hxxp://fghfghgf

Resubmissions

04/01/2024, 05:45

240104-gf53gacce8 1

04/01/2024, 05:41

240104-gdmhcaccb3 1

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 05:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://fghfghgf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133488205605857180"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{412218A1-9258-4348-918D-77374DFAB252}	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
208	msedge.exe
208	msedge.exe
432	msedge.exe
432	msedge.exe
3300	identity_helper.exe
3300	identity_helper.exe
5772	chrome.exe
5772	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: 33	1244	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1244	AUDIODG.EXE
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe
Token: SeShutdownPrivilege	5772	chrome.exe
Token: SeCreatePagefilePrivilege	5772	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe
5772	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 432 wrote to memory of 2700	432	msedge.exe	87
PID 432 wrote to memory of 2700	432	msedge.exe	87
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 3600	432	msedge.exe	89
PID 432 wrote to memory of 208	432	msedge.exe	88
PID 432 wrote to memory of 208	432	msedge.exe	88
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90
PID 432 wrote to memory of 3912	432	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://fghfghgf
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff983bf46f8,0x7ff983bf4708,0x7ff983bf4718
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8070971205899435279,42362176003160133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
  2⤵
  PID:5208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff983389758,0x7ff983389768,0x7ff983389778
1⤵
PID:5848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:2
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3284 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3272 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4720 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5040 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5620 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5052 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3260 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6052 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5600 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5368 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5032 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6180 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6312 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5516 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1248 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1944,i,6408855816901691971,1580251123822742477,131072 /prefetch:8
  2⤵
  PID:5428

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fa9d6579a132bfac5fc2bfd5655be1f8

SHA1
ee3724728df16712bee1848b856e2f2f2824a25c

SHA256
b60c76db057496568cdd4773be141fa20bb574ca4f29ac97929aa55b3152c9a3

SHA512
249bdbaa03cf751faed9b55e65cdd287d5f9cff45597ef067a07397e2c4d35c21fe4f9d7ded7dc731fe80b34200503e10d45f25e7a6ab9908d23d3bfb9c744c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6566daf5a61edca468bdf3ebf719d35a

SHA1
0af0e2b7393a21c2ce73a4205cc8a303e8fb0772

SHA256
d3b1bee8adc823d0645357dc3f21d1eefdd67f9510587179b95178d85a2a1b3d

SHA512
fe4442688851eef75471709c178b91b0a172562e403c0f66a39f840dfe878e86fd013eea48a64757da0adaaba387ddb2c0efed9d3bf00524e78f73f7ad26789d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
12386c55e57be371c72c0fdc53789bb3

SHA1
755a0cde1c8507469adef1ee3065c8f37acf2e17

SHA256
03697bf8c75df2235f5c5f83d34ac068fa81fdb239514876cad7f212310a5534

SHA512
0d2dbdd5d2a01703b4462fd7590a91a2f5d460fb5914acbffac9af0f6f5a79c0a2b080c7d01ce5f576150fba82355eed77fe341faad2a4fad3445c4db28862bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c485432116040aa7a76be68c971017f8

SHA1
f818fcafbfb6ddb4b7fa92782083daf5fc77e414

SHA256
d11fa64f7d13c2b814435092178c632746c28f320da047210ef4acf06acf72ce

SHA512
e44e5343467ac1fbab99d2a28e6f5c799ca896e7971af1a2640442816a3465acfc41cf09e4fc7aa24ff03b17ea9177925ac0f056f76946844bf7b231ebaf12d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6d741c6db5778f0b3d394d8d38bfd6c3

SHA1
88f48063e6c0049dbfea97b984bfc38a62710ac7

SHA256
2b6a177274c2711ac2818a0c936ffa27953cb1568ab8244ed38bc6c242bac4c4

SHA512
d8b4529a347c368d3e8759db9c867ee4f9d9b0e087eba82ba632093150916c6681a74a3657cd81c2fbcf6830f8febe5f4b2c469b107483d69212468b8b26a913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d8c0d5ab6805a662da9eec9008f0db80

SHA1
1e0c12cac7209edf10d30567e207978e18e46459

SHA256
6797975048342a4a62c3c83a441d4f6919ed40b2b203ebabcb415526cde1ee76

SHA512
feb6b9fa24618624ed90482b49cb3970dda30e91b1e82aa25cf41bd91e31abf59a902b45e50b477933abc232ee36e934843624047a86ab8391bc5562986e256d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
562878694c1b7dac8e1957a9a80d3c60

SHA1
47ac6927369539fa864ac50ff255c970397959f6

SHA256
d947c3dcc2c97b436a7f7b04d23785978eafb95748675df9f16588cbfeb6a128

SHA512
b2293f3cd6e58a3f77465bb522b0bc43727022616612f908d7e8b35e04dab7a474e91b92c5ac4e15ff7896e6527d3945d2fdba5508bb4d098e6e38dd64870328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e6e1155aa90ffcf8fbc113b082234224

SHA1
8ba53f6ccad7d3974e46109147cbee0aa874a6cb

SHA256
c9e463c1c536afa549183619d56980240c51904474807338be4cd71be8857d68

SHA512
594fb67354f45ae8a5467237b30902d1d84d23e99201ef6d09f7701ef70d7eded9154828bd1ab34c648eba60b42b64d853dd8a65e10507b7321ef40a4f38d84e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b817ae7fe6c7efe597eccac80032025c

SHA1
b6dfa15fc9f44d80684ac3cbb9e507c5da493187

SHA256
866a5b4867c75ac61fef49b5ce7bf5b0b830e77c91022ff4d16303487632be51

SHA512
7524508a481dee3fdf919031f1e7da10dfa021c746d30b02f2c63a394d3c1c8e352cb65e65817c5cb66848baded237974118b992f7373fa4108a971e751322e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3f26aef9-2a4c-45e4-8a9b-54868bedd9f8\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cb46c827-94bb-44ed-80f1-654608cc2095\index-dir\temp-index

Filesize
2KB

MD5
3d9994fd68f66fcf07ead43577c2a82a

SHA1
06899f8a91117c148f9c8d61dd3df3a3b3eefc5e

SHA256
5eaf805020d94c5363e2274e7bac085c63a389868bd1932a8be5bd2ed5b97d69

SHA512
48dadba8cc7bd85b1880fe99fe63a8daf431c662f1a569d5893e23dcd777414b8a097e57022b96e8cf940ff633f73bd591bd56168d03457df8f32f2ceda3d809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cb46c827-94bb-44ed-80f1-654608cc2095\index-dir\the-real-index

Filesize
2KB

MD5
ae1f051b286f3ee8872c543ce72232fd

SHA1
4c77a2ffb19cac1acf4f54b243cacf4cbde39756

SHA256
7df98d8d6d53ef4ff2cf8041929aeda905f4f9dcff7fdd2a9e25c1375a2a13b3

SHA512
8cbf358b31a6088ed46b6643d3a6324c60808456e83b9e0b618003af9ac660603fd96b372bdc9345fa8b3f648f957b498b50e1c77670619f01717b3dd8be7c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\cb46c827-94bb-44ed-80f1-654608cc2095\index-dir\the-real-index~RFe5880d3.TMP

Filesize
48B

MD5
435b3a9bef4abc9ba5442ee1c5d51c7a

SHA1
da9d9697e5bab35aa3e2cb2cc55db5fafc54cdc8

SHA256
b98c7910e9bdc183a216181d01b8027283fb2eb78ad2c7dff94fa34bae34c68e

SHA512
9e421a19fdbc10683b8cf13e3c1472a030bfa881d0c92897d3f1bec78106140cb17575b3ad2d9f0a352fe2cb45d6160cb85693bb03da78e7817e723c2604f07a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
3f4dfdcb60b37d4f0b1a840ef6801e8c

SHA1
39a8b84b03147d53e065709aaf5fae2f17fb834e

SHA256
6cc91f62320880d8773d55674375433463b9400d836281edb55440b3e927b3ed

SHA512
3ccc16aabe69636045622ffab26d5b64fbacaecfab2bd411c50c2626deb913ce47022ab194b7243552dd1c433d3ad8aa0d16d4ecf83214fd0442f71333042d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
0719a15d1f961d391e4de41b1e267638

SHA1
96fde961687d01c0c978f987a41c377e556489dd

SHA256
dcfa553a4c56557f8607b7ac4d362de6fe94034bf2c38861efa0742d70326df3

SHA512
5b1fd87850feb4073744e18a655a76b56a19979556f25cf0a59511162e6e894ac597a35de2cdc0130139550dc4ea5327878911cecaa81f8b2d75e4dddafc4e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
3ed23da14c6caa6a299f7ef2e17c84fc

SHA1
72d5f97593aa761e4fca688ae4dbf20d2a5101e8

SHA256
29227000ed9e5705301324f0ef1266e255b4273c1ee7f5790f53517a9ed41050

SHA512
2888d45a41e9eff015c5356a9a06cad3dfd84700bbecdac96e6f174df9ec12ea803fa88c55365ca781c05a4b2b0c9a371e332030e2674074ffbd1168fb477604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
949b5f8097ca1589c702de7990763ddd

SHA1
2fa8509d9fd10941dec871981093e70d99366fa1

SHA256
2d7029dfa3b33d812714e856b7f8c17c3362366e6377e3c1b1b0d71f33cd7707

SHA512
535f6b57bb897dec2157c8fa5bcd8473215310098debf4882dd10532d30033c684e2d5fe85d9c121b3d8c296ed8f6c8ed3b52ed1ebc0a0af37470db592940da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
28c9e084fec5cf895eb087a2e48df4ce

SHA1
08e475eb8bb705a18afeb8718486c8ca9af1b65e

SHA256
bbd1c8abc39d38e6e9b32e84533f4c0842a69c941a6eb971188004f6afbe6cc8

SHA512
c48462f614c34dfd62331a1af468b81b0b5be25fb7b7004379740a4172e3ff20cf19c09f044cc5cefe482480fa368e5a983cd2c0e28ae2cbd5ed33ca714df98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe585a40.TMP

Filesize
119B

MD5
8a57d85826801604b9101ab4f5027f68

SHA1
8d6f6ac5573be1d69d396f8b2e9e690d9e9be0cb

SHA256
71d7655e436fcc6eff946a17ae9e2cdc12a187ee2504527eea1061a2567e6de2

SHA512
e1aa47f5edfd4cebe3cf810fe09fa62a2b4ea4f851ad5c6ed169bbfa8fc5c047432c65b64c9c3214db84f3ea765e896175665391e3208959e3fab10764f726ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
a8a7936acd7f864889cfdb611a305f2f

SHA1
7c489f68cc484e5d06d6251e644b1b12dd0197d0

SHA256
34d28e908688ccc3132d28b70241aebbaa53fe508e8f021cb38e9a9bd3d60525

SHA512
785926e633f22ed5948162360ccabcc4e75cb4fc45668ce0d0c11584343ee952a4f7aa5c9b47cd718a7bb281b5bce56fe6f014a9c781e9a4c50d2fc56b2307c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f0c4.TMP

Filesize
48B

MD5
5d455e91afe48d2a53e8d5f469fa8383

SHA1
0bbaf798e8830eb6d532f8cffacb72f6127e2877

SHA256
b83c6d7a40301ae4f566debd6d497e0de4e68c60e492a930051c7416c550f7b1

SHA512
238a8440ede2d19edb1acabdb330c196927f5e42f290c8f57c6fc77d979d8171ce2dfa560c59dc17ab290de2279c19e636d56fcd345ea2e042a0b9f4903e2376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5772_116891791\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5772_1337261497\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5772_1337261497\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
224KB

MD5
464791ea0ec3855f7573c52dca36d3f4

SHA1
60a88df055782594ac657182a78f3e44368f3268

SHA256
ca24b059ec4de66a1e2dca0ca8bab35afa82f048aaa5e3a31328c5c7bf613211

SHA512
2bc3f0c17984ff328e7a955d36d00f97bacfec0719817cf0dbbf74ba437ba6ad13ba5d78dc8f2866a4e3181a4aa84e9637f5640ccfec792fcc1809211e085506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
85KB

MD5
9265f1e69f8026c54779562318f8bff7

SHA1
b43d328f76f5f44c5e9501e222be99131dbdc1a8

SHA256
14faaf3fbee95198cad9924d683dd38af13fd46dd608dbcdf9b5eca4cd5b054a

SHA512
66ad7eb38c710b69a490b1d9b3c10c14686d327f9dbf26a6d63a9c0bb056a04fedf7f78defc68d3ece9cbb1da3e96676de6b74832ac0b5ba1e11792b09e9a5f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
dc9b684ea6ebb5f0a4bad77998a04248

SHA1
00a1b3b01815030a55f81093cb515937795f2807

SHA256
f59dd5f223e36bb6b61da8046860994408265101f2425bd7248989f804b26f65

SHA512
66901f2c503ee64f13d214d99ae9cd0897b91a26633dfffa720c6bffb9f1ac64d7f5cb7e256f1d52dccd25bf0cef080aa3603fe1f5cd61741aa921412b52868b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
25518c920dcd7ddcdc163154da67b188

SHA1
2f72b4d40e09bee7c515687158ec0c071ba49eeb

SHA256
aba99e5b54e3cd860bb95fd1caa6adf4d6632532a67ee70875a349e9bd0bc9d9

SHA512
d1a7c038f94fb58e8bdf5cca1d49a11b6432bfbc12d00fd4e42cedb5e23f90b2a326128465f1d7bb245cddb8802853c6c6ee08f76350b795f325f8f1fedb647a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58dbb5.TMP

Filesize
97KB

MD5
f97687e6e4bb23f079c2856b7470a4af

SHA1
45ff416ddc66697b3da673ce404aa9467200b4ac

SHA256
82693f19b5b7ac975efdef98d6da855968ba163d65195485c759409c1aee8ef2

SHA512
5602e8247bb92c5231bcc257074e3cde718b5e034c9c594d3cdda0f5a133105ab48cf5edbcdca851250621ac8282969f54b675c876bd7203bcbaa29bbe8942d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2bcd47a746e391686dbf4eac63d70e70

SHA1
c03964e58da5a3208709cbdacf994789431157ef

SHA256
b06986f64aee4e22d74b7b151096fb99dc849d2d2fc53632130d158250de3d9b

SHA512
2c9842b4d3d05d6e0991d8a7d0f5a231b45c5f0417ccfb97ef7c72029e13072be78362c909e0ad26a5ade1894fe2bff1be0b89cb4b199801f7940380cf77dce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
874ffa61dbe2ed813fbce38052461eed

SHA1
e9bc4730d78e4b51d0ee6554784c3be7f7afa671

SHA256
0a552d2048a186224655ee30718b018385e2d2c77c8ffa5c256f99ed554b458d

SHA512
ae9d0b3e5dd8cf92eef87cac8a9a631fba90525524655efbb1702c2b5eac16aed4ef00886c94f05a865706c01fcdfc3b6585fbad7b320611b224137461ed31f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c0f47e8b-a93c-4218-a513-9b5d9450f744.tmp

Filesize
5KB

MD5
00b36944eddba71658488fb93af9c2f3

SHA1
050b96b77922bd61dfb8fe0c9840b8b0a99d3926

SHA256
0f8ac5048e62d9ccfd75481ec32e4f3c4a1ae851800085e12eed3fa86e90b454

SHA512
2d476c36e401cf09b6e35771de82fc11ce3a0b9c6a2d2ed6020e9d84346a245549c5b5143e3f37729868c476b387e54895fdd39ac9ae7b40ebdd6e115d2232cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
042e777a9ee5855cb400ea49c23432de

SHA1
10b89b57139cef08ef3641f23cf9d1077cb8acfb

SHA256
7f2b9737fa56d5af602648ccebb809fdf8877b605d96895181c0526a2e980289

SHA512
f40768dceea97cec280a00ca7c0f8b0a3233fdf544fab3a86896a88a5c6b902a0690486fe3bc7b975b23b19043058ce6c63989bb510136f816c6d247cdef7e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
44619c30a5bf577c5411ed30d3d6b614

SHA1
39a9b9ff963f02d6dd35a7fd01da6260f8b1eb46

SHA256
09698d091f4f1a8bc03fd388f42dedfbcda8d8c41a1a08297210be53eccb608e

SHA512
8e44b6a57ab46b454f4ed69c060127368a268b73132afd236e961ce8c5479a13ad466ed62609c9e74e3c0b28645a7d5b30269801e0130d519775555917d9d428

Download Submit