hxxp://888starz[.]bet

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 11:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://888starz.bet

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133549767198716746"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
5156	chrome.exe
5156	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	1052	chrome.exe
Token: SeCreatePagefilePrivilege	1052	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe
Token: SeShutdownPrivilege	5156	chrome.exe
Token: SeCreatePagefilePrivilege	5156	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
1052	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe
5156	chrome.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
1368	OpenWith.exe
1368	OpenWith.exe
1368	OpenWith.exe
1368	OpenWith.exe
1368	OpenWith.exe
1368	OpenWith.exe
1368	OpenWith.exe
3584	OpenWith.exe
3584	OpenWith.exe
3584	OpenWith.exe
3584	OpenWith.exe
3584	OpenWith.exe
3584	OpenWith.exe
3584	OpenWith.exe
3584	OpenWith.exe
3584	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1052	1368	OpenWith.exe	121
PID 1368 wrote to memory of 1052	1368	OpenWith.exe	121
PID 1052 wrote to memory of 2364	1052	chrome.exe	124
PID 1052 wrote to memory of 2364	1052	chrome.exe	124
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 3548	1052	chrome.exe	125
PID 1052 wrote to memory of 1492	1052	chrome.exe	126
PID 1052 wrote to memory of 1492	1052	chrome.exe	126
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127
PID 1052 wrote to memory of 2400	1052	chrome.exe	127

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://888starz.bet
1⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3996 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
1⤵
PID:3768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3464 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
1⤵
PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5824 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4780 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
1⤵
PID:4044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5660 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
1⤵
PID:2800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4120 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5652 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6196 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:2492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5212 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
1⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=5412 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
1⤵
PID:2716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument tel:+44%20(208)%20157-60-12
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1052
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffd6cb9758,0x7fffd6cb9768,0x7fffd6cb9778
    3⤵
    PID:2364
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1832,i,16107213009189231714,4506364419561069091,131072 /prefetch:2
    3⤵
    PID:3548
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1832,i,16107213009189231714,4506364419561069091,131072 /prefetch:8
    3⤵
    PID:1492
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1832,i,16107213009189231714,4506364419561069091,131072 /prefetch:8
    3⤵
    PID:2400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1832,i,16107213009189231714,4506364419561069091,131072 /prefetch:1
    3⤵
    PID:1368
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3344 --field-trial-handle=1832,i,16107213009189231714,4506364419561069091,131072 /prefetch:1
    3⤵
    PID:4348
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4692 --field-trial-handle=1832,i,16107213009189231714,4506364419561069091,131072 /prefetch:1
    3⤵
    PID:5500
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1832,i,16107213009189231714,4506364419561069091,131072 /prefetch:8
    3⤵
    PID:5728
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1832,i,16107213009189231714,4506364419561069091,131072 /prefetch:8
    3⤵
    PID:5816

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=6444 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1
1⤵
PID:4164

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument mailto:[email protected]
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5156
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd6cb9758,0x7fffd6cb9768,0x7fffd6cb9778
    3⤵
    PID:5152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1716,i,319485530936018614,8388545464284096532,131072 /prefetch:2
    3⤵
    PID:5484
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1716,i,319485530936018614,8388545464284096532,131072 /prefetch:8
    3⤵
    PID:5392
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1716,i,319485530936018614,8388545464284096532,131072 /prefetch:8
    3⤵
    PID:5836
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1716,i,319485530936018614,8388545464284096532,131072 /prefetch:1
    3⤵
    PID:3624
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1716,i,319485530936018614,8388545464284096532,131072 /prefetch:1
    3⤵
    PID:4812
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1716,i,319485530936018614,8388545464284096532,131072 /prefetch:1
    3⤵
    PID:2648
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1716,i,319485530936018614,8388545464284096532,131072 /prefetch:8
    3⤵
    PID:184
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1716,i,319485530936018614,8388545464284096532,131072 /prefetch:8
    3⤵
    PID:5520

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
85cfc13b6779a099d53221876df3b9e0

SHA1
08becf601c986c2e9f979f9143bbbcb7b48540ed

SHA256
bd34434d117b9572216229cb2ab703b5e98d588f5f6dfe072188bd3d6b3022f3

SHA512
b248162930702450893a112987e96ea70569ac35e14ef5eb6973238e426428272d1c930ce30552f19dd2d8d7754dc1f7f667ecd18f2c857b165b7873f4c03a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
60916ed7720773b7495b9534970506a9

SHA1
d7d41c82ebbac13f4d5fdd28b64fbd906b0204dd

SHA256
ee06f168947b5b99a7d272033088a2c0df5703b0e117d48998dc9528ae264a59

SHA512
8f73713b010e48f6a413e65925b8226ebf553c0311a15028983e5d0f5ad8e91a6159e56c6ce9827b5af6a06102b4665b3e067839e672d4fd6bd25690c6c48f4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
416b9e243750f431314f731a2d8dc72c

SHA1
3e2dc2e1ddea55c71e6507b23ca935aecc8223af

SHA256
e1aa5a3ad185bd8bf7bf148814a3fb10bdb6a9ed8be80e9e03b5820b0cda224b

SHA512
fcd4b938d2490d280795b8e57a92cb3f56d8f439b170e74fc60ac54a20e9b52caa940f0b7c84e8650c611909857814e3542f506bfa7327f6c7ee8c2c6759860b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
2.9MB

MD5
5240d5f0974bd9ee63f9651149aae66d

SHA1
4a2b4c468b9196732a13f05f3ffef04bc70e41fe

SHA256
318bbc2e6b7c002f7d6a1102b90916559ba16c0d050a258b25904b59e1d17704

SHA512
dd81705289c8f0dcfb589fabb8a7b19a9b8caa247bc617688ecd531f025f16789f8ef68f1428cc32c149123943dedb3cf137dc60b6dca33f13a514661cb269a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
64eb0922d1f8951ec59822b4734b162b

SHA1
21b9dc5c614e60bde45b7a12b691cd6901e96cad

SHA256
0a138675bce7b5a9504b313e85e5aae594712961e229067d4d010f7af00477b7

SHA512
e3b788c698d555602669defe0b3a9e2ea211992c5911cf805bb87d1f0151d99ce0a8e47c36728dda9b8c4400ff7492ab749e58c5b7565afdc4f3ca7f630602a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
330B

MD5
64df8f94353fadb72eb0aafe5d1e4d8a

SHA1
c79684582bc77d39c162736cf48d74c08b8e815f

SHA256
acbd4bbcc7c3f3b7962f1d84b4f02d8f940ce41bc09a25629db22c34e3c9c80e

SHA512
cd7b76a6d03a5f2ff9eb3a6b5ceec581ff8e1c9513e4ec49111447e145af1f7f088879a7399687e50d5ad4fabcbc1bc1b1037e872e16ed6ad7b96b4c02ada179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
60ea366acf43542435463c0dc5d644ab

SHA1
6b81805d7452d29190b5373671d13e66ed24112b

SHA256
b97a3de6d6a4752cef2b71a5eda05e8822c48ef15cfdf307243bb7a3793caac6

SHA512
652757c8efc2c79b4fb9be74f95269a7458f6b6342bce822b9427c405e0488528fa9b0f0afe2a4d687d064690272459a7866df4951ea00c037adc82deefb6547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
d637c5d2b783def8768c187d0cfe1789

SHA1
3ca6003ccacff7f7ab81654f6912e70a96ddc577

SHA256
93f2fc018683375178404eeea203b8832635c535641460fbebc4f2431a127b24

SHA512
4caf2b54bff1a4fc11d1eafb1cb5846b5e768e786dc99218e9c313b89b806f059aa1045571c121368dd115c86965961d15d712c0528dcc0216647c02faa21f60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
c6300cd5bf44d949e773a31bc6588921

SHA1
44bda4d07d4dd94c4ec1d38881417e2da0f31d25

SHA256
9b04c42a07306a346d7446a26d60eee47e76b42af4ddf8ab510fb2db787829aa

SHA512
21a5f6ce24fddf0c66bd22cdbf7a067076a67153a884f0c13d034b0fdcde756d9a879980fb4a40a2cdd91ff5ff610bb0a99d9c701d5cfa7114b9f10020dbee66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
b78aedf627be9f4bff7f737a349a69bf

SHA1
773e63413c6749f3ce7f0fae4130053d7fc16c85

SHA256
a79cf5b866824309ab64f7d65c2a2a8e819fee147c942cac9d4539a397954f31

SHA512
d96eda3c28b2d7f1bdc41bcbcd1c491b58fd7f0a8f74c295e826a71e8b9b6dfc0d577399d8b94c87cd86916545f83b9cf9c4414f558841f63916747de65fe7b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
0769e4994029f885447c89fbafa39eb1

SHA1
b81ebc53c9a6e2d07a25fd9a9da8ef5291cb5cda

SHA256
e6cfd498f8a8880c6b8e579860bed16004f943b7d7f32f42bbaa6278673c097e

SHA512
6ad825a52438b4574708bb4e5e9189eee5e8baf768a1e3ca33bc86f183b566d1e315f741f71732a3a06e221f37967c9efd6398b0c03482ebbf9305143fb829f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
37f22ee10aa711ffd7eeb693536ee224

SHA1
78e313df7195273303374bbb0b287887b2849a27

SHA256
69d575d43823a7b73042f2db2bdc910c85dad784260535e5125350d5a97e7e9a

SHA512
a96fbd8037442527d69673c5033fc3603614f35e5934846037fe309959ff5904951a74ba32c200426f4c0688111a6d399de288bac91c05285dbabdc893e8c6e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
801a6f4f68cf0113bee1bf2c5c19d925

SHA1
55fe35d6006a7125970d3c4772fce4c2b79ae84d

SHA256
bb80f63e8f0b0051e6f59b75542bce8bf4c6aa13aca8371ad847004a14621f2e

SHA512
0d1d2ea2c0215287d8a7203b1b28fbc15ce7acd2f6a21ecc87474fc509841b4c0fe1bcc7d96e8fead548b84aaf63f53faeb885168544718598389cfd424036a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
b0ceb6b1e2a94212ea68666849ed13ec

SHA1
722b95429758df14ec8f08f28dc64488771978cc

SHA256
ea5309d44d4fb3f58f438e42c06704bef53abea2f770dfce556c060c7aa2a12c

SHA512
cd6a9b2c008a0121e49ca57b96c4bf2f88dd2b0e41328b00c5aeb7252c813158bfd3593b3a4ae870c280938356b982485cd98473908d0a3b8ccbf9e615b9d3c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
213B

MD5
046cc08d163fc4578cd1b77a5d0965ac

SHA1
92f503e605c30974baf385f1619f1269b81dec57

SHA256
693a60684aa9ff4f01cb6027e9c938f4701c0c898afc224a0776cb1e18e87166

SHA512
e8b1df36a237bcbbad897146ca247edf75466b2a4030fec620c46932b5c31137f2931cd2758534e4308aed3fb9cc40edf2d7646a38530bcc5e6d7069c19a3b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
cf54e9ba0c09f9eed108b43d592ee153

SHA1
cbef53953ed909616e4cf3a247893281a19c24a4

SHA256
1d56c2f47900fa1cfe2ac549c7dd8adf1b0313dff2600c2fb069ce48825a6d92

SHA512
7968cb51e909e9a81584af479dd1cfc9c269c738af81e8e0ecab42659b300193447f114da876da840838d26696f52f0b4ec45fc41fbefc5468ec9d8f8becefee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13354976717506979

Filesize
4KB

MD5
bfd8067c94ae74ef04eb57dd21941e4f

SHA1
38d151534209eb350884f1f12c0a13c865b9fbc1

SHA256
f2f7f71dee477ef9fd7efb2639d9974be18d7a1f146b87456e70c721f91809ce

SHA512
429e85355a51255fbd86f8313fffbe74cb82dc5344a3662760ec1ad3f943acab395e70c5ee70a6261cda2bffdc4039dbedb7e8628bbecdefe3c5ea552b53a758

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
eea2559e90d92e2c2914856bc00f696f

SHA1
f96d441bcb19829252e16182c14f39026d7d6c0b

SHA256
68bec44c8f1cf98b5fb923581697559cc15f126fd3007fc64ed426f80d409aaf

SHA512
6d41d6371fff172df1a8824331cd5a06dcc2b53e8320d5884e52a3367e1ac20ccb51134b82a580be05c3103d84835eb4cf8bfcd0ee4d210cbafcb93eaf3ce996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
0e4d2f5667617b13a31c52f1a915d07d

SHA1
ae52cde8d96cb3e146b0cda7935ffa26e19fd054

SHA256
08cacf7ae6ec0183a3146d5e9575a434aae9ab46cc37dbd5b7217d1161ecc8ae

SHA512
02c8036c9221bed9e2de9bfc43d1f9e4481b65242986dc0d73e1bd7d6ec20b2876fe3128d85fce853d80ba33b3eb336c5c6e92a0b17a042ab45f4a1c6a8657b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
5f9a98468605f94bf77a4ae100c7c805

SHA1
6f0bc70b314aaf615c5e8dd01cf104960d41fcee

SHA256
cb94224f6abb768380fd7fe5a2ae518c4e5c601bc1a52f7ae53cdf9f26e38158

SHA512
441285bca812d5e8614f3d004d5b71f8e391eea85a3a811dfbe9fa56200bfab1879588b5d2599449247f1a97490fe48c675d6cca04951b1406b0d601d602c016

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
852B

MD5
781f553fad8d00d5c29026a3fdf57c0f

SHA1
84d67d12ac1a43520dd4a0892f9d283020b648f2

SHA256
300918ffa51594954ff92f4b50bc1ba7072a775f6a0c40fa0bf013c4285cc151

SHA512
db4298cdcc7630ea7e3e546cb24875845aa9d2e5044ee622921c27a9d237396f786d79bfe5ab2b047f003c81b03e0bacc0a9a5ee73c79fec9aa99457d55f52f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
5e98a43ddf842d07fcce082a6a3424de

SHA1
f7bda0bbb654401f8a90c94eaf714a06d7dfd606

SHA256
9972e4c4b9423abf467a8e18f4b88cef475e89eb0cd375a23704c46c90053983

SHA512
b33b6200bb257bb2dd626fce91526dfc6baba803a3253592bbfa2566847a3360142ab759b74e8c1457b6f41fb633b9a5d7a3b1251d85ad184652a85fa2f22b6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
860B

MD5
660d6a2cc96219b95a84d1d786217054

SHA1
e3d26e883dfa60ad2f128235389b9ff731281d98

SHA256
4cd697437a6bdfd0bfd84863b866b8caa59ad0d506acdb9d354860712fe29720

SHA512
54a155b4de7308bf58037f7726297979e2bdf163cb193ad3a750ee53875fe71717c77816094a64f1167ee66faeb1bc91240f72d25ddc1a63f9e63a1f44c9fdbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
d99ea41d80baf46064743569dccdcd66

SHA1
d04ef986d28cf0964ad2931749956d38b7e70aa2

SHA256
09b82a5918108bfab9b36a134ac7390da8fd8c29cdc62959b1f3f3feb8f6fde0

SHA512
171aa2af22fc258c0ae68f6533d9f4f2b28c98d07e399789336d8b44a2ea7a029ef52e3b963a9524aa65fed87e5d7b75b94607bacac3e1ede296a24864731644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
8787bb9e964431e34a351f58878acb7f

SHA1
ffde4987e35aa0f9980f4950104733c0648b9619

SHA256
7cc36ab15666b304afd8450729d6524555deb7f46b1c0d1a3d9b6a5aa64af9ea

SHA512
25e01e0065dbd2511033ca21a4f093473fe47d4a1186397dd746aa7d0744d45e1c81eef5fae357f941f3c636f329939f2e90869d2843088897345c29b4d6d71e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
e430107d2fd1ac60efa001ab25f59fd2

SHA1
2775921da442c101cae161f32627588c2125db64

SHA256
56c5ee5c869e3e43e992bbfb9496158d33d60e47d6a93e2faaa6abf83c40a9dc

SHA512
8cf35d6f3107c5711c3ff6af4cf20558065175f2ced67ea4dea11cced7583b2dbf1964ad607fc62709221b32ec2b85aeac255fa8dba15ce9f0b948b57fe4d242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
2.3MB

MD5
6e9da6d11b92146cd23ae3075ab90dd0

SHA1
a69a3f85ae620073c4af82884dbe4b3a09f7f339

SHA256
9609ae971a03b78973306540da628d422f0152f113ef79f8093d3b878cb93956

SHA512
ac87c783129d5783bc79e6ecfbfe60ec943c9703cc9c8158ee67890f3c6028327ad16642249104bf67bd4b54cade809b257753ab6c9df150b8c2298893999a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
134KB

MD5
db52479a1c92f8ceb42c029c348d79f8

SHA1
a2adbbc19183ea72391c2399506931651a64fbc2

SHA256
646d770ebb38e328dc5bc2e3849dff08838ade10b01aa4aa483a4fef69b3e5f9

SHA512
1eff72fee2f50b822f7010073f86550c1fc6600bc5db55bc6b5597404073fc4960a0a6a5ef2570b3a6c0052ae6dcc62e81519f1cbdd6ee177100aeb53982b5bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
c3589db4be35843f90b18557964fa58f

SHA1
dd13967ead5a19ab0a0d567eb92c3337ca5a6a8e

SHA256
47fd7bd9e49f58b91d517dbba83d62e9ea3a42fc9980de71df4734fb20601ba8

SHA512
95b8483955ff64d113a0775536955baa0c07363bab038200357c9aec0ef69ecd5dffe465dda0dac1a6c47ed434f9fa8fe076b66b03b14fa099168ab0485ca6a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
b1b44cb12b3c3a3b38289d7bc1c4c807

SHA1
c8226a800a0f7751a7a69b9cb4b0258f708cb15f

SHA256
0b3a10f5358f038c06515185d9a41a307f7f173a60037714742bb41e500c9e2f

SHA512
fbb4882c92154c226bdd414e435cfef65feb1c2284193c92f21348153a33bdf881be6f7c1ce93a9d89fe0ddd08d55aae855a9195a953481a4ce62302bc10cdf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
14daf876c0dab3e9550de3cf18a56c10

SHA1
7b66ae2e61fe90b19102cd7e16835f95afedb754

SHA256
a0a6736880f638acaca873b87cdee1c1fddb0f218be1463e9e6784cebac2b03d

SHA512
1edac15f7766598e834d9281ae1951394f9c2448b842ba08d75a499c9f290484c1b06d4dbf076b76e34e3e45049d2807ff5514913e7a57db73a55363dc2bc0fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit