hxxp://4download[.]com

Analysis

max time kernel
324s
max time network
326s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
25/12/2023, 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://4download.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133480207321932347"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1725696949-2443092314-1471438111-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
3400	chrome.exe
3400	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe
Token: SeShutdownPrivilege	1500	chrome.exe
Token: SeCreatePagefilePrivilege	1500	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe
1500	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
696	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 4356	1500	chrome.exe	69
PID 1500 wrote to memory of 4356	1500	chrome.exe	69
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 4480	1500	chrome.exe	82
PID 1500 wrote to memory of 3244	1500	chrome.exe	81
PID 1500 wrote to memory of 3244	1500	chrome.exe	81
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78
PID 1500 wrote to memory of 3472	1500	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://4download.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff1b309758,0x7fff1b309768,0x7fff1b309778
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2136 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:2
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3652 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3764 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5460 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5680 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5932 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5640 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6064 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1556 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5996 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1032 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2300 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6364 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6192 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6176 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6228 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4652 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4724 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3992 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1604 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3888 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4596 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4480 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4744 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1816,i,2759562907773461037,5980134368915752688,131072 /prefetch:8
  2⤵
  PID:2532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4932

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
19KB

MD5
1fddf835f21c498f445ca8ca02d67a49

SHA1
364efa8caa3bc5b787968044109ebae5ed223b75

SHA256
37ded669b3f2252e1a40088234fe3e7404dc455a05d8cd38dca42bc88f519ccc

SHA512
8eaf1fdf6dfcd9efbf27b458cb96301930e1fdd53c7279d68100b2823ddfd317017ddffce1ddf86e1a6344cb0c0a2149976d42f43533420620a5d64c2158882d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5878da83f9fef51a8dcde8f0b773b283

SHA1
87a0f89617498fe479167f58d9a6a10178ec3787

SHA256
2283f95388e1d2447b25e080a078a664710f76f564d13cb4f52a85b50bd1aeca

SHA512
d109891d9930ea109744b964b4146097bc977e0cd7a4a875da9049b55721b6c203a08ec903ec183f4e9a190ab25fe68a0ec1e654eb3a5aba4314927bf4a70835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c1503bd9182c5743efcc3827e017af9c

SHA1
77d3786b60fb8b8024e63db344929aab07ba5fb4

SHA256
56b10f0effd05400b9198261205e1e07f77e428bc039ba0d56fc2508c110ec24

SHA512
09fcd1fca43938885164fc6cb721cf05ce53db7f19fc5789188834b7a839ef58f4226b2415d7fdd9da835d4209478e472d1d89a4847f8d457e6b17d3d3ea374b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
136a799fbe42d14437855a59ab5bc85d

SHA1
e0d3b9c6182b9e69adc3d21bd32064f8c27e7bdf

SHA256
703242b5a257c2f9cdff768b9d2f5050b02fdc7fe9a8caf12a620f8856a33182

SHA512
ec4ac6a1e66a29a1b5f21de085d4a28f44b5d9de6425a404684cee3e2c64242d2d52dae4fddc656516cb9a13d1dbeb0133eb06219f6f68d49389c00e5df5a091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2d563e405f7134049a47a4a966a2ae6f

SHA1
5284dfd97b47666a9d6557d9bcc5fb09dfc7b390

SHA256
a96e532a32ce3ba40131fe2be7875074509399239b46715f7c87744e62c458d8

SHA512
fa731e6d8fa96a7344ec0c352fa2679e38f122710cd7ad7738d6f8a30df9691ff9a09c705a741dcf79c9c5fce605a97b7e0983936c9f53308c68d3a211554803

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
354b9c61db34d8e01195e105e8db9e9a

SHA1
8f103f04ced87570533079a68ddfec671dc75f73

SHA256
93a791ec914a10c51e96883b55a0b939175459a73da67749ab8cd7196ff564ab

SHA512
fdcc5fc971c23a2d712a3558d19113d75586713e6eb360186d411ca2f6ed6d94e11468c4a41b3a94cb1d58f5bf01ca0b3f2e0db45df6a2b00ed6d90a8e143914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
aa36ae700fcab21f816f0548db52e6bb

SHA1
07b8d8975cf2822f1a0728058868479d1706eb4f

SHA256
6e3f19168e64917c509a081189d69761debe1e70da5e79d58bf0160b8b9f86ff

SHA512
a61a7eb5ac607316c753a567942786b297d3a14c5bd1686064b098ed159459ba610f611418314e9003f35898e09b60aaf23358f53de0a92c5b11ba22a42cb68a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
604ffc7759acd143ae09d4b9030819b2

SHA1
c97ce181992ed8ce7563f02c5c05fa3df7d259d4

SHA256
aa1ef7bf5c6b1175077350247ac51f27e03a576d92525bd74a3c71bf3754fd17

SHA512
10c7d584ce894cc2d5bf36582e12f984dea0bedfadd41b3dc7b5a415441747d6a901c03d8827dd89376785631b683651eb8fce44d41ea2058db3aa520c271815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
b699c29fdcae581ec5b656fb6b1b4c39

SHA1
ae0f3ade43b47404d32a5d5068e7b02d245f0844

SHA256
13e49def3426806ae2a952a4f7ddc38414a1a9c76d28792911f2a5cfc00141c2

SHA512
c9f61f2010ec39ef2a598cfb71f1b2e8372cb5e8781be755d8f13ad71e3ff2c3156789a98da0c6534270279369ce3d334e48b480ba13fd8dabdbb83e00ed20cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
712155be2069dd1cc652f787fef8f2d9

SHA1
28f93e2d7005913db9e9d4c4c90df372030b3c2c

SHA256
248e5c4d75df39cd41fd7e501126003a34cb2e3da3c31e58da9311857e7ee4ea

SHA512
035e30fc5041567ca50816b2c3c05845db1ec333cbe60e96d52b94f682ef54efd3257ee0bf1cd7df42a2edf44f82022fbc997812aaa53ae462db34c39f819183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
884ef8c6d7dd272ab5addbd01c1e467e

SHA1
739a11b65e7c4f75a519171abcea829347be805f

SHA256
251903711ef6cc8377b03500b7f9b930f3fa7dd922100d9cc40a707aa27e4981

SHA512
9628468efe6d2ec52ed3b2c33ed0f77222d06f9f9a0b7415135212013d1d9640724fea128cde0c7fc4788cfc67812e494bf3582ad87430ddcd810213b436ef27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b702c589255299a7b1ba9b38837458d0

SHA1
ee48313ca1a3fb5850aa8a24f4203164097b48f7

SHA256
df1f1d2118a1405d2047c86b60e459d8c0d4aaf903b1d1a72ac1e240848b0a80

SHA512
58865ae3dab2cee4d0dba6d7bdb8fd8ac417404d4e8a032508e61a4aa5fbff98b9194b3c9ff9fe175c2ca65c66321bd1de0df6fa388b2a0f07d8a13342f261df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7128714aed321dd98b55a3feefc9b8f5

SHA1
f8aff37387be6f4df2f675712b9600850b3356e5

SHA256
075df37f0a7a22877a7088af3ac26f7bb0933f747cd064fc8b92aed61e8d291b

SHA512
ce8f855d51f8c17fb18bb701cdce71bcf7546f4a62c9b57776310d92ad3e28167c1d2a6cf4a87776d614d6e8800a491e6293f6fb60fef4cdb18a7e3b42d5ccce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1a88aa825189b766ac9c905ef947e116

SHA1
f2137515eafab4c997d2e25e490f1d34c6cc1257

SHA256
19ac8005664d565e77e9460e25e52004532cde1ac9b09f93ab2507b6401be0c2

SHA512
29ce918dcf58a5c2082c9c33086be549031754d9510d0d00af6758160ee751610ab65015697d7596fb13bb68259a13d820572b55d39a81af5ec7d8f9f8c787c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a7bdbf26db8158e75dda3d28f6c84a20

SHA1
5622ed2a3050cb9ee0ead8e074aaa85dda7e80d2

SHA256
88c8e0162768d16be166ee7e6695a10e1043a245dccd86ad18c621d876351646

SHA512
2cac0f3572dcc617c2d7308729abfa898dcf7f0a18d1d8fc5d9ba06f2cd5f0fad0596f8159d6df59513dbe9a11703f890d4ad936668ba9447ca3d744d889d6db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ce208f73b4463b906c3b45f114114fde

SHA1
00b814debcbe4e9161edfa39dade2705e57a2d39

SHA256
4b0696f4587bd8080c5ced4c932e93194d835d36c3a88fa74327d262ac735045

SHA512
656d9e3487f08cd5de73d863a41198625e41c8958120723590847e357457206a0503bd32e64a52fec75e65aa3f7c6fea34440d7a9b31b2bb3f19f5b418de80b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a6cfd112e49991b31647dea6f0a857f7

SHA1
a467a8b1e32281a9c28e1d2a9fc419c89d5ad6f3

SHA256
e7e05bb190f923dd0844bd13a4223e97251c6bc1954aef54a381f60f6c5d1eb9

SHA512
9edc8e8d5aedb7b0d57476b8679a8d71ee3f473c4142a4e986d996f617e32f37bee39c6b23ad5c0a55d4326fd0e24a64c2158e80b7b3a8d2c35f0cf070d96090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
68fbf8b887d13241acd9d3edbc994c11

SHA1
617ee60336c0512b8e46af6dcada32e90b9d2fb9

SHA256
cdd80a31ec1758560c070dbd0348f9d63241b8066d75d1a1121a8b82705e8869

SHA512
8d5383c2ea2e5964fc01676c7d829a03df78dac88daf28d354e7943cacf7cf70696f27426908b1e6bf8000092a7f1cdb6e8d1b53a6a4ca0d364a06e0bf3c7ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74274e3a5c08de2d532c5fc8aee73d4e

SHA1
a82a5c049739e850be2a388c6323085782cbb72e

SHA256
17e28a5ade7d306675f692bf6f608fdd620c8550c580731890523d89de353280

SHA512
f5d395e4c6deba5463e4caba18e7d99be68423521ba3fc68ef5b17987e25c5227ed8fa12fb6362655c806ad3f7a4fedbd4c01729a205006b076212a17b55f0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b2746fa6d7afe7bca451ea55d6d8e354

SHA1
3432d716310ea8d488ac51922f6d5caa3698e726

SHA256
b782c8ecb623a06ae67f87673bc7f1b851c6f1d60e064e6a01e2f0de3f666341

SHA512
88036e72e577d7eb28352e90c2a3bc6ee8e5333fba29aa5a4c71fe3646e1732f7c4b93d3df016d5c8809837522619739c45057ef08a323b5d060f60e4abb3c36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
92703dda5179a83a4a88618f4961ddaf

SHA1
98e99f225f3d78f3b7e90e77f8294349429f3abe

SHA256
b9b89b2e594ff453bc0e23149be761afa09863c2470486dd936426f5d1301884

SHA512
c12acb9c8707fe3b932f9489293dd9ec8a0cc8f7cab756742da8b39e4ad65a198a2b5d52b3c6e6cb258987d16d30c623a5721ecba2a3cd5713e7b2b49f01cd6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
00822c8dd78b2073bcbf322ee481fc0b

SHA1
48212f28220155cbdf042427c5b2883d59a55cd0

SHA256
a444b6cdc39c642a6dfddf4b59024cd9e7e5ccc0077a3bde68a8c3abe146004a

SHA512
fd8c6315a7e1709d66bedd48a17ec1bd79ddeaf5a8c98f5eaa7d1514f4cab0ff86951e954217e9f1d61764a319274af054307d3da0739ee5573a6ccf3b46d83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
627c443f649e6b9b7b33d00f79769194

SHA1
b02efa5fd15e8b778fc20e1946bf9b4c47181272

SHA256
22d173c8f4d3d3189a3e563bdf7dda7ddde26542d2353e1973d1ef5f19cfe0fd

SHA512
adfef029c3d790f803ee754dc9c18be7fe8e0401881ffb239420de6f1227ac5c8bde70862e22dad5a615b30ad3da81790b120357f35a3db2d7270f88eeaddf33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
227c93a90d0b7f4349e3acf978bc05c4

SHA1
092693db4667ffe756915a4363511b47e164f8cc

SHA256
4f3e348b13fdae2db876cd37a83f0a65b9d16ba8b278839558ba3d28ef71a5d6

SHA512
d2bf216099d577be214f036a6055eaee8d475e367e8d4872425f60e530adf895ed65231e426575ac9183d7f5d18e1df74e4b208cf5e0dfe87e0ec40990c55a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
d894c4b08e491e6122ca5f241ef5169c

SHA1
1817afc89320eab1209ad298747b3e6bb7c22e3a

SHA256
01211f09a3187d19487bbeedf28bdb678ab9a9607514b15236f4824d1b766576

SHA512
55d6c9d5aeb6a146f9a2f5b8b7d363e1cb45617d36663be3839ac56a72a1cc151573834e3f0219d31b56835f6e00871d3e8fcd55a8a1c0cad4aead413d0dc9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
64bd49877b09ecf77386745db41afbe6

SHA1
ba4019d775b98262ca04232af310ed2d5ab3d2a9

SHA256
4ac8a82f0739d1ac0c867b41c9c739bfe41e31b73e37898f6cfad44c6b0b5e2a

SHA512
8899b969b591e1418f06ea6127496e327ebe297e4bff3efb913d0caae37dd204b6e1a69161884843550b13c6dea9ed6184e60e4aa5b04d374867a25fc9936a6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
ff6aee86b49f335649ac44bf8259d2c4

SHA1
bd1cf9d3383d5939785247b14575eabce330ac52

SHA256
449e4d21bd322760a4b93ad34f904f9ff2d5365ffdd948a03761b2a2f180081c

SHA512
af27f9445e9e63905b0d9b3f421ea68156e6a97e90c1b63b9d5f83c40e2719ad06f6a8c53438b4f25762a9a0e988bc590ea1c83fb656f3ccf399f318ea690ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587692.TMP

Filesize
93KB

MD5
43b3d1744d0b762d082a12573cf0580a

SHA1
faeac7ac6348023121f5b1ca471f393e46e108b0

SHA256
cbc9921810a5fde03f7af0e3cfe500da9adcb9815fafb4d73f60d99a3b4ea7a7

SHA512
fad0d5805c8a084dfcdd98e602cb277f201ab772ce8483187284f88166322e45e42303f452c9c531c8a972d82b8d5cf19aad8efcee4a66a7674e8588445c99d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
58096116e79340a5a502fde9000cf7c6

SHA1
8b0aff0d427ac063614dec344012b6a0153fe977

SHA256
d8109c024826ba31fc8911a7734e1eb6bc6604a59089704889605eac3092db9d

SHA512
733618dbaeba6a78b7d54f96fe2006356ed3703b8696d4d6965e5e96034999cb2cfd86666ef547630582c9aecea4b1d992293831b160509b1cd22410d5b3d0f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit