hxxp://etextpad[.]com/71qst18h7f

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://etextpad.com/71qst18h7f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133533483911345726"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-910440534-423636034-2318342392-1000\{CDDDE6A5-7D55-42A2-B26F-B474D0C68721}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
3756	chrome.exe
3756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe
Token: SeShutdownPrivilege	2692	chrome.exe
Token: SeCreatePagefilePrivilege	2692	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe
2692	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2468	2692	chrome.exe	49
PID 2692 wrote to memory of 2468	2692	chrome.exe	49
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 4156	2692	chrome.exe	91
PID 2692 wrote to memory of 2480	2692	chrome.exe	90
PID 2692 wrote to memory of 2480	2692	chrome.exe	90
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92
PID 2692 wrote to memory of 2564	2692	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://etextpad.com/71qst18h7f
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcde739758,0x7ffcde739768,0x7ffcde739778
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:2
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2260 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4564 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5152 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4816 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3848 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5412 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5308 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5268 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3204 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4636 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6052 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5944 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4636 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6420 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6072 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6688 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6176 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:8
  2⤵
  PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7032 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5504 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7324 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7536 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4764 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6072 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7796 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7744 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7584 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7972 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7668 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8036 --field-trial-handle=1888,i,9208454855553379671,16164247299171125465,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3756

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4868

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b4 0x2ec
1⤵
PID:4464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
28KB

MD5
884d2e850f264630dd7f064fbccda285

SHA1
c9c0b0ff56f48ca36d17407e39781f7f2fc3a34b

SHA256
c76d8406c2ae838ddf7bf6c3f1cb2c9135c0e2bf0e69bf8b26b08f9ce2fab49d

SHA512
6cb883b9e8c62cca36c9258cd1d36fe708f7eb6297f2a24b7d0cff367354bb54b3ff3bb2437e78fd0097251567a087b602574d86bae7068bc15cd1c3103451f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
134KB

MD5
648e02cd6df24a06ef444334f207a84e

SHA1
bd35547db2683381e10f5866e56d38328cc23fb3

SHA256
2979d1d47925d7af0591b46e946f4a1276c0fc2d190d01f6010bea51c5af7fdd

SHA512
d66609e79b03636d0922741262fa41e5895cfb89cc7728efce9699c3f79f4a51e0a07624b54e2f7377db48c004a7bfbb5cb95557975cdd3b972c0923f1b14c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
54KB

MD5
5c9378ed9e195cd6b35e37ffb577e18f

SHA1
5d137828826e1dcd1ae6edb131b77ae1607f2df9

SHA256
94d9f8df415b0619d37f22686b5e6ebb344289c4f4953cd890dcbd840603af82

SHA512
7c581749a55a400d93083e0ccf968b3295766b3b6ffaa216510875e07505cec0fc792ba48dd788c6f89659a3ed852692d8ee9c8b3bc63d5bfba959e917036817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
28KB

MD5
56a2e179e1b1eedc4441c42366b96b36

SHA1
85ab84df21d78c9781b69d689940b0e4f2320330

SHA256
1feb26e74b9f0107264f8161462fc11a693376e2b0c79428bdd86565c2378f34

SHA512
8ab4d4b46d5dbc72624a1fff12be51e71cbae916f6e6de48f6a8307b185c268e78772fc3d6b2cfeedc5f5f8823a5f44be26cc6d38919f1dfcd6a0af5a8e12e71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
61KB

MD5
1971e737391eabf87667012e84069a5a

SHA1
8fd29644afc6da70873c25f9bf9d1c495c759843

SHA256
c9aab23276584648e971c3745fca3bed6d9e4c7e373bf3dc7ad316f2aef42fd3

SHA512
23062a1d410b69532d3bf97ec7d1fa3c27e974613326fe3a3d80f909d595bda78f2ba366bcd612e494ecee1af1493264d0044a26fae604466e5437a25da6280b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
32KB

MD5
42934682695fe7f27319777509d96cde

SHA1
8b754e2ac6e70554bea21cdd04cfb1a2e839ae16

SHA256
47212d4021ae3fa29e41eb54f8368b6d4fde0b30cbc889dff2daebfb127c937a

SHA512
8bf37d7442736ff9413bf7ded65b67b6f13fe4eea6417ebdde438a2de41f9ebbd9185701c4926514a83fe54da2fe4b834d8c87c26859f9348f69fe5579bfcd1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
19KB

MD5
9a31b3d6658d584e8d16bbb25cef3ae8

SHA1
6015d2dd9ced18d00934ece35776d97f06cf7f8d

SHA256
46e709f66a851b8819579122320debc189a7242fe2f7c307fefc98f6e9e97e8b

SHA512
ff59f8eaacf725fae5c55a7be92125c73d573b51baadde86a1da28166738351ca9481a0d78edb32f6376f38e4dd421e450a1c8926e6a7ca7f168eb58e6104aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
19KB

MD5
8188d451e0a669939fa9ed400c00d127

SHA1
56931db1602e3df6a62a516439426f3e645b9c6a

SHA256
2b2947e2150729e598ea625e4d54df6e7e8856cf4c8554f1649354c73c260398

SHA512
7b6aa487a8d5385ff6c5b4008717e42bce0cbecbcaee4b693dfbf884e6458701d7b9fd2e1c78ca63078d73f1baa52828715876ee45560be0ad91fbd8f98b50da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
23KB

MD5
c1b065814be37c0ef1c40538f796df3d

SHA1
5c62a6fd19eb0079789a3c45d88fd6376d643d2f

SHA256
001e59e20ab1d0c8cb2caaf348437ebf214b6e6961ea0059957271b1c6830571

SHA512
92ff4d42e0c1006ee4d0ce691128ca2878850deee046688e8469186c81248522847895f25044ea9ed63b4e2eca82b0714acb3712845181f6131e2cf51c7b7c42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
140KB

MD5
144e48b720234f3137918256e4f93591

SHA1
04085ca8e6fd5c817e732beffeae1593987f92a9

SHA256
08dc833aa50042cd231ca4fd8fd3bb20e84120d6360e7576ab9d8b374cd9cd74

SHA512
46456c41becfee49cd946d751d7c35889cacd2926c07a6df6975a0fff8958cfd76a4675aa3bc852f3d22c16fbdfb803f83bf1113764784e49e3ff4030a15a3df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\107d237e2bb8ef92_0

Filesize
303B

MD5
091d8a2ae51f8380fa3ffcdf8deb4da3

SHA1
62bf101b6bb116f1c10ac0ab0b8a0a65f40ac58c

SHA256
1040fe29a7a4ee5200e78d12c8bf1d3a60ef94a9f2d72b679ff6abb41ee9dbbb

SHA512
ab17356a3685f529ba15361333f85923c7d3ce27fcc6a37e3a3a9c59b062a0ead7a1faec8aef062352768ec29bc3b4012b4b143e24ee426e070e9604a1712be1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2bfde39962961371_0

Filesize
267B

MD5
072cc878d6c7f0e2ef654eba4751ddab

SHA1
c0c3383b686215a8d07d178c357b6451a8baee90

SHA256
623f605324e7a4fd9305709e8bd587ded691384ebe968065a65f8a36a6efc3b6

SHA512
5bdcb0edb231342a66e94d26e0d56ebdf0b93d5649d19facec4a65e15a0ceaf8d3dee4533b4304296c8cea36607258238f1e731cee785aaef4fe5da0b87ca474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
66aef26feed604879d8108f89de96c89

SHA1
ce8811b8fad42c8954fb9f077a4cf3fccada6b4f

SHA256
422539838d8ccd0c65959683abd71a7d7c03bbe516ade9474cb2626bcbdf5b96

SHA512
d36ec1525868186b2656a3ab7ada7b80cef7c35018f45230214fe97766faa77fb6da4a520dc143dafc24dbb8e720eb67374239d2bb18e2715dcef141332e5697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4c51f31b0a6e1007_0

Filesize
51KB

MD5
3418f59aac25ca7143b119c6673f903b

SHA1
7990b018feb5aec659bee64476cb3e86a7125b43

SHA256
a3c756c86b1ba79e09d7c1d8c70110519cbd04d66bef1b451f7350d1a0abaa8b

SHA512
a9a5adf13b30ced458f3ccf8fdd60c2549df5c6929aab7cc4b1ae4badb93701ec55fb4010fb46ae0a892f6165e5d5ecf677d5ccd6fefb63f7d4f9ae47ae304d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\85a73152f90b3617_0

Filesize
376KB

MD5
e9926328298ab68a556cccc609b6a027

SHA1
aabf833b80e3829e4427d268786afa48e6858d1f

SHA256
19247db1acf75a27e5f6a561d17b17e06fbb10802db8be01e967ec4c57bf003b

SHA512
117885ebb23f9a6871813bcabf8bdecaadacec4482513f36825daead22f61a86ae5e5da464a165ad6f9729917e91c840baebd92c35d6d30e905d1aeaddbe503b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ec723c0c1262b4e6_0

Filesize
47KB

MD5
eb954d5a2f3f07beda96df5a990515ef

SHA1
13bec2f2be348a042271e5d7694572f7b8dec56d

SHA256
0a1ed8cd04f9a318fb3b03986b9b6f184dfd50966384940fb67f677f2da5c1df

SHA512
bec9f3979098f5143f0485a0ca0b7bf6a777a69556a4457e37078476b6f1e38a4333f3a634dfe13a94bb6c515acee8a5b22bf6c9f41500ccdd28e0346e7cb9d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0b5e89d088569a5cc73cfa47e2ae66c9

SHA1
af0578d4ad521e9cb819d769a8d41175d8490ea3

SHA256
8ef96b770e5ee469173381ba6b82def56495f941d9a91e9914f02896abcc59e2

SHA512
3d6de98b54f76c0eb76ec4de1637a9e8677c23e5593561130ac8c54763d8f3f0bb0f58b5fc5ccf52de846c6dfee7e334fb5b4df7ce53ae515a8990c90fe0f518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e0a411de9f5ab2e5c110fbad5398d233

SHA1
49e5c369838f864e463116fe8568b253bd0b1250

SHA256
f90f9c1314cdcdc0682795627757129eaa36d67de50d08adc82774fb96eb5c26

SHA512
9cc87e4aeba45c8fa6eb515d82ece38b96c9dfb759a7e8a3aeedb38f34def3eeed0636dcde0986d8e8d3608ff5208239c1b417edab2e2c4e611db6f163492468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
1085eb94d5816ba42b6afc3dc47a7e8c

SHA1
e3c880d6cf8219e65470be89fdf85a1d6c2ed481

SHA256
fb8137bac53f7326a19fc671a066d01b80e5d8c99746ce310da1500e729efc2e

SHA512
af65729fccd5d79a9dd612885cec1bd6dd02b92538fb1718ac751aaa6fcebbb645b3aecf348324c7890924ee02f462f5d1d231461d1ace182efe4e1b5ec59b49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_c.adsco.re_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_c.adsco.re_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\4145464d-d6a0-4453-8c1f-9c5df3f4b05d.tmp

Filesize
2KB

MD5
109dc048eb05ef846a9de45fdffe9ded

SHA1
073fef1530f9e4d4762673849b52cc54e37ce419

SHA256
58ce143c2ced15dc030d17c032c4ffd56832d02b908fbd8d33df090cc06550e2

SHA512
58dc93a0f704602234b41aa598c2bd450ee0d547131e199f6a7d449b4cf4c868fc90a12d6c13f599162a4055d6e96436be039e6f10cf080d7860f82a1978d0db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\42be9ee6-906f-4564-8a9c-7c3a0757670a.tmp

Filesize
4KB

MD5
ae3b09b9521fb883679f1ec1df4e07ca

SHA1
d81e1ef85b52355b8c31f3245422494c015dbd9b

SHA256
9a78f8f220dc5cf7aa4ce41e5b25b5748a9268a6458b4812a21db0613650c43a

SHA512
2530b33107c3f1277c276011acdca6d895edaf7ff95f5a6105f41efe34f755dbd1b9fcadb643415dd3fec0fb2d2b7e2757f686d2e462bfaa031a2784ab1957b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
5b33b3e08bc995c3cf30589dca32b661

SHA1
43f84ed2344029c32b59a2051ee0734eb358028e

SHA256
2286b2054ffb313a52bee4e55f3eba310b8f352aa71f266ac9265b1d4f0c9d88

SHA512
dee4d16fe32c6020868c2ab6d4eec9df19ff02ac35edd2c2d7750b95e4e7f06ee62ef046311935ae9d1756a501e05e5258b1f3ef80e55d017646afcdacd06145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
3fa10621f48f91b0939b312684988f66

SHA1
0ab19b0f4a5d4c9669cfe2f2b44d1fd1b11040f2

SHA256
811331d51ed17f52d28a47d050f206375d26bf96020814d5b4a5f24b79b2b3d8

SHA512
cf1b080619a4ba0fdef79c74f0ae758fcb4ae13e1cdd7823c17db694e9345aaf914dcad0294c4c600386d3bfd007798de9fd39383ed12fa302159360f643be63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
24f13e3e2a3aff9a9d66a32abb4e9311

SHA1
4465270c4af8e58a003e76c4c2eeb8b21bd71d00

SHA256
2f184c815c154991620fcd26f04bc09f13319a7727413e4c55e2e06634e2a5a6

SHA512
4c40673ed5296a250985a2029eef2aff34ae82947c656dc4b09629e5a17001f1ae19b0e98fe6b0b09a46aae856d666b093feb251c777b2d9ef51174dd462cfd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
73ad2cd5c8e7bf831ce88ccaf49bb1d3

SHA1
8fa693140f006458f51358806ba1dd5fc585859c

SHA256
cab7be1ffc99a44f84cb8343fbf1d38d99fa56c17995bb4043003526e397dd72

SHA512
59c549f66a006a651078aea2fcc8237b2892aadd66fcf858de812c0d2983cf137a4793146f116031272c2e39cd999bd12bce1b91d44ede11ac8cf0d10aaf586a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
8de084d35bb5126cde884d9858ca9494

SHA1
bfe13a21fd7874792c247c04e9dd192cc34a1962

SHA256
d1e17bfdfcf1c461a300c691c2613b4647ffcbca5ee8c48aa4fc554625074baa

SHA512
39ebf9e678076bb6d3b51cf2602a0d87d89d4670064c84520f3db998063f5034260b9fcd1620173e6a13e31e32d4a5849e800a678977a920049b208b2cc707ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8a4117dca619fa1eb1b900b408d6fff1

SHA1
1fdec05f005e1860b8c087e0912fbd80930a5d68

SHA256
4f7a130e3713b5ee5dbf49fe537e26d08630d18415f688bef2904de71cc3a945

SHA512
45508d92dafa9e70069e396b009caffa79ca17bd431e589a1af0032615c38353643b350f03f48a44e773900cb2b087fb4b30e050475f0b87956a05b859fd2133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f6ea40420dbd93845b1c1c93967a8e8e

SHA1
a9b0ce4475b09cbdcc07c6923351f0a18952665e

SHA256
2f2561e8d2bd03893090be10dd6307485bbb0e6eba3a410b51ff469d41fac730

SHA512
ff8d03588575aeaab4a054f0270b087d4478bcdce1d0e6f2edabd4598c3d63fc9d9935206e1d41c98cfab998ee4bb1788d0a7f0d9e73b6c0e67688593a210550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b642ce492681f6d67539d634f4dfc378

SHA1
8c13b4d739474d4bb6a9ce23e6a5ed01711cf7ff

SHA256
1fdbb0b3b702c3669657e66cecc8bb92e07ff96878e7dbb84b897da741d55346

SHA512
32635800191c2d9bad99e4641a3e3b042719a6c8dadc990c795705019f6d0ffd27970e4f58727ac5472be30d7177595bad7eb25aceb0686a27e613e5dcfa9f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
40fcde7772bbc10ba6226863aa3d5dda

SHA1
8d65a259ef295d798bc2513148db0fe95bf89fb6

SHA256
13f3bccdab8bab8dbc68d58fbc8abe0707dfe835fe359d4665061f794c1c217f

SHA512
0226c80df03c5270b95a3be2c13cee9ad728217db0a46f11500599c117232de7a000585b2a50dc26767659e2a6be92f44303496eef286eeea8189ae5dece0fc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9aac3b296981945b77e1be568bc80acd

SHA1
ba2210bd492f7f61e37a982b288dee2939436335

SHA256
a14519765c8725499e3005cd6741c1e1b60101f7154cdc5d54789913d210f987

SHA512
6c2f2faedba41885a41979eb0cd1fcaae721f5a34c385426f820ae789f88209bd0936cf9bb60ac0bc35a29d590a29ac33c7a3cfb911f5c91435e63395ecca79e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d9d59b9074c5d51a884837b58bc5ae0b

SHA1
1fb27d920ac334e5a752410f7554dd001e235c07

SHA256
c40d84fcff58eb6001cbc7a1e21a6cf543f9867cbd3e2435f962c0ca66b59277

SHA512
6a4bd9b4d7aff78d1640dda2e95ca8434c61ba1c3f77163b36fac74f99b4e95347e4114d1016463045c111375945ac703ade3447a422fa8b855737d21c66a14b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ff71cf3d7fdf2c95b1c4e7cd97f86dc6

SHA1
d9db7d6bd67026b6b0ef460314a34c4bdb91f755

SHA256
d9c1d71b3106fbf2aab609f6d74bc44b5bff20e2dc4ec6ab5b0d6e4e8b736d35

SHA512
b007ea0fa70f02840c756e05b0188270f12f7ac5c33d159099f5554df261dac961fdeccf5fc006e8ad08daf1175bc4106938e05a1647fbd0cf2179fff10f6416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1a8f351c1f1ae33b89d1e2f420f8b7e1

SHA1
65967405ab1568d0af845147937735e591ddab8e

SHA256
84b774a6120d67d04e9781765a3d7c01da6f6b633eb59211bb5ddf4c93e63748

SHA512
1f033818269d89a25b9b841dd134420a158049d5993d1f1a39718c74684f61a7ded06df63e2d2c33aa88f9b0863553ea85cd3ab74acfa064e801a130c0c191f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
09f3f22a8cf86adc8295329bfa557c4c

SHA1
d2615b2c5ab3bed62270533a36eb4964d4771f9f

SHA256
02271185d11b4022d513e78e3b5a1864c96a35f040ad9c0b249df1e37522abd2

SHA512
860d3d96946a09879d46268c5b2f23d9aeecbb85d8a9ea409b5a2d53169df94a92ff69434bde1c102c13a4fdefe3078d92c5270cbd803a8dd58ed7fa169631d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590e6d.TMP

Filesize
48B

MD5
f45a5355995bd6db17e7489ced359fbc

SHA1
1f51aff23d0f2fe9ebfc781664722ed70e1107a3

SHA256
3739126c38fd855f2ada02d3891259429a1e7ccc0365338d58fcb532ded05933

SHA512
d82cf8bdcd7e401a9aafbac56484c39fb47d2a211a0af63d466b835791106c3d6a9b74ef2bbfe65b431e407aa2e61f36a9e4fba15a0adafa3cf930bae99e9463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
33c1f265efa2e1cb50cbd7bd862cff13

SHA1
90bffda1837895a13274ac68ee3c5c5c093fe12a

SHA256
6e9a398b6bd6910f567b77ab068ccd2f7a108a601a36673fd33fa5f5373d83fb

SHA512
b66ccf8bf974695c289a9d172f4c1e9efaa7703d486c58ecf3b8e953f977e543ee6eceef2cf212ff16474c45e12e96c123263f3cfc93856dac8502ca106e4616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
a529006154846a2a9003c0feec8632a0

SHA1
5dfb0ab6a8639fb54399a7677b3d54094d4f5075

SHA256
a82c68f1a2c877fc5baa49a99ec7ed32e8658eacc36344bb5a7f305eed4bf035

SHA512
0b14ba39f3479eb6ca3abf7c5060e35c025323037c6e1154576b04cdd63de81c53b811d34cddc133583d99981914c720ba8dd6b2b04bd442c79010a8892f2dd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
09782d9859fe4580a06a090c33e9c9b2

SHA1
40b57a76cd18358a4fd9106c7745d765aae59cbd

SHA256
5e3db3400d6edf1e02842269a418856b6e1ce57c0220fe19bcd4d4ae01daacc8

SHA512
ce6800eb51fff1261302e2c01a0c83eca622275cb67ae31e4a3a5a44ce95b83b5c5b4e11fcd2d2c9ebbd6d195f6d86bc1e1b989e3131655079ccb6023722a7b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
1159e12d4dbf03aa549c2e3ce6c27d58

SHA1
c2decf62c3cc17ece4e5bc9b4ca1eebb9909c24c

SHA256
b0caf0b22b70279a587d5c76b02ca67c35b02ee44f3a9b417ee97b4260b2b17a

SHA512
ef46a478b0a00767b2d09bb3b04ab619d857181a311459fbe71faa4b3c254c4d7b1349c6f8fb9e820bd5d46e20079ef6a08edfd9c10f483a47e6e066458b253e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
5ad99e19cc93bee3429e73cf493ed79a

SHA1
bce03548c2df610e8f2b37c71a5969f599e74350

SHA256
d98ffc905f8a7c3708002e962957ae8a791178d2196980f4c37b78b0cdbd8e3b

SHA512
aa2a7ced1e443f6135b64598b3cad32f2e1525899e0aeaf8a18d3f5c22292d693cecc0b28a6221c9948b49649de621fa0483148cb39b47a9774b0a8432e35653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
dc76c29d64411c94561dd75cb96da830

SHA1
dfbf78359838b09715cd85ba85b5e5c0039ec9ca

SHA256
5f94242d028ce0abac070abba74fcada5fe4f423777042d8f41b6c373e6297c9

SHA512
6e94396e7570a7da024da339c5adf63a75b0ede481c3800b271b3de74f5505306f088cb94a2fdc68fc2c7349776a3d5fa067caed9660a1781d2d4dba69b63dd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
6519fa803ca1820b1692bd1a801f71f8

SHA1
b190acaf418be7b55097e3da1d570bb441d4ce10

SHA256
5a4b55c7337dcac5d1bef9932d4eb8fd6fe2c943f40f40ecbd1832ac15c0cd05

SHA512
36933d90dd5b6b17697df96dfa3b96ab1a0c3865731433dc4e1d0de9e83e7eb4ff19632c30bfea36cb12503c909aae641dd8deb3a8e53af95dd544d8eedb7f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
a4dabda4153845339c0b192ff539604c

SHA1
c4d9a3e8799942bc1ddd38d7492f504296c9c973

SHA256
40b7b3c8d2b39e049407daa2ea0162598ea87f51152c254dc30e65ab51e67772

SHA512
94fe0ed78318b0055777f5cafe2b7bc8e2ad3c4ff3cf0006f4cea6e8b25fbf661ff88086b9f8e906caea5c417220825bdfcd3770d1d3785183b7c0e9f0d7138f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c66d.TMP

Filesize
100KB

MD5
1aafbf82510c1783c1aca5140d272122

SHA1
2bcd9766b8bae3167387949f9f9907f96e2253c8

SHA256
491e8f7b874283343dd5a9156ffffc25c8b6756f6ae53d62f2f1ca282e2efbcf

SHA512
62df6f5f29ed70c5f099d06f4652523aa1593c2d5c645e7349a88ad80ce2da96b2047676c407cec3fe69c88abdf640e67b2ab937e7757eb6a33a6c4931b5a7b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
6KB

MD5
9334b8a0a896ce68cafac8004307fcb7

SHA1
64b177cb31d4b6df9cd00f18f9faa8641290e4e8

SHA256
0a50b5d4f68c994f8e496734f1df655f049609f98d3f160da12aff1f5ae54253

SHA512
87ed02a47b05e959e912e0c1673ed9905d5bb3f9809914b5ab86b9d044c5054a6b518c3d69f800462f2bd4c0cb6e308c26e7c000229b375c8815073c4820b75d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
02d47f590d65841eb8db4f1630b5a3e0

SHA1
7ba181072efcd0be719f4fb702515466a4a99f76

SHA256
127b248f75089bf8a0b001871c8c804c9f8c16c09ae30621e15510c0329fe300

SHA512
80639cfde345f1bf9038149ed7dcca3127000928602666d92e38af03127b1e57f5c0713bd5da6b96f444fd2849f017f085a9a98eb903b3f249cfdd5180c49640

Download Submit