hxxps://01streamm4u[.]com/en/1079485/winnie-the-pooh-blood-and-honey-2[.]html

Analysis

max time kernel
479s
max time network
485s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
27-03-2024 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://01streamm4u.com/en/1079485/winnie-the-pooh-blood-and-honey-2.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133560342514026955"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2600	chrome.exe
2600	chrome.exe
1944	chrome.exe
1944	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: 33	4684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4684	AUDIODG.EXE
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe
Token: SeShutdownPrivilege	2316	chrome.exe
Token: SeCreatePagefilePrivilege	2316	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2316	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 3408	2316	chrome.exe	80
PID 2316 wrote to memory of 3408	2316	chrome.exe	80
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4776	2316	chrome.exe	82
PID 2316 wrote to memory of 4084	2316	chrome.exe	83
PID 2316 wrote to memory of 4084	2316	chrome.exe	83
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84
PID 2316 wrote to memory of 4008	2316	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://01streamm4u.com/en/1079485/winnie-the-pooh-blood-and-honey-2.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d0919758,0x7ff9d0919768,0x7ff9d0919778
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1828,i,10212325452978449185,2773140252173277671,131072 /prefetch:2
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1828,i,10212325452978449185,2773140252173277671,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2160 --field-trial-handle=1828,i,10212325452978449185,2773140252173277671,131072 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1828,i,10212325452978449185,2773140252173277671,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1828,i,10212325452978449185,2773140252173277671,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3780 --field-trial-handle=1828,i,10212325452978449185,2773140252173277671,131072 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1828,i,10212325452978449185,2773140252173277671,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1828,i,10212325452978449185,2773140252173277671,131072 /prefetch:8
  2⤵
  PID:3292

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5108

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d0919758,0x7ff9d0919768,0x7ff9d0919778
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1960,i,10236833954919314444,9462247514799012277,131072 /prefetch:2
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1960,i,10236833954919314444,9462247514799012277,131072 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1960,i,10236833954919314444,9462247514799012277,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3160 --field-trial-handle=1960,i,10236833954919314444,9462247514799012277,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1960,i,10236833954919314444,9462247514799012277,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=1960,i,10236833954919314444,9462247514799012277,131072 /prefetch:1
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1960,i,10236833954919314444,9462247514799012277,131072 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 --field-trial-handle=1960,i,10236833954919314444,9462247514799012277,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1960,i,10236833954919314444,9462247514799012277,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2472 --field-trial-handle=1960,i,10236833954919314444,9462247514799012277,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d0919758,0x7ff9d0919768,0x7ff9d0919778
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1952,i,16976168391886124784,1587267537645694872,131072 /prefetch:2
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1952,i,16976168391886124784,1587267537645694872,131072 /prefetch:8
  2⤵
  PID:2748

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\013a47f2-902e-433d-ae6c-ed09782aab42.tmp

Filesize
261KB

MD5
e72c530be0761530b5021a742f716fbb

SHA1
4c77b1bf94b99ade431be8d8a78989f63fd34cd1

SHA256
709ddf6d19ca938de114c061a0c7ebde1c918e91540cf8dd807c9ee9bdfdc549

SHA512
755222c4a733a56d8a479b4ba333fb81d68e1be47cfdb3296fdad235bdf1fcf501eff919c41f2147e296980e57c83419d1f5bd0c3350a0a60b915f18fe3cf65f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b27a3955e2a7fa8e448d67cdf20c08d2

SHA1
26842f19c00e3ad818ebc2ecdb60f47a09fc4f1a

SHA256
8121e8c1d1048ad611d1f870ffa15991f00a63061cb4b879120f5b7712d4fcc2

SHA512
e68f4c7cd5951d5561e0c3ecae0f6a727af68778805982bd4540f04433f4abd857cd11b151c1b7cc44d532ce9cb8aef2bb6664a776d1c0f75f5e3eda2fd7ba3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
574cd46810097310ff477d08c10a7f00

SHA1
b25aff9ffc6839f1fa47adbfa94d53e03ce77858

SHA256
1685bdfda16a6087dd6d5b2220f4d3db36989a1a251e626fd3cb075956cabdda

SHA512
92e17c5d5a0a70ad117a7a022d5cff88fdcdac12375cf3e3dfb7f0f5ba4159ba9ba559792242887f7b67d2e84abbf5e3022af6db307eb46f5014f215059c0195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
9bbdf9c821a31aa34016b64b15e97717

SHA1
baf47816b12ed757c9fcffbf2284eb4e44cc7f71

SHA256
3c3cc4d91621052594d2412833770aff471b63818e1a6b077dec389e23e06384

SHA512
ed56c25c26216e32132eb0713b8668700f65ac9f9a3e6a46804c3c2e170abac2c960138ed0b71e2c00b1db840d6ab54ac5a98541052ec66372085aa3b3ed3869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
098150c3f2d98fcab8bcb558e3c4d91d

SHA1
90a4b475542168ed81e3d35c86dca6d2f73e6a0b

SHA256
579e69910acf19f9c8978c91c5e6d3e24aed346dc8ac9b6d88fe06115838e57d

SHA512
9a5257cd6f1ab57d1874044e289fa4531e64687ab9dbaf7b94612c5a615c88a90a37f180a0e1560ea35361985259f45895825a69fffe7d4af30428c8b48c36e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
4358c0814b9fc922702043150d2d012d

SHA1
e8d462795476a2c7eeaa94825f9c37c13dfebc92

SHA256
7aa7c8fdfb5d70750cb65c3139f5ff299375f6d89e1bdedfeba615a9f96dcde1

SHA512
4ca35397e7335b8854978eaec18e1d83734f9c2ea22d7b65eb56a3a0d3025fe6db49b4811b0e249c5eaab794db5c68ce22d68b22946ff2214c11cdd193c387e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
33KB

MD5
da797f41eddbe002235b67c85810269a

SHA1
05b58750b31dee9cf24225eaaf4bbd85d7c2cd79

SHA256
83fe560568c425f7cffe295bcb64859263f1d1a629143b2a0aeea410c6e7307a

SHA512
9a82991effdecab28e661fa6ae96105c0abd8def5a6d6cec81ee49ad51348057341e246e9d6848169a16972f72db28ecb8ff80394f18e3874d1212da674316c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
20KB

MD5
d8dd8ff8b5f57d70bff4352d2b19a860

SHA1
704b52f18789ecf5052eb004055aa1d9fc621f3c

SHA256
3bddfecd0b16223eb5b20c3bdc08af911b9b073625fcbfe885b81988855a6c00

SHA512
5b81921104165ad71656c1ef887e0d98e212338da3c81f0557a3d2582e8544e073ff77c81a26fa7a1edacf849003093f5d267c8204cd57f3d3a2d31e79ad0d5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
19KB

MD5
2bd5ff47201c524c33545c154446926d

SHA1
edc55cfadd8d17b5c83dd3cdc1e7bbd1ca16e643

SHA256
b72bf5dbd932b317bf034fb0a8d1bf0754d22319c5b16b055ccc71577f5cd3f8

SHA512
a0430c90beec81fa0d54f843c76ddde9dee5d04c7c1f24b7e4ec3cdd63c87698e0cd3bd07aef3d7a2cb1e5ec4d2873ab5c12bd7554891dce5b8c2d60206e47b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
28KB

MD5
b3e70edda77f8e82bf0cadac6f41e289

SHA1
2b693c0a7a8fa45477f3b986edf2245fea82e5db

SHA256
774367cc95ad70ef795ae79deae35bf72ff0394a7b33625106711ef840f4596e

SHA512
396e3540c8bc0168c24ccfd83df0445a7702fd50fa77c190b6337d953b294c1e1bdea6f39184f53fb90f70af201a684705f1c07efba71684863efe0085025bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
32KB

MD5
b2a264e3e87b58b54b76483238805a40

SHA1
169d6f17c82024fe0cfc2d19884a14dae2ec0bdb

SHA256
f68d37d474952b1fbe30def1b69e63e79c46a70263433285783b69ac0107b929

SHA512
f650407b6a633e0d40aeae99fb21e065c74c9920d74142a0c936c78c5939ff94a4bf62238f2794a6d590b250696d399cf280c4f19001370beac038a0712103d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
50KB

MD5
b904fcdf1c4c6059fadd6893a7bc7619

SHA1
f41d1674f02616f03ef77d4e84b3ad8ba28a36fc

SHA256
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

SHA512
1d86e3c2e83265db1e9b244b749dce0bf39944302ca01ff3123aa5f1cf2cf562774ba344b9d4b2c65da33126ab0a5d80e37d448a794dce7f9f797f9544938503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
120KB

MD5
02aaa16c00a152ed91809a73d502a089

SHA1
2ffec9f4698fecc8ef1add5bfa9827383018b0b4

SHA256
ecdc1947e3309729c22dad6e23fac5751a990a020573e9a9e7359d18b00736aa

SHA512
fcfaef16b27a0e6a690607a7e7eb48a49a12cf4e67e4b0cc360e8c1c64696806d36c22977388acbd9644b6aae7ec8f9b3c2ac09fd45f4c6fc15d6256e3ecf812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
17KB

MD5
448c34a56d699c29117adc64c43affeb

SHA1
ca35b697d99cae4d1b60f2d60fcd37771987eb07

SHA256
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

SHA512
3811804f56ec3c82f0bef35de0a9250e546a1e357fb59e2784f610d638fec355a27b480e3f796243c0e3d3743be3eadda8f9064c2b5b49577e16b7e40efcdb83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
75KB

MD5
af7ae505a9eed503f8b8e6982036873e

SHA1
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

SHA512
838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
69KB

MD5
698b56463ab1b2ca25c93153972c5f92

SHA1
91ec93f9e81920c1ec70aba56c4b5b5fa89ce170

SHA256
2d851aabd61499ad18ee1f7c60bb7085c7f364f7ca2caa880ed871db0c267e68

SHA512
25a1ca2c86231d54c9c1d105080a2fd7e5deb7896f3bc0ca61c3aa92ba861f83eac4893628a64057cbb39941a6143b6a8f8885f7bcc848360ed8bde77cd56809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
1024KB

MD5
181d418fac0fc0f911c361adea6fc6a8

SHA1
b833735d16bd9fbfc0eee70f14269bbea54493ee

SHA256
84e559a96572cf9b9f1c3ddd3bc0aa58880495848080ff85e11c37be5fa4e7c9

SHA512
23cc70d750e8c3a05cd8c5ff31a5e6d9bb9031baaaeb2587ea5576cbe07b958e194d4d6fc3b9e1644f3b7e61f8c27cdc9b70a1c76f485f7aeeffafbcf5cbbc99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
41KB

MD5
c599935405bee7dccaa4f825141c3f57

SHA1
5c9de67bb6a8c3c05a798e185400f4c0486ed7f3

SHA256
6425d74ecccfb1b03b2b09d2c3bbb919049c6200943a84e63c190923b6fe64e8

SHA512
80e9bc9ef018b61e99fc713c57e7f55983028086b49b605c67640203a95dc3cd8187fb640ea3166b7ad4296f9b81fb585e6c3463a84c1e2d47197e7bc4e5e135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
1024KB

MD5
125cf3c10d4efeb0138070ba945cabd5

SHA1
b22eff58d8cadf2e2d83a47df95bcd452333cc69

SHA256
a9378d29abbb04265095a3fb2ae8b99c7f86b1090e4f23aefc66f7c1c4810089

SHA512
efd4437c0668e9a4926be86c593db8b79c22399dd86122b0ebb758595275ccb62f08490eb17fbd5b1e2e0997c568bbc9a70b465c7379a3d67d3e129b7d1e63e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
1024KB

MD5
35af55052c1f49ce1850cae2c507f736

SHA1
67b2daf71a1c2c5557bc4282e652685d089483bb

SHA256
0dcd97903ee8cd09f3130e6106ec81702f1363827dc4eddc88799a71246ec891

SHA512
a53c8276e1e78e89da2c0f02cdea59be730b4c52e7adade476d38e8798aa74c9db4c7d661e18923f73bb2fca3280b0a2535651902d913d333295153a5fcc9fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
426KB

MD5
afe2235e8d6c811acaf1b722ad6f2d67

SHA1
17f3cad5ddd84645215c0dcdae47a9cec674f439

SHA256
058ab4876d6c5c6446831eeabd05d0704505f5ebb4391ee84f16e6dbf7dceaad

SHA512
9bcecefc5d3b6232bbc6964564138a514c960a32abb0afa07db5d7eef428217d83f0e3f805d96d44a42a6c70ce66c592b29596cea009d266a112b6d28c591fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
1024KB

MD5
78dac4e7baa5440022b2c2cc8dccdc3c

SHA1
c0bbae336469badf20f8cdba7b7f38465aeef7f5

SHA256
6ca0983cc6c5ea825c644b31ddd57a2bd5c0f775ad0627d91aba9fade740fe9f

SHA512
40f732ec2c1eb083366f98ffee6f5476dc537cd6a408297784c677dfb5234c1d1a1088d33cbb6b149bf6dd1b28e883fe300d20571e14804128df49fd4e562b43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
1024KB

MD5
22684b7a4e7f0cca9106e51a6bd9b9b6

SHA1
68caa572df7b5b4ad91ed548d5256b7373f2008b

SHA256
f5db692fde62bca65fa3864bf92c4bd25148bf4d97e79353bdd028f6b7663b35

SHA512
43f9799fb5e176726ffe5d7ed1c3ba25e3ee9bac5f14a5e56ea074563dbef7ca2673905df2af79be3d5f57e0d3779638997a941832f591a80b8dce2fcfb4dca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
1024KB

MD5
54636941ffb0d9f61f0303d3aedccf58

SHA1
cca0a2dd00a26ae60efcc16ad83ce920cd94e261

SHA256
9a617266ec5cfa59d044cd2f643d9740b7f471f8dca279697a6e1550b318b476

SHA512
74fd02b5facad8e93a43e1d4471df2cbe4c848c6a5fdf40e86f90f9c059127e815833435151116b16ca0b3cbcf0e782c6ebdae7c55ca76b61b60b174048a01f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
512KB

MD5
ceda59bb8cbd1307c8a02d16137230f9

SHA1
cd0fd6d71904bcd89a2d5322c9c183b759eafb59

SHA256
25fe615c84cadf86bb0cc6265e3790a54c208fc506ca1db169b28a86b7679a5e

SHA512
98b487d94124ced1e66a0c3d29914c1bc74a6dda5e64434e07f917cf3b780776a1d59a4368a5b5746697e4b591ffc30b12a6efb5a73ab2a9f395b657fd2dad8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
512KB

MD5
75cac5a7993a79e081fec18fa8fdfe3a

SHA1
d9ac41ddab70ec7ee4ce78227dc6b754c91d1333

SHA256
0776103b9872bc61377f08641f8852904c69aa68db4eeb5f59ecb09cc99abad4

SHA512
39633529040995b5927f081a0c352161f8eddd60e008d6ac09ee96d954d9814ba4d7ab914f294cdfd38c0c67c30b9a0b3e78b0e00517896eb4e4f18a205ce56c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
512KB

MD5
0693a9fa8b6eba3372f72d9d5278e4ef

SHA1
dccecf1eaf70aa380fc0a3ba3a644df19059ef9b

SHA256
35cbe9ab2d9fb85b54577b3fb77bd861792b6d533dac185db7e636b283097bc3

SHA512
aa651ae736d25141a2cd7606b6e3c2e4c7d32668a27115a7f270a0428fa2b6e2525fdebae20b8f24499b6a9472a2b4d52c33e3a586ceaa64743ae4ea902d47db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
512KB

MD5
fc46b35a7f912224cffd618cff3b0473

SHA1
fa50f595c1cba8757d961f5f803fb424b58cf3bf

SHA256
e9fe447088e8d5cf05c1dce6fed1c89c17368b82ebb43f8f8e4af7196ee13f34

SHA512
c9ec58b1d1e74880b064dfcc2015312327584a93459a05bd282f4923075d629f3bad5dd04815fcaed8487a99d68689fc8105f62295c881bf0c2ff6bc9eace0b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
32KB

MD5
1aa2300bf9b05ed9b25e798a82f0ba31

SHA1
92099b37414f96a9281229799d2b255c03f5ed65

SHA256
6956578c450bdadbc30f16374e22de85a3227cb8c0939c0d58ab1c40e9517295

SHA512
35453f68d75eba8a3de541f13b5726781d494556c81c827c6e0063bf8f12062a8426c450c9ac20f9b461f5548f96a793692bc16515f420741a2a871eab5dd0bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
2f8a00f509f7169a76264aec3ac55550

SHA1
75f9c6ee388a5eab921060e660d10b20d61ea126

SHA256
57fd578b99c8d4a3d1070950f04bce3f896ee9f28d85b6f97968270c4c20e9b8

SHA512
35000d513ba5863f7f1cf2633a43aff0a3ef9ed1e3272e9229d0de5a9715fc595bccd6aa5086302db8897653f5b65456467b0efee50479cd28d3c5eb5233c750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
24KB

MD5
86f5e1f0310058259592053d444a3f60

SHA1
b5aaab02b59c3194afe7c5581d5c59cfec04e63b

SHA256
a555d0d5a114f54836bca299b71089df4c311156c4b05da2dcb4ab6c16a39f14

SHA512
f67934856575a078323b939a0309811a3d2620c7a39c658bc665b1c56d8732714afb91e6b87971ce2408e6dcb50e6773fec5bfb503462422e31eda609a9810f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
1744dde05ee6519a7dfd881f5bc2e529

SHA1
07b842193d13258dfc03eba2aaed5f97265ad744

SHA256
1f863135de7d784af2f622ff745a927f23f69e2b2b33487983e6ff4ad44dc5c0

SHA512
3380649475db314dd174c364f5f174aeeb75b2af0ba5aaeeefbd2be51484f5bd0bb55e8d4d98387933547ca15afe600937c7a1ff51127abe4fc6099b642eec76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
79340b136e103166fb3076e32e5417f5

SHA1
d4a464da46eadc44b1ea4bcafd60a4a8ab2dfbed

SHA256
93439d037133664d7013734bdea98e9e0988ff8b9cb762e2e3ce11e1222a3ae6

SHA512
4443edeb44799b8a8d928ccc131b58570daa1aada9499b3c20b718f1348e44d43e60c81983840aee18b6b2e2ce26e705e3604fa0d0f74c28bf685a6ed26576ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal

Filesize
12KB

MD5
8be9db42ce0d9b4f58b0216716b807df

SHA1
9b85e41c7339ee9aa5b787b0f02b83aaad82d2b2

SHA256
a84aeda4c61acdbc534171985d49ad8689f2d6c928c99f67fe79a8486eacdd27

SHA512
a14e4a5a17ae93e1cfcf6f32e2da7a6db570d6ecd7536772cd4a9647c5f76eb4cab12af1ef4df268ed9cfef1832c9ab06353b3884e1e64cb64506cc85e85c624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2898cd547e71deb1b538ceedfa27e4b3

SHA1
1f9ff7b8a9d0a2ec5755124f92d16099a93a1e49

SHA256
50b20df127cd3675947a72266de87bba50adc1a215a3d4fc8eaa4bec8cc114f4

SHA512
3cc3fe26f17cdb70efbdea156ba85e4d8d8be83fffd283e6fcb96e1c40eb108ef2056f694f97868263dadbab50fe40b0cc2ad51d289180ec85432e3088f03090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0eb14f4dbae7f19701737c360c5ad83a

SHA1
37ab231c4af22d0160f41b5c5d5fdc08cc96d04e

SHA256
ec9bd378ebb066ffa2ddf97ffafbd41e812ef7d8e2de2b85392a2f501855da9e

SHA512
51075f1efb2d08ce75c4d8b0212340c5d30f7c564cb18e08e79e9f6878e1af3fdf9785fe60ba5add7b5026861c531f29a8c8adc6d8661f27cd9f3057268bd66a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c9f78660f28a92c6340c6acf87e8c34f

SHA1
7e6e829684edbca18e681d1963c8d82d6c9faad7

SHA256
1ec4960b4716721ea0828f3b49adf1eadab13ab5db34f2805191386920e4118c

SHA512
a7a97f7c12f7e565edab9828be6d3d7dd62ee9cafdd1257c6d92ee9c9276346cf47487851ce23b31eb941e5efd5acd32d9f5a3e18189d3e50137b1f3a67cc22e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f88494ac7ecd5fcf5e412f0ea10bec75

SHA1
f7de08e28bbdddd1a19be8ed71555cc1be2ba718

SHA256
2b6adaa09e6c250bdc1be2b06391da8865d9c7d12165d59ee139c9a791dcec64

SHA512
5a146227d377d2f6a2fccc3a8456e06ea04552e045e2e3f0b5e954c678dff0a19f7fca74d038a977fdb0ba43769620e2a97f9e948f76cd6d8a01e40adf1a3d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
b036cc94d536b986a1a2b032181b05d3

SHA1
946967aa27c41ce2201cdaba44be14901ad8f7db

SHA256
8975483d7cd6ef01e33fc09fb48322a95dcb60d686c5cf090b54732ce07e6093

SHA512
8a87ebfd1fa8b64739d84dd6b04dc215cc2843a9cce5017a89146d646824ebf8a033acdc44a9197b1d06352565863d58941f31f0a340a65523151b92a05e5dac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL-journal

Filesize
28KB

MD5
ceeea52a4880abb7aa154875f64dd77f

SHA1
9fbfc9154a71a7e2cfdb8db5c40942503e8ebbd9

SHA256
301e8264beae21d5460521a692801384f38899ea3b1242ee97b34c9b157ff4bd

SHA512
c90690249dbf0e496aaf31ca0a31663844e0870f01e7c06859a9166bc211878e85d9c16f5ebbc8189e3d1bb9c347d907d1910db240123d2a62683b67be3b0dab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
19158e7892d884bd8d96d14fcaa913fd

SHA1
5c95320a0c87b17f974e9db1171e42866b8d36e2

SHA256
086a0e8b0cc624cd0b50fa49efe386bd772b2f554a5174583cd4f8f8a04aed9d

SHA512
03d2d8f131eb64282bf14d6488d0303ef58ddbc316cd392271c0dbd0ca1a512252d16c126f97de6805ffb641a0d8d562808df986d8a9b0c8bf8e6a359312ca8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ccf7aaae39ecb644d3eeb4bde0630ac8

SHA1
bc107ad89b94dfeb5f2a85594fc003e599de3efb

SHA256
53d45599bfde52090bf1e21b7eb16b4f521ada1c21d6d63f6d7c694a876fdf7b

SHA512
dd9ef5b4beb022acbff07a7c7cd24faeecd7178fe71d44ef6e5d0d8a85718d3dcea3ec0c4dfd2caac749e059fcce5af535b183b39a4c05cf1767409f4cf89502

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
87179bbeacd0896e5d25709a4f22e63e

SHA1
9d110084fcbf3cdfb197b441af3ecbcecd465e39

SHA256
81bbb2b0086df296cbb4d779799175fee9c34f3374e526f9323dd06ef12b93c6

SHA512
9734b43d33951ce399c0420245c489d62865c1b65d5990cbe7d64d983d6a1c28accc83d308b97e3b2131175b848dca84c8b09ff14f1b752f48bb8631c06693c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
08e41038b754b464b9cca78719f03f85

SHA1
6fcc89a080f9851215e29aa93fb58ee19ae14ea5

SHA256
f2cde2d3e77c180f2a1cbe51dd552eecd64da0f3e30790c6ea080113813a88d4

SHA512
b0c77114459c2bd43bf741f5ce0c8cdb8ca6aa2de828e715f1a48d30742cd07c761c3d170b5de1e9b3cd43da94cafddc07480bdc873a0e908fe619dffb91bf64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d96b18ad55de807f7a03d19e22d2cfa6

SHA1
3e276f3aa7f42a775df7e5056a9eb5d9bfb6d876

SHA256
4c20659f849f7a974ec90579d6d1c48273cde43db10ffd722e70fcb37e21db38

SHA512
d6b2cede5d02e79315585b1723181619e484ea09ac01f6d0e12ea42b9bf0283409e41ef80a159fd776460e296a3b3f727c492e3be31e39a225a60af2f8ca7855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3e7c9edd44e96c1a08a71e174416d628

SHA1
5777caf537a7abf82422031bbcf48e5ba7ebd125

SHA256
580ebe7755674e116ea79377297a242bdb57f466d1ceabac7e852a988cd41984

SHA512
c1603f4db4f74526df045a58c2c0430d6d39b172e31c5aba9c665e0984f210a4e31e1729bd02ea442c498ecabad7e5d807c3d77c4a6c76acaedecf3f9e72693c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13356034269612223

Filesize
3KB

MD5
55bc46595a3405d46ffc7e85986d644d

SHA1
8afeac48679edf5aa87080315d629e6a08ecc411

SHA256
6da31170440962e4b931a1447146459eb725ea5a39ef7ecbebdc2a010d24f099

SHA512
17c8624e930475e03e3fe27cc817be9dc40bb473bc5fe06fa660368e7152b228807ab64298c12630cbbd95f78613bdd457e949ec629e3f25496f922127e4eb20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
2da9ab4f4855e461d0c95e1a1b6b2d8c

SHA1
3dc02b5a2da5ce259dcc1595ae73d306b26489a7

SHA256
b1b657ceab23958c92bbefcddb327e602a12f439174a1b28ba0ecbe6f691cee5

SHA512
02b08427800ee50a2e536d474058f30e25f06737d97e7374d2a39fe61141eb6d2083de98a53a5df5a978c2889b0e059ee583d12368a657545d59765625af5299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
a9b9a3b693f66b6d2cbb3f792ee87c4b

SHA1
17dd02f4899924ad34ead82eca988049b50df997

SHA256
1cff462df3d5bce45ef4cc154fb96a02dfde28b5e60153c5a5855b42947902d9

SHA512
d45ad5022095ceac1e8c569b2ec5763972cb31b67a767ac2dc6805606d3821747803ea1c28328ae198cd365325e551cb094d601b73b3193b73d0e5e35ebb0b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
f8100372f0ecf3936701ac88ce0de4ec

SHA1
88db5d4086587ac90dcfdd4002f6d8df29e7999a

SHA256
612a15cb7ef71a37b7a54e1137c2701a3f8f6fdec57e1420f4f844cfad9eb200

SHA512
afdd57fda9811f5003eae43333a0f7f92a57e5b23972b32f212e4beff81f7589222fba9416b6105c61d3bb4e9276f31c707dce9c802f8161ef4097f3bec1f3c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
91c1e7127013c860b2c6271b66a45965

SHA1
2fcf4cf246f33fabefcaf603503b40921a3c0434

SHA256
ce851adbe53cc588abbfab41be2a7abea29028c487b9ce430c61975ad9cb299b

SHA512
571e81dec77a181c9fa54c07777721be508bc80f7640ceae2167d53ac9a9bfa6e5fcbb453eaa6220ecb45fc1fa44d93d867e4e5022f85c6e2481bdec484a3728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
21b80007e07b6e4e5e541dbc51b56add

SHA1
b0a5b14aaec4eb9606cd3e471291ba8aeaa0b2d6

SHA256
43a1bf6f977b90e4aa6e33e2e34cf2e9133af30246a1e6775d214080a5a7ef90

SHA512
114a90c1613cb2cd673495850c668862ec246262ba7166108e30532475c3ddda769cb23bcc9f059fcaa4bdb30e0e2e8b4122ebaa897f484a06822e39f2eb6916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
5fcaa98f4992f949d1d3493c8161e564

SHA1
c9b74154427d62ccad28f86a897e0dd85c5d05e0

SHA256
a93be9b1389f0748826b158195c7107c28e2e4fbff82703e7cd543f1051dd4ee

SHA512
5b408f46b2d41087ac823f651908488d5ca04d44fbc1d88985a6a2360afabd6fb4e3640f46cd2958085f3dbeaf2bfc6d9a96a13a30078c3caa28ce6e5f464d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
541ebbabcb281db32a9a0449838fee2a

SHA1
ee1d7fc5915506f60af83fcdbb23de6e41e5df56

SHA256
a599a28140285c7ba0569eef11d99b20fd2d3fedcc40105f1bbd3255295cddfe

SHA512
e33a64ab13f88ab82e740d972e40424931e83753239e647d977ff1f374d88b94a652250bbe2b325dbae6e77b230a7ba35d03c956ccac30af1905733f81637186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
5161a195cb6b1f6df5579f0ca52c6e1c

SHA1
735e3c3f43f47dd5adfce3b9e7436d0256e9ae98

SHA256
a267927f822cb86e72bf66f8dcab0f6c00887f12ef9d88e6912beaebc3e822ac

SHA512
31866ab85a5f79fa07614e6bdbb3c0bfba3a7be09adb947db6d6179f074991ed061d3268d0dde18f3c0325da64fa0a08b46f9f87aa053528cfdd096de68148f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
215b546afb5c48e269c8555a45a2610f

SHA1
bb8a5095909ecf9690c399de75c975e4bf06e260

SHA256
a0677549fe0a791dacace136e12d2448ff1a049916e44a932d105882253177d1

SHA512
09dcaf97cafadbdae3fb98324f8ec15ca9fbb66dd2c34ed026599d7fa52eb1946447336e0e50af3943ea18341d9e8e94b27b70862ae026dade04b000812cda64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
4950e6cf8256c9ecb3b2172407434370

SHA1
6f0b2a0128e230182d9d5b08ad55d24e2677bdae

SHA256
a9bae3f53a6acc4703018f1ff97bbc5bc6792bddf11aaf229af266e99f636ea6

SHA512
2b4fe78a7928544ee6994552dd53c0944940b094c15a50933affa7363a2cd0617ccc7a0a82b43e04ef1e1c3cf7ab1e30f166d68f6882d5b5921c3475478da2ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit