Resubmissions

18-04-2024 19:34

240418-yaastaeb3x 10

18-04-2024 19:29

240418-x7b7gacg65 10

Analysis

  • max time kernel
    262s
  • max time network
    271s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    18-04-2024 19:34

Errors

Reason
Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-18T19:39:22Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win10-20240404-en/instance_17-dirty.qcow2\"}"

General

  • Target

    http://github.com

Malware Config

Signatures

  • BadRabbit

    Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

  • Mimikatz

    mimikatz is an open source tool to dump credentials on Windows.

  • mimikatz is an open source tool to dump credentials on Windows 1 IoCs
  • Disables Task Manager via registry modification
  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Drops file in Windows directory 9 IoCs
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Kills process with taskkill 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies data under HKEY_USERS 18 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "http://github.com"
    1⤵
      PID:3628
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2576
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:1120
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4808
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1260
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:1808
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4612
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x64,0xb0,0xd4,0x68,0xd8,0x7ffcd19e9758,0x7ffcd19e9768,0x7ffcd19e9778
        2⤵
          PID:5112
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:2
          2⤵
            PID:428
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:8
            2⤵
              PID:2620
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:8
              2⤵
                PID:4856
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:1
                2⤵
                  PID:4176
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:1
                  2⤵
                    PID:4092
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3524 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:1
                    2⤵
                      PID:4332
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:8
                      2⤵
                        PID:1928
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4428 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:8
                        2⤵
                          PID:4636
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:8
                          2⤵
                            PID:4620
                          • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
                            "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
                            2⤵
                              PID:4608
                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6d6037688,0x7ff6d6037698,0x7ff6d60376a8
                                3⤵
                                  PID:2076
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:8
                                2⤵
                                  PID:2020
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:8
                                  2⤵
                                    PID:2568
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5152 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:1
                                    2⤵
                                      PID:4848
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3128 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:1
                                      2⤵
                                        PID:3348
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:8
                                        2⤵
                                          PID:2244
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:8
                                          2⤵
                                            PID:3868
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3076 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:8
                                            2⤵
                                              PID:4760
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4368 --field-trial-handle=1876,i,14923578702345684163,11971292709887837600,131072 /prefetch:8
                                              2⤵
                                                PID:3200
                                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                              1⤵
                                                PID:3560
                                              • C:\Windows\System32\rundll32.exe
                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                1⤵
                                                  PID:4348
                                                • C:\Users\Admin\AppData\Local\Temp\Temp1_BadRabbit.zip\[email protected]
                                                  "C:\Users\Admin\AppData\Local\Temp\Temp1_BadRabbit.zip\[email protected]"
                                                  1⤵
                                                  • Drops file in Windows directory
                                                  PID:4972
                                                  • C:\Windows\SysWOW64\rundll32.exe
                                                    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
                                                    2⤵
                                                    • Drops file in Windows directory
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:3108
                                                    • C:\Windows\SysWOW64\cmd.exe
                                                      /c schtasks /Delete /F /TN rhaegal
                                                      3⤵
                                                        PID:2564
                                                        • C:\Windows\SysWOW64\schtasks.exe
                                                          schtasks /Delete /F /TN rhaegal
                                                          4⤵
                                                            PID:3068
                                                        • C:\Windows\SysWOW64\cmd.exe
                                                          /c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2012871081 && exit"
                                                          3⤵
                                                            PID:3988
                                                            • C:\Windows\SysWOW64\schtasks.exe
                                                              schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2012871081 && exit"
                                                              4⤵
                                                              • Creates scheduled task(s)
                                                              PID:3696
                                                          • C:\Windows\SysWOW64\cmd.exe
                                                            /c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 19:54:00
                                                            3⤵
                                                              PID:1784
                                                              • C:\Windows\SysWOW64\schtasks.exe
                                                                schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 19:54:00
                                                                4⤵
                                                                • Creates scheduled task(s)
                                                                PID:2132
                                                            • C:\Windows\EF0E.tmp
                                                              "C:\Windows\EF0E.tmp" \\.\pipe\{D6F142A8-C906-4A6D-A42F-5D45BBED563C}
                                                              3⤵
                                                              • Executes dropped EXE
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:2080
                                                            • C:\Windows\SysWOW64\cmd.exe
                                                              /c wevtutil cl Setup & wevtutil cl System & wevtutil cl Security & wevtutil cl Application & fsutil usn deletejournal /D C:
                                                              3⤵
                                                                PID:4672
                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                /c schtasks /Delete /F /TN drogon
                                                                3⤵
                                                                  PID:1088
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                              1⤵
                                                              • Enumerates system info in registry
                                                              • Modifies data under HKEY_USERS
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                              • Suspicious use of FindShellTrayWindow
                                                              • Suspicious use of SendNotifyMessage
                                                              PID:3460
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcd19e9758,0x7ffcd19e9768,0x7ffcd19e9778
                                                                2⤵
                                                                  PID:4132
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:2
                                                                  2⤵
                                                                    PID:816
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:2760
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:8
                                                                      2⤵
                                                                        PID:3788
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3112 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:3376
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:1
                                                                          2⤵
                                                                            PID:1208
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4480 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:1
                                                                            2⤵
                                                                              PID:308
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:2704
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:8
                                                                                2⤵
                                                                                  PID:5000
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4920 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:8
                                                                                  2⤵
                                                                                    PID:864
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:8
                                                                                    2⤵
                                                                                      PID:1388
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:8
                                                                                      2⤵
                                                                                        PID:3332
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5312 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:1
                                                                                        2⤵
                                                                                          PID:732
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5160 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:1
                                                                                          2⤵
                                                                                            PID:3608
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5360 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:1
                                                                                            2⤵
                                                                                              PID:4304
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:8
                                                                                              2⤵
                                                                                                PID:2592
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:8
                                                                                                2⤵
                                                                                                  PID:1924
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3812 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:4164
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 --field-trial-handle=1804,i,3832190912939802212,7181456120678891604,131072 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:1344
                                                                                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                    1⤵
                                                                                                      PID:4964
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected]
                                                                                                      "C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\[email protected]"
                                                                                                      1⤵
                                                                                                      • Enumerates connected drives
                                                                                                      • Sets desktop wallpaper using registry
                                                                                                      • Modifies registry class
                                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                                      PID:352
                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
                                                                                                        2⤵
                                                                                                          PID:4300
                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                            taskkill /f /im explorer.exe
                                                                                                            3⤵
                                                                                                            • Kills process with taskkill
                                                                                                            PID:1636
                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                            taskkill /f /im taskmgr.exe
                                                                                                            3⤵
                                                                                                            • Kills process with taskkill
                                                                                                            PID:4380
                                                                                                          • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                            wmic useraccount where name='Admin' set FullName='UR NEXT'
                                                                                                            3⤵
                                                                                                              PID:4048
                                                                                                            • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                                              wmic useraccount where name='Admin' rename 'UR NEXT'
                                                                                                              3⤵
                                                                                                                PID:4176
                                                                                                              • C:\Windows\SysWOW64\shutdown.exe
                                                                                                                shutdown /f /r /t 0
                                                                                                                3⤵
                                                                                                                  PID:3368
                                                                                                            • C:\Windows\system32\LogonUI.exe
                                                                                                              "LogonUI.exe" /flags:0x0 /state0:0xa3a80855 /state1:0x41c64e6d
                                                                                                              1⤵
                                                                                                              • Modifies data under HKEY_USERS
                                                                                                              • Suspicious use of SetWindowsHookEx
                                                                                                              PID:1540

                                                                                                            Network

                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                            Replay Monitor

                                                                                                            Loading Replay Monitor...

                                                                                                            Downloads

                                                                                                            • C:\Program Files\Google\Chrome\Application\SetupMetrics\20240418193507.pma

                                                                                                              Filesize

                                                                                                              488B

                                                                                                              MD5

                                                                                                              6d971ce11af4a6a93a4311841da1a178

                                                                                                              SHA1

                                                                                                              cbfdbc9b184f340cbad764abc4d8a31b9c250176

                                                                                                              SHA256

                                                                                                              338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

                                                                                                              SHA512

                                                                                                              c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

                                                                                                              Filesize

                                                                                                              1024KB

                                                                                                              MD5

                                                                                                              d9a49a7d6d5ca840cf0f0e937007e278

                                                                                                              SHA1

                                                                                                              90197e483cc1bf8970cb6012997b1968f43d8e78

                                                                                                              SHA256

                                                                                                              183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876

                                                                                                              SHA512

                                                                                                              142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                              Filesize

                                                                                                              40B

                                                                                                              MD5

                                                                                                              6c2e71ec8addb596305a9e6321a45a0c

                                                                                                              SHA1

                                                                                                              69442cfa9f5641e1af42303721855f6b0c27f04e

                                                                                                              SHA256

                                                                                                              2e6f53d003b241331159d787b8e48eb9b635392db000ec32150242cf1bf139b7

                                                                                                              SHA512

                                                                                                              234cb028189b33abcf8b6bf62014561f8d9102c164abc719147ad2962994556ad6a089c6e77789a78d39e6412c35c054e1040e7d3d371dcbb4b6a9b7cf93dd02

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                              Filesize

                                                                                                              2KB

                                                                                                              MD5

                                                                                                              0256e72055f904c870946567ad6f6949

                                                                                                              SHA1

                                                                                                              435dcb79f509a8dfde18347aeffa1500e9befc51

                                                                                                              SHA256

                                                                                                              0815f461e204d14697f021a1793e6a7c3241cc24a34d4906b30d1a9196fea4ca

                                                                                                              SHA512

                                                                                                              b155b3bc4750967fdf5822a093762724f44959dd853331081950b8ce60f7edd1cbdf6c43df4a99a10c4474ccd67e667c6e1e3fbfeb1fa0e2ebb9a5b1f8b07e54

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                              Filesize

                                                                                                              2KB

                                                                                                              MD5

                                                                                                              9d3b50eb484066e42c3af83acef90f8a

                                                                                                              SHA1

                                                                                                              50ac641c8254ca774eeee4ed01452acce2841d59

                                                                                                              SHA256

                                                                                                              491ec1f42eee2cfd1e9836807bf6de3d8016536bacafe782131b8d124af94f1a

                                                                                                              SHA512

                                                                                                              7f942ef5d71ef6bde142423137e3d07f1906e5d3c34ea634d70ca9d96b068e1e2a28f7ac579b9eb0fb665becd8850d038a1c70774c993160d4ecee897b386905

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                              Filesize

                                                                                                              2KB

                                                                                                              MD5

                                                                                                              69ca829b1beab0e81bf3681dd4b24769

                                                                                                              SHA1

                                                                                                              37a79d9088a4fa516c92231238896bed4487f49e

                                                                                                              SHA256

                                                                                                              0f4ea4dac682b9e7af7df0d44b4dcf226076519af35a6fa9ed318b834bd46a44

                                                                                                              SHA512

                                                                                                              98733ac41acd1f1ce4180f5eb062fa6a8c638cd4de0e5507bc8b2ce1fa8804b54a88b3e57649a6f6c18a3832416dde95d7ffdb93150b931d86e1126e94ebe6e7

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

                                                                                                              Filesize

                                                                                                              24KB

                                                                                                              MD5

                                                                                                              90f3e55427d491c2d0599be66a71ae9f

                                                                                                              SHA1

                                                                                                              421cc081984bd908f879aa8dfb11f03d7bbaa678

                                                                                                              SHA256

                                                                                                              55d97d0c8090541676954cb48f9868c0b1ed6d5c16c05fa55e6384fc3b4ce84f

                                                                                                              SHA512

                                                                                                              8610bb664cccc053662f3c8afd5bdaf1cd1448a644ae5977b1a74645fc7132ad12c00a637b0c8f30f4ca32e8c9a7fbb3e25e25caa9275eb845fa50fde3a8f3ad

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                                                                              Filesize

                                                                                                              264KB

                                                                                                              MD5

                                                                                                              166ddfafdd43461bb233d8397123e093

                                                                                                              SHA1

                                                                                                              f2183c0c8bf2293f8e6ca853b3dfba8d76c5743d

                                                                                                              SHA256

                                                                                                              4bfd94d6985f2bbdba82efbbb40f467ab99f62ddce586c76496761b64b92e8b9

                                                                                                              SHA512

                                                                                                              abc259daa426857d89d1aa655a2fe9c978105411be4c7809d1dc62ec4f300987f44d47de49d0d0dc885d9dc6746539d91c16c4a14863cd47f942802fb03f4d10

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

                                                                                                              Filesize

                                                                                                              148KB

                                                                                                              MD5

                                                                                                              468fe47d85e1f960d66c1017e1c712a4

                                                                                                              SHA1

                                                                                                              3d1c28db112fc10afba024b10daf309101043259

                                                                                                              SHA256

                                                                                                              0f9493b7f0073002b7985c237f44263f6a8ca3df568c60093235744a1c71f461

                                                                                                              SHA512

                                                                                                              989575b3562ebb3b6169f35e22395e5a4f5ee5766e99d47ed63325376395959b80070a18e7fa877cbb457ea9bfb683b443940ba532269cf5c4925e331df0ff79

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\62911ee4-0deb-491c-a8a9-37de66c009e1.tmp

                                                                                                              Filesize

                                                                                                              1KB

                                                                                                              MD5

                                                                                                              b7c4d7f33b7faafe44d16dc5472bdc1c

                                                                                                              SHA1

                                                                                                              631ea16286a8ce60ac3a5e720f0cfb576b3c006e

                                                                                                              SHA256

                                                                                                              aa57278ea41ae117de3b7af99cc796584864e3da80e6c4f976250fbf9bb44253

                                                                                                              SHA512

                                                                                                              cf4492080fb37e3e285d05ee31c06d2e17fadca1ce2ba4daa25e4134b1d07e72f3d185f529ce531dfb0a92b6b71df3a3e63aa479eb5643af3127f5d24d7e74e1

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                              Filesize

                                                                                                              2KB

                                                                                                              MD5

                                                                                                              5f659834d3b821d297a0cbcfd44e084c

                                                                                                              SHA1

                                                                                                              8201f84e59a77d911e91078d74815e1b4af7290b

                                                                                                              SHA256

                                                                                                              1d26b874994bb48e30f9bf9ae0868636c6260544436ddaeedd6c8c4d4c27e286

                                                                                                              SHA512

                                                                                                              424658ba78248bafa908ef2ca2d6ca8592f6df34d5fe5b46f0fdc7aacff1d64f28dba3640e7ae965faa9153bf098f272490c0c13b677aba1f787199e5652626a

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              1KB

                                                                                                              MD5

                                                                                                              bec3cacfc442868a7ae9dd734dd1f19b

                                                                                                              SHA1

                                                                                                              68d8b710547e282555523e081c28ec13dd5962c8

                                                                                                              SHA256

                                                                                                              c81f016d9f1009899179fbe68d01752bda5b7dc6ccec17aaa9678eaa48b5ce8a

                                                                                                              SHA512

                                                                                                              8ac42bf793748d9a6e741fe69767d90443a828b811edc2730a9e439d0a5d7bd32a4b2c25f230de6a8244b798182457823b312bfa933f0dff736144eac6972eff

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              874B

                                                                                                              MD5

                                                                                                              4b5ef5e37c6e1abd91142e85f022fd6b

                                                                                                              SHA1

                                                                                                              57b6dd0f3ce90c54643c469228da6f772ba231b8

                                                                                                              SHA256

                                                                                                              6305946b68655f491138d235c4aa8ce2f1b78fff0e1d8b5b9123189b8c11aa7c

                                                                                                              SHA512

                                                                                                              4c1a073af12ce192a2598c5e4ed75b9175c9e9334a7b914693bdb58f0d09f0323af30c0b251b63aedfff96cd7505923cd5ee6e7a0abc12956e5e1a5095c3d32b

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              1KB

                                                                                                              MD5

                                                                                                              a0f3203742e13a2a5765e2d286f18de5

                                                                                                              SHA1

                                                                                                              3016661be7dabcd31d4e3f1a169c79f5205aa730

                                                                                                              SHA256

                                                                                                              1bfb6323a4ab09605d387af6a85e634115a089f999bc93b0cfeab4f750ab14c1

                                                                                                              SHA512

                                                                                                              085650e6ac49afc14c0be8d027004de5e6543fdbc5d7d70de920e3847b10b7c2b18b5e6960cf27bc824b47ee3299be7eca67c0235d1424b49468f6c016c7cbb4

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              1KB

                                                                                                              MD5

                                                                                                              4f56f24837feb529b5962796fce61d9a

                                                                                                              SHA1

                                                                                                              1cc3a19c04887b14722be7bf7769105d37b3619a

                                                                                                              SHA256

                                                                                                              84263a148d27e01fae77104730935afdf19170a304e1b9e50ed1b7b263062111

                                                                                                              SHA512

                                                                                                              c81b4519433a6d9c5a555d566c7c906823688a06c2c4d51213e85319f3d1cdb4eafe05ee3d53d46d407183ba0b9f56ba3c4b2335dcb10fe5cc65d217666db275

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              1KB

                                                                                                              MD5

                                                                                                              f8d48f74dc63839145e1c083cf3c31a1

                                                                                                              SHA1

                                                                                                              5dc30e61b49efad44c0d78e2fae8a6f3369d2080

                                                                                                              SHA256

                                                                                                              939eb68bc1af39242255e1e99afe49fa8730eb0ce4908e8921423ca3b83b0200

                                                                                                              SHA512

                                                                                                              0338bc03949a597150d826e6bbda3fb0061614ce3567b7eb5de97051fe286a4a6b1d8bce6a7a0c5c6db9dee71981ee53961e56684516df3ed6fd38e3ce97a98d

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              1KB

                                                                                                              MD5

                                                                                                              7600976a27acae111bce1852769f1a9f

                                                                                                              SHA1

                                                                                                              9dd74c23dd4a2040880ca72293923683ae7209e3

                                                                                                              SHA256

                                                                                                              fb20494d01497517912ec5f3504b84ee65a40d63f2db865579232f5d7e1ddad4

                                                                                                              SHA512

                                                                                                              f27171ccefc4ca1aa52ae3cdd9decfd5ff1da59abee923a8167a1bfcbb228febc7a5bb1290230c55df01cdca0a41fa342ef2a916c6e67710ffdaf19020820a02

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              1KB

                                                                                                              MD5

                                                                                                              c286914db7c98a5e09d7ddc48605914f

                                                                                                              SHA1

                                                                                                              0d6967edae13477c06212f278b903775d4fb9772

                                                                                                              SHA256

                                                                                                              164e48f61ec04adc991b61fc3d36f3a9d5b637ade8288374549458ba49462a40

                                                                                                              SHA512

                                                                                                              a024f03d53948f4247e238cee2354051bdd213987c0e13190b57cdd0a88f595e1b6f5e23ecb054f7d69fa6af9ced8c38d79b97790153c5d318913c3cb7abd799

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              6KB

                                                                                                              MD5

                                                                                                              f9646667ef3279c51dcd29dd786230c9

                                                                                                              SHA1

                                                                                                              3b5b63f54475bf097d7399b54ff69b21f4a1cbf8

                                                                                                              SHA256

                                                                                                              f810cae745adca44aec87fc2271eca6c27038a86dcd193cab5b1d2c5391cf5d9

                                                                                                              SHA512

                                                                                                              66a202e9f13f3da17f779ad2797ed7dda37cc98e59aa6e4cc8815d783d3e251d272247d9a6c8173ae6a7bbacb5a45acd7121bbd2334ba59ac44e501b884b4e0d

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              6KB

                                                                                                              MD5

                                                                                                              d53de14bcf79b8069097c7e0d5610fa5

                                                                                                              SHA1

                                                                                                              88384a3000538cb5487d47aa6a5747ffefe6ac1a

                                                                                                              SHA256

                                                                                                              89e5c466d509f74adc3a7840d8abd8e8142215ec9b522e4cc2be179b612789a6

                                                                                                              SHA512

                                                                                                              120eefdefc9ef1160a748241d711f9503418a6f425628c16e64456ed8077b8bfab2062ded5402ae5304a802563e3b120439499c8f79fb889ff114bbd38dbe14e

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              7KB

                                                                                                              MD5

                                                                                                              2f94d149c789c82691b0ff57b5a0e979

                                                                                                              SHA1

                                                                                                              87815da2c49df11c1f64bcfd315b2c9b792d7c21

                                                                                                              SHA256

                                                                                                              e8b022a892fba3469d4333427c55943881b443302d543d816194c66393801169

                                                                                                              SHA512

                                                                                                              47ed2b1d2a9ad47c99d0407a213958dc30f93de6ccd34b93d1bef314ba84a62e35fde6daa1286e938de0ce41a35654249ad70972c85e4c91267afd0ea1f5c8c1

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              7KB

                                                                                                              MD5

                                                                                                              7ed758c5066c55ed41ef7a076fec1173

                                                                                                              SHA1

                                                                                                              0e9c575c2c5b3ea31d037025c1d2ecac30bc0452

                                                                                                              SHA256

                                                                                                              e3dfb0f7b6c3a773a6e0d23328e023d69ad28ead5aed9a835bf380901a5a9657

                                                                                                              SHA512

                                                                                                              05d277cdb91d9b90def3e5fa9b7b4528ba1a1f86f7cf3812195ec508ef90835c537e8c9f880933d8a33e4c8fbb42650e4a74e2c5d2ea22df23ce00c825d56f53

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              6KB

                                                                                                              MD5

                                                                                                              7aebe3cce52dd346a9306d85aea12379

                                                                                                              SHA1

                                                                                                              838c693165bdc6ed842c1bda8c4f9b813493aff7

                                                                                                              SHA256

                                                                                                              46cbc3dbaaf6759e579c06b2d3ed47b4c6c47b14afcadc80e92079d1ce06627f

                                                                                                              SHA512

                                                                                                              3fcc5aa4ebbe6179c7002018dd5f8b0bd6bb51d437c21560c4575c375947c1dd07d6df3cbe9df704f8565362b662a71e2cb3572073781cbe4bde5e8fb813e883

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              6KB

                                                                                                              MD5

                                                                                                              2596c9ec43a690e19ef3df295b6fc1ff

                                                                                                              SHA1

                                                                                                              ba10b9f3423f7b17c71d5b1d2837db9265c4f041

                                                                                                              SHA256

                                                                                                              da479a166360c227a022ab45d9557aa0e80c96fdd8fcf0dd9ef4a28f8faeffdb

                                                                                                              SHA512

                                                                                                              84c0ca41bdceaf7a811550c2936ac7c7c5ffb547b46df2c36d896fdaa6b818d4fde0dc0825abade0f73ecd71b1c17ffbc785dbf4cf1e0f3b5a0c08a939955cbd

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              6KB

                                                                                                              MD5

                                                                                                              af167d940bf7b99b20faf18c2171bca8

                                                                                                              SHA1

                                                                                                              5666f5bcdbb6f8f093c9022ef5635592964fb263

                                                                                                              SHA256

                                                                                                              377207e5cc85a058d53f2e4d943f8c7125049c122fcb0327d8af8da5638febe9

                                                                                                              SHA512

                                                                                                              fe39e848ea3ad6d00edec8caade576263fef26da527a2388b49a10114bd575b92fea59c7dd7bfe56c2a481bd47daf9adb83c44c80b4abc63f5758df765e99bcc

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                              Filesize

                                                                                                              12KB

                                                                                                              MD5

                                                                                                              cd1e49c0ad99107bf46e814384ce779a

                                                                                                              SHA1

                                                                                                              56ffb0772595697b293c9f77413431b935604341

                                                                                                              SHA256

                                                                                                              31f2b1b8a0083667026a51171cf2975902c282fdd6b2184be8ffe6705cf7dfbe

                                                                                                              SHA512

                                                                                                              f6957de00e779ff905c885e1f846f58cc7f2411c79a6b7b355f1663815e6f05ca833a3bf6552e04cb8d0ea86fe7c04d89da9fb7f1cd3d4dbea6edbc5eaa1f20d

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

                                                                                                              Filesize

                                                                                                              320B

                                                                                                              MD5

                                                                                                              2bc0b92f5e577dc953961fe21075161b

                                                                                                              SHA1

                                                                                                              3d7841b06be854838031d63bc09049db613cdde9

                                                                                                              SHA256

                                                                                                              94c8107b1dbd806bb931d9c2cd249f8334ed8fa5916fd94290fa92add66f7fee

                                                                                                              SHA512

                                                                                                              bccff112c0c491fe45fcaf53c0968edf1b3077c7611865994b3e1674d5080747ab4745ecc91b4a2ad3434a2c155cc24e2fe39a25c58121f89448ea5247e1a10a

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13357942568918071

                                                                                                              Filesize

                                                                                                              9KB

                                                                                                              MD5

                                                                                                              1b2002ac377c555487c797f75bb92723

                                                                                                              SHA1

                                                                                                              6153b4fea8317db478ae086070b8ab283627540b

                                                                                                              SHA256

                                                                                                              b3c51da8acab4b449ec467fc2e291956fe3bc1658628308dbccfd2835d89e5c7

                                                                                                              SHA512

                                                                                                              9534962395692828fabfce581320c55ef0b3602e00a9b6bff479d90a2c377908b63a1575c96029ce708b29fec4655d44fabe765ce81af7ce958855a66d77ee76

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

                                                                                                              Filesize

                                                                                                              112B

                                                                                                              MD5

                                                                                                              742305159fe7fcdfa4d47ac3757d3240

                                                                                                              SHA1

                                                                                                              72fefe4c68bc7aa7b31a869bded22f848bd6b670

                                                                                                              SHA256

                                                                                                              3357047b6512048acc0c20e789a086c91d082fee58f7bbdc42b0f4080626de66

                                                                                                              SHA512

                                                                                                              b9c95e6d3586e29dd5da4a941ae4b84c194a998a8ab4f0d005b200991ea782d80c3478fc151c1be3d8a2d0c6ec148787820a769eb8a975ace5ba67319a49d8a8

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

                                                                                                              Filesize

                                                                                                              348B

                                                                                                              MD5

                                                                                                              2c2c249dc6da43a14d273afd93030e5e

                                                                                                              SHA1

                                                                                                              3d5623ccce39de580dbb3e3d2f3b969e1e21a400

                                                                                                              SHA256

                                                                                                              8f6fce88783fef0ba60a411ed1c6355b55a6d320dec6b0f1f98318f9bc7dac99

                                                                                                              SHA512

                                                                                                              311c10c2289d6e87baf42028c8ff2edd9cd7bb1c52a0c7e7a4c815d837e621a75dd35dbbde017b1394d26f9dcca462577a35d979e1e0b9c97225e265e0dadf74

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                              MD5

                                                                                                              ea9e814ceb79ae3cb07c0235055fd5bf

                                                                                                              SHA1

                                                                                                              8e192859311baaea3b134b50e32c58fca8e3b144

                                                                                                              SHA256

                                                                                                              2308622211c1c4c1aa1cd50da5ef8470f0dad31c3e41ea954058cf4757c16808

                                                                                                              SHA512

                                                                                                              9bc8a2e103142fd6199d86b16e7b07a37148abbe1e9a2feaa97cf1ef6aea685f69dba554f15734ca1f6083b199a63804a2e2971aa952cc16c2ae7b4affd7af41

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                              Filesize

                                                                                                              324B

                                                                                                              MD5

                                                                                                              49623f0b1204f027c231ef445a2b3f85

                                                                                                              SHA1

                                                                                                              1abdafa4680e9fe6a16a4be6da983ad6f02666aa

                                                                                                              SHA256

                                                                                                              0750d4ee7c9cdde5bcd863b62bff01da9cd8450a0aeadb9b7032d8211d42d0d2

                                                                                                              SHA512

                                                                                                              221d9936870a33e1ad7de1936ab87697932bf98bec90f99282feb94e6c6bb082af7121bdcd0c1f319fed6faca25f01eea4030ce0ae0358acebf8e633b6c5a5a0

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                              MD5

                                                                                                              c2f5e8a3f3a8894ac5ea2647062b449a

                                                                                                              SHA1

                                                                                                              b76de055ddc28dafa7bbf1dcbba1fe6ed42f7178

                                                                                                              SHA256

                                                                                                              1bc78cbe2475e7742cdbb442d22986e2dd0331568e2a5e440868e4649484785a

                                                                                                              SHA512

                                                                                                              9d750635f55387819288e8f3997dc338cbc5e3ce67b32d3131af44e1b597614a4bf844864f093697d14aaf9907265894821378d0b53d2141571e5990d57118e2

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

                                                                                                              Filesize

                                                                                                              92KB

                                                                                                              MD5

                                                                                                              84cb079789ff2c94a84af7d52969f6b8

                                                                                                              SHA1

                                                                                                              90307ed39415a06c8ac081bb36f9c0d3efdce510

                                                                                                              SHA256

                                                                                                              d5ec51f9faeace85667d3c3b811d2853f4c9633080ff4758f15a06569abcf5b9

                                                                                                              SHA512

                                                                                                              1bd3143fc978828f700900db54a77875dc38db166b319826dda33a58d769cbc16ad1bb8a4426650fe77d57c4f20b18efa4ba2467f5d87599ef6448ac02cf242b

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ce023650-9d0b-467b-8b61-93ff7e605b95.tmp

                                                                                                              Filesize

                                                                                                              7KB

                                                                                                              MD5

                                                                                                              08e6828f183590ee7a0c96cc6f8fe43a

                                                                                                              SHA1

                                                                                                              959bdedaee8ab7bc1426deadf7a38dc5f31a07fc

                                                                                                              SHA256

                                                                                                              940b08c85f3c0320c5d0381f7372f62376b3f917eaa579154f0d0e2780eec97d

                                                                                                              SHA512

                                                                                                              37ccbf0c094064f674baf77a51ef1db05f31b9208e10daae702498aa43e198c16cf87812c5663254e0cd4190bf07c7b984d765e4db5c5cc0704676c5395c1b35

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

                                                                                                              Filesize

                                                                                                              2KB

                                                                                                              MD5

                                                                                                              175b469a784ea86352542e84a6322376

                                                                                                              SHA1

                                                                                                              8b456c320e599a0a32c05379e5577f5b16dc756b

                                                                                                              SHA256

                                                                                                              4e9bb12c9ea60c59c009155f4f8edf10bedc8ef0ae037510a58d99381b2a7f4e

                                                                                                              SHA512

                                                                                                              2c700bab1b1e86227f1055ea5ecb7eb78aeabf06a96c933a24026825dc0053727a7b4e051153c7066fb453fba83e7beaf11abe3aa5fcf12cb8ec12ac943029cc

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

                                                                                                              Filesize

                                                                                                              320B

                                                                                                              MD5

                                                                                                              104d03b9acdef0018ea6f9ddcb68bc51

                                                                                                              SHA1

                                                                                                              2136d9e3071608508bed02dd6281e259a873d319

                                                                                                              SHA256

                                                                                                              dc281aec19d326acf7370a4a9870366c91cb512fdfaa163a9ac0569f5b967f82

                                                                                                              SHA512

                                                                                                              3ee968903d6c12bf58201dcee38dc42fcf2d636a0feb5c9b2312e3580c1e5867bb04ed1ad33ec9db34068c3002bfd23e177028420702baf1a50665b9725212dd

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                              Filesize

                                                                                                              889B

                                                                                                              MD5

                                                                                                              1ea84ab3ac45e68097884b3aed4b04a9

                                                                                                              SHA1

                                                                                                              895da928fb439b8a474c613588a089feffb05179

                                                                                                              SHA256

                                                                                                              83377721d2d056cba1bbdcf65c7d9315167d0ce536b0d46fc3db1640b8400a37

                                                                                                              SHA512

                                                                                                              660f54129faeca2e231304b3e9d705a1f0bd1b69098ee932df873eb41963c97d5390fcd38b2b3c1f3be4a7794f260e309449c5e9cc88929aaa8389549356ca0c

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                              Filesize

                                                                                                              338B

                                                                                                              MD5

                                                                                                              6be32d6e4afd27eb0637c7e75aaa7723

                                                                                                              SHA1

                                                                                                              87471e32b7b841b455faab56fde6591b535d21c2

                                                                                                              SHA256

                                                                                                              5dc52cce045b3e8a7325ee26f86df54586da3c457b812515955571fa4616c8c6

                                                                                                              SHA512

                                                                                                              91af1b1037e246622b3dfd88838923d6af1ec816a796221fa39dd46b7202e279937bac0b572a250c51299bbe7a5a4e94381e199442f65c98c3e9674b26e5caba

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

                                                                                                              Filesize

                                                                                                              44KB

                                                                                                              MD5

                                                                                                              8367d39756d115db55627547de119c81

                                                                                                              SHA1

                                                                                                              853912873c596dff99cfdbe2c4552da2c2f797d3

                                                                                                              SHA256

                                                                                                              f463a38ec00786677309768c504c6aeafd72eaeb84acfef7212a0867fb90e19c

                                                                                                              SHA512

                                                                                                              2099e9367d72edcb44966d53a50a5c16e5935a6fa75628d7ba25d71bf1ea8780031a0f0eee37889493ab3017e37252db6be082caebbe16463f44305bb2aee1c0

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

                                                                                                              Filesize

                                                                                                              264KB

                                                                                                              MD5

                                                                                                              a0f54f754fc0b880eecba5cf40ae655e

                                                                                                              SHA1

                                                                                                              07c51d5edc5f24e550308297850358bce191364a

                                                                                                              SHA256

                                                                                                              14947bc744396780ad88b94fa653ee914028c01ce85815934e5673da589a3941

                                                                                                              SHA512

                                                                                                              3ee53d932e5818c451726c22f625fcbdf9ab2f9478a447782f7ad63a1f9aef0cd321cf653b334705a73bff200c87d962088c712fcd2a909e7bd58d6f57b96e63

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

                                                                                                              Filesize

                                                                                                              4.0MB

                                                                                                              MD5

                                                                                                              441e08c20f9e19749aed9ddac47d0a24

                                                                                                              SHA1

                                                                                                              ab6feb6a0c15be4f7ba1e37b5ed622d3317a2854

                                                                                                              SHA256

                                                                                                              46b7d77dedd6ef5fb71a45a02787cd00debaaed7cb56c4014669363b3674f772

                                                                                                              SHA512

                                                                                                              58da02140ce8478796b4d6e899490fa9c1d57ccaaa023c82ecbe50b444f26a09faa5490dc5857ae86b8b850622a536b25451a436495a13874660506e921dc551

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

                                                                                                              Filesize

                                                                                                              14B

                                                                                                              MD5

                                                                                                              9eae63c7a967fc314dd311d9f46a45b7

                                                                                                              SHA1

                                                                                                              caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

                                                                                                              SHA256

                                                                                                              4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

                                                                                                              SHA512

                                                                                                              bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                              Filesize

                                                                                                              236KB

                                                                                                              MD5

                                                                                                              ccdae3bb62713c5d4155c3600de10e9b

                                                                                                              SHA1

                                                                                                              1dfaae3bba1d51a455b996eaad8654b3784a8506

                                                                                                              SHA256

                                                                                                              ff57446ad9ca8c1477bd6a2d880bc579baac76616e45c512d7b4af0a5078b05b

                                                                                                              SHA512

                                                                                                              1fdf49f9083e176cca34aae61325fa4de3b2bf21063235e731a2b14cbfa3a0b08da89a581ab558c8e942e3a5d89782e9eb89b0219169ab0dac4333957a92abc5

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                              Filesize

                                                                                                              137KB

                                                                                                              MD5

                                                                                                              96e0274b1889acac5b3b71daeb125e20

                                                                                                              SHA1

                                                                                                              e688e4df1c11ae86e8b3000a80dc3804f96ec8c6

                                                                                                              SHA256

                                                                                                              d8e3e2398f1507cdf6fe593ba749d92ab3003448d8e97ca8ec5523111ddd6d93

                                                                                                              SHA512

                                                                                                              11168edd9aeb2d36fbfdc16b7b5659008b7efd561ed83c5578ac8ba8092b6740b0e4363a3de5b4c5876292c48366f7bbf316feff980292b0c5ccecf0df67edb5

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                              Filesize

                                                                                                              345KB

                                                                                                              MD5

                                                                                                              a13e19fa593f1f94a0e8217d0bbeb7a2

                                                                                                              SHA1

                                                                                                              5b19b4b43ef71f03c75c3384278256ec9e8532a4

                                                                                                              SHA256

                                                                                                              c624b3208497db287ef14511a68274da5b357029f306b905d6f31ccae9bc3077

                                                                                                              SHA512

                                                                                                              5e406935178f06799e9eb2f9d0e30f6cf68a34b992f527f32a7f6bfb643d48a474dffa661ff664d1b7e0fb2b42e46bba1a2e29b5e05e677ccf99bfc855bbaddc

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                              Filesize

                                                                                                              369KB

                                                                                                              MD5

                                                                                                              a88092ae5d2c27eac89fb35a4b8eee7c

                                                                                                              SHA1

                                                                                                              9cc3e09b6c5bc3c3fae23d10b7eafcedc127beb8

                                                                                                              SHA256

                                                                                                              96534fdd06fdba916db23f693fbc3a346e3d9a39ee8d7d85c338cf71e9e12ab8

                                                                                                              SHA512

                                                                                                              3c24c87ccc351a5b3eb0f2ed10b9423525c82f6e66776f7a0023e9d25b1f3d703fd157c4826e445e39d4a0615af063f4878037b201f893daf013c2b1c8b91405

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                              Filesize

                                                                                                              236KB

                                                                                                              MD5

                                                                                                              03e3a626f67f6aef159b92f08fa56341

                                                                                                              SHA1

                                                                                                              82bb634259432e2bdfd6a22e0c082e9e4d7d307e

                                                                                                              SHA256

                                                                                                              333b3e86f92b938aa6f6427496abeeaa4bccb131080ba026b55885602e1ee221

                                                                                                              SHA512

                                                                                                              5e67de5b3efecbbb3eae7045efadf607ac178464a9045eca4680366f19c5ae82fcc8be42ea67738f75f21f74b73eca0e245d924fb66e21489c46942b103c4e42

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                              Filesize

                                                                                                              273KB

                                                                                                              MD5

                                                                                                              02c50865f77de878f5f08b6ee6d99faa

                                                                                                              SHA1

                                                                                                              b6743536fed382373fafb4f2fbe491adc6655c03

                                                                                                              SHA256

                                                                                                              0fdd4662403c2641892649f853b909c70f00cf12404958d2e97f14e57d7362bd

                                                                                                              SHA512

                                                                                                              2529a93c550c09ae713c2f71fdf1e0632075eda88ec7d0e8c70dfb1e0c9050d7ecdf0c757c264fb1a93db1683cef25d662b2a471d2b840eb2a1e797d06965628

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                              Filesize

                                                                                                              104KB

                                                                                                              MD5

                                                                                                              0be1f922c463a4f4e30bb3ea3ed8c4e1

                                                                                                              SHA1

                                                                                                              0192d64757e78b816146cc213f4fa50649521e0c

                                                                                                              SHA256

                                                                                                              b83656fcebdafa5272b5264d73c4eb5899f50175b87a42b6e0c137ec96dd41d3

                                                                                                              SHA512

                                                                                                              f9276a2805316d36fa000550cfa739729304da1ea7027af2a742dee705b0ffb0164bf8bd3d0e4e38263eaea55b0020fc0b0713538f6cd15e8f1b09eb1848a48c

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                              Filesize

                                                                                                              105KB

                                                                                                              MD5

                                                                                                              f453ef2145dd2fafe9fe93b14c6cf3bf

                                                                                                              SHA1

                                                                                                              df998a884f11c16ae176daffda26b9381558f8fa

                                                                                                              SHA256

                                                                                                              ae8a59fde0ff32087c6b5c1eecae1debb748a6833d6eb0edaef0db6e12fae686

                                                                                                              SHA512

                                                                                                              c5089584a69031c859630e9812ee2582c875b8e119a034bd84dd8efb03a58c08d480ebb77780782845debf3f2892ed925e54c68b0299cc8c1d747860666d6a6e

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                              Filesize

                                                                                                              103KB

                                                                                                              MD5

                                                                                                              bee93bc8f03983d360c2de1bcc1c1ffa

                                                                                                              SHA1

                                                                                                              9b64aa44b7bb0b86bf4766900ca0d0f7257d930c

                                                                                                              SHA256

                                                                                                              ebd1b1fa31b8c1325f19f6b8465e48c11d72c4408b383db45951363d502773c9

                                                                                                              SHA512

                                                                                                              33ce77db4d69b2c95e4556239f15240af813389a54d7f3d2ce5873b3b624bd0ed9ea2e4032940c4cf64cb59309cb2199caa7f42ac37375d9f3acfb06cca7df21

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e4fc.TMP

                                                                                                              Filesize

                                                                                                              93KB

                                                                                                              MD5

                                                                                                              90ec2f7e865276967fb56a2213082585

                                                                                                              SHA1

                                                                                                              d3e7f8b4ba3ae3931f1066e9138462608c2ef480

                                                                                                              SHA256

                                                                                                              764e1e96a918fafc8cbb176d3d5cd0c9e8f72cfbbd4a6ad7a751c3125a806b3e

                                                                                                              SHA512

                                                                                                              9353d1d34f4a81d60e2b1e505cb993814f20b7281476253a631665ee01d5c3a76fcd0e0f316c3cecead92da7654fd0d24b263cb51de5edc26bc8626adcc26858

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                                                                              Filesize

                                                                                                              264KB

                                                                                                              MD5

                                                                                                              86039cb85a7da56584518f5ff0538b01

                                                                                                              SHA1

                                                                                                              c329e04ccbc821e809b4bcd788ff0e9600e00721

                                                                                                              SHA256

                                                                                                              8ec5b6f9c463d08755df9f45ae381dafd23909813e91f8d2b7d313d13b9f8b83

                                                                                                              SHA512

                                                                                                              6463b2ac412febefb72982d6fdc0aa3cae575b99b49e1577cee0cd3ade512346de1377e3cd4590db1b09486da74384ce2d1d81b70241deb25b601caeb31fbaf7

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                                                                                              Filesize

                                                                                                              86B

                                                                                                              MD5

                                                                                                              961e3604f228b0d10541ebf921500c86

                                                                                                              SHA1

                                                                                                              6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                                                                              SHA256

                                                                                                              f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                                                                              SHA512

                                                                                                              535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                              Filesize

                                                                                                              2B

                                                                                                              MD5

                                                                                                              99914b932bd37a50b983c5e7c90ae93b

                                                                                                              SHA1

                                                                                                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                              SHA256

                                                                                                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                              SHA512

                                                                                                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

                                                                                                              Filesize

                                                                                                              256KB

                                                                                                              MD5

                                                                                                              141fcca96aa315f7bd0acb073b32bbbf

                                                                                                              SHA1

                                                                                                              cfb1bad0af5745edc88175a3caa87172fefbf75a

                                                                                                              SHA256

                                                                                                              00a88dbe94cf01e81f3eee31cf72a156fd00dad970508ce371dc3d97909b6e1a

                                                                                                              SHA512

                                                                                                              ee0f7cad7afa8ffb21648d137b352aac71eed2ce567768612d528c66f25b32a7b1ac729a8958315b2ccd48660c993dd2c9c49c53a08ac62b275c4f04e59e0bfc

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.2\WMSDKNS.XML.bak

                                                                                                              Filesize

                                                                                                              9KB

                                                                                                              MD5

                                                                                                              7050d5ae8acfbe560fa11073fef8185d

                                                                                                              SHA1

                                                                                                              5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                                                              SHA256

                                                                                                              cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                                                              SHA512

                                                                                                              a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OBUTXE7E\favicon[1].png

                                                                                                              Filesize

                                                                                                              958B

                                                                                                              MD5

                                                                                                              346e09471362f2907510a31812129cd2

                                                                                                              SHA1

                                                                                                              323b99430dd424604ae57a19a91f25376e209759

                                                                                                              SHA256

                                                                                                              74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

                                                                                                              SHA512

                                                                                                              a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

                                                                                                            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFAF1681FA5461ED6A.TMP

                                                                                                              Filesize

                                                                                                              24KB

                                                                                                              MD5

                                                                                                              ec40c90521168fb95aac8d1fa5cb72f1

                                                                                                              SHA1

                                                                                                              a0db9e912463e05133f94c13a2fe50b0ce6339f5

                                                                                                              SHA256

                                                                                                              2748b6f9e623356f5cc8616664faf37c99f9493d4006849b01e2455c4c3c2b3f

                                                                                                              SHA512

                                                                                                              7adf6fc0acfbded5244025c101352fe8ff7179886c3ad27c6036bf4484bf2e9932b385c2dd788e263e1dc5777d0fd943eda7fa33fb01f193141cf8ec5544eadf

                                                                                                            • C:\Users\Admin\AppData\Local\Temp\v.mp4

                                                                                                              Filesize

                                                                                                              81KB

                                                                                                              MD5

                                                                                                              d2774b188ab5dde3e2df5033a676a0b4

                                                                                                              SHA1

                                                                                                              6e8f668cba211f1c3303e4947676f2fc9e4a1bcc

                                                                                                              SHA256

                                                                                                              95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443

                                                                                                              SHA512

                                                                                                              3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

                                                                                                            • C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

                                                                                                              Filesize

                                                                                                              396B

                                                                                                              MD5

                                                                                                              9037ebf0a18a1c17537832bc73739109

                                                                                                              SHA1

                                                                                                              1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

                                                                                                              SHA256

                                                                                                              38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

                                                                                                              SHA512

                                                                                                              4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

                                                                                                            • C:\Users\Admin\Downloads\000.zip

                                                                                                              Filesize

                                                                                                              119KB

                                                                                                              MD5

                                                                                                              d113bd83e59586dd8f1843bdb9b98ee0

                                                                                                              SHA1

                                                                                                              6c203d91d5184dade63dbab8aecbdfaa8a5402ab

                                                                                                              SHA256

                                                                                                              9d3fe04d88c401178165f7fbdf307ac0fb690cc5fef8b70ee7f380307d4748f8

                                                                                                              SHA512

                                                                                                              0e763ff972068d2d9946a2659968e0f78945e9bf9a73090ec81f2a6f96ac9b43a240544455068d41afa327035b20b0509bb1ad79a28147b6375ed0c0cf3efec5

                                                                                                            • C:\Users\Admin\Downloads\BadRabbit.zip

                                                                                                              Filesize

                                                                                                              393KB

                                                                                                              MD5

                                                                                                              61da9939db42e2c3007ece3f163e2d06

                                                                                                              SHA1

                                                                                                              4bd7e9098de61adecc1bdbd1a01490994d1905fb

                                                                                                              SHA256

                                                                                                              ea8ccb8b5ec36195af831001b3cc46caedfc61a6194e2568901e7685c57ceefa

                                                                                                              SHA512

                                                                                                              14d0bc14a10e5bd8022e7ab4a80f98600f84754c2c80e22a8e3d9f9555dde5bad056d925576b29fc1a37e73c6ebca693687b47317a469a7dfdc4ab0f3d97a63e

                                                                                                            • C:\Users\Admin\Downloads\BadRabbit.zip

                                                                                                              Filesize

                                                                                                              393KB

                                                                                                              MD5

                                                                                                              1b19aba321afc66ab673f1b1d26ea160

                                                                                                              SHA1

                                                                                                              734b3c70e02e405a318ecb1ab60e7450dffbf504

                                                                                                              SHA256

                                                                                                              633c5916521d5652d591c2ce4e143e138408f9c7465399c4c258c3bcca878d49

                                                                                                              SHA512

                                                                                                              2f075e9aed51cf5b4ca281351280c4b83a3e8a844b09a1ea9baa3d8875f77be53f974ec6cce35b613613f6b241e9eb2551e4113df975c4af184424ff98eb88b4

                                                                                                            • C:\Windows\EF0E.tmp

                                                                                                              Filesize

                                                                                                              60KB

                                                                                                              MD5

                                                                                                              347ac3b6b791054de3e5720a7144a977

                                                                                                              SHA1

                                                                                                              413eba3973a15c1a6429d9f170f3e8287f98c21c

                                                                                                              SHA256

                                                                                                              301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c

                                                                                                              SHA512

                                                                                                              9a399916bc681964af1e1061bc0a8e2926307642557539ad587ce6f9b5ef93bdf1820fe5d7b5ffe5f0bb38e5b4dc6add213ba04048c0c7c264646375fcd01787

                                                                                                            • C:\Windows\infpub.dat

                                                                                                              Filesize

                                                                                                              401KB

                                                                                                              MD5

                                                                                                              1d724f95c61f1055f0d02c2154bbccd3

                                                                                                              SHA1

                                                                                                              79116fe99f2b421c52ef64097f0f39b815b20907

                                                                                                              SHA256

                                                                                                              579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648

                                                                                                              SHA512

                                                                                                              f2d7b018d1516df1c97cfff5507957c75c6d9bf8e2ce52ae0052706f4ec62f13eba6d7be17e6ad2b693fdd58e1fd091c37f17bd2b948cdcd9b95b4ad428c0113

                                                                                                            • memory/352-1202-0x00000000001E0000-0x000000000088E000-memory.dmp

                                                                                                              Filesize

                                                                                                              6.7MB

                                                                                                            • memory/352-1201-0x0000000072F70000-0x000000007365E000-memory.dmp

                                                                                                              Filesize

                                                                                                              6.9MB

                                                                                                            • memory/352-1260-0x000000000B8C0000-0x000000000B8D0000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/352-1259-0x000000000CC10000-0x000000000CC20000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/352-1258-0x000000000CC10000-0x000000000CC20000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/352-1252-0x000000000B8C0000-0x000000000B8D0000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/352-2126-0x0000000072F70000-0x000000007365E000-memory.dmp

                                                                                                              Filesize

                                                                                                              6.9MB

                                                                                                            • memory/352-1251-0x000000000B8C0000-0x000000000B8D0000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/352-1248-0x000000000B8C0000-0x000000000B8D0000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/352-1247-0x000000000B8C0000-0x000000000B8D0000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/352-1242-0x000000000B8F0000-0x000000000B928000-memory.dmp

                                                                                                              Filesize

                                                                                                              224KB

                                                                                                            • memory/352-1220-0x0000000002D40000-0x0000000002D50000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/352-1213-0x0000000005820000-0x0000000005D1E000-memory.dmp

                                                                                                              Filesize

                                                                                                              5.0MB

                                                                                                            • memory/352-2104-0x0000000002D40000-0x0000000002D50000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/352-2082-0x0000000072F70000-0x000000007365E000-memory.dmp

                                                                                                              Filesize

                                                                                                              6.9MB

                                                                                                            • memory/352-1203-0x0000000002D40000-0x0000000002D50000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/1808-62-0x00000294C3D60000-0x00000294C3D62000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-373-0x00000294D86E0000-0x00000294D86E2000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-359-0x00000294D7F20000-0x00000294D7F22000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-355-0x00000294D7560000-0x00000294D7562000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-357-0x00000294D7570000-0x00000294D7572000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-65-0x00000294C3D90000-0x00000294C3D92000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-353-0x00000294D7550000-0x00000294D7552000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-313-0x00000294D5300000-0x00000294D5302000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-361-0x00000294D7F30000-0x00000294D7F32000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-363-0x00000294D8020000-0x00000294D8022000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-330-0x00000294D7400000-0x00000294D7420000-memory.dmp

                                                                                                              Filesize

                                                                                                              128KB

                                                                                                            • memory/1808-327-0x00000294D5DF0000-0x00000294D5DF2000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-325-0x00000294D5DD0000-0x00000294D5DD2000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-67-0x00000294C3DD0000-0x00000294C3DD2000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-323-0x00000294D5DC0000-0x00000294D5DC2000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-306-0x00000294D52C0000-0x00000294D52C2000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-318-0x00000294D5DA0000-0x00000294D5DA2000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/1808-316-0x00000294D53E0000-0x00000294D53E2000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/2576-342-0x000001AF98BE0000-0x000001AF98BE1000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                            • memory/2576-415-0x000001AF92D10000-0x000001AF92D12000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/2576-35-0x000001AF926C0000-0x000001AF926C2000-memory.dmp

                                                                                                              Filesize

                                                                                                              8KB

                                                                                                            • memory/2576-418-0x000001AF926F0000-0x000001AF926F1000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                            • memory/2576-16-0x000001AF92DC0000-0x000001AF92DD0000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/2576-422-0x000001AF926B0000-0x000001AF926B1000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                            • memory/2576-343-0x000001AF98BF0000-0x000001AF98BF1000-memory.dmp

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                            • memory/2576-0-0x000001AF92520000-0x000001AF92530000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/3108-810-0x0000000004340000-0x00000000043A8000-memory.dmp

                                                                                                              Filesize

                                                                                                              416KB