hxxp://mangroveerp[.]com/

Analysis

max time kernel
106s
max time network
130s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
20/02/2024, 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mangroveerp.com/

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
40	whatismyipaddress.com
41	whatismyipaddress.com
16	whatismyipaddress.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529029826777167"	chrome.exe

Modifies registry class 6 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe
Token: SeShutdownPrivilege	4408	chrome.exe
Token: SeCreatePagefilePrivilege	4408	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe
4408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 1044	4408	chrome.exe	80
PID 4408 wrote to memory of 1044	4408	chrome.exe	80
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 4808	4408	chrome.exe	82
PID 4408 wrote to memory of 2596	4408	chrome.exe	83
PID 4408 wrote to memory of 2596	4408	chrome.exe	83
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84
PID 4408 wrote to memory of 832	4408	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mangroveerp.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc1db09758,0x7ffc1db09768,0x7ffc1db09778
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:2
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2124 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4824 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5112 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4904 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5016 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4360 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2596 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1668 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5768 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1528 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5248 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6196 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6312 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6508 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6920 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6716 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6688 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6748 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6924 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7292 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7672 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8132 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8560 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8564 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8312 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8276 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8020 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7880 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8008 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9260 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8300 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8476 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8488 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9636 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7240 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:6172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9784 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:6224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10068 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9780 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:6500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9772 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:6512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9568 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10348 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10392 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=10464 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:8
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10388 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8724 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10508 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10368 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9584 --field-trial-handle=1800,i,10966115716889966463,6331216593159044937,131072 /prefetch:1
  2⤵
  PID:280

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:244

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" SYSTEM
1⤵
- Modifies registry class
PID:7040

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2272

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:4460

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:6740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
50KB

MD5
650a2b71154e19f42d449f1e2a24cd5a

SHA1
9f77f767c3c3092b5c7a6419a4b26a6c8d9bfa96

SHA256
8fc4c87afec6814bd33297f876daa4976410b972e30b0b18f00376f538c51ab9

SHA512
07adb960340815f752414ab009fdec572277d2ba5bea333f729f8271499f64238cc52994b03b0ed42b10e1430ea4587f7434cfc90a12e6ae3bebf9463813a023

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d3cff99febc17521453b98c8f30a9a46

SHA1
0eb3fd00782d7345f5dd1a50a233769e5937c384

SHA256
37282753a8203664500a93b69e61ba800f686cd09cc0a712983913f0dc9f670e

SHA512
2443aacc9b1ff8aa7756e23184bfb6ee4756d0708882314ff864766f516e8342c84abfa7995c3e9c567bd2099999b1c916c9bc76c61b34774b05e490c2cec86b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
25b8a589ca913a72594594b431ce55df

SHA1
7ab5893498d66e666e2d6a483c9337a8b55f5251

SHA256
1d53e4d738a200db0941bea5bf9325461b495cc987e08fc1610f324f5133b579

SHA512
91b12708c9e39e55887bdbcd0db044ac1af1fc4c98f0333e722ed37622d03e4764c53c5e8336e25cbf830bd3d5fa04caf81bade16f51920a9797f5cf0ddce9da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
b2b04568bb8e83ec5711317d7cf94786

SHA1
cef42e210fc3c14ae3a97920ce9d28101b68c791

SHA256
02c005e6686613eed868505162f614dc8d74d21a097dbdef026c009a98a4644e

SHA512
bebf8413df930343d2cd98eccdc193afbdcbc10e6074b36f25c47dae4bc5ee9eda414b678fcecc7174bd5a356ad81830ec56595c1da499ed0e2c0f432119ee07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8ab2206f51bb9f73f268fc6d764a38eb

SHA1
18ba5b21bb84556a7e2563b1b8037416ec6eb7b7

SHA256
51f31b35f61267a6220c13a9aae0055f18d94304641cc6ac4ad1e2fb68ea0ead

SHA512
bd1773dff7c60be22b07b7d0ee02d6e1157621b3f1e77338939b9cb35ba19769c74b455f183d7c12d137dd54949cbbd616a589e6514a44d43894774ff3f5d1dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
eb387384e668c5417f1ed8bdcf93daf1

SHA1
a16d669607060b0a255863972a09bf35e8dbe22c

SHA256
8d5999b7c332eeb014e052242115166dde75ea487633f84b51ea6859240bc085

SHA512
98aab6c8ea15506f2ed454827c913ac377d19497c2cd6406662cfeab8d2c39392746a7f6136adfae9a86a1fb85a3dbf82a03effcae90ac4515ee085fb63ab7dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
6ad78d867f78bf9fb1cb9b735720bce0

SHA1
519dfcc0ddf416fb5c52e039773aa78e5ea51a09

SHA256
6a659dd94d15b912d28595d0e1f6ff7915c3bebc40e476bb813c954f552375af

SHA512
68f3c36e1f292294730107972e1dfc99f6ef007c8bfac69dbc14b47aaf191dbfa64fc2c50b59fa24b6732ee7747454ec06edc739862fa3cfb7a2db71dadd31f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fdb14e539dafdb2a606f80063a7168b3

SHA1
c302680e25fa8087c04a7e3437626530ea733a83

SHA256
1677fde1b8cf2e779f094c1b8e34215bd8fdb072896d95a5875af771bc1ca0b6

SHA512
8420dccdefcc058e2783d808fd9ee6e53fb88f10ce9cba3dd8d3236d4b20aec4c968cfb7a0634bcbe74211f7d5746677d42078ea7e5dee3c619a78c6222f3e20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
4478bba53291612b1aa942d6c12a1de9

SHA1
f4cfc406c5da26fa1e5b4f75a415ada1e7bb5bc9

SHA256
e583cb27deb0a87faee2efef2464ca36d7ea87efff0360f1c79da17a5b3664ba

SHA512
743838306406eef669d09016842f4095eb977db8eb43cfa328b2f21ff9ce39dec37714b487593f1cb2e19221ea339867855c19888daf369f965380b6083eb68b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
6eb820a911fcdd22e9383ee3cb51b981

SHA1
45acd9a927c353573ba6c1a7dfd3dcf805a70d43

SHA256
3b930f693e477718228b00f5e120859df5fa15e6837263910f9db14ab3b5e94b

SHA512
48156dba0986febeea63254d4cd0e9788dfb3c7ff7ab9e51383a944bf9ba0f5752f60347769ef2b7c1599a76492e1fda90a51368d77725b7732dcfd6882d4caa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c99e91526a0fd2ee8ebff50a2de4306b

SHA1
3c31f54afe9756b826fd9e72bc2116cfd4ef8094

SHA256
a9a928f55b1ceb3b1022bd2d52439b1965a8867c8433fbedbb2ddaaa040c84b4

SHA512
bab97d2dcd3ef0e18a0d722fbe0a1064b2c31f120b628cbc014ff810c36f086a58ef449740be0cb43f48839957250271d58bb9fd086b5ba9ea2abedb0a2b529e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
522c0916f5455ba0991f7050e13fca96

SHA1
92a361eec63de14202aa32e4d281fff782311a97

SHA256
d410de127c6513ec76ce07833e995686e275cc8baf1517db7a1703dc75099afd

SHA512
e1252a173fc0f68b25da5434cbc619d649158681fb63e490449c0dac685b8da46ea4af0b1a5ca9a0841b91b70e56fd2319bcd204cee092ec91c6dac194c4d97c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7a297fa8cf8b23f66ec9a41cb39c16b5

SHA1
f0fc80d7f7ed707d56baea6ffe01859019e7dbcf

SHA256
a131420dea0e45403e2e4f3ae19220b6733f0ab75ee8dce317452b90df3c3883

SHA512
afeb1e6612d2f5f5d272a0b0a563e313c886c40ff7b510f529b252dc8b9c0572f65162583e9ef82d5b3c075a2aa4192106bf4123be21464bcac804ebdc39108e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
68e910322f8f3b53c36a9960eccb6ec2

SHA1
c27202b298c341aa66cfe75f83221aec916acfc4

SHA256
a710690ad446bfbe490fa9cec007e4dce4f5e5ca601486fbde67803a542a9bc1

SHA512
03f801375c779c7e9773cda5b6d7820a03541ea31b7f127bbaaa8ba5a71e8fa33d490a19b9cedd9cac223f0f5e4333d27190f32ef6bbafe804d8d709782e4352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
18d18def0cc0ffe1562886c5708da148

SHA1
00d81e6e8cff8f59dbc35904dc68c78916708e57

SHA256
b2e9de83c15e212225a171de1fb793a0ac5242d5debb94c366cd89101eff28b7

SHA512
562ea47c8f2362983957af449af45f7d3e863691a07406cadd681481b8062778bf3b75cb4fbdf0031b2e0af49e068d7ff03c9c42612bacca29fa6dcc6df57ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a7ce9a6096b34f6f89d707204a283f6f

SHA1
df567575a11613a3a757ee87b29d56a6511e5d95

SHA256
36324a609e3286d1899dfaa1a9c75d5c800d3206377e7f3430c855bc889d9020

SHA512
93f276563837d5c8bfeabb142e748e43a45fe7a7eb94bbd3f5e8d70bf12c9afef989752a8f093430ea3811870f0df709952a310f47f30610651eafb4135d6523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2272ac4df79a822e810a2af2af3f89d8

SHA1
0efcb728f5f7b098b7ee47ea690a92f6881199a3

SHA256
7aafd4f5401297113732ecec7f27998af29bf3ae84bac8b63f3f2d2e859192be

SHA512
b948102c5a21bd9e512e2d919fb0acdd77b93d8e01b5010dc3a33d95f68b9e9d956f947073f39caf611e9b2075c24e95010405fa1df180759525412b6ddbc8a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
6b65811d3c4e6cdcb73d4f7bf9b2161b

SHA1
3fbb920e7a3a40df1904dc32e4434150d56884b4

SHA256
05d73132267a9989ab552da67fa41783e1764ba1b56c9d14e232ad6f6e0a6955

SHA512
3c49b65edc2143b31cb1f6ce1c67b2197a757baeff35e015320796e2380d653c35277a0f91b382ad2ec2a318bd79c61030fcb9727d4725e7fb8db20db1a9ad2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
468af62c1f4fe7b6ff72d77d46e6eb19

SHA1
551672a152507af53bbb667691e01f63d1245993

SHA256
4a2e042c884058489060dd8ad444061e891661760fe3d2d89f0ad7f1ca5ab319

SHA512
e1c148f2af4c2c58d95677e4f92f217ca7b4bdfa7c12faf2e9cb9ead9c5fa9deac14f763bb918950f334c6a1506684024e1d87435dde1ac8e5e7146f9ab51f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
473a41c4a87bcef24acd1d8db8f09f03

SHA1
881c15fe4f2298781db2e6c5309eeb2c3ec5b356

SHA256
44500f715ed713833bf92e17aed13073968a3b74a59ec26e7229c46db8520e85

SHA512
1f21c5d3035e8ba4c36d5b0f3b2ce286577f7a94daa63ec4dc00c5705a4b76b35851cee290f4a26b5bbc653f282a809690c68e10721aa8a42b966134d3fba781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58ab20.TMP

Filesize
90KB

MD5
69be4dc486077f8f00a23e80631b8821

SHA1
13fc1446728239b653d17ad27da7f62cdb5b86f2

SHA256
55c9a820307b4aa4699fd7532f25e3ecefc9dbe61857f0b90afca79c42daee71

SHA512
7d0e17cb042a6abcf0e1de7e2baa1f4368b04c20de5489ceffede1fd00b7303420bfc5056943bdf848acb3f17af6e6a1c328048af60effbf000b5153dbe7bef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit