hxxps://twitch[.]tubson[.]pl/

Analysis

max time kernel
300s
max time network
269s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://twitch.tubson.pl/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
115	discord.com
120	discord.com

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528307739896272"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2398549320-3657759451-817663969-1000\{12FCDCE8-06F9-4A6A-A8D1-868C9A635A6C}	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
4912	chrome.exe
4912	chrome.exe
4588	mspaint.exe
4588	mspaint.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe
Token: SeShutdownPrivilege	2232	chrome.exe
Token: SeCreatePagefilePrivilege	2232	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe
2232	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2380	CredentialUIBroker.exe
5068	CredentialUIBroker.exe
4588	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 824	2232	chrome.exe	42
PID 2232 wrote to memory of 824	2232	chrome.exe	42
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 4260	2232	chrome.exe	87
PID 2232 wrote to memory of 3084	2232	chrome.exe	88
PID 2232 wrote to memory of 3084	2232	chrome.exe	88
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89
PID 2232 wrote to memory of 1628	2232	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://twitch.tubson.pl/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe176b9758,0x7ffe176b9768,0x7ffe176b9778
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4964 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4600 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5168 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6768 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6788 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6780 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6668 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6596 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7488 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7200 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2528 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6624 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6828 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 --field-trial-handle=1960,i,9534882271560746283,10587371849959218134,131072 /prefetch:8
  2⤵
  PID:2092

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x450 0x3e4
1⤵
PID:1776

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5068

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2828

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\miska2.jpg" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4588

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:3436

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
062cc84c0218b55fdd1b19857d52cc59

SHA1
e25a3051e499e2269d9e2ea0f384eaa781d3ce24

SHA256
8fe2e20bb3cf656eff404cd69a740bdbeb2abde044ac1c802270c6bb349129f0

SHA512
bac28b92d9f095b08e6b68eadc1d11814faaf8f7ce24f8da404eac4127bbc560817492ce72a681192e80605d7feedfedf20543b0503840c33488d5728afd583b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
64KB

MD5
6d2b6983db15678d6ad322d516c14c04

SHA1
eff560800f7bd4fde2c9d145c5f48712ec3b3061

SHA256
3b8548478684704ed0aa1d93ea9912c27c94ff943d5d506c256e51eb1c3a10d9

SHA512
ae2b498baf2bc16523107384d5ccf1d244ca381c2fb4537bc74c88604fcd8548bd292ee2e11c3c57eae6be3f4fe0b95fbb931405a1273ea909e6b0ec8defa844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
192KB

MD5
b4dfd67d9291c146c575c1351417f3c2

SHA1
69ac5d93b38b84f3beb704d15907064b47a55f78

SHA256
a183bb55622291fc153ed887bf68b9e15b5a2f50f6efa791ef95cb8a5284a6a5

SHA512
e34971625c010e9e45c45e6368d224dd4d90365657ae6fb4cb2665744e162fb521680adc069037abaa63122cea8cf445226ca210905ab9da6765ae8123c40e9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0d2738c0c1176629_0

Filesize
260B

MD5
2b8b0a382494b1ad220813ca559369e3

SHA1
5fba08c85700e371005e287099c264230cd4dfc8

SHA256
3ba45784b0953eeb1aa2d42856f02cd91d696c55999e6cbc1dbc015756ab2f4d

SHA512
2b7ccaa52c5e17c82247d4b664038d096a7daf9f92c1b1af2ac6f113c5b933a82478d77b721a3e9921db43e4c4b75d81b7844739e16ae45a96bf66d223e03c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\198d859e6c987785_0

Filesize
192KB

MD5
91dc17385d6078d01c0ea4b16e500919

SHA1
46d50a0f3058c026f3d0d9a0771e0e8633b30e1a

SHA256
9bcc22fa6d239384865aebfeee5b0b574d22cccd0f4fc5fec8e1ecb03a9e0e3c

SHA512
4a8a443158e372b2c4643d73fb794943ec4bbe5f1da306e65a4c26c682a6b3a19461fc9c9ee6534c2d15225b8e091e9ea45001c4cf8925f429d34b1a31e771b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d177a1c47d954110b86087f96fe567d3

SHA1
ac74c7e0e2d914a6f68c4f18f5339579f4139301

SHA256
39c90b48c468343c8414266dda5a1d44a130202ac0b2fef3f3ad0ce1de8bc6e2

SHA512
c2c065720fe3eda83f7cdd7f9fb7f0302983dec8222c4ef612f0c81b8192dcf4589d5d113a254858dfb70f7b1c9e577aa0303e14a7480cb259c4a23efe267933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
92f59d313e9e70e27854b440f876bae9

SHA1
d305076b29d5f34a2d73598c8920a3c86c09c78d

SHA256
14291e899fd6dfcd78360373ac5a597e567950f1e7aa187f060519878a6058d2

SHA512
8393db0b628103dd624ccce8495a899aadf1674c2641c1ed0c9f4ddbbd07c30daccb0d5160d687ae38fb91144137855c50a31f6579c86978349dc2120a10c0a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
23e12d6e3b45312242755b8939a969ae

SHA1
3de5ba63f57925d1323a25479a57454facd6a6da

SHA256
40b5553361910868e53a67b543375faa91b91bdaefb0cba6df75b3744df61f0b

SHA512
af9e65a3f6b4afbf2fd27a07071e5795832ab9425555d3559d547d3a4e97bad13433d47c4f94b761c835874ed3070c358d57a6849e5f9d76546e8f6bad5b7c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
ed5f7a68b58ce8a6304d3d7d48ea7ea2

SHA1
068957c970f393a8f3b26fdc06c14d953ed96bcf

SHA256
c11346c704c98e93a7e293a310a5a90cc871765a6ccaa15cdce92a7c5eff5bb3

SHA512
82a3181e6c1830bebf9b4bfd9ce44a3c0f7dccb8623062aae891e11137c1235567fe997e48dfce9abf743d322d6b466af1bbfcb1f4a605b6d8bb4905d3692242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
adaf5847f9e9905aeea973e82439f58e

SHA1
4a0796ba918500dd6fabc688081b8c98be50ba87

SHA256
f3ecc8f33ce76b67ef0fb2fb66c1f45619e908c197abea1bba41a03aa1ad6f81

SHA512
bfac61d2f0faae08d7605f0b3f934e4b10b7d565d59bcc33423e3e989df06b1415dac0d6844a8a65c7e836de9ec4c1503e0f97e9fdd2066d8fa64795ca3f3370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
77975f9699bbdb84407fbf8690d23111

SHA1
ae9a7afd24de65ca14b20ba8a22b321c72f3df92

SHA256
7b05c8905657da93a12258a4a525325663efdfcf3ba4c413da218564e97e7217

SHA512
4ad882f03bb2cb5009cb67e4e5bf7c359f3f881f1ce33d30b4c7defd8a991e53a9aedaa69b9656bb3595285d8814b4fa03f9200615aff1b5accf8bef36b20294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
cd7cb6da5d0be578260ff02e695b7d55

SHA1
8cb7b20e15265da5eed221506db1f3f847bf95f4

SHA256
bb04f179078417e70b0481a68e72a81286e7852dda7a51ee81771d9c14f7c416

SHA512
8e7f7c62a843268b9032bf107259840e5528b780b9cf752db8122da7675757e1d81e6d47b178c8f24947822a6a94be1b3cc7fd47e25f08e108d4de44ec680aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9078b223c66bc14d1f5355ebe32929f1

SHA1
833a4eb465315a8d63462c78d2e862eb1c1b6669

SHA256
56ede227e0ad163944d714e658c31c031db9c316d058fa7bc4b98239045a44a0

SHA512
3a350e9f697a4281c57e054f91e8eaf5f70f406929aea550e94811de1e992cc6ebf3a6a3d6f5b7213da963ee67b45be57e3e2414202fe1350cce2a58687321d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8f345168ee558eb70fedd64f913650eb

SHA1
54b28e0ae083bb9248da404a31644fda6ea1e549

SHA256
ee0301abe013e107db7c3e271b5f180dd68dc9b047e9778402bb4faf92842d62

SHA512
22d8c264b021911312258d6db4266daa3f653c7b854a21c2354989d42bb265affbda6db9133aa51a95f7d489764e04d6b71a3db79d0cda4eb77a887fdb1ebe58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
073a97ea4d64a442a5180305efc95344

SHA1
bf1b10b5bad77883b665958190da760ac5390267

SHA256
21fe21ff1b818177410de8ccf129ccfbe534480a52b52741f756d57898815ade

SHA512
bef2c2fe07371ad84ef658f7f1550dd16ccc9a23245a5075f6cd7df77055114470b8b8c65887be3062c592c03b9b37604ed11ceb3e04760e59ee2cdc5233b84f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5451593d4aca91c15115dda3a925a69f

SHA1
06eba1140811c8661e510f03c18b072956637c71

SHA256
4ecb873284c7e7ed2476ff903c29a60d5fb76d2b2d69b198ec7f5ad472287d82

SHA512
b6357981beb8efb25c3424aef533742f8bd341cc9c5869b597840c33b0e53b07202cd121b00afc267973c3d4d9aa86fc723fe38270f3cd9f05467c226d5eb100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
005848749bd19a5aea6cd6137db9ed25

SHA1
3a9d602119ad498d7d09c226ca876adc78f49392

SHA256
040d73a336c01918122beb97f1db7038f88ec688371b76e07d861b26ef9151d1

SHA512
463261dd53c288d6aeb5fc77758284d98e763407ccc2c5fd0235fab538988b1c001e71d6fe4f684104d03a1c146e5f5838e9b6f1363a36e4ecfe3d3f380f0bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
845445b64f6bb8890946a45676e4e03a

SHA1
290dcce240f48cc847f4dd8df7d0b883b124c1bf

SHA256
454b1c00fceaef0ad4286b319f4e51bd3152cccb321d68ac58bedfc4cde68416

SHA512
55bd3270368744370963d2a96811e65f5c56352f49828044bfb73f39bea58d12bb6c4b57a7eacd31bb452075f7d3a8efa78f8323d34383e9d347765fcc0c607b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
973326c4527cf7734a048bb496049920

SHA1
a5ac7ea1b57d6fb985c2f48939c8752d66c3fbf3

SHA256
18f264dc26dadb92072ca90f4f068af7170a45f199726d2d99765ca06d8d3d2b

SHA512
c264bf77badda6e7f9771c86692bebd09bde5eb3658abad015c065b2522f5ad9ecb4fc49d3a51cdcc7fac0ecfaf026656a5eb64f711ed2f567c950473613ce2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ba89bb8539383d52ae3a2e9bac8e115d

SHA1
d945e19a416d7ee512f038a436b3d4b282ced78f

SHA256
0bc0c51cc627864b33a3b99524ff0e7fc2742cb07e73bbb36c1f1c34e5f14136

SHA512
74fc4810ed94df97d28ef58c9aeba39a1d45196b61ac850a1bb68d09da29d33ea5a7e5d01c9c4ec89bfd7692d3bfa8742866a887a4cd5270ff6e6045ccbed7a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
970d7ddaf94ee1ef6153db2a05430d0a

SHA1
852ea53f8812daa33d702d72c2a54764ce1c85eb

SHA256
dbfc251f266267dd1e60a97901bb472996c98c4fefb4c274afdc5d5c6ddc5422

SHA512
1acaf322c5ef716006aefa3f885d4a35264f7ba9a18f5d96fe33a519f4fc59c3bcb1cda9a84e08751608a74b41a771b02c23f8f007b66a1d33f85f78696491cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7e6d2a29d704e9e0c61d0b73dfdfac7f

SHA1
6eb6f1bc6efd286187f0153e24b7b64b3ec75f82

SHA256
b9ac72d220fb0ad0f1187f575ebedbd984ce3e9cf8ba570a6f6938f26c2f9b70

SHA512
27c7610bd45b0dc51808862a12bc04c09e3c6a40a0f9c17769be7750a21dfbd3df1db0d90707e3f0126a12259dfd8ac50ff5357ca2e279405172a85e96926017

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8da1ea682b93c73b2670cfcf34406b37

SHA1
3895ce1279216f64eb136d8282dd6fc9b2198755

SHA256
260dab9c39529b1e71af276def25f9504ee937209a32855fced5bdf0bb4678ad

SHA512
2aaac98ca2940c600a72c71119f1acc022bb2cc6d48883a03d10ae589d3f99c46023a3dd28f89e75fda1d15ae3928d843b9c64cf7fce8d43f08b2f9601375f0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
597c29d4307e14fd6db766ce09250cf9

SHA1
7458d89879f06bfe9f053df1b8efd2e59c9484d9

SHA256
aad13e2a4e5aace8141af7965d6a181144e503b1196121411a21f8d9525b04aa

SHA512
f0fbee2806fe7e03ff5691f350652512638268f6a34213839b43168ee52cae16b3358418923c71758de4c1a1bb8efcdb513edc1652edc7e5366aeaafad74053a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5473a0ea0d7a926c3951474353f30770

SHA1
9fc0102417aada3e50e7405d864f0a9e92c5b0a6

SHA256
dc479a4c5634a3a55e4b8bc1004191a4ebbaf6e732e5f5e32068b1beaa94ef52

SHA512
27c2c70d019291da1aa83edf4f533bebad44ebdcfa419d05450083db7da81b1132e11a41f5fa31376a29fc277525a272377d4b2d33739b0c91169cc873666933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e14fae8dae93cef238f47a65fa60b0db

SHA1
73bb272d3389940d6c761979337c892e70804c53

SHA256
42e769a6dbe4b7002500160ef4333832068028d04fafab7ab7721555217a3587

SHA512
57f18c5c2d59c0a5161b8cfd0dc7fcc65c014f361538f2bb567941e5545736966d349f7bf91ffd2f7ae437bd266f62e8c45c390a598a307502f4528626403511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0f5f062da9dd0a1133f6661ffa66d5b1

SHA1
15c30ee81f7bd429dae675fb43fd691f222fe84d

SHA256
2b58ef0617790b436c7d6ea47a9bcb7971db009b1d51a6ae620ff17415da3586

SHA512
73a16c3da779c93795054cd6d7c9204b80713b19cee32ddea9cd51c8a327d63eb884b22864d0b56c343c0c05e9af1e3c7ffc41004a589ec0fb3ff232d952259b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d6628d0c6fcc31fb8ea2e26b76599f6d

SHA1
547e5359be35f577459fa95bff99b9e49cb54247

SHA256
0c2a7ce4cdc4d30e47a9de9f14b989e435e673273adabd635f7cf9538433bc3e

SHA512
0d07df0fb12bd0619f1ae5e5879204e8345e4db7f62077b98447383f42d38172e45526c07a294e840fd16f0623b33a0e0d246cade7fa9c9ed4d75f3e03a16be1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
900d7dfad7b1380b43028bd3adaae773

SHA1
9a1d7422109bda41f6a634df4415b9411eed94d9

SHA256
e1ef414fc47c93e25e8d5310a8f349415f2921da064bf47b506a3568119407c5

SHA512
98e7dc267bca2414cb77947e5e4293634751550c4ddb52494822c93f98212635806aac08ccd66d862be49e6dbf794f2fabdf08528811ed31495710449a3760b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
769ad31e89a20623c49affe93fd4c316

SHA1
4851299dba762d3509b522abc36e400ee3ae9e82

SHA256
9999dba8c8201ca5f367a2a2a33a49950f6b8d5165237a6fa73c0e419e838681

SHA512
72e54cf9da9641c73e4b55476c8bb61f4f949e280034e8ea63a1b893f2fcf029f782fb48309391b3d6907e36f578e938eb284ff16c8cec83efe1f40a6d766672

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f27d4a7751554f1c3f6c40bb4ca870cd

SHA1
f2e311f2bfdce49f5d42f721c2c7df659c79d19f

SHA256
4c6f21d680dc31a0e2f15156c1e5991ee99ba356707e15a31f8f7e062c656f2c

SHA512
8e5416b7b06517b5f47dbe94ca8c6031ebcac9bede5c20b060b9bbfda78813d5cc0554fe15c8f76892e7de8f68221af1275cfa0ab0b7ede6af6e33a1104bc3e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1c37a3a4c9842c79519a50e100a60473

SHA1
8e566fe0d491cb77812de4778627f3f849e70573

SHA256
2be213461a992a4b9d134dcf631df56b9962aeb4df61f6f7c8032d39cb316158

SHA512
3e9d88d9d3750db44c2ce5c75a0b01662182a6ddb43447335d49868ed205b441ca84cd341b46c14faeedf1fd58f4ac94f47c721ff8d22932f2f14ac0d4e7a674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dba50e79d310269a99862944af3e18da

SHA1
1debdd708f8dc79cc9449c2dc9db1c91d92a3c7f

SHA256
8621b5ef375df358a20606d0f0657f8bde21af749461a7bbb4723c04571c792c

SHA512
b028b5875f14e6ffb83373f3b4b4668dbbe540c140dbaf0b4f1c8c22c2aca7cd3456fc5e55d0844ca00197fb7dddbeaeff088e466d103c16d95dd301235f7cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ce3bc43ca6d3b3c22194e8b8dced430e

SHA1
b4a67f297e59640fc9fa4edb9b48b85b65c08302

SHA256
b633460da63fcaf9727e88dada233b0858cd4508a2ad606addbcbdb0a2099a72

SHA512
7e2d329f71f8eeaf868fc723b134b5253c4603ad4b7d173742937ed1778e0ff7f8426b5ac31933cda4c4dab5cfd3c699fdf1586ff83c73823cd0be85bedfa7ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
7860511d2f871ae84f97c47ad7211a84

SHA1
9c6cf959e06b3d6dbaa27431d58c0c7bd38d8504

SHA256
fd6300e649b6656e268650a427cee49973f81d8b51b04a2157aa17636a4126e1

SHA512
6cb7e60dfc661c979a8f407eaf007a08764d6adb1d796433f4592df8448aaa46c780cc151c08a70979c87d65236282ec6a8901eb244db04c2e4aa02025d73477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
5a5a3d51f1695254243ecf9c2e98e4b2

SHA1
8d52895aa8ccd676c5839f9d5eaa594657551bc0

SHA256
0408e0f06336a8a0e9ee92d2b420df239048ce02f85c980a438990528c1a1981

SHA512
87aa0d723c7011586dfa1069017167de7c40d51bc95deda8901f0b7f001b23c7fc2c326b6d44b293e41d6b2fe74d0d833f3783ca700d517ce15b61e4fbf2ae74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
135KB

MD5
bff990f32e7d46a696b2b40474fc112a

SHA1
773fe9dd38c419f026771aedcdef01f249d77c69

SHA256
ee45a55f6f0565b7b036d9a5525ed134ab4d4651cddd33f1aa11f15d5988234e

SHA512
a9b7b7f97226de99d23e167ac362041b2a88a6b03d949756364428193f1c20f066cb1f05e807cc2fe485d99aadb7643b36ddd31206b5e7700baf1d0fc7ac2566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
51dfec8188c3955cc8bdf6393778299a

SHA1
ede6f1afb8bd81787b4f1e69e554928b24bddda9

SHA256
68e7562c85f34cd28b3fcdf1db6b19cd66610b8746d148861d140e0a2a1a86ee

SHA512
f18fa10544431a367eded2debe2286e19a0883e499cfd61b844fefb88564a53247e4178e6cea5b5bc420b9133178eb16e1bb185c36bb4d312d50ff74707ccb51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
5ddc505ff59d601fe1e3ee0e011bd818

SHA1
22138c9963fadb51d3c11bb57918c294b8c5e26a

SHA256
f6a5e38ccbdde223d122e9c6135422c1b5abcc0daa5f3845d1f59f5ca0c93b57

SHA512
d13170e638794c78adcc7713ad9caa1396b67bcd9c55f8cfbdc72ed855bbc341c635b50b19c8e46513369057b024b310704cd942ec6ab132acd191b0a152bfd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
59d0dd6a01751952e31717b3dadef640

SHA1
71265ed204eca81ad6187d2375c55beecf66303e

SHA256
541f75f1892e4591057f8860be82b4ac70ec9c4c32dde89101f5fceef770d96f

SHA512
96567bf56f8d392de079b3ba692351c62b4c3627bc8ee019d37343cbe0f04fc7c0dc4d217044660ed3d86fd242ebb5418bf49cad822689b9078c1d3b881233f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
4ee1cfbb50ba4976fe49e0fd44924096

SHA1
285fd4d73a6f7e24475865a31776c5c6c2bc7f74

SHA256
06133d2f59047a4381539c4cad9e88d4fcae5b19ee1d7803eee0bb0e863b6728

SHA512
27be7d9b2c857d0aa18bd293d6c1a0e127fee5f52f1502d246d510c3abc8054a357587fad764398072d7f30a302724f2232978e809abfc136bbbcc49312ccb53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
4ec6d2354b3b162920284fd2245ff01f

SHA1
5b4547e4ede73c529fc527dc188ca6f95b115481

SHA256
949a013ebb2b75733f7f87c5ce0eafb157bfd2d85168cc80cd6ed0c6479d99db

SHA512
f63f04193b1b6a4d430986cb98763ffa56bd95257a1ca04c85044029240aaa4822e3e45c89e4c338db15ad1fd045749af511a3e1467fd18e5523635b22fe5769

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a5e22cf8ea27c5079c5ac3580bbfd165

SHA1
04afe72a15e46e9ce62914247304bd0c4c4e25df

SHA256
a1fa1b9170fd8e24b910ae165ea38dcd2ca8e726e14ffb1adf15014ec4f8c6aa

SHA512
fa1644fb0471a49f51a8c43acf82095ffa11490b3a36c02c92168c279a2b7c6c4fa65b6c715db276136d5b5c0220e06daaeedcc6eb4f602e1baddd94015b1e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
25f1dcd802fc89537e520591f9dcf3e4

SHA1
3b6166bc56626ffdcb3c2246077c12b744afddd9

SHA256
4c29ff683a097fd1f6a0df5f7dc4fda23fb07c623035ad0394ddd319e8c335cd

SHA512
da9c1e0e46c0cfcc71044ecea7884543e3fe2ed9e4c389b8633715b198a3df16ca860bfe392cb63e5adb72439a7e7876d70069c940ba4d2ff2e572d279cab9a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
ed0a268a6130ac71c547f5908c2eb040

SHA1
e580369da1c864527311855f327d3f147906a259

SHA256
000e31c51f9fe6b36ccd93dd9b430ab9e83b5300f7cbf503b7641cd68de90d05

SHA512
98fa2b5cf805d3c870d7903c68d18f206e95c58d3982067c30cd29d9249d8cd1085d3752ab41d99d2de5bfd6f8cb9cd96d34f3a114dc8987547070d136bae4f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
123KB

MD5
7e8a03dfd99fb07dc24e2158648e22c8

SHA1
d220f5a92f84eae1a2b6744071721c725bd0a121

SHA256
ede175a8ef11f6e3b19cf5deadf42e4afb74ec65b3657d9ce9945728ace2a846

SHA512
c4611a8c730476de63a12a1e3557417def7422e9539b6bd819d27f59c6011484d1d53ca1076b56513278e32a5eb4c599f38d28aecae04d1045b3362efa3f001f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
124KB

MD5
2dd856e713572e368596b77b41a93a80

SHA1
e94ca8a9571fa2224e7c2400be1705194175597f

SHA256
e29fb9ef5c4beb8d295f97fce59ecef429419b883660357f819f893886af2d99

SHA512
0f8cd9b4cc785832fca707448eeaa2d3b6f7dd55069afe736052a279c4d706ec1f97ef14c5b47bc9834c38aa2c42626c5c8d9e4f5bd9204b32933f1249296bcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5910cf.TMP

Filesize
104KB

MD5
1d67e2aa363f3f610c0606e103b7f452

SHA1
e39791301fe8cc1d48606efce23a9b72e363148f

SHA256
bf4a0b4276dcbefd2361b406ac2be9f34e3f4e928d4e2336d002daf05058cf4f

SHA512
27a068906e780703685ae5452ee399633d20b9977236befda6cc55443529901e90818b775e8f50d17e386d51339c10fb4fcb7f4de5bffca72b677c10d852ff4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\miska2 (1).jpg.crdownload

Filesize
128KB

MD5
d8f3cfd6a665ffbe3f0fba79b20f2085

SHA1
b2eaeaba1e2c0b5ada781da604f3dae1eea7bfdd

SHA256
1f5b09d0d815a183d15f0361722e2a50329cedda53c3b8faf450c9e431e10d05

SHA512
0da9072ccd85a084a45df55486e0b9b9815e2e4c96d4dff8b75dae9a9581ea51bfdd8b717b3e73989d081553ba16f821dfd8a9e1732b230a23a42fca7835ea92

Download Submit
C:\Users\Admin\Downloads\miska2.jpg

Filesize
143KB

MD5
3002d33b104a05063cb546d772150a7c

SHA1
426d180d2fe7d775792f40bccf3fedf2a8c10bde

SHA256
0d96d32736081ecad972c12e8bd9db8b217c143ba1afd5d6b474bf2ae8db9c93

SHA512
ce5c27186273c0271ed4f2f29012ec40cf1d6f5b6bb0a67027154197acb25bcbbad55f3afdf2338901f6a234e57e9ebb0f562fc057ff3af423b3b00f72f77e99

Download Submit
memory/3436-786-0x00000244FF560000-0x00000244FF570000-memory.dmp

Filesize
64KB

Download
memory/3436-790-0x00000244FF5B0000-0x00000244FF5C0000-memory.dmp

Filesize
64KB

Download
memory/3436-797-0x00000244881F0000-0x00000244881F1000-memory.dmp

Filesize
4KB

Download
memory/3436-799-0x0000024488270000-0x0000024488271000-memory.dmp

Filesize
4KB

Download
memory/3436-801-0x0000024488270000-0x0000024488271000-memory.dmp

Filesize
4KB

Download
memory/3436-802-0x0000024488300000-0x0000024488301000-memory.dmp

Filesize
4KB

Download
memory/3436-803-0x0000024488300000-0x0000024488301000-memory.dmp

Filesize
4KB

Download
memory/3436-804-0x0000024488310000-0x0000024488311000-memory.dmp

Filesize
4KB

Download
memory/3436-805-0x0000024488310000-0x0000024488311000-memory.dmp

Filesize
4KB

Download