764e16a9822cf5a3111b95bbd77e7a03318f6c6bcfd8a7f8f1801ebdc8ed6b93

Analysis

max time kernel
281s
max time network
283s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
23/04/2024, 11:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe9ddaaea413487395b9f0656fd0afd7_obj.zip
Size

23.8MB
MD5

ebab6c81faab28d2b8a521741d7d1c2f
SHA1

f440036ef98772e25d7449a1b9fc2d893ffe12e4
SHA256

764e16a9822cf5a3111b95bbd77e7a03318f6c6bcfd8a7f8f1801ebdc8ed6b93
SHA512

3922dd7637130e4f9a0a3b37d005aabf7569de4b5c338df5f63d154dd5337fb625df545d8d7f0fffd0bb221bcc826a1bcf527dc2ecbec1b9f19695a24a3545ce
SSDEEP

393216:SsSlj/oa0MK/AtlbBD1DmYIWTBaags5F5Y+xKWrA+xywJx4CnPXi/rQ94SiUZ0eD:SBFv0T4tZFl9g2F5VxK0AJwJucXi/USi

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583466370855424"	chrome.exe

Modifies registry class 7 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268\Moniker = "cr.sb.xr3e4d1a088c1f6d498c84f3c86de73ce49f82a104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.xr3e4d1a088c1f6d498c84f3c86de73ce49f82a104	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.xr3e4d1a088c1f6d498c84f3c86de73ce49f82a104\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268\DisplayName = "Chrome Sandbox"	chrome.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
3504	chrome.exe
3504	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeDebugPrivilege	4708	taskmgr.exe
Token: SeSystemProfilePrivilege	4708	taskmgr.exe
Token: SeCreateGlobalPrivilege	4708	taskmgr.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe
Token: SeCreatePagefilePrivilege	3572	chrome.exe
Token: SeShutdownPrivilege	3572	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe

Suspicious use of SendNotifyMessage 54 IoCs

pid	Process
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
3572	chrome.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 5116	3572	chrome.exe	87
PID 3572 wrote to memory of 5116	3572	chrome.exe	87
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 2552	3572	chrome.exe	88
PID 3572 wrote to memory of 1180	3572	chrome.exe	89
PID 3572 wrote to memory of 1180	3572	chrome.exe	89
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90
PID 3572 wrote to memory of 1424	3572	chrome.exe	90

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\fe9ddaaea413487395b9f0656fd0afd7_obj.zip
1⤵
PID:2380

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd717fab58,0x7ffd717fab68,0x7ffd717fab78
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:2
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:8
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4208 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3860 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4348 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4816 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4824 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4616 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4184 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4792 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=device.mojom.XRDeviceService --lang=en-US --service-sandbox-type=xr_compositing --mojo-platform-channel-handle=3436 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4788 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4160 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5104 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5364 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3440 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5472 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5676 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5716 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5720 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5628 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6008 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5872 --field-trial-handle=1828,i,15164838482911253932,15983931817658275096,131072 /prefetch:1
  2⤵
  PID:908

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4204

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
324KB

MD5
b1dd8aa78afcae5fde91823378c09c40

SHA1
cc16660e8f0e24c3554269cb3d22a0994d5171c3

SHA256
9e6cbe23b7d1edd8e30aada555e7011e800c744b69b0b3e4318c97e405013c6c

SHA512
2cf516188dc657615d1284fd3c6cd49775958ddaa2869c8c193d89d9d3e10514b8d29b9931f68c4e03b13c850fb4a8ed6c0557a7e97c75a609b3271d8cfa6496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
138KB

MD5
b5a7fbf278408797de08687d5badcafa

SHA1
091c88063d84057a533398e637ba218fcab135e0

SHA256
3bd38bfaac511788fc123c441600a7ed62bfe2f63faeb584ad354f45139705e7

SHA512
dfea4cc176189dc79c22c25e35a4149ad899706062b3be5c120c6c390ed4762e36d7f4a4dc5def3d0ca9e3101e7421a365b7bb63054f72a28fedef1bbeb6a526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
249KB

MD5
2800dba9fc22d687b9de54ed1b7799b8

SHA1
77c06aa432bb3e81001f83601f301f9f8dbbb55d

SHA256
8c0d61d4ecc1a10cffcd42aa2dcec89ee67d4b45f1c496a3921edc45071bb04b

SHA512
8a6f828d53fda150855dfea837b69182fd22fac0d1b246a210de82ecf4d73a342f9959d7b461d1e41f4f1523f36f9a7b3546dd63f434ba359880764abc695a7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
170KB

MD5
9dc7cc2e3937c67cb86ba20f2caba765

SHA1
b74cca12f74c08825ac701ea415f649c6468c94d

SHA256
63cdac15cad02a96ac9c3631764f41817197a2201ae2cfea8cb1596f792f5446

SHA512
6ae992b75da3bde6db3c5129fe6b1fc6b99b9d22cd4897a8f6ddd3c5490ec1ef3a7dc74c2c96cde36b54df0f0aecd79fdcaeac68fde316e7cb4e4d3c34ad9657

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
66KB

MD5
25a3382f20db29dda373559248dbc605

SHA1
3275d485bb1b9fb16e423216b57fbad011eb2104

SHA256
e4e6e0dbf1603234e5fdfd97e5d7446d4c512b5b24866af96167a421886d2eb1

SHA512
bd76ff19ad7fd5cba66e6f6b46503e61e147b242028f6f8c435e500ed9c0f78c9ff849f2daff4f10787cebc712bac116eb12a4c973447c0523c9dfe367ddac5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
212KB

MD5
c47cc95fcb6264eabc40a6f36a9d9c6f

SHA1
01f2f446ab8575d07fe75b0c6ed53f8e89378267

SHA256
8b607ec01cd668734d551d8e9c53f4a7337a0035308ee4f8efbd643897741d52

SHA512
6c578b08a8588e0f2a48b778584ea4ff86bfd4d3c94d5e8aac54afe0d852a2c1e0bf14ab96f131a71805dbbd2f1016bfdc3a29e1ddeeb7a08ab394848d6f9b97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
47KB

MD5
24edf43fe24e0e2e7352dbf325da6d4f

SHA1
26b8244d8366e748da623305c3640f7067c3c22a

SHA256
26d41b24cbbeb3c94bcbb52078ba4604564b15244e1f7a519d835a46101a7db9

SHA512
9660c8e0aac4c9061c535ffc8058d999b614e891b00bb60de16ba80a4910c79525538875174c7a6cdf430676fdb403ae63be39d2cba81518bb82e48cccf4af64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
17KB

MD5
ed928afd595667ca0c2e222074643c7b

SHA1
eb65ff0930b350185db21bf8108141ec5426d086

SHA256
24034a9242fb7396709cfdfbf716986ddaf1316d2a72968ac9d6cc44a419db26

SHA512
8694414b56039669e1b4195fb1f0c4ff09dc23a1123abac9cd21fc5f8130c7b4f64f5364505cb04034fae1b564634dc91bfa9fe82002b63ff175f4affe612c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
95KB

MD5
7e932c178a1a2bbf09e8d3484b16d8c6

SHA1
be542e31d940563daf1b8530e076fd5d99ef2bb3

SHA256
05d0e53d62deba543a6847e8ac7a6dbc7c6d60b05e27eb1860f098bd26b33ff1

SHA512
31cb094efde12da21482828c0a577b6536b475a958c485dda9c54f46876befb790a24f1311399cdc1164fdff9989121e4fade3ab473df2d7c2c222bdb0391e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
790KB

MD5
7df4db6cad8e834d79568d975dc6fe36

SHA1
69024f7bda88e74699bbfe6c9903b9c33a3f51ba

SHA256
ccff6d3629c6ddf19101273c5e29053d08a8db79c214594b20a782b1fc3101a1

SHA512
c10251f88930014025939ab973d650819a7196614a3f1d0befb9b630af14bac6b768d8ad47ea96bac4d2c862f1c74934224d01c2b8b87019b7cb7dfe24107fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
41KB

MD5
227dbbba8424c549e6ea3287fd824b12

SHA1
bb1d4acf70dcc8bc4b879dbf9f268d49bceea1e4

SHA256
d31cdd0aa74bd8a93456303f90022888530fa328e92d30ffd9c804800462662d

SHA512
a6f55e1169f4b40e334aadfbc00d8aa46a150ddd1a06f171d6879169352df01a0209e16eee544021e263a7ec8023bc0779a99b7ce473767ef8b76a45cc23fc03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
33KB

MD5
a4c226d5bac8343eac0fa246b6e811b7

SHA1
d6f8d9633a59196175d977292bf1d506f4b827b4

SHA256
ba0bc36b759b6fff74654baa95f03d82c56bb6cd4a60c12b651ff6340d22c479

SHA512
c8d8dc026214e4650d10b10f125f824e29923984d25dde97af162e9fe28aa8767c24108d5e1e006775d9c885db6d29d830b242447bc7d1b9be023981d8d0d8eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
201KB

MD5
f5bc40498b73af1cc23f51ea60130601

SHA1
44de2c184cf4e0a2b9106756fc860df9ed584666

SHA256
c11b6273f0c5f039dfef3bf5d8efe45a2ecf65966e89eeb1a6c2277d712ae9fb

SHA512
9c993ef3ec746cbe937bbe32735410257f94ceb6f734d75e401fb78dc2e3ab3b7d83c086086f0e1230dc8dafd5328f9af664341eb781c72e67c4d84d1f6c1112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
93KB

MD5
26bde7276370151d86ab8705bb2c20e5

SHA1
8ae3e5a93c0471e823ad554d48f24cd34c5ae3df

SHA256
d3d107eb3e0e4c1e0a0cba46a62f32ac0a2d82e2b3b2f1957961109409842830

SHA512
72b06a861b54f55e1225e3fcc59753bd20097aeaba13d1f8383ca65bd9b395d1e10104fca3d8fa4a324a2ca0646f2b7629dca556851d7395c56892984a47103f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

Filesize
49KB

MD5
4ef5e4f5b18641574d8e6f379ff4254c

SHA1
e601ba187397466d90d1a0ddfac2722140ebc4b2

SHA256
4303c0b8da0f23571431d1dc96079bebe3fdd350a6073bcc34a1855cfe50edf6

SHA512
573b6e66ef74aa8050ae1faacbeb967cabd118ae90eed4fab652ff9e564ba07bde4200188a877b3a69d97abdefe25bed5be232f2f6918fe47e7b334eaf4b5100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000051

Filesize
139KB

MD5
3340561f6c865b71670da1e66c160683

SHA1
667fcfdbccebb7ee1b952f7b23d6209120bf8c75

SHA256
9217df7f45aee8b1d4c5e00e0997e82f2273cfade71439405e9dcb3d4e253e25

SHA512
f5844739fc3142ed1d295b5bf9ca0f5de4839ad55528144aa66255fde0697d659af2f143b2af272c2d683677d901ef23562c862ef75969b6367798bd8f23fa2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
56KB

MD5
ee16940e75218fe3deb347f507665857

SHA1
a1c585c65cf08d51aa41a15ec1d1788813b95d4f

SHA256
c82dbeb4ba29fdfcc61c23f4f188bfab567b3e03509943c0a5b346b2be34f7d7

SHA512
2022b61423ec3b90cf64f6c32b2e89c7a23f0497442f377d868c10b62330bf7352717cb7b04194ed097e78c3b67151d9a76e8d969887ebefb2e2977123784a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c7cc97be979bc2168de13d64f9657298

SHA1
d7df68c439becb37c5a9414b64fec44b507ef9df

SHA256
3151aad94b686ecbe57661296efec26a6d6e8566f9888fac0a4602dd28b1781a

SHA512
ceae333c2d06265581f334cc96fa718d8caa788bf7a0505dc020659f625172edf688b653002648555426f01b5c503b4c3d100ccf37ff2701d993dc51491e41a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
04328d47748ce23e3e8fdfedbe3567c4

SHA1
479064aa02a5cb12aa4acefdcbb887902705b29e

SHA256
8369d678828e644dad4241455be03d8397d758ee32cbed585387ac1bc76732f3

SHA512
66fc4fec1268d6a26eb0a6e0246c36321e55e1252feaa2907ab32ff57cba691e6555b2c133430679772a3ee80c01c76d88edfa7266aac5b3a949eee53f3466ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f4aaed1a789a6add0a0dbd29f567369d

SHA1
eb55f7ccc90d9b8603c6baf6288e956b0a95348a

SHA256
61d72187869e01fc8a34fbe74b3c1189f7a64dcb2f23838a48603731606e98d7

SHA512
a29b87bebde7e80d25eba65a35b80283d0d97bed9ffcaafa360a04b9b2d58795491bd3813e1569c32186d4965db9bd938cf3dae24d43f148f4eb6709910c967a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
83f519b3c3c05b53b3c8735e8f424df0

SHA1
ff8d2fbf59db972d193e42c34154c17bba284a40

SHA256
d765adde40c648bddfe316023beb96615d758283cbd1f6c7b2ad2a637835b7b7

SHA512
6d501594e246f810fb5dc1596fd332277aea13767f3f451b372c91280a929911f3a5505ca263ebbb359239c6f3a914e9f444f3786b004368ba0f7564c28b4f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
3dda5cf832f7d1d861debb3078252706

SHA1
1e3dd3c557647188ee67baf59b62a7ee620d13d9

SHA256
9282e0cc5ba346a2654f15e4a3041a7430e0aed36e5ac467a0cba412d470f6dd

SHA512
37b1b762abfce92267e822b508b7f37c1d8dc3a08d1c68659201397864cc39c131db76c331417c8586c0c370cb63831d8c077ffb7976971498d00868fa5bd578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6bd18d4ef9685d8338aa25b5b4aab1fd

SHA1
85ab0d156eb43de3c5128af130a2d627150a3d4d

SHA256
c4f409d418380e88740ed79cbf4a06880f2e6e47a3a0ca9500eb970d615b8d9b

SHA512
43414e4630eda02e8d7819f59461e72cdfc18688c9622e784b4ec3f479f138787ecfaf13a092bf9c8b773353f5a0863a95c18202b3c007696673f0650a00fe86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
6e01177b0fee89735ff99d0a14c65f40

SHA1
42c96d6035e270dcbfb6b2c0f603573fd72d0554

SHA256
867059121fb94c8ea1d1766a2fd4f9508fa0218f03fc62d30a77cabe7cf47e9c

SHA512
df1af791de9183f57242b57a6893156ccf31f527b1b7238c9e641ce59f12ec68a0209081e83862649e88e4e51c9c6af32b11355656e18337f2de03db2c87bc70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
021df92f4ac98d6cdb3660194ea2ae1f

SHA1
f1fa0e1c3135b64f718b6b516debb2862f5bcafd

SHA256
0b941bf864ad4ba0b8a15d24b7e3cd266f6f8a8a70314e9e2d2f92bd9e344754

SHA512
9e298bcc9d85cca58486774d0c3f801b1e305c78e4d7094bbaa59510672a08c14e84b42d6af38011f91b5173b674088768f8f4c632472772a1f0e5219e2ce8a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
abeed5e99d57e72b01849c74ba4e6350

SHA1
e8ca8bfef0cabb605f7883535afb5d99643f8a09

SHA256
6e3a319f24e9bba5ee9413a55a15baf5ecccff6960cbe8dd3802de7bc04c8f29

SHA512
3475baa84f1a73d35e3a1ccbfca7e98f76376add776d0885d5425deeb1413dbfc52b3f624f950728837abbe34804cfaa3f6ae039fe483c8b9c5a176e21f741f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
add8ab3a13d610e904c04213bbef449f

SHA1
9656dfcc094858acbea9e5ecdbea21ee7bbf1eda

SHA256
da97693429cfa82644a1d616be6efade77ec2e363e6d55e547c402009bee12e6

SHA512
46efb6f1253901547955f31e929941f1353db3f782413171d559e3523385ca259dfcc6203e7f243af37aaaf7f83cb655407d7f698a55443d4b665d046c4e4b07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cd4157f04827b7fdfdb38fc68dfadd22

SHA1
349568de7e7ac577973e3bdff586dc2756956ffd

SHA256
dcac3abc22a21def6e16c21b2cc617f4fe367094df89dc05c3f45571d8bf48b4

SHA512
aea15076e0709682e3d933abdcf6abe5bde81048b5bef9cf52a966f6530b2588911e7a5fe3baaa963c165fc5b5b5c3fcc6f974eca336c55a7872b289a79b7874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
aea400ee093b866b8117f60d17f99475

SHA1
54c3192ca0c861b96d6815462700d2041cd4bac5

SHA256
d5a13b61dec182e71b08f0b8836448b29ca9d008b7c32b4da5db3aefd5768fc6

SHA512
726695c8b9dd72fc1fe457963a1458c970501064ed0e026413956c8d86a4d06717963a0f7e2bbd754da1a556cb896db684c4ca038c1c0e69b33d5c4055bceb7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
034e11598f703b101cc90197818cdf4a

SHA1
8119083a1c031ae991561b649e8c6c204210a48b

SHA256
736bf52323776f002fb439e309f2426aed31d4b5ba6e39fd50b8323581082565

SHA512
3b0feaa4d51fca8b3f8f24245eb0c12f7e97461a2d0b708484ebdc712fd8a84a71c74ce8c22625703c1c997625eef30215d7b9856e92dd80f647399c5dec5b13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1c218a1a2f3e0a4bfe878491fc541c71

SHA1
ca5c2b60bba20f3a0a1c68e8b6f741153ac4c442

SHA256
01b1b5c3d636db61f6fcc4448cd34d3f5abeb600c8e56bb642c695141dd08759

SHA512
45d453bfcb8bf8bee80aa43d51ace59735313ecca61bab970e5cf5b2765386cc9cc2fcd49206894b7e8061d690243575eb697630a3829be8fb927d249e624dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9937b2dc7cc07f5f82802c0016b15400

SHA1
902dc38b0f5967fd32f082e98d1b4d9c3316c81e

SHA256
00acc920399ec7bcc1d51922446dbbeefff4961ae249faccc6887c1a9936a296

SHA512
ac913fb73cc1f82baff52932bc7b31b2529f4d49d1ab6474368c1c4ff4ecadc625ca68847c79050815d14fe8519f59ea8326aa7ce3d328a34150fd584c15f63e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2bc421b094a9b49fac0dbb28eb02b40e

SHA1
b068080f3728ba503e0266ba27660d987168f8ef

SHA256
f6edd68a9efff489f6150afd2dfb2fd2fa0857af254ce2630ccc9b525ac4ce11

SHA512
86037200e5cd86c8e72df192ee884870c6d78fd091399fd8ecf21e7e06db5b89dbc166687d6f197e47d3198d0060ad4fb0753c63e0b998e8e656dd36931354d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4435132e623e793d11100668a6caabe1

SHA1
e212554ba5aced977caba82d49433a611c49e680

SHA256
54cb82d744617597bb878f4962a50ec1289b0b1d529e61b6beaade36b57e778b

SHA512
7d0514f71691e02b7fb0b5375466d5f1dd0a0ca091bf57eeb4da7d65275d311105c14435a0c5eece02e8e601e2d6d8403980409978329dbe428d587e5acaf2ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3ba14f4a0f4188a5793bad7393d58739

SHA1
eb5eac9451205b374ff98766c4c946bf73c7ebc5

SHA256
9970bf66a76a715753b2fd11df52bf36599f41cc39de2a36bb9fe8ae5df0e21a

SHA512
b69d785be52de75187bc6cadbfeee3b57008556be9bf7f77c66cbf4e07822493a64427e87a6c4ccaf7b01bf76e17405594e58c26e6564042564a996c285d4cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6a2ef051c9c5a8ff2da88193ee07c440

SHA1
3cd0a38a2b1a6698211dee9e9969bb6255efa4a7

SHA256
ba13d36b7f6c72a46c2aca020e85ecdc7dacdb7589d9f1c45c51ac3f88793bd4

SHA512
aaf2d646a1b593c011bdb3f01b5ff9104dee5caae1ad32a4c60f748b47c9f2d77471a0e3ca91c984cc0058507834a90092f225a3572fb65180ea00dc1e51c5a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
01d3bac5ba6420110d0016d70a1817ae

SHA1
82a81a231f008ec38d833c22622266e5507d74ec

SHA256
9d1a6a6a5a9e696996a7dfcdfe6392ef01b89350e2cb951f0f156841f01ec54f

SHA512
6e79682fc84917bb99e03ff002efadcfb9c4cbb6c50126be19ef187867b386f9924657b2d458b0aeb420576b0ba03e6a0114dd28d302ae4b94ef0df81328bd31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
87134423cac7596d43a4ab262a87945a

SHA1
6dc6e89a130ccae9fe6be3601222e3bb27a230b2

SHA256
88b9c3fdc750d7ae673caee09986b696e652e01334eabcdf1d14524c45a2e615

SHA512
310525d22a785d0e4beff649e3c1a816a107d292002d875dd21acf18cb33c5fe4cf3ea0169f7dada1e72023229b62d0ada44e063f9313f512c9ffedeed6f6136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e2b9f8966024930677c697b563597cae

SHA1
f5a33ad4856810459aa58b44b15278abd273c4d3

SHA256
859def4e64a21f4a63c549be69396d7bcc2cfb5fdbce72bc4a8007a24829d3f8

SHA512
4cc3a6d5c2851e393ccea1311cdf8c47431cabc1953bf0f9cc3b0eb476b5c91dff17dd426339855ca54e0b3344230e641b9b3af2c13d27d6a8fb17806b919713

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
fa331647983e5bfb961982601b8dea17

SHA1
503b2ba7c1cd08a843072181b0cf764813666a2f

SHA256
ba2095ac9cfb127144e107da978fabfd80e8cdbc8d0aef2842d4664644db5f26

SHA512
a27521fcd90a852adbc7593bbe69c084836365eded3dbc0dd53ac5787cea9a5354ee271213a3a99e19ed9d684c99c653c1bc1b9342855043a112f9f92edd8ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
eb7a2b9656d5d653e83c5c9adadc6de4

SHA1
7e854f182284878040825d02a62d5c50a35b1a07

SHA256
809b95a8f2987318500306ed455885b09eb0427041675d35ed01f7b320f57e3c

SHA512
f3923d16fa8ad2ee4ab2f36d62dc5757a749bf01a138b5a8d396f5fa75adf59ddb53cc3df7e37633514927c0797cb923044cb0b8cdb32c3133214cfa0614c112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe590edb.TMP

Filesize
120B

MD5
695eaa9b07bf38f804d5791b9e0c2afc

SHA1
86f4ec26d2b65d3b65653d12bd7e036760ebe959

SHA256
2d2d701e2fa7fe72a3727cf5d654c6231f6752c23e7116020c039f7aea18959a

SHA512
223510deafc35e8d7375f25d8965297c28e598a346cdaa591b4c6d4a10c55b5c1b69a82d112b4e3ce680d5b3989da855f0a6941a15f07ecacd1d3b785dbd3bd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
5657444c581566072ea0131542727de3

SHA1
207227a334867f0551259fa086144e7732843301

SHA256
502bee721ff83e1943f3558f3153efb88cc62b35b4e960ae58d2fa9de00f7e00

SHA512
13f04517289f37c9aa129051cab82592f19e52142fa4ee575778948e50f6ca8488743c0ef5db52a4fa3acd0eb828f154d4b1f41733f3f27593cecab42611d273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
84KB

MD5
5ff64f249d0f2d0ae8cbde34131eecef

SHA1
04b7c108156a95d8a42917c847bace3767731068

SHA256
ee15550747a585b824d4db0508d4636c28716eaa80f29a93df88b6fde7567abf

SHA512
41e1034ff51d921c13acbfb8bd91a390cb8d21dc8524614ea43edc1e94f047e753adf6313e43f78397db0b4cf7b06681dd88dd4a07347fa2f68c8dc5620ede9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
1b756199bfe6361db87151c54df1408b

SHA1
e056f46c92ac1da16266c101c7e000178eaf8e85

SHA256
62d44af9de37c1c8148b0b741353193ca884081162890f38c011a7ca5c9b5c06

SHA512
c2453fff13c6b2847759e8a2263c0d0fbc8f9132ec678f60d5f7e24a0e683cdf17236c1348af99ed48006e648ca413a58e3dfca3f91db08c552b76295b3db5d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
86KB

MD5
7c3ddc63df4400fb8c17b57b333e6ca1

SHA1
6c53ac6000f96988c37d3790b54b3f063faba0cf

SHA256
9d3567b09dbe845692786665b2363a78a6b9edd3b47d2ee25d2c88a77840ae94

SHA512
ab251c1520fe91beeae4b49d77e8b62da6feeb32fc693ef09c45494c06a7c7ee6145be24554c9c4aa6b24b24ad35fdcaa06f302d6076f2b5c7505f1a606a806c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe598822.TMP

Filesize
82KB

MD5
33964b09379a5eb3aac840e8868ac94d

SHA1
bccbd0ec758bf3686bb36a0f2ee22ced6d86367d

SHA256
261f1e3f3b6310d6b2a9c8e36a10cfb9e40fc09597a9438f89901044c128b1de

SHA512
504e906565e21c9862aa797cf11bf45b0db29f7e975c2dd6b42641bce2adccab74b7f550601f15715cb0e165c6be2d31875a99a7fcbcff926820e3d6a4ded907

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4708-75-0x0000028ECA440000-0x0000028ECA441000-memory.dmp

Filesize
4KB

Download
memory/4708-65-0x0000028ECA440000-0x0000028ECA441000-memory.dmp

Filesize
4KB

Download
memory/4708-64-0x0000028ECA440000-0x0000028ECA441000-memory.dmp

Filesize
4KB

Download
memory/4708-63-0x0000028ECA440000-0x0000028ECA441000-memory.dmp

Filesize
4KB

Download
memory/4708-70-0x0000028ECA440000-0x0000028ECA441000-memory.dmp

Filesize
4KB

Download
memory/4708-69-0x0000028ECA440000-0x0000028ECA441000-memory.dmp

Filesize
4KB

Download
memory/4708-71-0x0000028ECA440000-0x0000028ECA441000-memory.dmp

Filesize
4KB

Download
memory/4708-73-0x0000028ECA440000-0x0000028ECA441000-memory.dmp

Filesize
4KB

Download
memory/4708-72-0x0000028ECA440000-0x0000028ECA441000-memory.dmp

Filesize
4KB

Download
memory/4708-74-0x0000028ECA440000-0x0000028ECA441000-memory.dmp

Filesize
4KB

Download