hxxps://cdn[.]discordapp[.]com/attachments/1210890454485442563/1210890781221720074/file_release_2_0[.]rar?ex=65ec34eb&is=65d9bfeb&hm=4003e820e2652713a56076607a66a4561ed3da1ea58d34f2571fc81549450d2e&?space=File[.]zip

Resubmissions

24/02/2024, 18:40

240224-xa85yabh9s 6

24/02/2024, 18:37

24/02/2024, 18:36

24/02/2024, 18:35

24/02/2024, 18:34

24/02/2024, 18:31

24/02/2024, 18:28

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1210890454485442563/1210890781221720074/file_release_2_0.rar?ex=65ec34eb&is=65d9bfeb&hm=4003e820e2652713a56076607a66a4561ed3da1ea58d34f2571fc81549450d2e&?space=File.zip

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532734614985497"	chrome.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
4504	chrome.exe
4504	chrome.exe
3000	identity_helper.exe
3000	identity_helper.exe
5468	msedge.exe
5468	msedge.exe
5868	chrome.exe
5868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
4504	chrome.exe
4504	chrome.exe
2592	msedge.exe
4504	chrome.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe
Token: SeShutdownPrivilege	4504	chrome.exe
Token: SeCreatePagefilePrivilege	4504	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
2592	msedge.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
2592	msedge.exe
4504	chrome.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe
4504	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 804	2592	msedge.exe	88
PID 2592 wrote to memory of 804	2592	msedge.exe	88
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 700	2592	msedge.exe	91
PID 2592 wrote to memory of 744	2592	msedge.exe	89
PID 2592 wrote to memory of 744	2592	msedge.exe	89
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90
PID 2592 wrote to memory of 4756	2592	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1210890454485442563/1210890781221720074/file_release_2_0.rar?ex=65ec34eb&is=65d9bfeb&hm=4003e820e2652713a56076607a66a4561ed3da1ea58d34f2571fc81549450d2e&?space=File.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b42246f8,0x7ff8b4224708,0x7ff8b4224718
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4452514166597695897,8287293366656182265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:5780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8a3409758,0x7ff8a3409768,0x7ff8a3409778
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4624 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5232 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:8
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5944
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff675167688,0x7ff675167698,0x7ff6751676a8
    3⤵
    PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5416 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4912 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4816 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5644 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3996 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4792 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3328 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5944 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6020 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6044 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4672 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5316 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5776 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4676 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3288 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5756 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4672 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4812 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5888 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6036 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5956 --field-trial-handle=1816,i,9650747930373233877,15954331099178156517,131072 /prefetch:1
  2⤵
  PID:5356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3020

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:916

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\41ad935d-18ec-455c-9c9e-1be4b446ea2f.tmp

Filesize
101KB

MD5
e2de936372a8fc857271ecc98b6b9f1f

SHA1
ebe15fadda2ebfc1ec1d39d9efc5f92fc33262ed

SHA256
b9d704dc0da7f40e789ed887a211b65adfbc60af812caf114c7d86cc69958f3b

SHA512
44f8b953ca3fddb6308ddbdf27aefab04d883d13d64847dea848c9c5b6c17e600a9aa5ab0f09631d8a23892a143ca54d39d9ee3401da2d0b78fcd2ada62fadcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
27KB

MD5
ce0b8d11a00256be872539d386e3f8e5

SHA1
64658a28b3b3a52c5332c9e1fdb8875411a4f9d2

SHA256
3a009c2e78435c0b5f5454d3a39090a76111f8dcdb35ae665332afacb6f2d83e

SHA512
06fd4d8b19f485e8fafabaebef5f48217d86ff8d59a1889e3a47bc28eaafb23892fe0f85d4e2165cdfbe70761fc006c0650e7304b2534960ee8962fdcef8cb4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6d57d839461bd44dbd327c15ac95cfe9

SHA1
4728d5397b90b6a1ddce71fc5fe9757c94b1eeb2

SHA256
9bb5ec07a1f3aa5dd7ded4c64dc83343093d6ff2d236d6f7bc60a488b91d260f

SHA512
6fd7c58fa72800a49fd80c8a8bdd7f3e3b5f7ca9abb46ab6c57bc0d293023e5a0c1afa6bf23256bd401444e1508661503726cfabec720c7a4f16b8beaea54b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
a7260d48029a64c515f76b630f9c8d7d

SHA1
79302e44f7fe329b9b1df617e5bf6852e15fde88

SHA256
8da6dcbee450ebbfbbab9ebbfa62a8677ddc9bffd82cf6b87e00fc8babad13e0

SHA512
9f1a54023df0b64fd7a3ab53dff45f99ab116619bfb08a093d74d8361e0e95ffcfc9b06951b0d1b5d1ca796f905acb587646d0ea90fe07f241546ee6659a2908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_graipeepoo.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fbeac1c193c486e47d7e6342444bacb5

SHA1
faab7954c2e91dd7002c889334b8358dbdb5b289

SHA256
f8686f1b41eed7e56880b5cbd543f91ffd1308d42e86f5d69d9be37255266a40

SHA512
a73e5c7356b31a8bedfaed9de7750f398a01a724f1acf7a5aef332f3774ff2e1f635546537ff355b2ed0017ea6dae507f1899cb853f908cfa6c8e14e2981111b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f54ea9824bf0630c6735000e0f58473d

SHA1
3d9d9308028d0a20f7f8895db6932eacb5944c43

SHA256
631095059aabc154408f42f3fedf19e218077986cb4efe8383913c3066e2f4bc

SHA512
7d59e9f0359dcd630311783b07a0605d2f12eb19bd8736196d38c90b8e830386e48969e6ed08e5e880064109ddc4ad08cd9266ee5f437237bbdc67656c6e6df4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
48a9d77446544f8f98039caaf505b384

SHA1
02852f095fba578487fdcee18e7c1774f275a4e1

SHA256
be416927270929f7ae4791e55f793ede2a89e1362e7822aaee20a5f98c116b4f

SHA512
280da99d32d7de0c6a43541482ec3d31147f87e265ce729e2d832ffcff3822dec113576503c578654e4526236f84b267b1eb01f77cba731f2652a0a705a00311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
e1cac3248d8edde5c00e1e9e9d4f3fd8

SHA1
bd57fdac6ba9ee4db064b6c034d2c25aa8a3880e

SHA256
56c85e000adb3b3a3a333f884672fbf13c315fc2466f3aa98d343182b1a5b2f0

SHA512
f4f81e57ab39bd897a3f7521da0c94dcca31baf52594bac2a5ac60b2a61bdaf8b58644f0f4cbc51c25c7d89a8a8803c274c692677dac86578bffa3ad64b01f11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ee97afe4575712968e6901690fb77312

SHA1
864a5370f0d3ebc625a85be552d322fa2b4fc942

SHA256
c62e83435e7a5687379c3daea963627a89e04cba9aa4d15efcfef370ef1e1c08

SHA512
a2b7f1ea0231968eb42c266f46dd48fe20454f2d2e08250eea5c413291628c8b316ef218b292a755e4056e0f18fd4f11f8f15c3e6dc28609d507ec0d61af5010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
35ac839f225ff455481b373560c30f81

SHA1
10cb58b698e13286a7097d463b4b21ddc6ffee19

SHA256
a399891a853ef6b856c0b3d8cdb218e22f09889064bfc59f911b5f90bcc74f98

SHA512
918e0b982caa7112aa2c083cf8a5c932188f36af34eabbc0a4ec01c96bbfd1cf145bd6f43958e7b7cc1f0743da6b7afbd0d76a418ec2a6fcc2f0e9b5cdcbd6ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ee8c37a7f7315f4a1a9b3e15c529cd53

SHA1
31e5a28479697df7f8ae8a0a2a237e53ba899dc1

SHA256
af4a1df02860a4a2128b39beb40f200ab48ee1c4089ee2a175cc2c3c5b9141bb

SHA512
13540a111f035a49c3d5754da24322b25fe040bcf802be3725da13e88054dc05ff2346664db4ebea2a99c147dda9391c69696691025e7f620755002baa3d2d99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1903003f1499c86ecca12b6dd3e7b502

SHA1
ee29db2b8f47daa44c01a6f3b6d62eba7d819461

SHA256
a8d98f975cf97de23678fa20aeb1ccc9cb6f675caf6b5f608fa58aaef4e72d87

SHA512
cd0cfeb6ee02dd19ff63d3d2b3edb40b767e7285adce1e8f3277ed9e04b8985d27d16dcf1880b35b1c5ba01d7053eba0a5da898cf9e439a8b69af8a1e8c276f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
945b5ab998d11fe5788acf9019434183

SHA1
3c9200fba6b5e64a64327cac8dbb72fb9dc44e10

SHA256
04b38fdb3b96433a3ac5588965a73ce5997d5ff3f93a8c75fd0ef95589de36d5

SHA512
3a81889225a838dce28df808c808b4cfc665bd12f6288f04d57941205c0abc1e84fb46f1482d89c2ee56bc6753e11b6a6606ba83ee4c35f7475959b0a827b345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7cc6677dacc2200d5e6949db88e447d7

SHA1
e5bf086955a0a186a29c769aabbd009a08966d1f

SHA256
2ad395bf6a0e627c7eb4483e95c646e5058f66fe482527430d83c42c2f189bd5

SHA512
43d01e5bb982c98070d3fb480051abfaffd6df42dca539275a8b3709797a025f79d2ac611e4238a6fc72b20b242e9f7b62b2ec0dcc121cf8f5bfe1e09015cad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8980cafd7929c5c8168a7a1043579fb2

SHA1
e327bd5a00d320d063da1495573d74149b33e21e

SHA256
49d7476e7c48d9e46361bac72c5570c8c1ab708f72bf6bbe33825102f05f26e1

SHA512
ae81e05937d8754a8b7ce93e27320ff349a8efe7ac534cb7e424f752ce3dc94dde89fcd93ea9bd3e7cd5535592703f2a06697964ee9c8413779a206be36c4224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1a479371c6c5434fa3a42c2cc6def065

SHA1
af4d67715f285a990a39051c600b4d01f5f1066e

SHA256
6ce375e8357c6d113c1e9e6e33d279c273da990ef130ac319f53a15d4dc6cc12

SHA512
1cf6c8ae34dcab4a27ccf6ea211b54950cfbb28de1a11b9d685454cf65aa7dd22c2bec36df43fa628ce9d93e5f0815849a3c030193f6a96cbcc2c25617cd20f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fb4bae96e9dc8baadabf8a24622bc5ea

SHA1
1b6a1063c4a7cd8c25e9ed6bc6b580f5599db029

SHA256
9a31b6335069cbf033f717fb77a12c29c82575d0717d26127a6e7d60ab3388e1

SHA512
176f7bd98752baae6d32e52df9df2673ea36dd7329928457b942b264026a399c7e595b2d5dc1900eccc1cbad7ea1839db8153ce6cce3bf9b9fe926c95c31a8a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9cac29df51c2c6a1cf131c323e9ce3e3

SHA1
57c0b3fdb3f7e107ee82c6e2518513ed9b4c21b1

SHA256
7c20ae0f693aa7d472f0579cbc8574376d617cb8978eb614b9cfa78b16421e6b

SHA512
c462751f6000e9bc53d8371fc91ec593c5d87deed9a44ebd6a2a845d8aeadbdaa719d2af6cceef773288cf12f37f4c70ec1d9649295e527d752c18730539cfc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ba4a66c74b57d25ebabfdd2c33cdfda5

SHA1
4339f60a3f9b2f5785a8fd1d3bcedf3f548bafd9

SHA256
b9c1cc9efd21d1b42cd6c373902b8b3f9d9cb4da26adcbc43f45564ee29b937c

SHA512
2c7cd82995ff2924db43b4888d131b5c28780157ee8c366c051a3922f966ab9e10043ae3c7079b691a8bc8e670b6ed19292e3d9143aa5db3da0f736e60a91dc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
717d7da97d75474f0a3589af8ed13ab6

SHA1
fb834f3dd1701e5588da8054d35dd15cf4834c06

SHA256
887a6b83eae3cf7d002206def592856099f50bb28df41c693b73a2e6e98246be

SHA512
cf865668b0f4645d7123792bdb8b6eb3b8383a5b27843f5f54e9b820ba3ef1f13ab7c530f10ed7f4d291cee1bc48639e2d3c208395e1a06163a385066cc9c6b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f72c.TMP

Filesize
48B

MD5
b4bf1de4db52fe72847cfd29f14615e6

SHA1
205a202efa082e8acf07eb4b3c55a36780c8ec74

SHA256
8d4a0198aac45564b7f851a86b875af040187a9027735679377d83e52b45fdae

SHA512
8ac3b6ea640272145bf7d8a7e8253565db4a538f968807b51786643e60ba7de03084efab875da70f35dd26c8e72777ace3774863e46e909597279633d624b705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
4457d074364ba8dd19cdd42482b0eca9

SHA1
f603ac1deddfb810354c8b84234483cbf3a709c6

SHA256
7fe9a4861e4b5056f95639a1b3b5ea201cbddebed8e0702d3f0131b41782667c

SHA512
f5ac43de859b2ac731e50df9d69bba68ab3880f63cf2491b684c24b761b610124e98fa772a97f19d3ef74a85e74502335d53589d7ee374d25690bb1c3a29a9c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2f1c575afebbad66cca188c0fe35477c

SHA1
0eb8ca64537677f6d7c753969f9b8b948722389a

SHA256
d1c0949ee0c2be300c262d907c8958480dafb256716f417c9f56ba9cd1a39a28

SHA512
83585ec9522959a1ae373bc7725c9b48530c48c4e2ad9cb8d06d4f1168912eb8243e5f7e19f8922fe44a1be89d50d876b03bb95c041b8e660bd2350684ce37f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
ebee7e67a2776752731c11883c67c0b7

SHA1
fd9303387483c97dee29aafe33029482bbc71d5c

SHA256
4ef95eace92b858156f271fe44bc283ee6f8d6d6ebacc8da760f6d09f1127914

SHA512
678eab870dd757ff3e62f84a3c30f8ef01fdbf3782a16d386d6ac004f6269fc1e757bf452ad54d751a7d3544358e8e832e16558844718b222e1b7b47be230f77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
e0d6f63982f20cbd2ac287b3207e0042

SHA1
c4c16fbd581383f03a200bef019b7fa0d8881b94

SHA256
54658495c57613237af525759d90cdddbd992d32e9e5644dd22449496f76126d

SHA512
ce7155b447c548887365eb1a90c3a8420057f2b7ed8d727ad801b2e94dbe7434407440e10440445997bf018240cd8342aa2c8ce3eac5a05334ab014d91bfa7bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58aa06.TMP

Filesize
98KB

MD5
5d844f7307e5927908fc8fa6735bf8fd

SHA1
f63028d28ecbaeca289b57c1d7661798e09b8f6a

SHA256
6a7009661f1d49156ba072d54dd66a565d2b28c2ce10757a6a122400669169ea

SHA512
d02db23dc2cfefa6a2f4c2001520d7e5c982f7111566d54a4aa695acce788057d56cd6f807895d28e451881a9ac7360236ea236e6b8fab343ff8aacf1ce9360e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91746379e314b064719e43e3422d0388

SHA1
65f1a2b5a93922d589142a6edf99b5b35d986dba

SHA256
0b3cf8ae20afd84c9bf06546e876c84922cb5800526df72a628479f4d5487df7

SHA512
a783d8d9613cf92020fc36fd27d384dbd4e105a1ebd02c4507bf7263e61ff5b377e6d1734b066700782fa64bcbeb11af31ac3972d404625cbdb587cfa3bc0808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccf8b7b618672b2da2775b890d06c7af

SHA1
83717bc0ff28b8775a1360ef02882be22e4a5263

SHA256
ef08e2971a9ba903c9b91412275b39aabfd6d4aa5c46ade37d74ff86f0285420

SHA512
eb550889db8c4c0e7d79b2bd85c7d0e61b696df10ce3d76c48ab21b935c7ecc7b12403a00d6570e7d8e4121f72747242c2358f8f0823f804e704bd44ed603b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b93a87651d4f6907c76c3c1967a2b2fc

SHA1
dcd2409f0f552adddae2f0c521fac03cb65e8477

SHA256
faa99e27d3ff91996e5284a4d8839386d6e761872887c5f4982449b0a7000b1d

SHA512
f4d7bf49ef33698d1626604c1e5649d3902afb5c6da957186a1968c6e390eada1dc43e866527f5fa83bec4d122681282166c8fa4321e8d2ecf76f1cb892e076a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d0fa30bccfee823d55f02681dd869af

SHA1
0f5ce202223488f59191df9324efdf7f31a557dc

SHA256
0f9566874ca09493d81de046841acd10edade38d87d5bd62c99ea5eeda45a044

SHA512
cc3a9ead6f2519b1d7e47ac3ff8489f44c72834692e6c8fa5b44ebb6fd8cb33542306af46cf91c0d0f88ba1ef7bcd01d2dd020bd763d1a241856ef9c3a68e8cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c2dfb8bc659186c50d299bad59ae049

SHA1
2e3fe87008702b2e9f33f4f6dbb575c841df6283

SHA256
311061cc1d1b48a381479708738a092530cd8b26c6fb86300e6a3ee6b7d89888

SHA512
d6587fca3738f386f5a3fbcf1fb0b1fbdc02aaf7cae43a188e8c4ad90502049a35a3c563eb6351cb93bb74de8796d45c35959f497b11296fe5ca74136f197c18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
67e5a52daf4d0e00cf7e14310051fbc0

SHA1
545ef8e9cd31f661406eb4b30fb4a60a4a95334d

SHA256
1fc227aebaf5375198c830e397813f3c4fcf975a15fc45eed5cfc0737d45434e

SHA512
d8fd433eb413513182703aeded395294e46ff653c33596bfba63c4872da8ab26b60ae68dbb0c481a005623cbb35bd30866eacee2bdc212af3c74770133277ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0f7f87a64949e19db7d8dd9d9b4184b9

SHA1
16d58ff4852efce6d9bbd589c30d8309fc66a65c

SHA256
91e52fa13c3b746be0df760dc4dcbffac93490b3fada13ddd99c7ab170492723

SHA512
f7d173c01728e31e36fa004cf4d8f316d1be93406249ec6f8991bfc240f7199a671014fa710959e557148317734169263358d94f777238b692be5ef33a4034e8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 264852.crdownload

Filesize
10.9MB

MD5
9c0c71401ac924f3c7d941f0e8ff6560

SHA1
b33ecee6ea1fc1ee24bb30216aa71be76d0d7b8a

SHA256
86fd696027d18d99f0a720296702e055181cdc897ddf3f5a89fef4ee36a2f2f4

SHA512
ee2e7a113b536cf36900f85890a06b7ad1c2ab104fb700af0625ec58ba389e640a3bdfe86dcbf6b634cc515185963a38ba10ac257b44841dc79f8e592d31042c

Download Submit