6b96042a3347c8740e4a4bcc22cb7d9da81d0d6a69cc2ac07d278fd0bd0c5aa5

Resubmissions

31-12-2023 15:22

231231-ssc31abbh3 1

Analysis

max time kernel
210s
max time network
251s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

___ Factura Electronica - Impresion ___grados-13_page-0001 (2) (1).pdf
Size

94KB
MD5

041c7fecd0dcd9b3d2c6a2dd94af6ece
SHA1

96276853465e62fdeb70d6db063d0e20c6e3aa92
SHA256

6b96042a3347c8740e4a4bcc22cb7d9da81d0d6a69cc2ac07d278fd0bd0c5aa5
SHA512

c1afe0f965bea3b4ec56a60b94cbd99c0a61bd0e78b816d3fbffb04d814366281882af15a47c6779a7e4a6ae0746debc161c07140914cc7aaa4e608f097f5e20
SSDEEP

1536:cMmTob0qAS0NDIklSw3FR+eBUcec1D82nxUPnA6b9NnJm62IQRb70MPrkIDjsO:5mTob6hNDtS+HaTYnxM9NnJDsBXPrJsO

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133485098059541646"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1232405761-1209240240-3206092754-1000\{696390B8-1F76-48B1-9949-6AF4354C3168}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
5516	chrome.exe
5516	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe
Token: SeShutdownPrivilege	948	chrome.exe
Token: SeCreatePagefilePrivilege	948	chrome.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
4180	AcroRd32.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe
948	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4180	AcroRd32.exe
4180	AcroRd32.exe
4180	AcroRd32.exe
4180	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 3308	4180	AcroRd32.exe	93
PID 4180 wrote to memory of 3308	4180	AcroRd32.exe	93
PID 4180 wrote to memory of 3308	4180	AcroRd32.exe	93
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 4724	3308	RdrCEF.exe	94
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95
PID 3308 wrote to memory of 1412	3308	RdrCEF.exe	95

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\___ Factura Electronica - Impresion ___grados-13_page-0001 (2) (1).pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3308
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F8C20DACAA2D662774BF5E6575CA6E32 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4724
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FBC23FAA9F77EE98043ED7210C60271D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FBC23FAA9F77EE98043ED7210C60271D --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1412
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4746A573930100CDA3B0D0A5F29AC4E2 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f5069758,0x7ff8f5069768,0x7ff8f5069778
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=556 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:2
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4188 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4956 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4952 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5252 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:5244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5436 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5196 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5432 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2828 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4828 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3968 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4044 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2376 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5912 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7160 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1684 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3284 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2860 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=3216 --field-trial-handle=1880,i,15215104243106811550,5937892818978749295,131072 /prefetch:1
  2⤵
  PID:5304

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:984

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x154 0x418
1⤵
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000038

Filesize
32KB

MD5
afe7d86fa536415872c1adb7bf952ed6

SHA1
9d642665fb2ea376e5f8d600e6962849107596c7

SHA256
32c9a40fddb6082fffdd710b1d54228c7ea745083a3a024c2da3ce08dfeb6569

SHA512
1d35776905e9911ab74a9193ab96061f960bbe9d8c388d3b980ae68e02d83e87ef755f4b21fafb77c2146fb5dfb68bec811cc65f138e7784676e6199bcda9685

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
19KB

MD5
d80df32cd000c17dbcb68725741eee61

SHA1
56a00a60c67096e606cfd89e578734bd0d37b686

SHA256
a1592dac23f16d72e5eab89ec2365692e268ff0d918b3d38cc105d860d57e071

SHA512
cc7db013b0dbb1ec570d0aa54b66d8a77db25578d27fa09ec75986b12ee36d32eebde29a40532c5482d74bfb6c0a754b0c913fea7a884b2d58a76a7047c6dd30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ea013615a20577a9972da125640643ef

SHA1
aa2620f8a2091100de6ff1b1ccebccb39fbdd89b

SHA256
9a80b972a58a488f2f1a852586902bbb772132e14f6be43dd6b01a4dc4eb4bd7

SHA512
b6befc2142e2347745f1c94863d03054835a5aba9f24ed94a0ca73c545053921994a7c2eee24c7dc588ba0a6246eeb0cd165f3f28dcbb239214023677b87310a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4cc8376edeb544891b236b96487e226a

SHA1
4368152bb73354daecddf80e0f3503a168c2df7b

SHA256
372dec826727698d950f4bb28bccf11918ad541c1aaa18d0354209be46814bda

SHA512
ac152fa1a7a195df7a99a5c3c4ecb10497d414afd021db3dd58785e7e4c207c7c15c2136eae34b8cd1005608cef49cf65a9e79953ab5d8c3d11e2e76e0d8c200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a6b2c0b67d7d86bee784afc0813df55d

SHA1
e84e9a3f75105034ba0e41e4d16cd34b2356f07e

SHA256
d5cdeb69b31fd65e7d66f9f6f8ad561907308196b30f99c88ee3cc0d43ba4c31

SHA512
4d1e4d6b9227b99aeab39ac5d533eb9c7b5836f4c2b2745fdbda71ee9366e31ddba9624807168d459c09c007d875688a4e888f5148957e4856861530b5c52c89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_best-betting-apps.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
814e2f32ea452badff6e36e28245390d

SHA1
35a9f32faf4e3e2fb8b365509d82f52312cfd475

SHA256
35677e771d24b73c45c2bb784476bf0a3a5a27d35071524b49a3cf3c5306524c

SHA512
3c892ac8d4409c57642ec123b0773cdcad9d647821eb5f409a7c68a334d92481e86f83f5dce47394b38b2764836312b232e16919bf69d31544bdfd76794d7023

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
7fdd46a2f96a6ed9436207a4823ee2e5

SHA1
73148ea826625ed03de97b2323de46dad414b014

SHA256
7fe94e454fd06ce21d7d7c12a60d88d790bfa905ea98ad6854a18a8a94ebcda1

SHA512
a3eea55ad39efa105458ed7f9a8cbea81f85d32ad68f9b2e86d2c1d72d47b24ae311f23a5c5842e035e425cbc2457ac7edeea1b6a9511727272a3cf8e334b7cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
54c2c9915ca3ac030751ca903c2557f1

SHA1
8f5abab2b8fa3453f8dc2e903cf700c24d4e8a30

SHA256
b876c41827a7f7be687c2d4986b36510c93c462229aca4f0b156fbe474ed2d32

SHA512
44916e0a15493e8676bb8473937b805bb020fc2e0f2532a1b95be4dec140836cd38aab3fcab215a65e9c74e077943c7c57c7fda7dd55297268abe3fe714f8af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
01257b01c18c27261019db7ce727c8f4

SHA1
845d4e0cde89decf4a866c3e5443fcf7f7580462

SHA256
d07815d0e223d9dcb940c7ad78fcbfd27f96f0da0312a8b8ff704d5de94fe074

SHA512
900fcfaf3c0dce1eb62f2100c99bc3f235080a9396034e1b64bdaf8c9353b76954c32e281ad6504ea846d9c39e6d1864be71ffb0f2b213a5494db93a169e8830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
3c7eb02c1fb69b7212508c669c7a0a2b

SHA1
53de06e46ac611a3bdb6dd037f1be5781cea24a6

SHA256
f38a21c732062b85e1a070be240c4840d3cc9053678db5509206c201a87a7049

SHA512
b8e7847c1ecdf8a0ff25959b8a5e85e1f6a5183a6322ff8ec1c01a440a5c03ae3f76073f4d9919f1678ddc37fe13c4040526e26636759b338e91a1b3d3029112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dc495c1bd58bb4c7d35b5dac527fd68e

SHA1
5d4cfe123f2786cbcd2ac36133d6478bf39c9fe6

SHA256
654f43dca54bfe90f15e51f93239e29ec33257c77c40abf92ac62464cd07b8f7

SHA512
53b2f6eb63a5db553df0b2ee904116a0ea1cd046bb3162c7076665ce09aac08875858eaa9dc66a903641ba6a5f1749d419c93deedddb2046e9c035e69fbb9a3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
234e421e4755d94162517f49c8dbf969

SHA1
40be288bebae6e65f95dc04925cbfc4d08100f13

SHA256
0abdec0a4d73367d7dbf27cefcb9cf02f37d61f08c98480bd23d757ffafa577d

SHA512
6f719cf034dca2625c6dcbb28e903ecf6c85745ad23e6e303cfb2edb28a81d141d85a6b11919e9598b7d1631177f4d0529494f1cae4d352453f37e45de4d25f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2a25a181c2e3259579f31410a2494094

SHA1
3af12b36653df278ff72d09e400d2e10b029b0d2

SHA256
1fe9f9f280bcc743c10dc0c7d20f21e181acb7040f41714982fad9eb482420a0

SHA512
ac02080a17460f57efe74db675aebf8836c513556c961ff9bf9318e08db46edaf6f083f97ad856dc5c3cabbd18d23812520f08b73deb24fb3f7ba63c70c5e442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
df65f72ffa8557b90dbb68003130aa07

SHA1
02a278701ed6a8010a46734ed2e9da4eff3cc646

SHA256
a2af8a8dc625474ab5d231d3c0533b6b53e85b953c8b5f71537c80da71fd2b93

SHA512
3241d57fdb83edace59c5ead6f21183c1fe4e9b50cd21782a89c3be18d565d6bd014c8ff0ca9d42f81e984784f08a33d4638e49e42994021213823607bce417f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
42059e3d59c60fea4c2af9a002a3a327

SHA1
859cd53be1c4037101dee2287dff44e0902a7797

SHA256
76d636cac03d5f1235d782d8644a362495df803eec74a1372b1b3af89a6ac33a

SHA512
a2abe6d45b0096de9367c322b3c29425ff99e4022be8858ecf109a71d280dc9d18bb90876b5fdb34ab05da69e4f7f6d5ca28369ceed63e35a16a638df4b180b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1adaf50a4f024211b24a7270907cc4ec

SHA1
97b3cc78532fd771ce90fb5721bb6680ac6e228a

SHA256
015951dbd6c2ea80f815cd279f3c9f80bd2f7d4ea7e0149e37d72a39e28434d6

SHA512
faf5acd0fb41bee31f7f9fd0243d463d0a87f172233e445c71c22903b4d0d258f5268a5b04c7831d3828ff67ec19e175755b566c55575cc76899c39037fef334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3717315b2f37d4218a1703fb7f67dbd9

SHA1
403775ccfdfd01a9f3c387a2e0b8680fef41452c

SHA256
f97ce348074e54a8411c17c27e2b798a2809da912de5d2913bfd6c72c1299095

SHA512
76574974f1268c90b9ac250f02aa11b90428924dbe1769653c7ae9fb29d5d24cdf376e078a2c12229edd4662add33fa365b24f54d8686ee0eab98cfc99af01d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cbcded6d1298640ffe2dbd4e6420a817

SHA1
c5f654ef905b14e27549bb3bef28ca872ab82555

SHA256
b0cff4448e3b0f16a6be3b31d18295a8521e8bf97ab55baf69dd509eb93227b4

SHA512
59961ca110525e5350b49fc988f0efd1af45bc269e9f7ebd413dde0edf87c60b3acd8932bc8da12d05113c1da0d86b7d8f9259772088859f075467e99c6ce5d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
ea218b42e18ea9874a94d95d5e96f79d

SHA1
19b120dfb8a6c5caecff0ec53efe775a4db103c7

SHA256
9831d4aaad1d3b91fc3f6afa1ee25b6ef514b9432f50a241a83672115eb4c5d2

SHA512
8df7ccc9426720c3a89386b3d067b46409da107058ff102bfbe3cd81e29914b6c0fc3a3bdbb1bd4bd547815a294c4fb54ff8e2413395cf19beb92e9cff30f733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
39f63b310a3e1dd6876d20d068c25763

SHA1
45c1b1c0a7605a507c974ef32ef48a9055ad0353

SHA256
58b9ca5e010dbec0916ae78c876721e7abf4f0594ff59aee8183913e51c85ddc

SHA512
4191e8758e6100a7ad90a539420a56208476f6a12090f01baa38bae32f720b69f002b8da12d8c399b9306a630bf380def6f5eb03f6ea2bd7a8f472c0623ca0af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
9eaf30860bed7621f68015c4b1ce073d

SHA1
eb06b78936e816cd4cb2e6ae8cf71ea5c4f2f591

SHA256
783639ff2c07b299a807635c6ee9d4c321ad651b6b524f1adfbb9d2b1b2df478

SHA512
c658ad7d42d07df6ad04b46434e0927910c13b788ffd05b4d7b31c86dad48382a7e0a7fdf4f890ea2c1bc95319f3c0dcde78123cf152c4b576180271c34eab8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe585fee.TMP

Filesize
120B

MD5
a1c32779ac248bb9a516140f1eecd364

SHA1
5a7dd5e2d8c57498b3b0cefc646011d11c838267

SHA256
1cfdd9b4121fd176d51f77217403b6de411ba5c01b6b239195a8cbc89812d150

SHA512
c7db6653900211d307c2dc52cf98c9f9f53bfa83819100162a6bb35d171dcf0ad0a4e963d96e20b931b32d610dd03eafee5f1103eb9fd5a12b910a577efcafa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dc9fc1b89654c9af65adab8e2eeabfd0

SHA1
6359c288e89b4ebb98e5188fbc5d4a3c7a897d4d

SHA256
66e7435859c144d599bca880493c62ae391a82bf62ee3326fa2f262ae3362f58

SHA512
e77ecfaffba1d309e7352d2bed9f10f11e626fc1b571070aad8e2a3a6133666be8ffa8f8a4d23ae587aec01ad122fb76116a619f7aaa6d2f50e03d39a292271b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5aed11.TMP

Filesize
48B

MD5
4eee5e5be5b384cce7ff7d95af4ad1b7

SHA1
61d36a4bbf600e72a5b84ff3dbbfeb65a1dd4cfa

SHA256
a5882da0ac3f05749904464fd3391d51c144a0f5f8df701bc43244c2c7fd1cf5

SHA512
208786604a00f908f18bd0cc372fcc4bda7fbc92e43dfc7e5aed25411ca1472c611c6edc2810a95c92fcdfdb352c01d8b7c52dc56647bf0b54074aedca6b0e12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
5b468b761add3849e91a2b17cd8fde17

SHA1
1c377ba7ce1d17eca7ac236aac16a173eeb4e3c7

SHA256
1b9d80e796a7447c98e7a865ca7ace0413ace6210095225a991d564e8bf388aa

SHA512
b89f30238ef75a23b10df5808bb4a07fc49094ba21ba47efc5d2a1c2253b9e277ad041ac2e85930d89c481a5b4a8c8e1169eb9a8edb68917a51c832ddec84446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
44f5eecbc73fd2d5399a9c66b8ae82ba

SHA1
8233e8c81ed83b44aaf0ade39671ede27aaf5d6e

SHA256
b6b8fed53cff2d2180aa7afc30a68a5ed640ecff272c89994fa2d1b15f04bbce

SHA512
c43469dbc75b04b5bd0734b7069a7721256a0dc1b8ed5b730d918179714b970c94b1ac01372e999b4c53b42b9b53047a7189424fb4547911dcfc22e8bc94e13b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
0776f2e6355feac73e157e7953f1e888

SHA1
f1911ada7191d6255b017407b4fc8becc65acfb4

SHA256
c549d17fbc1893400feeb9706cbf1c254d207457ed56be66d7238ed0bffbfee6

SHA512
3f8456ae8207873a864c4e29b0cb993f8daf10ba326f828d7712fa17211b1ab805701ed4f757678c759e2219a6d8c7084e0997ef886adc89a35536f60ca4985b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5894c9.TMP

Filesize
97KB

MD5
b938e4f4c67a024ca400e37c77309750

SHA1
b6e0259a8a1cb9def28de8908747e6144b959d10

SHA256
42186c9e6325eac3e050bf607a9c86072c9e22e58484fa580d79730738badde2

SHA512
5a74f23ac2ed8f4d9e91b1989514cf6ea11721f2c411957f2ebd835268364bd44d29cea89745539cb947bb83154c5c0c051e9ffc1e16cfde9c6b5d415583623d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit