d41cb82df5d8ae90953f84aeb488ab6642ed9c6875d2b8ae04e4e69e1406436bfb5b0fe619ece31e

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
4KB

MD5
c3eb3771c50f33ef7f66582a35a14315

SHA1
6de40f3d3e2e0ea4e08e135e5d22d4e42569af3d

SHA256
aa142a6611c13928547844adc3bc4f2cb553587a7f8f3109fbae6d0aa76c57a0

SHA512
8f547c7414d623a7e468045d9af138e01c5c3c3d9ae061a336f276113ef3ddb22fa8d9e5d549264f316aefb20b8049a58662fcb01af4d6f55175d197713d66c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
4KB

MD5
bcd28c73818ea04c8eab1bd2b4e4abdb

SHA1
da47cad2ba391868adddb26dc6b4b887b1394d96

SHA256
3bad83cd3dbc748d7694a1b5da5b2d0a3a1d3e81aa2ef7785dae05eccffd100b

SHA512
ab14213c5cf4a15f04c2cd097cabf1cfd6ed74b051bc8b5ff3bf42198c7daf300025b40debbc8056159b413d5406941386f2b7e35c4bfe3efadac4d7bb455c48

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
4KB

MD5
25fd693d390558195d2a77d7582be1bd

SHA1
542ce0fe7c5b9bd1fde3019d6217157c0256f156

SHA256
180d5a24cd80096c011d15e31baa103d87913081936c75711810ab3a03c53ad8

SHA512
87a1d2e86c9a461a2137d6a9473f98e67ce59c58a5937fb6f5418049e2bf4deee2ab2794fd4c005305fdb522a2740d1ae99f896ceb501be5428c912f67fb3794

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
5KB

MD5
b93d4e4e9fde4ec2d97a2d0b0ca3e567

SHA1
6e073d01385188e79e224ba5fb441cff44303603

SHA256
b655216db7dc3f0bd7dbf43aa0e77fafd7eb2a77320e193f4ebbae0717c2f30b

SHA512
fdc3152e6a81d5c76e1d6a3d141d5cdf020c00fa3d65ba95d205401182f1ed27b403bbf80f42abc9daf69de496e8e419da65d24441ad576093e166b2568a9e08

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
5KB

MD5
247278619bb3054702d416e811061d8e

SHA1
e66c15cd261a947cc4d5708c0eee0a4d601efd32

SHA256
62ccdf3c0ebe565c968a49880cabc12be654cb24940577df43c5f425a0bd1c5c

SHA512
1059d8c059a477839d75c37c859c284daae16e0760bf1e74a280b3117f3094675b8057ed6f3e1e44971e4136f64e9585062b2743d6f32136cc8a86525d2dae7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
4KB

MD5
8676214e11cbd7d6d51cd54d84d1c0e4

SHA1
0c897d30b1f22c37d97ff5c57db447d04ccbf6c2

SHA256
3993165ae6553aadb3ac60a6dd3ab7736495f3094eff37e5cda58428ced77553

SHA512
7eb279698b6cd9ba438f4d148040c99674f664f646f11a314174dbfc133ff3aba62584c96bb8e9dacd781b35752b6d253d885620c79e4830dfe74688c6336c10

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
5KB

MD5
247278619bb3054702d416e811061d8e

SHA1
e66c15cd261a947cc4d5708c0eee0a4d601efd32

SHA256
62ccdf3c0ebe565c968a49880cabc12be654cb24940577df43c5f425a0bd1c5c

SHA512
1059d8c059a477839d75c37c859c284daae16e0760bf1e74a280b3117f3094675b8057ed6f3e1e44971e4136f64e9585062b2743d6f32136cc8a86525d2dae7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
4KB

MD5
8676214e11cbd7d6d51cd54d84d1c0e4

SHA1
0c897d30b1f22c37d97ff5c57db447d04ccbf6c2

SHA256
3993165ae6553aadb3ac60a6dd3ab7736495f3094eff37e5cda58428ced77553

SHA512
7eb279698b6cd9ba438f4d148040c99674f664f646f11a314174dbfc133ff3aba62584c96bb8e9dacd781b35752b6d253d885620c79e4830dfe74688c6336c10

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
4KB

MD5
6074cd78fd07a22ac16a5b9b08fcc49f

SHA1
d3700c230ac892d47a5f61d88cae9b3ddb02f105

SHA256
dbedabc52db4ba5c5a1399b4a004e100094afddd60ac9efdd682989befaa86cd

SHA512
7f9a4df4e02a54ac085a49c420505024e66a59b018755f9ed3e18b89f379c7c1d04c0e125abe9b68ebfcdc2d4092a1b36dc6287db2c3ce5e5ccdf82b1405eeae

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
5KB

MD5
ca5c79432dc3991b615115aceafa6abe

SHA1
b612a19ad9dc97fd24d0463666a068553d469a4b

SHA256
2ea6a3b97a879d3126d39213c6f2eb920796e91e4c202cbe04cc07b2c849d356

SHA512
213b95f2e229080e23d4ef1d1b5ea37598ef79b547dfe3e1283a7a9e2d1a13d63ec0810d5c23d53eecba525472700b9d3750c14edd6bd868dd57ad81a7e2f48c

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
5KB

MD5
1542cf8c8a7dc19afd9bb97a03f20eba

SHA1
c90a6306e98e5ab7d05f1b178491b22c24b5c755

SHA256
dbd149b285608d1b4587ca677d4e7b5bf5b9b5efa4abdec463c656ae19916984

SHA512
a6334768b90228fa8b61d1bdfa6b4138ecb310028820cb0577b667adf8bc94b236e1e65b40f2aa008e6ac5127a93775ecab05bd479220c1b1df7549236d7211b

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
5KB

MD5
06eefd255b0b2205b56022612144c04a

SHA1
1567c2d2d7a804535c1a21271574a545c0bbd6e8

SHA256
c201f21dc4cab2d26e2cf619f990be3a3dcbfab46b96babe3e2ffb642e60b7f5

SHA512
56b7b145838ee84ce74f459905acc8973271b961732ea01cf59e54f98d560de50e1aa3251b07b152fe7a78f68025605b8be1120bc90f87261fb83d90459e3023

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
4KB

MD5
96ced6a72412537a0a01d90747822c50

SHA1
edd3ff618006e19a4b699274167e3803b1d64dd2

SHA256
2aa0c6f17ed4eeb78f4189a687e775a500ef3335ca918d8e0b9e4cd8e647bd64

SHA512
f641e8478bc60b3b1fd5ef9733913a00bede2fe686f62cd9c7821c6c598fa8eca3cdebbc9046865b5587773e34d825a1488ce1f782489b324560303f4bd7e0c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\debug.log

Filesize
4KB

MD5
96ced6a72412537a0a01d90747822c50

SHA1
edd3ff618006e19a4b699274167e3803b1d64dd2

SHA256
2aa0c6f17ed4eeb78f4189a687e775a500ef3335ca918d8e0b9e4cd8e647bd64

SHA512
f641e8478bc60b3b1fd5ef9733913a00bede2fe686f62cd9c7821c6c598fa8eca3cdebbc9046865b5587773e34d825a1488ce1f782489b324560303f4bd7e0c6

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Default\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Default\Network\Network Persistent State

Filesize
846B

MD5
9f353766d1a734defdc4d3686b09557d

SHA1
0e473e88cf954178f6f7c0b6b5ac61ad5e5f6548

SHA256
6b68d4eac8e5bb8bd800f004e9bc889ef35801b196580631b0404195865ca4ee

SHA512
d673b6bbc8f5a78c834d630693eafcc584ee60c70d7b8af6961f14ad440e19655cf7f3bac978294ec34a28d4dafb82adabd0cb7f449529e46df4e7607afc9c73

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Default\Network\Network Persistent State~RFe59290a.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Default\Network\TransportSecurity

Filesize
355B

MD5
b3de15330726def0ae55d0bcbf9f8ed8

SHA1
e65c244a1ee6ad0daf70b61f46e5bd6b65d9d33c

SHA256
ab29fee697d0466d7023e392245e29269115ac196409b54c7f9e5feb1bbe5f61

SHA512
039b65e6881a544e7dde919270b3bf5e7921e51c6050ae67eaf7c92b61648970e1bf32e1755776debfc698f723548078d62ccf6f1777002049e35cf170db360f

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Default\Network\TransportSecurity~RFe593483.TMP

Filesize
355B

MD5
85f4f94000f9fcc603423cf42f5c69af

SHA1
4cc993a3b05292ca5d271e7122a4cc0a47e69d0d

SHA256
bc1fef80770bed447b4d4b5a1d35e703d50f6a7dbc3902f18dcdc15dae608d89

SHA512
6e7f4de17c298188eafcbbf7544aa1f6d42d519c7214f09f937d1da0d7e4df78e049a516049cd2f567322e5e8f88646e5ef5647a073b792f27733f5cdb4690b4

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Default\Preferences

Filesize
4KB

MD5
71210d7011e00a213993195595a331f6

SHA1
94ad652298b79a1b5ee6366be53d152978ffa0a9

SHA256
d56677ec25beb687c6db5be424d146eb781735c2a09e8436c71b8692f4c85dfc

SHA512
2bf89e584eec8736141c6ee8f04e8b2f43e266ff35330af52e086cb80c361b5f49270e8bcdbda3b1c960a54af838abc9406e8e00c45ad4f86a9fe6ea31e28988

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Default\Preferences~RFe58ab8d.TMP

Filesize
4KB

MD5
57b8e7814e17c128c420c6a7852c1595

SHA1
c911f30bd06d9e5bcd64030f5d0f3d482068bf0f

SHA256
cbc7ed969a8bcb4af9c786bb052fba379415a3dbf1eb33837be63237a8bdae49

SHA512
2cc4cb6fe6420c085179d07056389704b2bd13054616638dfc0064c6019353b84f61d35ba55cf9d6828864988cfb9201f0a3a397e3c8b4e1935c6d4940f89300

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Default\df5a6f3a-5af4-48a1-acaf-37b7a55fa085.tmp

Filesize
188KB

MD5
cb75c98c598cbc937022e4748ebaac7f

SHA1
30d3ad73fcf15bd58df7ef813328e14bab2f1cdc

SHA256
6459d76d16cf505486bcecdfcc3c995eca28d903635114b4a868a6b2f61ae8ed

SHA512
5f8148ba81076e609710e78e9092553913cf21039fb97d8ebbbf5f87f3e11a1c1acd0bf558008e820b07006b68730f73058c54395169ea222ec2231c299da06f

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Local State

Filesize
2KB

MD5
00ffba1a7676bf421d0f2f1291efd23b

SHA1
3dd90c6d0d4c832e9cab265933af116045c0f2a0

SHA256
a4e80044a6de97bbb73a96c22a1175779c8891c5f1ac784bc79d44568614a368

SHA512
479547fa668cdaf713e82adb2c24851b626011d2baaf8d4d19753cc1328132c7d7d10e0330d6034e5dd80d1f6cc6ab89ab91f535afc4ae3b6f90a28ca387e995

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Local State

Filesize
5KB

MD5
e0461367ecac32e9125030457065edbb

SHA1
82996fa1343ea40cddde5e876512add48b7dfa4a

SHA256
175cf201010fb229e619907bf265f0994319a8c922e36ca2a57b2845dc98e191

SHA512
67c5db0574cd139d1a53a860e08d77fac4994232ede6a525b8da4d8b80f7e4bbd5d1186ed8bdb684a196567c9d44c1d61aa2759108fc05be1e9a2a606ec70af6

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Local State

Filesize
4KB

MD5
37d3514599dedaf4d8a467d6e911e3fc

SHA1
b81017bfba2e44d70f57958f78b4afa49d5981e3

SHA256
0e3797e4e64b5880815e0f1c7e9b39c0c5013c2fea8c33bf41ac6c56d7e96d37

SHA512
65b6de58319b9a6a7b544dbbde2155497e76100bc03a31920fb7fdc7e7a2df06536bff19bfaab0d83a8029db87a8013348b954a5a56d6e7f0ec7c1d2aaef936b

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Local State~RFe583582.TMP

Filesize
886B

MD5
b7f450490a66d23b2327eb124a9a287e

SHA1
8370f920d3d362eb39f87f03655fc4088fc03f9b

SHA256
35e595a30a6a174aba0a46acb702c0e0e2eb9184155eb2f2daddd32bd2b0c89d

SHA512
562be74ddc7304fc844e8bef7ed64a71eed7078476ecf45a51586f1067aef1eb4c975c01149285875988ff8e6be13b11cfb490314e1452e3eb54a6c7c6206208

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Module Info Cache

Filesize
82KB

MD5
393e0740a181807e6d67458dccec82c4

SHA1
459094599141953a0ca11655449adbf6422e8378

SHA256
1c347f7a94cc493f9c761b4f2c327b703fdacb830a72ebfb76a11495edf60055

SHA512
8dd53d2c9e28d04922df5c5772c766d1b3f89d36fdf6ced227f7d637c89d3f900a5e59fe1c6bbda41dfbc75179e1846cb94c61375c27cdc48a7cd5e4f0eb9763

Download Submit
C:\Users\Admin\AppData\Local\Unicorn\ChromiumXP\User Data\Module Info Cache~RFe592f73.TMP

Filesize
81KB

MD5
a3c432783c2bfb659d7ee52fa2a6387a

SHA1
c02d97c7502aa45f93253aed257ee287c18d96c3

SHA256
f01cd91650c07f8c5855d8c6a8bb1fe35694c11bc7cc81b199e7abf1551bb508

SHA512
a782d0abbddb5da5e9ceb068fb72eba627ff312e64021a1295df316f127c92a0068039ad29c6e1d0864f084c7c9efaa85d8ac601426dcf84e66153c943a52bb5

Download Submit