bd454f23ca60e35b9442b70b28762e9f8e70116757a0a37ac30335b6aff8ffda

Resubmissions

01/05/2024, 16:04

240501-th2jaach66 1

29/04/2024, 17:15

240429-vsye2sgd2t 8

29/04/2024, 17:08

240429-vnv45agb91 5

Analysis

max time kernel
2700s
max time network
2692s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

1KB
MD5

e7c33e896fc6a6c7d635fc478b7ed5ef
SHA1

b2b0e2d14719a991c2490cd6305d38432cfb5b01
SHA256

bd454f23ca60e35b9442b70b28762e9f8e70116757a0a37ac30335b6aff8ffda
SHA512

1aab589a70e9f8058483fe128fe490baec3f676dbfa8840bf7084fcdf5aada519d697cc250faf67586ee29abbdafdbae64c24467b3d8ea86419aa4a76dc12dda

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590532485374931"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
4852	msedge.exe
4852	msedge.exe
808	identity_helper.exe
808	identity_helper.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
8440	chrome.exe
8440	chrome.exe
1216	chrome.exe
1216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 63 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: 33	2960	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2960	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3344	Raldi's Crackhouse.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 4632	4852	msedge.exe	81
PID 4852 wrote to memory of 4632	4852	msedge.exe	81
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 1848	4852	msedge.exe	82
PID 4852 wrote to memory of 3596	4852	msedge.exe	83
PID 4852 wrote to memory of 3596	4852	msedge.exe	83
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84
PID 4852 wrote to memory of 1676	4852	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff9a06c46f8,0x7ff9a06c4708,0x7ff9a06c4718
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,13642873096935648718,7137433180958675391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,13642873096935648718,7137433180958675391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,13642873096935648718,7137433180958675391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13642873096935648718,7137433180958675391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13642873096935648718,7137433180958675391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,13642873096935648718,7137433180958675391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,13642873096935648718,7137433180958675391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13642873096935648718,7137433180958675391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13642873096935648718,7137433180958675391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13642873096935648718,7137433180958675391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13642873096935648718,7137433180958675391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,13642873096935648718,7137433180958675391,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5336 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9a016ab58,0x7ff9a016ab68,0x7ff9a016ab78
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:2
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2232 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4128 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4420 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4892 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4360 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4604 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3536 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5176 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5360 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5368 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5672 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5852 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6016 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6188 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6208 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6512 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6720 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6900 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7052 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7200 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6712 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7364 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7152 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7088 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7364 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7344 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7900 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8040 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8020 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8284 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8432 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8180 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8804 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8888 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9900 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:6500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9408 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9940 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:6700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9932 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9228 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:6832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9212 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:6896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10028 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:6996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9696 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10200 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10184 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:6248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10664 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10808 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:6396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11012 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11160 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:7216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11384 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:7348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11368 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:7356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11656 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:7476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11828 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:7576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9024 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:7692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11812 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:7784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=12192 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:7792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10004 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:7920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=6948 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:8004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=11324 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:8012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=12616 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:8148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=13012 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=13216 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:8204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=13328 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:8236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=12204 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:1
  2⤵
  PID:8628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11036 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:8712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9016 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:7488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7116 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:8
  2⤵
  PID:7356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=12432 --field-trial-handle=1988,i,4936262160693730081,16167176405029155180,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8440

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5768

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x308
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8492

C:\Users\Admin\Downloads\raldi-2.0.help-me-god\raldi build folder\Raldi's Crackhouse.exe
"C:\Users\Admin\Downloads\raldi-2.0.help-me-god\raldi build folder\Raldi's Crackhouse.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3344
- C:\Users\Admin\Downloads\raldi-2.0.help-me-god\raldi build folder\UnityCrashHandler64.exe
  "C:\Users\Admin\Downloads\raldi-2.0.help-me-god\raldi build folder\UnityCrashHandler64.exe" --attach 3344 1515231711232
  2⤵
  PID:8212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a5e725450df809b370789c584f1ff9bb

SHA1
06fb7ee7e0f661aaf0ba98e4afa2df5c6e48f169

SHA256
40431513931bf2c566003a89d543ee3715744c0bfbf62306bcb0d3ebba824537

SHA512
8a3ecc829e91b71dd740e08d9548401ad7d7ab70aec66aae4a2f0e1e818f19f85f85316c94f56cb6aa010ed6a1a8ab9c712de62c35f8ede591723e7e5b2483f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
93e96b9328f37c05b2a827ad817b9b8d

SHA1
0a97ab7bd3681784450a4acdcd53b8ae93285457

SHA256
66e03f40e6a4dcb933f86b882ce9b8081dde9b29c0154949ff9da4fe93b78295

SHA512
401d9d29a7cc61aee0d6d60df0f7fe8f5a83782e2f48dae9aeaacfc55b4670d74ea789d395a5631df818baf797e34ae719c7432ff42ad6c7cc44439ee45ad1df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0ca4ab8a08e191ecee50eaa3815c03c0

SHA1
898238536ba5db9e1c2f94101a18bdb7b43ec28c

SHA256
88f5360ba512a3dc758e85ff35677cfffbadab886209ebe94414025ca9a1c9e8

SHA512
8210d4ade2632d7882acce9f34c8b3b4313cb7466c0aab6199ca00890e5b734e71a5d943d0405c711938b5092322de5b15370b543acf4607dc2b8aa5017121db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_362630d6ec7569932dab7dca5095a35b.safeframe.googlesyndication.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_362630d6ec7569932dab7dca5095a35b.safeframe.googlesyndication.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
eb31ff971cc8677819a603f4438b96da

SHA1
08a6284eb9e493e9a363735db2ee6b68fe03ab32

SHA256
5919a70bb2244500c4356b2d2841719effd5149ac698660c613722790e056475

SHA512
fd2a0b052854c7fcbf2cd67b718f8bcb351666285c870b06d65c4e730f5c1997437d91e084ca0a63d40ae6eadb93bb964ea228e79bd917ebcc4dbb894259850a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
25KB

MD5
ce8ab6998ccb9982fb379dd4635e2c80

SHA1
740f1cb631792765827f331ae36a573c9a0ff069

SHA256
e16bd70a5a9a4093d0c71931d0eb20d494c113818de85f66d670b1b83c7d3bea

SHA512
02396e95ae07951c93bf3762e61636aeb1355adb63e2a126c7afd24ae01de1f25de852a49657a1b4ea97f7954dd8d42aaad1ce8320f8599f4dd443841a6e3d64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
26KB

MD5
1268e9c6ba848496bfc9ce0019ebf8b2

SHA1
e9710555ac0be7146411024794661c5e41208f3e

SHA256
6a0eee23757e62b5f8c4a8ea0161a9eecafff09ffd9e53a5097550dd504480f2

SHA512
3876d6d09112725005910b9f3719bfebb9993dab0ca79752b1be932209962b687e56211802f4429988182d8edd62c5d1f3919b7e5a1ea91a5c683d78117f3904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
25KB

MD5
d39d09138fcb0929499cc4a773757814

SHA1
44fed85081b161db9d0e500ea6c15648f045816f

SHA256
bb2e3cfecb6e727b07b317f6bd37775f1e691c1de925f4a178c0543a9e17b89a

SHA512
c445fdae6d9b050300e7eff062b1fc2d571a32d1a4b4ce9b68b574a93cddd62e8dee549736656d81faad1c926c11634d1665782a16f029aec1e8dbffd04dad78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
362d878b1965b07c8fc22aacd37d3214

SHA1
16f1bb5a1df1a1e5e1b49648545a2adfd990a6bd

SHA256
09af1e3c041ae0a951a3169e8e36f4a5d71d91fb588772158dc29565b410a072

SHA512
b91456d000dbed9e0a149c74ccb252d7676fdcd98d4d6cd3e6350afc3fb3b9ab55ad5579722be240322aa976d6c4827f6cbd9ba3f65e56313da3d5bc712d13ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7611609e486dcab03a31cd87326938dc

SHA1
713935068b12509972f6e4c17a446a3b5520796e

SHA256
e67f5dd17b1863b150489f1d0e8419a006c91019d4635a5f633b16726b46ab58

SHA512
8447e2a6ee67b2ef367babff84436d43809939576e5e136e7173b934fe48c9d34ca68225cebf4c64a11788db1c5a21340ace1708cced97db876aa95c43c29d7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
35e2dc41593cce5282cd4f51ac5d9f15

SHA1
a6ed68742175a91585dd2712a6d5e7097fa2be9a

SHA256
60c7bc9d8675d2b6bbfe2f0a2cd48cfa768d6db1fdb92b4ed459bc85a2d0ccf6

SHA512
3db8644cc3a8393a3aaea2fb2eaa8da33a298821fddbac21c8a964c2331c16b9201824c3d52c7cf3fc029968825ac479e43e9213c779eb1138036e5aa95d72d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b049c32394233d01797ccf5430e82fb7

SHA1
dd3cc64d9fb2ee2f2d1edac158816b65defa7fbb

SHA256
baee9d1adc015a91c12aedbeae6f29f61c26d4471b6f82ef40b6bf2c5793ada4

SHA512
2788702f06ee6cdab3acb0e5f454d0607fc5e40893189b14bb14d5acb31f95bca4a54240547f34e9f159430c36cc569901d87939d875b45865c3e286856b8935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
e5de7eaba9ec2caac6309f1715efd22c

SHA1
139fcc0a060fbe5fc860df1e2c7d714ea1a578c1

SHA256
32ec76f0d7c3899fa9999e73392320c1f7f460633350162be01eea6432fac257

SHA512
fac0cdd9b5e14c41649c04599c3ac4ae6f3a5717d2dad262f4ffe5d2afe7aebb3003a957151eb4ee444c99ae1c66b2a5c237408bc6aa12f3f53c7c2b987e7ad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6a7983303507518b47a77197027813d7

SHA1
26c4eaf2b8e54ad1b150d297ee7ca16f31e665ab

SHA256
a5a8f7270db2e7d374242130bf1fad424dee623169dabeda9ff7b55ab7b0ce86

SHA512
9c5501c6029fc9421d6106158fc1a23e0e5d2ead2d135bd9fb971e598e22261911c0b446f2b87ecb10e54443f40fd84de748458f116292756f78c2343d664c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9823cc95a0bda2d1025450307f5ec5be

SHA1
ab78757ec18284c2bc64ce6cf657959ac0ee7b78

SHA256
1ccc8085a9dad0a61edfecc48feb0f4cdc3280073fed6bcb1c2356306ea3a022

SHA512
136e39bacb4c50dc684db319055b1a31ebc5349934246c6ec232cb66bc585bde1a473b4b2085b33583dc72608e2b054b578d740e49903237d426a0d3ae2c5ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
a9fc2082a750067054ed21356c52cb3c

SHA1
ebace8e5d45dcc8092fd01bc332f4e2ed812a8ee

SHA256
cdf65ab5d0c20c5c088e063deb14b1e532079f82294e5e9982957014f5c9c975

SHA512
ae42804fbc92e9ace06357a7168110a791cf8c6aa9c47058a2abe443c7a84de8d6941bd8960008f444d58f7b44d6f0a9da108066dfe471c828237916ed14c784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7a4cf9ec5ff60938e9b90ca01c90dcf5

SHA1
4bf3aff8f7575ec72c1e462bcbd5b84ca2f97df8

SHA256
abcd61241ec790720d6ac752fd9c06a5ce61ad926ead4a37d57ab9f5b401bac0

SHA512
dfd595c76a73059342ca3b9ba03fa6ce42bdb8b79e725522b05ff09af7661efa54997c079ca56f1d32f948dc2a1120e2806e3fece41348221417f6b6ca46c555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b243be198066d4333aaf919cbed25e85

SHA1
1612168a6a28a608d461214e1bb8daf467f911f1

SHA256
49bbc9543f7275c6f9f32ae81e0e7a1cb8ad910472bf17a49f06e3fd2639eff8

SHA512
f2b27ad1e6bf52fd37cccb1b924c236a1c74622a31946e83ee5dca0c00ec6c61c20ca748978a7ef6cd3d2349dc35469193f9701d5b2666ff4218f23d668061db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3dfe9562fd1756431930f85e989698f4

SHA1
ceae232b2f390ce2e1b330f5a4de67914637e617

SHA256
e234fa20066575a43371ed137cf62eafa2532551c048368376e2395293041950

SHA512
c84ebfdbbb8de918e9a7f62410d874f338899e4fe736836b12d4f11fc27c2d184cda77dba3b1c0b207159ef4c84c51f56eadff5eb974a4da09736efdc624fc96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d792ee414771dff2323982e6ac06f804

SHA1
6d6c31951ee498189b88137310ab0b3aea0b2ba4

SHA256
a188a0243f2090d194be7b89ceb0c9e909ab0e8ec83e9ef2ec3b8b3f74173352

SHA512
5a4e6eddd1daa0095e330190fee1e7e68832496cbe613ae5b9a1ff310f4f66f79218508815293549dee6948bf36e633b20945990f1ef39ec96dbeff7c63f4189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2d4d54c73340eb4bfbe58e20d4b70164

SHA1
436c73a4c883ab505ba299431d33a6a2093fdaf6

SHA256
723af44bb8eee540d51413578e914c1f6b25147cc534dacbf3a0193f955d53a3

SHA512
45a63035fe52089f0a8657097473f85d55b476b4343760528f217aaa4627d99efad32ecdfea8f2d81ccaddcca56ff65b2ec8496d0ae19b3511d4a2190964a4a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e8e8d3192105dec83a024a617d60e213

SHA1
c801c670f0eaaac3ab40f2afad0bdf53028e4339

SHA256
763c122542894367679416b29a83a4b2915179724ab1143069c0bd1d0b5e08c0

SHA512
78ca28048b7a1ccb814a984c2d7947ee8173401f864256d20a72f17bf95a436e471d314f17fd9ae8cfbea0280845f5e0b6e1f14084a166c4102e2e6a7c6efd33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
b535cf33ba6a52c2cc9cad46f4ac49d6

SHA1
3c25e3514d5f2798688a424e08e2359a7fcdfd88

SHA256
12a39fae844cfea43afe95b6c27e2471d75f7f183f433ab49c38901e69c53a54

SHA512
5f58201a5465a17d4a708eaa4548c3d96efc8816e698a0bf2107c173366bb7845d3dc0657dc4de34e37f70d06b0c8f94336dfe6eb197c4ecf6416534b7e7d008

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
a438ee049c9abe6c3afbbd32f5b5cad1

SHA1
5f106778c783b61032911f134812a04db2b5d371

SHA256
d08db71fcd1dfbdcfaddee69849e70318b99e81479f296a80c1db2d5cac23707

SHA512
7069d170cb6e12483918381fc9e00cfbb4982ede446af8eb62e261a20a52759b63a6491b1cc93278b7f2eab49792f1b10c1a8f86c81807c7a8bdb189b5dbf756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
8d15a5ba350c25f9399b8bb96c8fa67f

SHA1
1beb237c0c7b9458e4ddfce2ca7cf2f168c033df

SHA256
23dd0548483a7fadf8f22443adf7ada3cb6bc818ba6acc86624dd838669a755b

SHA512
a042d03df94523dbef11417cf632a195842369a7387fd9aae100b4839d2a363dee1b29487e85cd13cff5663d18fe2a2de54c3854f0e10ee2bd868e790efcdc0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
a7633be14562bd2f98a16281e0bc5c15

SHA1
0129989d54bc7d3a018162bda63829dc769bbdcb

SHA256
cf6857da4fc607af072a42d841536286ed435374a53030668969e5218bf5e827

SHA512
64c7168a3dc985ace5dd8a3333922e95e59c3cabcfcd98106d02fee5e178b3d2d46ba3fe21598997174c66392cb398fd64846462ce3b7b8e0bdc2aaafae0f3f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
46e314ce0df7ba30733b715d09947759

SHA1
f7e30e64e05b78b92e795d299f92bbf0ee5ec31f

SHA256
a60fb6829bd15142528551999044f6798fbea55eaa5e1c365f5189590cd5868c

SHA512
7dcff3add6ddf38415f65e921cba18c8dfb894965807a25e74274ae0d80c956799213225de1eb319157c87aa3715e80721d06a19f282b4a028bea70e3e36d499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
8f83399ba65d2c39f5c45ebcad4cb0be

SHA1
36eeb9dbbb67102a041cc7d9cc0efcb44b90b70f

SHA256
907ae8177f08d42ab6dd90a0727511470dab93f8f375581ae56db465e188948f

SHA512
0da22c3004e3daf06c746e42d9ce778faebcdf548e6df24b9bf724c07e9c38fc58a5e2e94d166e67b6247ad800c2d813f4dbd377acd106765fe3553de2e3ca24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
2e7ca325ed58d18de18a84aa3f8d8519

SHA1
b1dbe3abe8ded5d7641c1b318e1f71a58e8a416d

SHA256
8b8bf28ba3f54426f4fde586cd74911eb0f341d7d0389f29e9269bdef52f587f

SHA512
caa5ae4e26ac358723423f1808ba9a26f6d94e870b4400888ea7d79ba3c764a40b69a49ec69579e275abbc1cd67f6c0629797ff0d9883cb01e4ed2e09f254c7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
3fa6e281a3d5e8ecec1d45b8d6787c9d

SHA1
a7ea12cacfd00ea57cac0f2de66e7cb80de31957

SHA256
ae6faa115d340f8f539e8f4e8fdba7889963731c16497046c2220b11bf24eaeb

SHA512
14d237625b1363fb554a63c0254b7fef292fb41c449612abca1e59bcd77a1b971c7bcbedf00c8ec43a946a3325fc1f237731a4f24710b0945359ce9773549ce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
347KB

MD5
dcb6ad2e8b59c1fb97839bf0e31a1a93

SHA1
49bfba0086b3b22006a2a5355c4be801e79413ff

SHA256
0718f0dba1682f39e8b13eca73472ea9816cd801f540781a015439bb16d20223

SHA512
cae8e2c326295d365273680828d56e96cf016e4ce9b77e358da3bc171c65abfa6b0a1cb3abd1c67e834fe2d774a8a113847e77484dd9cbcc53f80fc0acea33d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
cab99a7640d1a0a51a5c8dfb2cc9ed17

SHA1
54bc88f9725c2fb0795d1b00096d99ac4dbaeff1

SHA256
e539426c55a0e284cef23bca819a66a6297398a8187294fd6b1bf7bba23b1b1a

SHA512
3b2f78228e8d48547fbe0b62f5bf6980bc170aeaf84d3560533e0bf47a29407574ce08518f7dabd913da51d24f873fb339a9a93e2ec51faf20114879bdbf8b16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
ccb4bea386c17c582be081f2edee2725

SHA1
c394596b23dace45b7090b4c93b01d24da47e0d5

SHA256
9a1507ea139bd24dd18ec4467daa970358904b6ede8663edaa6b030e56efeb87

SHA512
9c57ae42c13e314d402b7c19c557b361b497d7196be7f1fb49f05ceb01cd4770cdba1b1f72cacc52098ff6a3dee66e12d949cbf029430bdfa7f0be9f3986ea8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
96d692b439fe3aca29a67d88d3c9d3b3

SHA1
00880ce980101f15769c71772495136225da4c89

SHA256
5a9df575a6a6c6b63f823df2dd8eed911e36b0eb0d41cec5d52a937b648be21c

SHA512
f60b85caccf834bb9fc248ebac0bd0b416c1b9f23f0fc524d25b782d0caaceb885f0055d3a2f5116bf204278b6dd644fedaceeae386a902502ad92e150e436ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a5e3e.TMP

Filesize
88KB

MD5
c3b2cc2e2bd8470b8ed70bfb62d2e0d6

SHA1
02a664b1f399e7775d513bbc05eb4e0a9fc4766d

SHA256
da5b61fd84fc1e70124b2f8ac098b7f9bef360b76f4cd94894db170c68fe1694

SHA512
6bfa34fa7996743445c0bd09073e0073aa59853307100aac70470047bebf5d13eac4e30ecf8a2ebf66d1eda1adfcd3040454775a222dd1c307c22b9845a65652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
382B

MD5
099670403931fbc9d40aae7e77c2e61d

SHA1
ef8342c1e092acc7cf5e05f0651226f639001ee4

SHA256
28acee709615aab16a5ac3ac22012d7f69822389b4fd0395bc8e0be3a34974fa

SHA512
53ca61c4fe3dee869ddf05c1a11d2c96015cafe8e7562a417a5067e505f48651d9011c04a1a30eeaebae2e8cc1d1ce7e0ef2fb8097be410d6151abf51a0e5b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2151d896eec4cf28d51eb5c43b303510

SHA1
3adb25fa72fdf461f6fafef85c1c1632006affe0

SHA256
ec04eb1288454fc42891e6d1fa4f0f2b4ba1ab4fa12bab5ba55041f44ff05cc4

SHA512
c5ef34e12d32c17a391cb024d63afb226ba853ba2d6d25b3b87e2d1e14859cd0cc5da4a46748fca006472db7df58d92692aea0844c272578ffd7bda4daad7520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97187fa952fac72438307055f4e7fab6

SHA1
6fa7a15e1db32f0b696cd16d6d64ce865c9f3569

SHA256
3ceeed4898023c6ee673d16b20460ffa166da2b4247b9355ef64bbad6267eae1

SHA512
7667d01135a7db9332f072b375846ce727bd8f17a6cb6a119c8e91c26d387f28aa2ea23a5a1d5f73b25073e7dd9406492f76ed15c54a9fd5f6aeb4985e31d51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02ce2c2db9770af1900f03595131b770

SHA1
bcf569daa4c49ff1171a81cc31bd22f30b264443

SHA256
e5c6f603047dd498f47c910abcf825820379b98cdff1edd58a4f15a1cb5eb6b4

SHA512
7b0d54824a927fe64211c06855f3c797076e8f8ae9270faeef85c08d58806a92ef48b9fa98146150e8a9c2093e07a2541c61134b7bf3c6fbf1767d2b6a9c72f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d302bc595eb868848c1ae3ce321ec31e

SHA1
e6baa58a73b312e974a51175c3a8cd3f061f60f7

SHA256
d5492b73ccbdbe9659704041595b0b12f90cf2c89a38dc200044308631a0ab63

SHA512
d4575971d6ab82788522124fa7b402ee9599768ad84da8201347fa9f01ec449dd79d2c713dc11864a3b99f3d46cb6270a223c726f4417ac80d51413bb7feb23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed9d688c1e60f9777a1d84f8ad7a9cac

SHA1
7a55012943b4a743525c6463a0dd395183d39d33

SHA256
3f6c65283c57e9e470b28a5e09049e1b5c5797db9d0df865b4c02cce97e920f7

SHA512
2c69838a9204e1303be15b2e4bf5cd3381515cbffd2cf0c086f023e8297d481c01c23f43715fb17c5977bdeb6b81a61f6de63f5b5fa2ae78f64eb03c11d86f73

Download Submit
C:\Users\Admin\AppData\Roaming\RaldiSaves\0.raldi

Filesize
1KB

MD5
1326b58880f3214d5a2fd700f18a8e41

SHA1
a6c97609c5138b9a4dd1be6540d9a04222f182be

SHA256
b5e5d098c8a7fcf7d43dc01d61ea3d733b2b812cd0880ff007df53ce5f68ea0e

SHA512
7f6e769cb8e362fd96a43d934efb424d8e13d7e79e4ad06665071d0bc8e8dab258a4c932ff42aa35c945fab6d7950ff302b448d676a35d1fbe821f741d4e2a8b

Download Submit
memory/3344-1237-0x00000000685C0000-0x00000000686D0000-memory.dmp

Filesize
1.1MB

Download
memory/3344-1236-0x0000000065C40000-0x0000000065C65000-memory.dmp

Filesize
148KB

Download
memory/3344-1238-0x0000000061CC0000-0x0000000061CFA000-memory.dmp

Filesize
232KB

Download