hxxps://cuty[.]io/IxqTQAXyG3i4

Analysis

max time kernel
395s
max time network
396s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 19:17

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://cuty.io/IxqTQAXyG3i4

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
314	drive.google.com
315	drive.google.com
316	drive.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531030961894473"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "57"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2132103209-3755304320-2959162027-1000\{AD1FF245-74DD-4034-A592-F2D73BB09B4E}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
660	chrome.exe
660	chrome.exe
736	chrome.exe
736	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe
Token: SeShutdownPrivilege	660	chrome.exe
Token: SeCreatePagefilePrivilege	660	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe
660	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1540	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 660 wrote to memory of 4168	660	chrome.exe	90
PID 660 wrote to memory of 4168	660	chrome.exe	90
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3652	660	chrome.exe	96
PID 660 wrote to memory of 3400	660	chrome.exe	94
PID 660 wrote to memory of 3400	660	chrome.exe	94
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95
PID 660 wrote to memory of 2428	660	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cuty.io/IxqTQAXyG3i4
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c5089758,0x7ff9c5089768,0x7ff9c5089778
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1244 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2992 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4616 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5396 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5380 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4616 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5948 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5164 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6084 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6116 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3260 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5176 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4696 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5444 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6260 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5852 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5828 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1624 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6872 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5384 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6968 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6016 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6212 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5008 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6812 --field-trial-handle=1956,i,1325276436235421539,12044237512212616717,131072 /prefetch:1
  2⤵
  PID:5020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2168

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3901855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
28KB

MD5
582903ad4a00278ea79c1855aafced2a

SHA1
f0e1bab3fb4df23c77fd9b21696d081a2a6c905b

SHA256
6ea36a7a6029e71a1f6f9342b18ccb6902b8fd741ec12d3fcd72088070dc69c7

SHA512
4bc38a4098b4d2011bcc65717ca4cf192115ca54af732697faf3582d87096ae5d3670c2cc549c8fd55e608d3daec598c29192ed993ab43051c843d6dcbf1a636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
134KB

MD5
4787dd34ac59f7876fc7a3e8c4d3c01c

SHA1
0a2fa42f0b64a361f9404802fc4eea75da616df5

SHA256
cebb59025c724f97697d4cfabceb05bb69c991351ef578467104cf1cbb35beee

SHA512
fcfe75082898e159cbd1b0a2d449df81c577c04822ba598431c179d40fd9c87e9f01376691993b8c1860c189543c1a16cb8512d60d01270bb411eec229b5caed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3e85aba93c4e741a_0

Filesize
280B

MD5
1317eae7cf15c1f57f2a6c160f62e6d4

SHA1
a59a92ef6040283c2ec4ac17927fe3a3750b1344

SHA256
aea5a9bdb44d3a57b8f4e1be18db81dd1ec74f1f5dd0c7f2786e6113b299a52d

SHA512
79ecfc76015005904bd357e8b15869f40b1e365afeea0b9d7975a63a94517c3a458787a2ebdba989b1e3b1b8033e2d9a637f4d75687cd06bd23c8c49f116b706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d3f8720712c1d519_0

Filesize
18KB

MD5
2e3bf86f36a1feafafee253bd6d08cd1

SHA1
cc186d8af20a0e7e24ed8c838b6be9c8d7709646

SHA256
cc516d159d4d669e346212dd004dbcfcfe0d97ac6b6c783f838b85514df9e5b7

SHA512
79c995af4bc1eeec494517ec5ed402ebc767519139734a8f5e5c3c07c2ccbd552821dfe7600eb9c0fbd4a44c3cd99e5ad0c7875e26ab7c817c9bfaa185a99ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
65c4b5076c13fa2262a102a533783e62

SHA1
9598ed32c57c3c2411dfefa14e30036b5648798e

SHA256
6df92a83865788d841cded5ba379e89e5d384a35f1fcd4e0d6cde4e31cc682df

SHA512
7a6e667837990755a5cd6af635d6c5686047ec1088e46e7732b59483831e7f8dc7b92c9a7b738c1b6611a2fb54e31d499ef333e36050ead8af3f92f6fa834302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dcdf31e5ffb06d7b86a523cc437c91c9

SHA1
7ec2e4f0a9231c81bf63f3942783cd0534a8f4c8

SHA256
ba84a59aba5da6934592c86774e4225e7a255b2d9c8893ed1ef32a3757fa09a2

SHA512
4b0b119d8851f28ab2c7f00aa449a495adbd43537be42b60b78b84b3a33603357d2f75c8323a6ed04d6d7a628bb40fa5f2c3018ff1ac5a078f235c7475c779ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4a94f09259caebbf601f3347b3fe815e

SHA1
17ce37931b78e4a1fb3f436bca1fe9857507e1dc

SHA256
e6803b711b0f85ab9a8ee0196b4d1ffe9d7b84e32c8f50d9e69d6bd67646c4e3

SHA512
249f8f76fc8f8f79f2c4b618e2f628f5908281574d20157bfa53e7a975d285095336799b132996247233b68285d187a8417b5b9a1008a6aeec0ad064399c0578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
98d89c39cce1f76303894bb27df2fde0

SHA1
4cf07b239153273d85f8c645e36375c8f2a72fe7

SHA256
9a842109b4fd4b671a717ae5cce486c9a1bd0250536ea912fe68d798130ff655

SHA512
631b797dd5243a3740eeeeee73053cb6744a285fe5ecedbd5b2c186fc653b7909e58713a3fcdfe67100ed34e2459da52b8b3b9964818e5be0ac0a20db1a83d71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
96e6545cd0eec5a688509b231439c6a4

SHA1
3f4373d9761bdab3d3d2947d13fc6d358d0ee59a

SHA256
c010e64fc87f76ca98f2529ce1fa641bb6be7e50ba2ba188248e75579f114abd

SHA512
6966bf56098308cb55017518901bc1d34d58bc0947bc77aefd7a322d4fc62ddbbd8f521b1758e6bf0c1c2c0ad7092a2a13b04a12eb2c858947f1e1394875c4d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8b4002f46073ee017d7787418600970a

SHA1
827b394e8933cba897a31634d3ad487c553ea04e

SHA256
a76793b715549a0ec731583b502dd0a98af6b2565a88c50879cb4defba7ccfba

SHA512
b777219b1b2e4d472bedc567428853f8a4378043869807dc17210151889b3db95298653719ba1734e5fa995cf85617e55ba1f196fdf9112319daaa1fc426b8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
4d0f2e48464c2897e55c0b6a051b3bb3

SHA1
e245cb779883827ad00c5890016c3da85911f17c

SHA256
e1a0a712f8f8227d275d70201e48decb397c3c8c3dd8817f0eb658223bafa2a9

SHA512
f23d63cfed7b7ae38d5cc1cc2ea353851d172ebec2d4bae55a12b1d271b34114916057856c09b79794304dda61cf29e11027aad2d545fdd24eb3b395105280a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
5e04d65cd8a526eac0caca6858ced054

SHA1
4deb83f25aad7a8a1df5856b9de6c2581081a545

SHA256
53c7adf9e52d8899facd1a5d74329d245af37d1844e3d37c81e1c92a7265733e

SHA512
1d6b6e078683c3e4c405929a16ae708f5da5428b4b14428c1771783591df5e03b47671e76e2b7edcfd2195d7a428e3ada63bc972f76bbceb35a6238a1ea09433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_c.adsco.re_0.indexeddb.leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_yourfreshjournal.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
06cece732e1f0864584a33d85597a982

SHA1
33497639978b9a6bd06e5c6650ac4693588d1265

SHA256
f47573b699ad801e9f660ae48b98bc32df9e57535989a395320104461dd9f65f

SHA512
692da44dd8bb12a427214b9832987d64cb369d67059d7f9941602009be9a05cb4319664445f12c9bc594f23b147c5dd2999c83ad33b4e5f51c3fc0e2c803bb6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
86b812a5688a5dad620126fcf6de7be4

SHA1
27c26cce89c9df37f6db0717a4b4820b0b66e7ee

SHA256
b2e1c774cced7cebbf527ef0194f0cfb5c9f54ea69c55cbced214d0f7052d701

SHA512
eee1dc925a70570de7da32c8133175ae30e213d5f2614a576587c715117cc55dc106dc202aef509e1472e8b7ace863934abb879905ff31766746ade4e66c4cdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
56556da7ae7b3ded2418f473abeac515

SHA1
442cca8eceb80a461508c893ff6e4d972beeba8f

SHA256
0366ca8b92b18cf9a1cc5731cb7701a3d21c7fb127e838576919da2a7efeeab0

SHA512
df6ecdbdd6a8f5452b39fc1cf59ea86db2336bfe684c1a396cf8e3fb5a0022e4cb16aff7e9ab0d95d9b400ea715a05f32c4d33d4b63aa4c334f37ef33fd7af8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
bbf8938b187cd64a3179da610b5e32db

SHA1
39fef6cb1466ced792e75a8b5de2029a9554201f

SHA256
5924e4547e8d846a68bfdd3bd396ebba1062eb61c02befddad4ae13c0e3219e6

SHA512
ad5c73fc9d84bc71fbcf6f6be9e0c05e3ad4220ff1dfa3dda2cda16a91ce579e005404e16a784df2cef5475194b6de239b3f0f254aef9eac7a522a7990000b97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
b433247b3cd87d024fb6d1f41a596077

SHA1
3073dce6fde4a5bbeadd555a27302d90fbdd787e

SHA256
9ca711dee2cdd8c7669d10de84ce227ec5147ed9712977d4cd9dea8893b8b563

SHA512
4dcc512fd6e343c9c4579635ad89366b6b97417f91df25856e758eeb082d4dfd9c3b4f2dd50f8481d053d66aef936ab6dd9f492ebca2bc4dce875827dbbeadc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
12d8845d1d005b1c9ac33b134dca3d39

SHA1
511f4fb0642439f62db2f5cdb801cb62edcd8ae8

SHA256
6c381d5312e5c8c1e28fbb36164ef18421c5d3d03f115c3cd3e4d7317bf3e38b

SHA512
fb4cc9175df94fdf80ee01a92d62aea9938a6ce3ea149d214b767e6a8977c2bc3108cbd9349cb810bb212c1ec184873d3d7989a3114a1cf3f951b04086f07254

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be6adb90958260b675863ed11a5aac85

SHA1
6f066865c01ef1f16d32c7b63ce81b45dbadac98

SHA256
61f67e5ddd99b05b9a66f14a8cabc3fb16ab1862a691af2281bb3be61f7b90cc

SHA512
1e1ee5147cc07f744f01419bf6dfb834b49a50626f56c60eada2193a2e8a150c187dc7fead9a0059ba9d84519013a698bb3c71621e5b7b9c6e02df41b214c423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
100fccdcdaf339af3d7bd52b97b5efd8

SHA1
5953b133c9decd14cae8f89f7ef4055f9a46c929

SHA256
fca2266d14df34d7a2155296a581a9529e4e85c5a25c757260c8b21bc174072b

SHA512
29091910981cf0623485e84cb646d4be9ee7ac61830b524b3fb39e00a6b7db93ff100fd00f28f2037401fe5087f8ea4ab7f7ea2664d21d76aba47192d270fff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26c5ec59b3cf6ef3f9bd2deef3b11f14

SHA1
b2b287122633b576793e6a700df5c6a1bc857332

SHA256
4e9e29736c2f6ca8bd1239c96d106e5b02cf1d68b2fd85eea63aa41c1ab4259c

SHA512
68587ba7e18ea54ebfa445a825c0c858cfe0b3945d8ffecec46934a48251e08b918c5df8bba0ee4b9e909e3cdcbc3e47923b0daac3872de0f4b9900e0b516ce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3c049cc6f2504c42b316d73f26b6c04f

SHA1
1c4ee9bbc4cbe7c76ab15d5c8797e273ced58e58

SHA256
5e9d34219509a94ba01be914239905a2d908fadc095b28a9de052710a7569b41

SHA512
bef39a2edf7025d5d1307c88e3c6fd9839b9dd9d6aba6a5ba008b665ae38b3224921658d611cbde2f554b58c0b453803cb9e7745a0bd1729b07dd95f15d46688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a1b02e355715b2a83d0435b3b8ceae99

SHA1
660f426971caf1addcfc4e21886ab08f6daa4516

SHA256
41115c79aecf90164743864033d238574e7195bdc85f5f3f06c460ceefaebdb6

SHA512
f218c99dcffb3f49802c36cfe5d77cc11c7b948144ba2dc30c6dda546b80eaf04df2b2bf91c371ccb29083a3c71048fd501b6a3825ffce31af9364845a418bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ed64b3349a8d4ca380bbb59b8f28a3b0

SHA1
481330a8db98224fd5b9182279e0ecb6fd51b8a5

SHA256
7b70c0d5dc56c776c5aa785e4797a70f723cb5b98c1bef8f738eaf047c9c6497

SHA512
b85e70ee73fe0249bdc307a95a3a56828d4a027d2c424da1da058690e79d33a7808661c1786cb228c5f5ecfbe0df2be89a8718238457c92e495410f327001b75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a8d738f9147e315999adf04a34296817

SHA1
1731c2b533ccdf09305a4f99496da8e90ee03ed5

SHA256
84378be40747395443b3602793a82b4d9b9de2066e774aec6ff8d3e12027dc51

SHA512
d9631e9a6267124966d074bba385f77f5ab72075eaceed33b08cee49a54e93b601a12e10533bc0362080d386b9ea4d673f20091b711da0580aca9b98b1911c23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0b1177bb3466335cb0c7d4b40ef9095a

SHA1
2a9fe9d097aac39023edc4b2868f41489be20cfe

SHA256
96c76e77a92d870a834fdc4b8e85863f051947cc634977bd6770abcf2f0ed75f

SHA512
3c10794d26205692b52786dc899f79a802f4e819ecbc8902b9ed64af21406e1400329c56cf7a0d85cdd6455d947a273d5bf8978c8cd56cc40f92a22cc2125ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
758bc4056c6848fa7e579cb9def530fb

SHA1
c6218095be13c475bb482f7652c9afe37b0c48a5

SHA256
96823f4e0cf5972e757f92bff03d272161de91f87a0f3b494c6c1e4138698275

SHA512
da705ac22ad0edbe7136b78b7b12aeebf6f9e3b2c67b216125f7dadd2e5bebc0db3e4ae44e47762e2d5ac11b8252073ece649b3e807d7ff7ac7456c0c737d259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fb5664e59bb2d4c198239d29e672f95f

SHA1
7027fac2750a25eb129a59b79ff88487502d0f0b

SHA256
7da524e3225da829ae1bfb36ca62a164bb259af85604149dc98c748ad751e4c6

SHA512
1a3a42a4da909c0568fb01606d86f3cfd2399db96897d311bca0ca880d9f428ef1a0c758b3e5ebe775a8d3623e65d7f3c7316f0721582fcc9e3a1a339b81e3f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a3c92ccfba461d80d240a46a8050730d

SHA1
e307e236207c4dec8e84960a831dfedd299023a7

SHA256
a0911105ad40dba89c4a38508f8974a76212eeb5c9c09bb8eddea3b03194b16d

SHA512
4a19d1c82acd08a6181e483d109772a44ea65a9a21e77be66b2e8bcb168f8ca3c1fc25a3803ea5d132b85bdd47b5e4d0c9cc45d6af37230182ff2a6fa63087b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c432b3483bfd1e420a26748893707bd6

SHA1
f7cf46c88c9b6b69f2b9a2ed46a5fb2e5b33539f

SHA256
0dc69adaec1d9c1863e55e91a33b5c94e5c4ed1561ccd60b6c27ae15dc39d013

SHA512
4e32cc11d71c4d42fd06702dd712b05d75d7366ebfb41a891409337937ff745e00af7d0de2de1182451445601b6c8d40f5a2a1dcb35ab27c9f078fe68d7fdccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
6947052c5ba20988685efd7e436970dd

SHA1
9ce07bd8e81ff83ef89496b6c3de6c51dcc71a27

SHA256
42b001124c3b4ed1da86048fef1f135aabd9c18580156a45d49d7f30cb794eab

SHA512
6768089f3d9e66010d253b71efa21d459a8250c9e26e00ab1535adb6a31118cf037a46a515dafeb643bf6dd53eb601b14ab5fbab53b11acb853cd82f8d9c9f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
1ca8666193224024f9cbdc3146b09f33

SHA1
d9146293be3a78dfd8328d6bc30e50fa58f17bd5

SHA256
35762eb2167428e29c93d2a5b44322057d12ee93d10a8e0bd9377545e88653d0

SHA512
97b6ee3bc5fe6fa2e84d987911a908e3a51b5a8e121606a1cef65c1f1a5b25868148f716b985c9f3d23e25f2521270221255ebb1155029a5110d0816c2c96996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
106KB

MD5
8d2b6e91888d1235bd39c8c576812859

SHA1
b627e47bab399f652d6079856daaee43c206e028

SHA256
e642ff9c59b5a4078ee0197e210e7c8df04fa9227dab333d619e06123cf297d1

SHA512
bea9cab70f9dcf3da9f938430a027ac3904bdd75efa4cc6650c6a1bb8e7b4b937e629c2e1eccfd7866e5c2525c79ffa335d3d852f7d6892a2fe9f8ed7282f675

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
759fcfda4dca1ac3cc0ea117427318e5

SHA1
0ecc4b0f55e12db36fdff4d3a06374d4cde200b2

SHA256
59261a660f3c81124b31aeaef13f24c11ec96062ad22c87ec6eec8d5fa621021

SHA512
65d6808bc8e02d6241e12e325715682ab56745c61febdbbd916edb6b9059ada6675721705c56c6ede3370aeb00c535704f672bfb73614bbdc31998a27f38028f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
b64e0fd8ccc7a8ab47a8088c55a41577

SHA1
6189797217d126bd12777a0fc2629075046f9fa5

SHA256
d579c531587b26f9c2f0c9919ec6152db1fc1bda29c47d98784495f1bcbcc10e

SHA512
69529c5a8ec015186d8b75af5bff962fa335ac7a21b7417f0d5fee68c9ba2bf2f759af1bd154bc9126ff981161cd6d06551ca08a55d9365e08c4b6593c692a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
6f0f073aff03060d8cb7ed480d7c321f

SHA1
5848440e84a48224d17a9e6c466f16cf869ad9e7

SHA256
e8c37aa091e32f3a45bf000cebc95ed0283c0d6980a331553944e8a9b86617d4

SHA512
db3d7e60fca28846fa82ebb92f64c43b626c9018ece0f6b3b0bed0105b5db94ab4e1e8fa8f7b92808ba6d755d188f00b11def7cb5cda8ad4c76edb1ca9ce1a84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
475491e74bb0183c1d56428be6b00733

SHA1
d154cf605b040120dbd341474d48701c585fb592

SHA256
7ebb41e11b40a8a367fd8fed3ca386cab4e8c57cc92971465723d25c5b5c92a2

SHA512
c36e55a1668c6b96ce706d9792f85eafe1736108f8ae706b87cbef883797bcd0b24d7a33216898075f8cd3c9f37989f92590e01fa468c71a38dd02367d108105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
ad84c8cb4ed11c315cdf1e41d4945c1a

SHA1
6725a7aaa75d7c6901bd3e93ec61ced4f3aec7ab

SHA256
44cc534fe1ee0a65fd36447b316d407f2ee76fa38e37057b6886e065629644d5

SHA512
049c6456b8ca36e46e799669311f5accf51b125b23f24f3c9bf77578a66d4cf37e371a5b12eadfae5fbc06df08a28b701a938dc9fe5345b176dfd2ba9f2af3d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c023.TMP

Filesize
104KB

MD5
0d88f97117f1fdcc4bf1a23e7f7268f8

SHA1
4f7eedaefe8277f5bf842d5d1c967afa2ab697c4

SHA256
80b1921780009737d364cad1111650c17a08dd5ac8287de05b816630a3df2fa5

SHA512
8d106913e9b0a629ddea1f0c553569b526d078901f6424c7ca21eb9addf1c1f2905928113d92c94d8e463009a792d547ce2cfc2df7967d9530165bcf17c1f915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a51b3f16-fc3d-448e-b5a2-053d7b337aa1.tmp

Filesize
130KB

MD5
ad764d1f464551ff71f2f6b2121023c2

SHA1
e80c86e5116401a3b238268eac1e71de13b0ef5b

SHA256
b7316b3308573d024c4122c4252a9febf91a0c9916346e718b5a2f1f73e99de9

SHA512
fa68ee7c7b036e8d0b3f3a3674bff81f3ccf5d19ab6e1f401bff05fc91d1a36c4b02e32034c019c59622657f16c0aac68d28728bb1c72161e02248fd43f2d064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\dca2002b-c49b-48ea-952f-11df4a1bebb5.tmp

Filesize
110KB

MD5
77574f45837602eea78c0700aa7368fe

SHA1
d3996a93695c158cb75c78adcb0714d9c9215125

SHA256
e4ec3209ce8d42197712f4d2dbd32a219a80faf51e99f3953e9369bfdd8eecbe

SHA512
0ff1fec44ad4495e03fef4a5cc5a85b0db70c0e452a68064433bed99e45925e0c23ec6a989aa84ff6a55e4486ae5bc1b8b21d431c6cdf19e6128f0e1fc194d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
0b29eda42475095d017a7ffd455e8f90

SHA1
f241f607252531a9eb6df3871201bc7c6c63e739

SHA256
6dd736c27ddc60cc8551e7c2b8aed6d97ba032dc9276efbba50a76209288c0bc

SHA512
7c820568f03b139d74e4d499c624695bcc190694497277a42129a7226df2b67d1f9623a8fb2d58b01ffb973c7eec18cdce32cef69bea700110350f28ed649a0d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
6KB

MD5
07607cf10e9b968ed00770b4e328c07b

SHA1
516e1c2ab225f270624b0583b8d93fa41ab0c241

SHA256
bc2b252e55660857626a131dea3ca72942eacacb02a0aab52874230ac5967c60

SHA512
dab1f688365d5683430734cb56e2f64ea3ddcd8941b74b4bcdb9ec4bceec83df50a1fb869351ad20945f6b2ada371edf5fb5f888029a44b62ed1991bf558f3db

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
cad1d6e46d0cbe14d269ed0f5acb4a8d

SHA1
af98017ac64518bcbd26666b0b1433e7b7fcf84f

SHA256
ef2fac370e673647141ae20d2ad1c58f6042d15bd7b466a0fc447d5bf0d9e246

SHA512
bb62e454c694294cd88e550587181a9947622571c4c35b86fe487e0c653e8ddb91a89882e3fff4fa7833684fa0efbc9cb45d15b53c6eaadd89ec41f2f74d4d24

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
52a9f6250a300c365638d3a5f88d69ee

SHA1
0bf4c71c2e15f2d2bf3bbeadd4d0ad376d522a76

SHA256
127fdccab09c2d6de5b9e40f1134618298ade36ba5c03a74ef3329dd03e89738

SHA512
ed87ca07f3e68fbd015ad2453c569ace06a573d4695200e6efeb9733966c7c19cb5632a2d33ecadcf48c99f64d0214a364361ad32f67aadbbe75421934f0bcf5

Download Submit