hxxps://cdn[.]discordapp[.]com/attachments/1208516773465559102/1208518457663029258/bnrp_Mod[.]rar?ex=65e39385&is=65d11e85&hm=def04d751ce813360df577e382200d9d526639e7d923f292c7dd8cdad090c44e&

Resubmissions

19/02/2024, 16:47

240219-va2prahb43 1

19/02/2024, 16:44

240219-t87g8aha75 1

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1208516773465559102/1208518457663029258/bnrp_Mod.rar?ex=65e39385&is=65d11e85&hm=def04d751ce813360df577e382200d9d526639e7d923f292c7dd8cdad090c44e&

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528347421353706"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2440	msedge.exe
2440	msedge.exe
3896	msedge.exe
3896	msedge.exe
1308	identity_helper.exe
1308	identity_helper.exe
1908	msedge.exe
1908	msedge.exe
3724	chrome.exe
3724	chrome.exe
3600	chrome.exe
3600	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe
Token: SeShutdownPrivilege	3724	chrome.exe
Token: SeCreatePagefilePrivilege	3724	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3724	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe
3600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3896 wrote to memory of 3972	3896	msedge.exe	84
PID 3896 wrote to memory of 3972	3896	msedge.exe	84
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 3244	3896	msedge.exe	86
PID 3896 wrote to memory of 2440	3896	msedge.exe	85
PID 3896 wrote to memory of 2440	3896	msedge.exe	85
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87
PID 3896 wrote to memory of 1864	3896	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1208516773465559102/1208518457663029258/bnrp_Mod.rar?ex=65e39385&is=65d11e85&hm=def04d751ce813360df577e382200d9d526639e7d923f292c7dd8cdad090c44e&
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff437646f8,0x7fff43764708,0x7fff43764718
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,4958062924167555774,18354136393338623050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,4958062924167555774,18354136393338623050,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,4958062924167555774,18354136393338623050,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4958062924167555774,18354136393338623050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4958062924167555774,18354136393338623050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4958062924167555774,18354136393338623050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,4958062924167555774,18354136393338623050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4958062924167555774,18354136393338623050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,4958062924167555774,18354136393338623050,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,4958062924167555774,18354136393338623050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4958062924167555774,18354136393338623050,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4958062924167555774,18354136393338623050,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,4958062924167555774,18354136393338623050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
  2⤵
  PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff34299758,0x7fff34299768,0x7fff34299778
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1968,i,10337158418540115295,11240029116208355882,131072 /prefetch:2
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1968,i,10337158418540115295,11240029116208355882,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1968,i,10337158418540115295,11240029116208355882,131072 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1968,i,10337158418540115295,11240029116208355882,131072 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1968,i,10337158418540115295,11240029116208355882,131072 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4744 --field-trial-handle=1968,i,10337158418540115295,11240029116208355882,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1968,i,10337158418540115295,11240029116208355882,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1968,i,10337158418540115295,11240029116208355882,131072 /prefetch:8
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5280 --field-trial-handle=1968,i,10337158418540115295,11240029116208355882,131072 /prefetch:8
  2⤵
  PID:3000

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff34299758,0x7fff34299768,0x7fff34299778
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1992,i,17855344648986285950,4659492980273875580,131072 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1992,i,17855344648986285950,4659492980273875580,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1992,i,17855344648986285950,4659492980273875580,131072 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1992,i,17855344648986285950,4659492980273875580,131072 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1992,i,17855344648986285950,4659492980273875580,131072 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4724 --field-trial-handle=1992,i,17855344648986285950,4659492980273875580,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1992,i,17855344648986285950,4659492980273875580,131072 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1992,i,17855344648986285950,4659492980273875580,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5244 --field-trial-handle=1992,i,17855344648986285950,4659492980273875580,131072 /prefetch:1
  2⤵
  PID:2036

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
88979a1699fde16b4c698f9cd10ee87e

SHA1
8a61fb3cde8d379bb8a461a7be8dc2e93b5ad2f4

SHA256
d147732816cd1a5a493235680728ef3dd4fb9be1713d565f63d72c0cdbf1a898

SHA512
fe0de028e0285c3dd5c4e37be64c6a5985ead36423345de1eeb6d3f5d961a3a811e14878e9d3c42de87744be3b5ed32d07a78e78ce5b0eca4edcb6d84333e3bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3d683323-de0c-40e4-bf57-52fd03321b47.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
192370d8edc5383332e6f527d64f580d

SHA1
7e58e1d8654db3db354de941c574020ba3bc72b9

SHA256
053b98dee21746563de0b44970675873a6f7f7fccb22701d7b302dde1a5937ce

SHA512
b42121aac375aafc81f9def2178a2b175e35555784cb23d2f733e43ca1764ccea6a431e61f7e87c306e3c3b6ac10700d6859dcf18ea5082d6194cf83095d1983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
749d985ae046662e82596f90673fdba3

SHA1
dd665150be8ba6c933ac1d1844f038338dec98c4

SHA256
88917651c8ab91578d04aea8aa74c94907fd62d2db48755542ed3bc168f905f5

SHA512
c5ca26d1a979774e1d75a0b2d3767f940d3a1a56d8528ac9d4377ad77566d168d892cc167eb1e4a42b7cd1cc9420d371462975d3a3047fd89754afa11bdca3ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
57a88be7ed908c90ee5cd11b6a1410d3

SHA1
cb0aabf9730b7c3eb6a700d2b3f85d40ff8ef4b1

SHA256
beb6e32947211585b00c9ace264cf7d15fcaa7cb7461f619555a47faa86e7a77

SHA512
0105d229dabea415dc8fe26807e4bbb1d844132960d9fb6708e045c804f7ebbf6b8a839e58d709e9022d0722440bb1ce046156172150ae8350d524837c2c65b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
9925c98e03f271beb705db64caaf4b1c

SHA1
10109908d75c37e96bcec3bfa59cfa53640cbdf0

SHA256
f9e96a5fcc6136253ada4a96d75f3e3b5a0ad4e46ae7efb8d9ce35290fc97f33

SHA512
8b1b51efa0c728aa33851f3e5289d1d71208ffcc0178697a60032456faec7ebd14d0b5fdfc4ddae22f7d123832194ce2b005883e590477258935b778d79c6451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
330B

MD5
f1546a2dedd5c0481d6c417eacda8404

SHA1
11b97cfa00a88f121cba11ca3c855d21a700beba

SHA256
08dbd57b8335e071ece6b6631d4e2c9d6fc2b1b717bf153bbff068cce3c2d257

SHA512
2b3ccb902366f88e24125666917b349df27c9329e302284500672201077f337715602c415733ff664364a87fe3c3e2b19196e54f79cb6bd918e9ee1ed0824399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f63692df29ac79a2c36e44a1718a5c83

SHA1
6fb4e16379e3512eeef889b7ee861ccb88362475

SHA256
c61b48858e8e41fb7c18cab3b1065b6459f0231a8354986ad70389f23b3697f0

SHA512
5d0e1cd045d8ce865ae59fccac8cf8a361e2c752d648016f3b7e0111026cd1eb67e41eb87b0986d1194af6451644407074ed7b396ba31218dc28b4cb8304b6df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
86bc578c86bd8ad61cbc649da15c2ded

SHA1
542e019726f9de59cfa8c34fb54e10e87feb9f7f

SHA256
8fa67844d24be5497cab9e70ee228aff66fd008f9ea4c5d0de96a2ac5c4b9b5e

SHA512
6ffcaf4bab0f6cdaa5094878cdc43df1e952ce9f32c54d9d4ceed348e2c375315bac80c77a78a79be6cb253d3a365921b71b34a2152711b00efc464d1a40ce2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
78904ea9aa4ca3568927f747bc1a2a7f

SHA1
b7d281757c0d0963ab2861987b4d4885e85b53c4

SHA256
2a09fc155e2724212a37cd1e1ff1a531ec89a67b9688ce4e8ba2af0bea5e1b33

SHA512
13d98861635cc26b9a82e9eb9418c09a769f25e92f34e753fe7b12c9edf0d58a3680dd578463e676a2a760752fb462735fda864facabf27cf9b41770b858cfd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
715d5e5b6cbbfd02bf1339aedae73696

SHA1
803d7f8372d4cc8c47bcd428be0adfcabae0601e

SHA256
3287d3ecbdd5d53fb1fd1c90f3ac5a447b6e6b6e5eaa500560940374d98fd568

SHA512
0428518aa3b33417ef70f1b497f40922931edee702c6e32831a70522f7f1ceab2afdee33b1ce94fc9e88366c0ea340fbc53fbb5bc888ce3b1d7ffce8c4becd91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
467a7be86526b8ed168597b6df6cb95b

SHA1
79516109196a1ec0fdf51d0fb0c23b8a2424de6b

SHA256
78e5a80693ff5cde463d0284a3cde05d5abb19d2f2a522da1be6ac6097b4e639

SHA512
23418cef4f421e4b8d4e46082efad871de68ef9b4665bc893bb3e97d0b4bc4470551bdb2f074485b1bd432666ba0669ab7f677447064f36ed61c8a16a1b0dda7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f4a0557b755b5ee43c8c188265e9af23

SHA1
7e2ba5ed448f94bb4164ac50d8d1646b28fa64c9

SHA256
3db304e374af7b34ca32af7e5a7b0bfa6289fb8ee381da0e19fda470709d81af

SHA512
041debacd09c1067badd5fdc1be4d2c06dcd875c86f4fcd4819c115f2319902d38f346f3992250abcd0b0deef84695d7396cf6890073d874b41c90e26d8d7db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
64c1a1c8c9ca3025145dcaaff13d408d

SHA1
9d6e0f6d839c34470d0e5715a48c8f7bb8d30886

SHA256
f86f1582574554c9f549098bc33b5aa774faf0c9c9e42f7734b0145df506c6b3

SHA512
1ce04c5b7499291db6e9352ae387cfd3c5b8feece38d5b2f2ad6d6fd2cd017934903f5491dc435f4a7848ed7fa79622739138698535d1829fa911a7ae4788356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e0a42fee1e59d58695d75f361b43b549

SHA1
2b8e92fd4b0736f86476aec88b7d4ecfa415f4c0

SHA256
ceb607305a87007fad65a760b6a5c0f8ad0ccdaebd5bea19e33b4dadd483d1e7

SHA512
86f8ac36ec008c1ba5c94b3b48326af7fa2c3e83ae87859ae81caf3085dd2e6a203f4f4f4916f558739222c67b411fb295a44f3fab48d5458091517468763186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
39d17ab57f634941d605baba2ba42c8c

SHA1
be471afddc59a02122caeb331a5f459e548c5bce

SHA256
dc55f73b6cbfb70103a853770b9aa099b8c85a10773b99562ca4b5e2d4ace0e0

SHA512
b04d13f84815b0d98f5842440b9d59826365aa694f02ea05bfd5790ad4798a1fe8a53d5ff9e8a45ada702c587875d06aeec9c8267db8a60d21205b4779673f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d62507ad5a03fde0b7a9fd06dbef24ce

SHA1
bcf5122b720339a78d45b08acc8b3db283ea449e

SHA256
cfbfb2b54eb5426d6d20a697692aef4262d98c6a50a4433001d74583099dc884

SHA512
66c050caa2a9f04b2e6872252d62d8de7682196685e129e4413ef20307e65f90c59553acd901a6889882447492799da95b9f8240229487a6950fb14d6ac4c0c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6dfbfe974b9b59c927bafa70a8d5b7b8

SHA1
8b66c9af03631d4e4f8ccb927ee8aa4590bc3a36

SHA256
3c6be6505c214f7d9176c6f200540e3562c73ca973e3d64baa8ed39c3a357a3e

SHA512
9cd0816d006f726a10b0e9d8e7392fc539a57bf0c2210b1ca8b32a3deeb585d5af5788f28add37abcef021711217f68697117ee8f0d99ce8cec6eb8dace6d927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
74a2027abe28c1b81e03bd36491c09c1

SHA1
5092e6eaacee00c722122f9c49f6794aebc58331

SHA256
405dc55d8cb6d6c8da04e097e7ccb4838f022d511834c6abf82ff9e69f58aac1

SHA512
ce38dd2a9a65d9e60efe41db6f1c8ed397806b094b48604d7c427eac07f8820ea3dddf0d571f84fd6fe7b4f0684b263cd302d7acd67ac9fc9074387a1af2d8b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
45ae5b9ce5eebe73845b3aa71cffdd7a

SHA1
b55fce6a6af23aa8d8166adf484f9f9099c7cf83

SHA256
9b45c490214f2673a1b5d933fc77dfb412f0f40e52b359f5f7ba2e5a5e54ede6

SHA512
8e26723353c56047eed28ba19f4579fb4b65444a12f636fb12a8e0ad8f414b73ba74d7ada8ecf31fa08ae239a31432c1e1fc9a1e8b4c47a319d3e77621ea4ea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
87a5ce8d909cc1b47ed0a1fa9317c966

SHA1
44b0beebce826c7386a4917b0f0ee7d29ec072b6

SHA256
80062e051038f2e9cded270a5b584ca36aba475ead66307fa9c2d2646fc3a7d3

SHA512
b45b2e8894291d2fb893052fd416879dec981b83af2b16d05c8fe5719f884248fc43d9c13a513022c20317b482be393e5dc1e20449a0e8ad3f9dead2d920e82a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13352834741082985

Filesize
4KB

MD5
f33f9a873b878077b461de61b15b3854

SHA1
90e83dd3ba0e5fe8449bf5b16356cef894f5e3dc

SHA256
7177e3105660844830e86bfd691195c6e7dd8ce850127d6a0985db0221d02438

SHA512
dfdcb082aa2e90463f55db73661d7e9149dae1a9c53207972d8887f6a528b59d2b35ab6006491a90ba6aaa38712a89b6306f3c12c9632d318ed8a8291041d2e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
add38d0e2366f9f43d7af0f7c0e6ea40

SHA1
198644b15a5ae959bec60c648c80072b1207f265

SHA256
d142a663a2f00cf48f3cf4be78bfaec7d018c4a7a5e68e48885145222d5017bf

SHA512
b6ae7361cad94df3c61199f3e845963ed4262e133bbf4dbbd9dbd879bc5ccc1bd8c9e70fbefbfcb889bac3482e8e44faf3f920955684526e67861360acba7ae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
ae268c36d7c897adaa048d2cda04cfcb

SHA1
02e04b277fddf7f211a5027f2c6a78b1fdc59edb

SHA256
d996e19165e79b7a4928d12732208dfdb3053a4f341cee040e8fca03500997ef

SHA512
330ccda2b3a453fdc594a201d11c73b80df8244b97478fb8c211cd83499b579cd69f09f27fe735e119bfa4986ab62e3d80b8c27e9db2b88a9f89252c21b7fc39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
3df60165cac1bdbee9721f926bb80eaa

SHA1
a86e2b4338912be7f99356ceaa246865a5a2be67

SHA256
d3cb3eee0bf8704c9778cde03e8271af228dda619a604d0270f3774405d7aa31

SHA512
463ead1182470d09c10452819ff6414a8f7bb4baf65af19e160e88827f9c3f3d943a7d4b6519ac3f61b0011b2661d138873dea6b8f79c05c5a5594bc149fe824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
cc5b43da0b9d0fa5041548cc29f34834

SHA1
ab01fb4b66589edb87aba7827f56968542cd63ca

SHA256
b30a7053c0e84d4581ef3f126d45e729b44363ded5e90f6927d71f24ad37b138

SHA512
fafd5a92c173c2a8cff9072bf25b1a5bef35c9b2e82ab1c71493f010b12b4e034216c33016bb180c375c3a02cfe9f39e80f76b6822ca99fe7eef23f18b94255c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
55716754c9f5c5ddbbbe9570785c6c71

SHA1
f622a011d370f5b02a815dcd4eb0cbf0837d7c6e

SHA256
1fb30350955dc754019a8bb082fcc2c9c7fa03480862a036a5d81ef07455550e

SHA512
1a657e87d93f125d21dc1a7ed48f7b8861d234240c05e1c0912142152cae3413d571bc81be812be3bae858e7d1cf7c7cf5885bce23a14bc0cd5b02b2a02c852d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
918B

MD5
419f54c804a482b78cb6bae0cc5a13f2

SHA1
8218a2beeb899e81a11cc8e420718da6068ba6db

SHA256
18b9d6405354a6a6b610befdbfbc5cb687bdd57658a7b7e7d701ec4b722d9b41

SHA512
e8332c8f9eb492162999a7ac7897ebef6955dca5fb87bc8a7386e4ddcdb2f2dcbd9522f44ae6b918b753b3c1d07c1ecdd0f948c7aa2355998e3455c6691be7bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
3edf355a2b2cc71d6ee8a1b8dafa23eb

SHA1
bf5612ca17261daabb04d3a01054edf15c4f3141

SHA256
491348fec9c284ea6a961892b55932b45ee3d46176feffbd18a05af65cf11e39

SHA512
4fb818709ef79464ebc06f99d2ad4efbaa49000dc4a2bdaaeaa50da30d8e3c319089bf6518de9112ce4b26429afb4670087d0b75ded9d655948abb2c499d0699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
cd6e55b4e2c5124e9888075a66e8466e

SHA1
5c9789e99aa03747268c93c4c8028abec2a4f1ea

SHA256
e16dbf5af4371035ecd7e39f2381baea38ffaafe0257a1b695a3146ecafbb98d

SHA512
b3522a429763c650a6dd124f8a4243101ca5b4a95ca15871504196c3cff0113d379715ec7853beaf95e82ece43f6897844df2df508198f261476f563d5fbace8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
44c108f77b0dbec007df17f8265c63ab

SHA1
fc621517e58fe6b778253646375204c64ba6a9d7

SHA256
3d35a2312105abff236dfd17347376a70b8c0fbff6422e1b3b44b98d138ba016

SHA512
a2cb4281d70ae69135cec016d5bbf7037fdfbf10719d108722f615d43fa2fed52fab5c51663690721f9b66e20f57b11fc76ae1492e654150935d2765dfb3b8c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
c2ff6112ba28a4a399539204af019f1a

SHA1
974786c6cfd913e093681d2023d3aaea435fab7e

SHA256
396010012678991abb014a74be45bd8b76d1a0c643361223921a9abde49fb7f6

SHA512
b11aa6a9243b940ee49c72b7086c49664a2bff9b6c8a70718399c48f2dadd3ecc31cd10d31fb9dc4960ecb07ffecc92c2e0302e3e5b015430fbdc2a9bf2a4cd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
7119254c8889b9f89ef931d91a2c7f79

SHA1
4f3124e424391fe9fe25bbe3b52be0243b3e7155

SHA256
1fac45da90c86aa24ca589600cf07eecb7009ddf8196cbc2bd3824fc61e82f58

SHA512
82dbcc73b8de6076889a2bf0b29120bf5e29bd5055d06452a470e5c0fb55ced1c7f9ce5c3e44cb21668d3299ecdc7e465edd6c7fff51bcdf367c1b89313494fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
f391c2043fe46d8e8cc72e2f9a704006

SHA1
75746b5233ab8108b90fdddaf6dd923ef45c316f

SHA256
a61e2fd0959f4265e32cd9354bed916972b92b7203300536fb9d430aa0a22d03

SHA512
ff4055dc0f75eccd00565ae1918f427bcc34b12a6d278e219fd9645311a3e5e100ededed6df44f48c5f684c2dc8c39e3baec90e4f67a4003b9ac8dda1bb298a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
c025836ef1172d3c20c521c98db9b101

SHA1
9ab01f43e006c470f492a7075634e00b0756e508

SHA256
fba2633bed2f12c3d6083c637f97e64feb32d2e3b5d7ca0e0c96aac8ad184a40

SHA512
8786df123a7a1221ec6bd58148aed70a4bf3a62ad3f1fd6190096a0e1bacfe64042cbc91b8374ae4af0fe6f32493622ef55fe99d2ca665cba6d5fc47e804595f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
9231952cd2b92a9dd969c36ed64f6cd9

SHA1
2458bee87210df6f491108fc11545a8fcf591fa4

SHA256
47237e99fd68a063a975282dc163d65f56899302bb670e2fcb8f566a001dc1b4

SHA512
c9e2eaa99571735f896875fa4d9ebb8f7ba70dda3d29ec492003e29b4e2b6aa7a70724164a19b8de644c013c27e79879b32e99c71d9373d2745078fa5eeed963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f8ca43a414641cf257652cff8fea3b6b

SHA1
24981ad2475c6a378c4935bc4a1db1fcb30ef260

SHA256
5b68334913a6729196a916ac77eaac0513f08c1cc3f95a8f283c915c7b878158

SHA512
cd7af1545106745d73ca00343fc374b174451d8b47c43a034ea6e8cd30af41a875514b93e166e6a6e8f98e0da98a029ae2b0bbf18c54f1ae1512a402b451dc75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
9406efb8585f4c68700426f94887d39b

SHA1
8a01aae3938096d1a680e96f9a3cfb73ef99b03c

SHA256
1abb8f9f07198cf1adda116de68a2fa1ef1c136bf0a38d25d0d9289264a51106

SHA512
5701f0a0065e87325136c9d90fdc21324dbde27a49d434acc2bf09141eb54ca79fad60dfb79889e5a13dd935ae1b8ce8e2fb9f4396c27a8840e1e0416769addf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dadad0472ddf96b91bee68a6ebc5cd77

SHA1
26dd6cd2199f729b640c20676834383138e48a01

SHA256
9af3ef173a4c39ba7a9c609aede5d0dd15811015e5ad0782f6cca943b1e05ec4

SHA512
73e9535acb96b420ed5970f265e21f714a4d5d07d283b394410b63702145ce0539e9c9196b2bba632a2b5a49aec01ae2dd7276896da04d4618cfeab916c75fd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
beb067b3d06effe68dc249206052ec03

SHA1
3d3c3350f525ed4a87a043bc19c8bb045064bf27

SHA256
73c2dc2a263115766a5527d657a1256168bb1dae10d0ede34a6cde64d476ec1a

SHA512
cb9ee199855d5d12edd24e63bb5e06fa79921a58e8b3cd2a8de5568d6fa7272afe35ddd19eeeba41055117fe8c4fed8454c60f57370f4cdd2095b5208c7f7a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
331fd2d29a14def77fd7e66d380e033a

SHA1
e14d25a267fd7787f7810405a06454dd65bb7cb3

SHA256
ab814b86beb2c62d9e159ab7ef1300234b8e1935c5a16391e4674b4487e29906

SHA512
9203064df51f6096d6aa3690f5f1ada0f66d7eec6430728007d35c4f114ec34b753506f053781551e2428c855f37213dd6490c70fe47ffd85152b6d2daddd9fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21196ad1eed2f5fbc09e582a415088d5

SHA1
488517531a2ba5298bf4024193f33b859273e95d

SHA256
157e2dd9c51fafb407a1f5dec60a2c95e6225bf4e6a48141738701744807b9fe

SHA512
d5d442fdf0ad46121bf4cfe5cb1b398614a44ce7f6e4aefa65c2196edb3b2f586b1cfcc4c88fa3370ba3acd1e49824be03168df00532829f4c6c704da02f00f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d7fd77f04a8e16438166dc4e59300f3f

SHA1
8d133ab976d21183a0f1ae989be44c552f9b80c7

SHA256
4633c285590a7a46da4afe860fe1db589a1a86ddfcf3ef6d8e9244d2a9855aaf

SHA512
a93d4df81a076e132df7fbcc563bdfd8eb8e4a38d98481e57d9c77caa58eee0eb0336ccfd6190f28333051fd4421cbcce4fec883f90718a7c3ff408c1daff1c6

Download Submit
C:\Users\Admin\Downloads\bnrp_Mod.rar

Filesize
552KB

MD5
0086bd7d562f0e838b323e9c2d207879

SHA1
b767addc7af6f7a0c428dd3f77499c5bff15f460

SHA256
da99b3ed4638730c96938ef0f1c0223f261a459d88fe4679ed998c6c35a24a77

SHA512
632b56350b2233eb0902c9611ebd6a2b90e1d7b58e149dff29cb287f1c76c53f4612b92f2bc7adfdd6ad6e1af78c1dcab9fed7007a043d7cf1db0c1d596e7a2d

Download Submit