0f71d3af9a3af791b378eef2095e741a4829b87c0ec88ac76dea2f1af19f5437

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[CD] Mass Effect [L] [RUS ENG] (2008, RPG) (1.00 1.02) [1С] [rutracker-5468771].torrent
Size

35KB
MD5

ef00f075fd14de69328dd918f3c08eee
SHA1

a469ada4863bf1ab2f13cf17e73a4b2473699373
SHA256

0f71d3af9a3af791b378eef2095e741a4829b87c0ec88ac76dea2f1af19f5437
SHA512

ea33ee77b95f0c41cef174aa7547ed8c8e5bae8c514d32e17295766f469b8e6c7c01475b9ff8d5a021be27f6893a48f962f3389510d87af1467172dc983c0a69
SSDEEP

768:zs5clUKg8wHwWtjYkLa3y8dwDpueE1Fpw6PpMBIzPdUJ2QlBVRQ:znlg8/ijnLq4u5PbPgBVRQ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583834966925469"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2396	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
3008	chrome.exe
3008	chrome.exe
652	chrome.exe
652	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4904	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeCreatePagefilePrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	652	chrome.exe
Token: SeCreatePagefilePrivilege	652	chrome.exe
Token: SeShutdownPrivilege	652	chrome.exe
Token: SeCreatePagefilePrivilege	652	chrome.exe
Token: SeShutdownPrivilege	652	chrome.exe
Token: SeCreatePagefilePrivilege	652	chrome.exe
Token: SeShutdownPrivilege	652	chrome.exe
Token: SeCreatePagefilePrivilege	652	chrome.exe
Token: SeShutdownPrivilege	652	chrome.exe
Token: SeCreatePagefilePrivilege	652	chrome.exe
Token: SeShutdownPrivilege	652	chrome.exe
Token: SeCreatePagefilePrivilege	652	chrome.exe
Token: SeShutdownPrivilege	652	chrome.exe
Token: SeCreatePagefilePrivilege	652	chrome.exe
Token: SeShutdownPrivilege	652	chrome.exe
Token: SeCreatePagefilePrivilege	652	chrome.exe
Token: SeShutdownPrivilege	652	chrome.exe
Token: SeCreatePagefilePrivilege	652	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe
652	chrome.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4904	OpenWith.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
4308	AcroRd32.exe
2396	POWERPNT.EXE
2396	POWERPNT.EXE
2396	POWERPNT.EXE
2396	POWERPNT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 4308	4904	OpenWith.exe	101
PID 4904 wrote to memory of 4308	4904	OpenWith.exe	101
PID 4904 wrote to memory of 4308	4904	OpenWith.exe	101
PID 4308 wrote to memory of 4312	4308	AcroRd32.exe	104
PID 4308 wrote to memory of 4312	4308	AcroRd32.exe	104
PID 4308 wrote to memory of 4312	4308	AcroRd32.exe	104
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 1972	4312	RdrCEF.exe	106
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108
PID 4312 wrote to memory of 3128	4312	RdrCEF.exe	108

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\[CD] Mass Effect [L] [RUS ENG] (2008, RPG) (1.00 1.02) [1С] [rutracker-5468771].torrent"
1⤵
- Modifies registry class
PID:920

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\[CD] Mass Effect [L] [RUS ENG] (2008, RPG) (1.00 1.02) [1С] [rutracker-5468771].torrent"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4308
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4312
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DB906DE49C866A703E65DB2149E0BC42 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:1972
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CC5F61DE90BFC6C94DFE19AB2EAD2687 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CC5F61DE90BFC6C94DFE19AB2EAD2687 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:3128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdc30eab58,0x7ffdc30eab68,0x7ffdc30eab78
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=2040,i,8674165763188754127,2076218976202917852,131072 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=2040,i,8674165763188754127,2076218976202917852,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2312 --field-trial-handle=2040,i,8674165763188754127,2076218976202917852,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=2040,i,8674165763188754127,2076218976202917852,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=2040,i,8674165763188754127,2076218976202917852,131072 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=2040,i,8674165763188754127,2076218976202917852,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=2040,i,8674165763188754127,2076218976202917852,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=2040,i,8674165763188754127,2076218976202917852,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=2040,i,8674165763188754127,2076218976202917852,131072 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=2040,i,8674165763188754127,2076218976202917852,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=2040,i,8674165763188754127,2076218976202917852,131072 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=2040,i,8674165763188754127,2076218976202917852,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=2040,i,8674165763188754127,2076218976202917852,131072 /prefetch:8
  2⤵
  PID:1052

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4284

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc30eab58,0x7ffdc30eab68,0x7ffdc30eab78
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1896,i,2598380226102291315,4324756508944184789,131072 /prefetch:2
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1896,i,2598380226102291315,4324756508944184789,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1896,i,2598380226102291315,4324756508944184789,131072 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1896,i,2598380226102291315,4324756508944184789,131072 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1896,i,2598380226102291315,4324756508944184789,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4272 --field-trial-handle=1896,i,2598380226102291315,4324756508944184789,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4428 --field-trial-handle=1896,i,2598380226102291315,4324756508944184789,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1896,i,2598380226102291315,4324756508944184789,131072 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4416 --field-trial-handle=1896,i,2598380226102291315,4324756508944184789,131072 /prefetch:8
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4308 --field-trial-handle=1896,i,2598380226102291315,4324756508944184789,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1896,i,2598380226102291315,4324756508944184789,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1896,i,2598380226102291315,4324756508944184789,131072 /prefetch:8
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1896,i,2598380226102291315,4324756508944184789,131072 /prefetch:8
  2⤵
  PID:688

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
273d2cbce45caf2ede717d027049f931

SHA1
4d3880a875edaa72dd9cf1b44108c5748cb3dca2

SHA256
37b7d501862fc5714342a23f53d38d130e4f685f0c7302c4cf9df83e20d07154

SHA512
c2dfff0f1d845d68cac6758161653cad51fc47644cb4231bd92dbf4a140b50876312b254f9381a5b8c42723d00e123956706e94c2c41354d36c577c79de8f5ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
b91ee9a2ae0abea9ee177f60c0ab0f04

SHA1
60a92637500ed37e1d30cf69cfe3cad6c65c88f2

SHA256
dee37c261d96527119d1c06bb6fc44f917d8fd39b914de6902b34d7c04973fd0

SHA512
47427b6c13826ee1b0cde5ab9b936b0eee262b0848c56ed24940ae83b025673235f03a84c428d4b85a687e2a093edf77aabca9652ce495e6031f371fe8881794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
bb2ef3944fe47b32110d3861e95f91e8

SHA1
f17373d890f088d82af67752fd7238496f0c0103

SHA256
1b61e116dbe299330ef49b953788b613be7a7c2dae3db7b859c8a472cc05bc6d

SHA512
4a67eeac3b62f5b397a1766e2602e2cd466bf9523ecb176a0bc2bb3a1ef6121051f636fa7e38a3d7809e967441ab754a7f37365eadefbcb62d20b81edc46f1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
d83f474046e9579f5029c6abb4943771

SHA1
f632220092866f8f26dbe5823c7dad13c0118ff5

SHA256
193b0f632e77d723822c1ca6d4a521c09c965da0749323ec1a6083987ced54d6

SHA512
2b7731fb1719c37bff92f5094c4959cf419ff294e9ad04aac08a917dcc4581e2064dbe98c4aaba7aac1d97611cd83c0ace034d198a7b7b2af2281589e4431a51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
34KB

MD5
9366497c51b69b14b92788fc74a4e872

SHA1
7fe17c2b6d9221faf2d695ebce172313be4d03c7

SHA256
97c55f4fac921cb7dc7570706b6bbc5fe4b9b560186e8dda8910133773658618

SHA512
3fbb3d202b778074a497f77c1d4f04d624c3b94d14cfcb2e681fc466ccfd14cbc67137cdb1f14786380a0b82b969ff2601b343c5c333dba7249081a85f558ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
59KB

MD5
6cabb24ad5fc48d56a76d3fa7238af97

SHA1
4978f7fae8382380ce65905069275b7ee804ac6b

SHA256
689a7c6c1db239b17cf9e8c64b63da76d3482d24770f0eab93720c4c714e1d59

SHA512
efa07bb94fee055f2c03d6f6adca4c8350cd99cd0048dea41c76cf2dd93d3ac6c3bbe9b3ebf81aac3f22e5d2840668c0887cc52b4e536c9844ca9663e8c34197

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
58KB

MD5
9b603992d96c764cbd57766940845236

SHA1
4f081f843a1ae0bbd5df265e00826af6c580cfe7

SHA256
520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b

SHA512
abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
49a1fb370f896e390f0371f5cd856afe

SHA1
80a59db991eebd6fdadda0b2ec7c73405c2db180

SHA256
7a212043e773e90bd51f08f91d01edda192683da187e94ab19019a39bba8355f

SHA512
bfb514fe60112f9ee2d70e5b9e67f3fc53d6af39f2d4cec26c18a3c8fc793a17a86ab32f8a4e15553df3b14ce4ad04e7e3b657d4c9fe155898db551afa5f6de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
81f0c9d7244256bf63c9138ae423e16a

SHA1
f5c021919bf8748abfcfbaef1469693554f055f8

SHA256
19dabef71b7051e287e6444ba34b71cdd15a2ef57745ba88a2e45704dca247f7

SHA512
c07edace08d99a023362f1e12fa792a1ca975f08cbf657be8586fb2f371c3244a22af450ffea026f966257742f1ce9f50540d223dc9d92d4e96c95d69a800e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
42caef1cccc846d0813c21dac23a82c6

SHA1
2421aa58021d398863e98b5c82fc4000d65f4c21

SHA256
9677bcc158cfdf88394f08914969d7cb12da14a2e489263131b84ad51d722f54

SHA512
106d644f51234d6990f34ff2bdb1550d089fa0602721149384c5dfcf50966da0ea7076c0091ab83a891e9c047502d2d64734db7c10e9a9b1dc52afe1c1587868

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a3f6bc2d390cd39a32ba49a594451b33

SHA1
f9a7eb471c6300f312c61c0b51cce8d99c5c7afd

SHA256
2f5ed25782c11a5ce417bf91bac4093530933c3febc64ba233ddccaeb2f2a52b

SHA512
0fbb2e0bca309155384cbf108bd1358b57b191f3013db2812330644bfaeb6c0b8c7a0da4f680bee63de3a870eed47c67c9770d023bde84c9cf33d1f0149d9f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
6fa94be849217cfdbe88b7b566b1dd61

SHA1
a2250d0995030350e95468234338279146d5375a

SHA256
8fb700e412f2e615e9b95a0bd42dfcc1f2a9cad6c622e85b44597bec1269ee9c

SHA512
fc74d58ca52f163073ad3153eb15483fd1ce2b874a5362c30b229e2802c26ec3043a28f196efadbfef0571ebf6735159c6b6fd15053ef176a69ab313fec17f44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8538a25ec26df5a13af7d035b7f01700

SHA1
667de26cd699742da91d444860bba4f995fe0d5b

SHA256
68f6f9b4e59eca77459f501d8f5866d2bd946ef1992ed43d77645b3b88a1da36

SHA512
e1115e8d259d1333f3f3c67e2a6c250c864464738fc9f6d864118f736bf7f8f0d42bf98852c6dd012cc1493c0926a90ba4e37b911b9be3d605844a2315019d6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
68686140aaeed782f7da946a541208c8

SHA1
b270feb3d43379a3bcce8a69f948f27ac8988486

SHA256
1eb08140362c9af2e94b504e270dbc22bf660ccc4768e2491605699fddbf6e3e

SHA512
891c3cb84a63bd94eba14136477e5855fcea249c58ec1d1f028df576a47496c6268c5e46dfd24825440268fffdaa7d68038722283f42166f27c1ebd860e673aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d0c1a528ba09b5281b92794a2970fe1a

SHA1
bce7cbaa68f0b33890edcd4cbf27239284dce455

SHA256
b63183ef6a690f7d3b3b19d6a7bf41e7e5f37606fe4ee33f5202fbd3200706dc

SHA512
e8ab45d50c80d25ea31d9c0c9c940c6dfbcb6979242332fea458da154cfbffffaf2a7a8d55827e38aa6d346f29e6b2de2b6ae26b913090011fe3557e23afac5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9c60788fae323cc6ab15ead1485b2cca

SHA1
bc4c724493aa15b7a25cfb22b7428938b2c91741

SHA256
6d583e141b143339bf2c90adbeccd0b6b1d913d821c934589a4663a6ca5dc0ab

SHA512
e899f8d11af650014dc2a8da523b8004ef455c4fbc72a27bfb9e7343a6c3d4def757c61a4c2b4430ec1d3263b36f0e070321be7f125827a9ffbfb573647e8aa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\dark_logo

Filesize
58KB

MD5
e18f47fe4be41bdad18aa486fadddb9f

SHA1
578813d1892201b59d34e6753aa99aec7e580a8a

SHA256
0275cee89af09fc27cdd38fe12ea97fdf813e3439aa598f54d67b98fd34eb851

SHA512
2b6c2826e96aa383bb5a791099d9b3e636825621c27c7912aa8d0d35fb71c1545a942edc2e244526dce91758cf9156c2dab3d789a135ff97a5ee60b8fcc43fa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\metadata

Filesize
2KB

MD5
4c712bf7aef24351c61d8bdfa617e941

SHA1
26965bce8ece3eccb1ead6e5d68c6d58299e12a3

SHA256
08608bb6d81bde0477873a1a53ef2b7ff0c31cbb054405a0721af2c564d04e46

SHA512
7a61d42c7c13df18a84650fd3ae6a4895acf14b1eb3cc172c2306e00bf2a2e96be644948c233bde6719b4769a646df4461942b45d3dd574e6f7ca9e66e2d4c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
9fcbb4a67ddf37b9b4c4b27c27b885a3

SHA1
e0c939da91264decc6b485582a07a3ee93feb428

SHA256
c3708b2070490e04d7a6ec49ccd627c47be21dbe2f915793afc7be7788590a77

SHA512
2c244cd873f32595a34d8268e45afdd43b19f5c737b2d3585e15a898ca93b3980d4808430d69900c2ba7a8808d8d023ea82038a58114656d5e4822d15393f7bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
95f7a086aa964020af6df94fb73512f3

SHA1
775a34f34cc9b085131e666edc6f2c48e1191133

SHA256
ea7282b7d7870d1ef109766a6095fd1ab6058082a9b746e448cce026930cf06b

SHA512
a01f84a888e7b158c0b395f5a0c5dcce9023b4400a4e80c6d0d32d409fb867c4cad6d197ab803ce7dfbb8548da6561e1c6a33932b0873b46010707b0e218c46b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13358383495878870

Filesize
2KB

MD5
601aef3a9444b774ec1398cb82eddb38

SHA1
a994705334724e867caa8a74c3a2059425ff08bf

SHA256
b8813db884421cac791ada5ade4f2e06672e728d01e4922c56c67314560857ed

SHA512
e3844f9792b2c6959d7f6fa3809411f3fd0eb3a04ce50403e269af5ca61741dc16709640c0e75ef0028546e4367c0e3f4b6cbcc9e4ad8c3169a870d3f1ca8802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
21e7fb8b6ab1173af499464270d7b53c

SHA1
c54085a50749e2be69ae649446fec30b778cd16b

SHA256
ee892488c9eb7a7b8fb489f77d63bc4ea9cb29e8bfa512c80182f8f910c8a984

SHA512
0de0f228d00a069fb0abc9109fc52cef2d85843fd5e147df281866dc9daed0f82d0ca4cbf00178ab22d5357c2de79def39039b1dbb6f7307bd544130379f15e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
0d1065a8a39cb3961f1743597d765658

SHA1
94c3bf28591c4f012c5800998dcb014afd0a0fb9

SHA256
c8dfbc1b0d67c2849f2e39f30e750771db2b402cad6e06b7ebbee4706a6d2d5e

SHA512
161731b9e154141f871a8806aa81fddc794286774a35037cbd2c1406f8a42f7e1fc47b1b47e748da6036a76b409faa8bcd573d778584b4b43306f70353d9af46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
66a4b581b33cbdeb6d1b0cbe8d0c3d4e

SHA1
1997cf5bf5c1e34062bc768c19716d153c76af70

SHA256
8a0732654926c5dbd1fc168007fe765fda5b5533f3f70d89e430c45cd0d95404

SHA512
ee1de0f1c34626f3c4a37727f97a68f215332a1d8628812fd15dce7e8e6e745fabd4e33e41faebcfa320425ddaa6f5dea176c1e23d9164a0bf5db21df8c8d795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
29eca22ee71579657597965c1779d7a0

SHA1
5afe381413a0f4610c499a08010be3ddb2174e44

SHA256
71a9552ed822ece64ff229b8594ea543cd74ba65f862650c83db7fef24611ace

SHA512
6442f2ccf3ae0f3423ccda4afe76665454ff53da94069dd970d919174a3b7e709cf18909e4f6d99d86a920e4069c332e9f4320e8be85a0c732e2ae01d9c41dd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
f612c30bcc7fcef3af49789f3909e5cf

SHA1
e1798e4a3e03e22050c458fc45dba826bf76626a

SHA256
9a0d120dfa23ae1aca4448fa6111fcadd30ec066244f8c71788c1914c0024c41

SHA512
c15278cfd800012f211acb316cbfa18b2da5ac286949193092179dd7a0e8c4673f164645513579d399ad811f5c35ab4b52dc3f0f20148624ccf9d0baa7498318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
d727d16fe4dbc61e4829361789ff35ce

SHA1
43a5d88e23a2dedecb7e90054708d40154b37741

SHA256
4f4cb7ccdbb08f4ca0622690c7ef03d57cb19b32b2cc0dcbd1bbdb9d980e2afb

SHA512
d74e703be3dff917130e5ec0c1bd2d3e3939b52e7c4ff3ba35a74324267586bd2e418cb60368a899a35c45b7b225cacea77fc4e9aa77e081965a58ada450f3c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
46a5bc3a9fd9b73215cc4a2612975386

SHA1
f9b4e878b22934ecf7069da5c64a62f4d6874a74

SHA256
1bc3e123f2f54b00ce701663f26e1e9eb1833f2b9e114c7b20badc127df0c899

SHA512
bcff4c68e0be2469295e495b77579b9360ab6acdea9662b79709637c2fa68acde56dc32c17f84c6ca1c6e0ee4522e5039326dc04acd653ae0005794b1a9462c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
a644ae1fe0139177452fa0dd5d7b8266

SHA1
4e62447bba30ea67387872dff6cfa9a266ca1f76

SHA256
88a4e05554f30624205f3237474a0153a1cfc0a331407b9f35dc318e6d4eb6c5

SHA512
48f32e4ea621f64368790b1a9d2c9512108987b39e93f9976ccefbade345affed4e071ab581c2aa4602235014d8e7905f99c6ff3ea5989c00df4cd5aff200d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
527f93b1355e00a49106cc1b13f57d14

SHA1
36986d0e2fd11ccd56a2b6ee6a1b2a39581fc9b9

SHA256
f0435ee43bf45808d96b193e4a2aa5698209ac55b9dca4fc3995384ce8fdd3fe

SHA512
2789f5bd8bcd0cc1d34ac9b28303275fddf8396b00885bfb934dd603aa3fac107dc5e98ab2496042815f07d2ffb47643e87829da2ba4245e64ab6759ed3497f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
bb967e5a48f48daae3de67bb1bd623ab

SHA1
ea37b3d7c8741e9836ae4e78cccf015f62c0d128

SHA256
c7aec38af9ac006eea9e60095c3e9f538b2e375bb86d8fbf011ae7e9d17be47a

SHA512
b18151c50b47496072bc0d903dad41e65dcf8e131b56a59d7889056be3984be4703343408e7e517db98a93a51121001393d933732ce0fa245cb781f701444909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
2a7aeb19a0aec5c7c989c78503dd0e1f

SHA1
106ef8307a4aced0f04443ca9237aebcea9a5613

SHA256
f0fd76f57e7edc8bd0f09375c6891bc0ae105127293b36c82c213453573c3f66

SHA512
3326c2061538ac38206b39aaed08ad1ff55a7cc8eeff624443d3ff26183e058014f0164e89a3652e1c717b767c5fcd356613c4988b72691856047b2b5caf978f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
c798db73f007f47c52822a42295c3f57

SHA1
40b1ebac3c1b883dbe880987172593bda2c4c2df

SHA256
d710e356a963d2c843213f433e3f2d6871570aa2a37b360aa2e4522289781e2c

SHA512
41b74867e43ed8241db098e6ddaeeb78f49be8c323dd2334b0db6409d5cbd5afe41a9f668128ea9669c2b8a2cacc8f293db7ca3a62c8be55784ddbc2e16e7edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
25fd5c861e2e36c58f25b68ac0f691ca

SHA1
74fab253eda31308f77af668de7c3de54f8261ad

SHA256
660b2c13981f04841bab60ee5964e2bd0826a0e28b1f9d41bf515a9eaf6f7ff7

SHA512
056d1fe11b0952f3c598800b3634b466e7841db5019d38c62fc5d336fe304877fb2c13344f3b4405c5dcdd7fdf189e17671b6ac2eecd06a10c4a907647f32506

Download Submit
memory/2396-181-0x00007FFD932F0000-0x00007FFD93300000-memory.dmp

Filesize
64KB

Download
memory/2396-211-0x00007FFD95AF0000-0x00007FFD95B00000-memory.dmp

Filesize
64KB

Download
memory/2396-180-0x00007FFDD5A70000-0x00007FFDD5C65000-memory.dmp

Filesize
2.0MB

Download
memory/2396-210-0x00007FFD95AF0000-0x00007FFD95B00000-memory.dmp

Filesize
64KB

Download
memory/2396-187-0x00007FFDD5A70000-0x00007FFDD5C65000-memory.dmp

Filesize
2.0MB

Download
memory/2396-186-0x00007FFD932F0000-0x00007FFD93300000-memory.dmp

Filesize
64KB

Download
memory/2396-185-0x00007FFDD5A70000-0x00007FFDD5C65000-memory.dmp

Filesize
2.0MB

Download
memory/2396-184-0x00007FFDD5A70000-0x00007FFDD5C65000-memory.dmp

Filesize
2.0MB

Download
memory/2396-179-0x00007FFDD5A70000-0x00007FFDD5C65000-memory.dmp

Filesize
2.0MB

Download
memory/2396-182-0x00007FFDD5A70000-0x00007FFDD5C65000-memory.dmp

Filesize
2.0MB

Download
memory/2396-171-0x00007FFD95AF0000-0x00007FFD95B00000-memory.dmp

Filesize
64KB

Download
memory/2396-212-0x00007FFD95AF0000-0x00007FFD95B00000-memory.dmp

Filesize
64KB

Download
memory/2396-183-0x00007FFDD5A70000-0x00007FFDD5C65000-memory.dmp

Filesize
2.0MB

Download
memory/2396-178-0x00007FFDD5A70000-0x00007FFDD5C65000-memory.dmp

Filesize
2.0MB

Download
memory/2396-177-0x00007FFD95AF0000-0x00007FFD95B00000-memory.dmp

Filesize
64KB

Download
memory/2396-176-0x00007FFDD5A70000-0x00007FFDD5C65000-memory.dmp

Filesize
2.0MB

Download
memory/2396-174-0x00007FFD95AF0000-0x00007FFD95B00000-memory.dmp

Filesize
64KB

Download
memory/2396-214-0x00007FFDD5A70000-0x00007FFDD5C65000-memory.dmp

Filesize
2.0MB

Download
memory/2396-175-0x00007FFDD5A70000-0x00007FFDD5C65000-memory.dmp

Filesize
2.0MB

Download
memory/2396-173-0x00007FFD95AF0000-0x00007FFD95B00000-memory.dmp

Filesize
64KB

Download
memory/2396-172-0x00007FFD95AF0000-0x00007FFD95B00000-memory.dmp

Filesize
64KB

Download
memory/2396-213-0x00007FFD95AF0000-0x00007FFD95B00000-memory.dmp

Filesize
64KB

Download