f918a13dc2c83df5da9e9243a4f39420a40314c39982af4b4d402001e0968e39

Analysis

max time kernel
149s
max time network
148s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
03/05/2024, 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Exela-V2.0-main/Exela.py
Size

140KB
MD5

53d0f2edf910d03bf6a5b2a2806adf02
SHA1

48beb9f2cca54ffc5e19c829bcaf03b167ea7eb4
SHA256

ff0b26b330f3bddc1a9eba6dae2bc4f8609fc85592f8f3c6344f2907a7a57cf9
SHA512

f4cb0a556441097021a53c09105793fc7cca4240b1471a486b665849fd2d498afb007485bec284b02e4a68aec012e6e4b6b31a6e56ac712a925e66d76008b866
SSDEEP

1536:7iYj57SAiFZ49jKyZrwnuHHAz2yv07Q5lnpO0yZdaC12J0vGULqDDC/+0M4ToxK8:B7JWewygludaC2JwNYC/+sl/0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133592486424987165"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
5052	chrome.exe
5052	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1472	firefox.exe
Token: SeDebugPrivilege	1472	firefox.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	2148	chrome.exe
Token: SeCreatePagefilePrivilege	2148	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
2148	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
512	OpenWith.exe
512	OpenWith.exe
512	OpenWith.exe
512	OpenWith.exe
512	OpenWith.exe
512	OpenWith.exe
512	OpenWith.exe
512	OpenWith.exe
512	OpenWith.exe
1472	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 512 wrote to memory of 4956	512	OpenWith.exe	75
PID 512 wrote to memory of 4956	512	OpenWith.exe	75
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 4956 wrote to memory of 1472	4956	firefox.exe	77
PID 1472 wrote to memory of 1188	1472	firefox.exe	78
PID 1472 wrote to memory of 1188	1472	firefox.exe	78
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2616	1472	firefox.exe	79
PID 1472 wrote to memory of 2584	1472	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Exela-V2.0-main\Exela.py
1⤵
- Modifies registry class
PID:3604

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:512
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Exela-V2.0-main\Exela.py"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Exela-V2.0-main\Exela.py
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1472
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.0.370586425\1879161491" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f8e38b1-57d2-41e1-a250-c3c5e8dd3f91} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 1780 272544ea158 gpu
      4⤵
      PID:1188
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.1.1834312830\1592671718" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cde56e7-200c-44d6-b6c8-e0fd988d9f26} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 2156 27249472858 socket
      4⤵
      Checks processor information in registry
      PID:2616
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.2.1462061541\1287170092" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 2940 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {517a6fae-bc02-441e-b819-a045d40e1d16} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 2916 2725445de58 tab
      4⤵
      PID:2584
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.3.1389529683\1904707246" -childID 2 -isForBrowser -prefsHandle 1020 -prefMapHandle 1016 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9109ee8-81ff-4b91-9359-7f687cf494c2} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 3480 27249469c58 tab
      4⤵
      PID:2924
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.4.2021234715\626279417" -childID 3 -isForBrowser -prefsHandle 4604 -prefMapHandle 4600 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a7180b3-406e-4831-9d01-6efad1a09d42} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 4632 27249468458 tab
      4⤵
      PID:2652
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.5.1126537441\559695168" -childID 4 -isForBrowser -prefsHandle 4764 -prefMapHandle 4768 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8523a2a-eddf-43cb-84a8-ad225c63f743} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 4872 2725a78a858 tab
      4⤵
      PID:1544
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1472.6.76406391\1688523189" -childID 5 -isForBrowser -prefsHandle 4828 -prefMapHandle 4832 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c90a5518-e892-44e8-b24b-569fe7d40e60} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" 4808 2725ba9fd58 tab
      4⤵
      PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\Desktop\GroupWait.shtml
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb78069758,0x7ffb78069768,0x7ffb78069778
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1832,i,1302266303620397887,17680507162805196761,131072 /prefetch:2
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1832,i,1302266303620397887,17680507162805196761,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1832,i,1302266303620397887,17680507162805196761,131072 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1832,i,1302266303620397887,17680507162805196761,131072 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1832,i,1302266303620397887,17680507162805196761,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3836 --field-trial-handle=1832,i,1302266303620397887,17680507162805196761,131072 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4188 --field-trial-handle=1832,i,1302266303620397887,17680507162805196761,131072 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4432 --field-trial-handle=1832,i,1302266303620397887,17680507162805196761,131072 /prefetch:8
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1832,i,1302266303620397887,17680507162805196761,131072 /prefetch:8
  2⤵
  PID:1992

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb78069758,0x7ffb78069768,0x7ffb78069778
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1840,i,4737854964533617964,15051433679202433158,131072 /prefetch:2
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1840,i,4737854964533617964,15051433679202433158,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1840,i,4737854964533617964,15051433679202433158,131072 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1840,i,4737854964533617964,15051433679202433158,131072 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1840,i,4737854964533617964,15051433679202433158,131072 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4044 --field-trial-handle=1840,i,4737854964533617964,15051433679202433158,131072 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4736 --field-trial-handle=1840,i,4737854964533617964,15051433679202433158,131072 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1840,i,4737854964533617964,15051433679202433158,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1840,i,4737854964533617964,15051433679202433158,131072 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4824 --field-trial-handle=1840,i,4737854964533617964,15051433679202433158,131072 /prefetch:8
  2⤵
  PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1840,i,4737854964533617964,15051433679202433158,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4616 --field-trial-handle=1840,i,4737854964533617964,15051433679202433158,131072 /prefetch:1
  2⤵
  PID:1228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
675cb66bf44402292c9f513e881cfb31

SHA1
d386b8b985974dbcc333a5b4c4d6b249a7ba649a

SHA256
d34eda46ca4c4455ea9ab8434b3306eabebe0fe1eb4742d10d0d7e3294e31025

SHA512
9891cdfc97ffdb629392f22423daa9026265bf38db0728263a3ce41e2357a25e50577cf81ca79570915dd0fe4e43facdfd97b3165e3fdd80b4d6d3c910aa4c06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d1f604157b0745a40453afb93a6caa42

SHA1
3d5d77429b03674ebb0ba34d925ba1b09310df5e

SHA256
468456974fd86b33647942820dce7284879acfab9e9e6eca008e1fdcf9006fb5

SHA512
0644ce93724a57dedd8aec208e5a038e323a1b9871d5046d58a87c60479626693e6c8f25b7c7f7b60fd35aac133d2e660ecbd8f8d579ad1fc6703ae117a485a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
1a24f1dfffc4e9e5c963cf63d645fa04

SHA1
055b322bb32aea043ee327d1cc1f2ebccd1b8498

SHA256
cc06ca120cff23deacfe4817241de223968c360bb9ea40a0c4085357930917a5

SHA512
9093ab141d85259cf6ad7d2711429e0b1dbb066913cd82980be32b82e37875889bd728cdd51bc237cc80a1c412bcdec727350b2c15dff4dbeabbda604fdb454d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
b68d508d0cde7913e352d9defa79c8d3

SHA1
aef05d0f3262d5377a36f8c47c377bd080e2e9af

SHA256
73d92412dd3d3f424a307a72213b28ac3ba69c6260fcb471cb0ec388129e6230

SHA512
524319e4daf6ebe5726c456eae78edc0e8b84cb3f32a9644bac2351424d965deb5a15455e4bbd35e86037983ddb6eddd2cb1bd675ff6c9204f85b3047719f729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
153f95ffcd3e258e10e7df0f33bb6ce6

SHA1
d16bcb9371b8404956194d85bf7ea4f46b20cd9e

SHA256
5ba09769621395cc72065cd4ab76674556f2fc85d65eb3e978fdf93f0c56a002

SHA512
69fed7ed2d05f827767d792de24ea885d83477d7ec141d8f96352dd3e58fdfdbbc4dd488c852411771166b06696db599dbedf978f43b2e52b204d2b2d56aa586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
e9a56832ab5d8b4885d7a36915ea2ec8

SHA1
a16be7ae6a019ab8a417f4f408ca08f307bc435d

SHA256
80ad9ba3781a3eb9add73bca32b88d2ea68f868da29355ef624ac39e8025335c

SHA512
2f6127af1dff11af7a36315d8d1fce43e13430e3bb804c1a4ac49649118f4696dcb277536c69f3ae244025f5eab57a36865908de9929271b8566652ac2dfaabe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
f7dfa151530c4fe7ee2ce574ffcbe504

SHA1
c87cd7f5b3f55f733b557d0f4b19778788a1ddd3

SHA256
426c2b1f1a993d272cb74e947fdc427ef5db1fe840426d7618da186dec6e56b8

SHA512
fcb79fb4e68c26c27fbdb2b0a0ace2016d111d881d96cc35e2e8c5f385ebc8daf9dcac5d412291fd621efcf9238fdb7f34d986756173bda61d7d86939d047389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
ba6daa2216b3647cc38970d633f222bc

SHA1
11679aadab1eace9d4f8f142e9bd1deadf70b56f

SHA256
7be1ff155c6ab9c188adf3ce3c44c9ecac167f19f8fee3fd28a48e1d51e3c3d9

SHA512
da6e8996644da22d1cfabc0455373e9800d20b2ab373a7f1ea118b00e0ae742800ac84ca5ad719f6646be29505e5e1c67d6135446fb536bbcdb653ee68867ad9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal

Filesize
56KB

MD5
0ec287d962e05e5a3ee8ead75e72f178

SHA1
1f3200e8ff4760b753323deba62eff0e9a0b19cf

SHA256
33ec49ec0f004214e33b8bd606eac922567b2e264d143d16b804e62e5d87a2c1

SHA512
84e48ed71005c6fb341a284894e7d31922f4863d563d2f482e4542b739844169bfd5d0aede96b8e63f0feff930bb71090331c6dc4e517c6d14903ab2a916670b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
8560100966bdd582d2ee707b4cbd4a89

SHA1
5871e9f7704c573b8fcdcbc8e3c26b935b58bd94

SHA256
4c6e9b70fcdeae95f0e533ab58cf683fab6bee038c22763e1c342b377c14c822

SHA512
b8237ff664e237589f141b0c2f0f81c775e2f045d8977453bc6de1b009e1e3a9dd3fc279204d6d6e5f01049c4fb5fd10ca497eb409b9ab4fff71f8dd7e2bb932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
29e5557e9d1ae27aa924df77ad6ef609

SHA1
ec6c8b8b04e0c09e1893860033f3e7a97df04acb

SHA256
8551b5b81985e5641c871463c39c1fe25947082adaaaa5d6276e736f4ef2938c

SHA512
786b3bde50a52178c3ba244becf963c2b065e4c7960821a984eb18026ba0bff12cd3f04ab1dc5242d4e00f29e6bdc035773b669dfcd5fa92955e7883f395817c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
0eb6cd0d00d84a53273f1cf2d12c5d17

SHA1
1867e85e5a6656e2f7210ff71db9a04b4f1f95d9

SHA256
191dabce8541708edb50359e7f15f7f3979880e1bfbc2c12ba06d80265789322

SHA512
e4801cc4a7a4166ff53851a2234d91c7d68782599d0925d886ab6815bd7d419b3cbecb5a45f6db292f1d07e3f4a3878b6da2f7cf1491d7b0fadc294221c8f60c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
88e5d11c46bb6ea7f96fe559169a57dc

SHA1
c5b08807f5c3ae7fe40364281f6ea3197490103a

SHA256
3e515fc03f23b731c15c412de37e1a863ca1623001febb6cbf4b0c7109c9ed9d

SHA512
7c74ae58a23d878a20cc6813db41139812ec9aa9d679bd0179f3380415744e5021222ee40e6e44280f7ea7f2ed782c9f357d18f7b057b09753adc7c85127e3ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
cce210f7ec8a47a7ed5780fc92365940

SHA1
068535e818e8ed7a8b71399636bc49e93ff49c75

SHA256
11081c63128648d3215b541388a16847bd0ca07223e850fb18254f474a048bd5

SHA512
7e6be964e7bc0a94cd8875b19475003dbce08d6889902e114f8771762b98df60cbb82aa910de1e4f45f3fe46ef35455b9503c432f866fcb5626d01a4d8b489e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df9ef8587b2db4f9d2166f104824d9c8

SHA1
906fc194b2624960ca2352f269002c1fb9550341

SHA256
91e5efab5699e1b4813edf2dbe117ebf172b064119e9bc968e4fd7fa98027448

SHA512
d418ad70225c2c3d16a68cc8221840a1d6106c24b005b8b473a3f8fddc0608d1ebfccc1a10dfcbeccf5cd76a83c2331c548a713c7493f7293182010c68cc0971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9fd31310b6278a30bc56a0211d9a5065

SHA1
505e8630b93eb1b0771bc720c4a1349a5afd6720

SHA256
87e6e16d906c26381a407fd5741c9a2e4c57929dde1d626fa0361df376998f97

SHA512
04a3ba9e606da57bdd0bad78938353ca5c4ba9c6089026b3d5de2d6ad32cbf508a4c715bd806bc654ecf5ad1a86903e176e070228bbd2ccc5d2d2c1d1a5d06b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a6f736e6b1b136e81905a5c0bfc480ee

SHA1
00043ad69a05b40126b5596882a13ea317b24512

SHA256
7cf8ad0c3c9bb13188f0e857486ac0f60040df3e50727c84025372441d1f6f9d

SHA512
a7be1428b681d685f88f8636d5614c25b4631ec0d39125ce85d9da1a2bbf93f34a26a6a0a752088e600868d2c3f37d194e4dadfb3a3440b8510d20586ea2bb1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ba0b5031a2b18ba124776f976fb0fc5f

SHA1
2a3be49a3ff63238a7858cf0188a5ad8154f4727

SHA256
47d0e656aa0a96f39eb73b38a99630ce66897702aed0146fb032fbe55415e6fc

SHA512
fe6f69c98120f4f6f9c6ff013fc6f6cc854d73daf0db3a5e2338c6e911ad6e6a6c17332531d581ccebcb69d4388840838174b9c34d6ae4e0ed69a3012cd0e4d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
acf63c3150c0451a248e1f7e49f17936

SHA1
ce253abbbca8c5740869ba4d6a8e25d94ae78241

SHA256
baee5bf690731d41a8fa633cdf9e289d5476716c0a36c1527634720353aa6139

SHA512
512d4ae480c4755425ebc374f426b4ca356878176bf1dd4f093bd78f1c9f70fcd88c8269e1a3ce4e19d91069acf047b4352e256cdc002c26cc75cc50556e9e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
34f0f9dfbab69584142e4d1d6d6cf167

SHA1
e0dd417a54bafd977420c2fcdf4dba54f7c3e778

SHA256
067be119e4872d561c277901355bc3a55c10d65555be4f0dec87ce7bfb611b1b

SHA512
5f1b87dd4114919e05a97bbd2839cb7d8cce84cdcf4b4c6dd33274b62b71e51d757c385b2e79b312dbba28aa9e0cdedbd774b8abe293257f3ea657e5396ba3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
8e113d55b71c6481b901f31c13d97654

SHA1
f737477df9f6f26c12ac9a74234c53778aa6aba0

SHA256
544bca94eabb903249d3edf10b20fc38ea28503e5bc2fa6380682cd365c7e62e

SHA512
18b790f50f4cab11f96302fdd3d643a38500f3e6233e79eb411a60905d619a24440dda0ba16a8b574456117e775715e17cd6a05f83202cc4e6778d040412c713

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13359248639767375

Filesize
2KB

MD5
779257ecf6961ec33614d53ca46621f8

SHA1
99c85127551ab342f6f7e3a39cdbe1eb6fe4e9e8

SHA256
bb84a186f468f7b55399c80d3ee83d01e515424693df9084df717cb83bca538c

SHA512
e8563d167d101f78566c6d93e28de9858d1fafea9ecee8d0b6f308122b35f40d58d896dafdacfe743233123300fc6816a8633d613cf5f67a2bd7151e88b1ee5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13359248644376375

Filesize
881B

MD5
57cd4a787547b062b2174cf26e5395f7

SHA1
ff955b2692a5f8e464200f08c2482be78968a353

SHA256
368282fa36272f7f2cabb160ffb62194b8b823d5e6042334d0d18310655095b7

SHA512
5a6bdb303d78865e0935cc3310157db9d2c74dec5756cfedffee0a49279b8cb06b40e28a5729bc066fb50f123e57c3be631ee256c53254743a6fd5344fe57c7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
c1edb212328efc6c1183150adf224e98

SHA1
4d5de2e491ec0d1b97fb2fff2931be53b308a3a9

SHA256
01ae62675597134ea7b86ad516eec3aba178250926f64c099c4d41aa2febd78f

SHA512
0ec8c4edd575cd520a28b19997072f67684e06a3245244e2325986861cc212703db7e6e269134e272ee0a5df9facb5de7b918ebe9189597c4391e1900df96926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
af3520adb8c7e6f67e7c7da194a32e24

SHA1
16ab88aae466c87481927d8e69706674dfb0e811

SHA256
5aab39176d2e4bd06372565ec4fe5c3eed4714317115790582198681ca9de8b7

SHA512
2a10475088d6732968592c66ff450ad9613513ad0334649c3177e842eecb95d6c4e69cab8fe0cff13bd4bf6a5d474a7d4df7705e00f778396a1ee09e7f7abfa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
f4118d213085103be25b9a662af99074

SHA1
d6fc695e842a61767bfe6d393167a874d3260708

SHA256
ddcafa02c61f42382c3504ce5ffcbb81784dfa6ea17a5001691dc3429b5d23c4

SHA512
b0853098e91022a0e452cf28b9688a9086b77960070189e4e78d39f9b42ef11dbeca51768b0ac79daf9225af09fbe9a9b07223ce6dd39ba5d5534f5589377f57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
ee625ca1dd5447d8eb0381e26e5e9b94

SHA1
3f296ed33e9d598d1ac7bcb0c4794f69ed1cb085

SHA256
a4142b195045d2069b60e674074080c2b5a4884bc69889a1b14e330e09ec7a44

SHA512
e273728241bce93415ddedcb44620a9e9214aec45fdb2cc926185d65b5af211dc89b1b4806862e56ac089d64d88d93461d5ac8694dfefc1c89a7df05e232f107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
909B

MD5
2568806abd43b99773c1195623bde0cd

SHA1
be3c0ccfbadec7023ae8506adabe9689765eb243

SHA256
d9b88f830ba7bdcf01feb6f334da04ce0c619a7b5c025fe41aa19313faa0d999

SHA512
0076416a728f8e15885805cc2cec1457b1836d164fbfe9fc07a4e180c22e7d96314096f307e7c29933de98b94d662d52500a4c58d484bc2751a7ee248d347b2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
739c81846b73aefe1aa46a481b738c9f

SHA1
29e9c3b08fd5567771688753b8d4f19ebf95ec5d

SHA256
691a4706c0b8e00aed0dc1aadd4b793996a657c8a77958b4e39fe4d68e42355c

SHA512
28d31f3be7ba8aaaf5720702dfdbae6ef15b351af591409af640da80819303b817026c02fb43b7abcc6198160cc91578fcef491f97ed2b915ec8f1f9516efd2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
860B

MD5
eeb01e8810f464dfb58d3f992d455595

SHA1
51b6aa353f38d4220f19e2203fc7d41ef95f72a3

SHA256
a2233e8c6bd6df5ad16e6a927b81a95c0af709ac433aaeb18ceff5586506f4a0

SHA512
fc813974a7e2da64f258f021e8ce054877e26fb03c74a2ed6a8c0a027b64130648556d821004bc798e4365b0ec4ece0abe6e9ed225e2526cb210a3ac3479503d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
a2676bad61159bcc44246f4da022ece0

SHA1
1975c690613e163932cba16ff9ea80f42026c410

SHA256
0e92837802ea459245a8f1f8b2f5d5a5a89d1c793a526bf1231dc5b0f3d88e1f

SHA512
3d9de1e5effed29aa9eace70249d97b172485532bb538cc9445a269e44124ceac169b12c0e2fc6c9fa74a152907688104606faa7aa89b5808a4bf3c2e741786d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
ffd9797c9f89884cc39a76fd14634244

SHA1
934499fe9166decefc140b2e881bec3302668cb2

SHA256
6cce24e96ac80326ef87584c162ef8f7efd87c27f0b23cb206004da5c9565e74

SHA512
e2e0c0210eb686414544db1bcdf67be23d8169b95a6bf236d06e7bc7648f1a3287ffc51387b16fdd59c3131d11ff9a323d0c543875db2435cc13d50ccf2dc6b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
110d3e99c2ff5873dd3da6c5a33a2e2e

SHA1
bb597b8d23d814530c4a90544348dd8cd56c2416

SHA256
8d481c1cb998a3bef49f2043ced2f5e208b1c88b8c02610d1d368261dc548018

SHA512
d95e30b4d7ae6b9cc5c063032305788747638e740ca802dbdeee3c8222d829dd2f3048eb7576e0de66a42c68512a11c15baad8d01daa059e28f79c397f2cf4d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
2350261249c710550fe3aae6ba6ed479

SHA1
43d63236dcdb2afd11a675417b5d7a53862a229c

SHA256
7a98b128c4432b29f44a15ca85c27e33f92ef7e6d5e0a6486a90b9f61d3cf73b

SHA512
b55978735942382855af60081c88a7816690f09ec0fdbc5ede3750aa40a7afc738047bb9467711173d5dae0afce888ae1eaf72db7c62758d4ec4077aed7e6270

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
dcf1cce561d3a8b599cfc3109179a564

SHA1
da3bb237d311a144904fa2b3f123af1c22499bbe

SHA256
2dd41bbfef9e1799c4b8b97bf4953bd50206628470f726cebc20c1bfde16f52a

SHA512
27bfec1d3c1473eef7b2030634bb28ae410317a2834d369f3ce5845dec2ae9f125ba7dd16cc5f56fd7079af8313da1e8a551338dbb81c1687d7a371b7e1edf82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
271KB

MD5
6d4aeca5287c52181d9781bc61a8519f

SHA1
97edff079f167d738ad7f458f95e22c4f8f92e38

SHA256
c40d65ebedc2ff3917fe358022d8ad7021ffad9d7eb9b5e77f6ee363add3d2ad

SHA512
1d3bdfefa6b044f9afe28d1c0eac182537ec128491725bc534b680f9210e7d56456c456d4520c2d8532a56080d503afc7b779c22288376ddd9a73cf16af3f98a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
d87a48f6b335cee0ba7eefc98ca59ca1

SHA1
de1ab839219bdffc41c0faf2d79a9cd8a066d65f

SHA256
6411c65c46e6019d997caa7af9d31cffabcff8ba6cd5aea599a6c6723d53323b

SHA512
ba91286801123746eab5bb88a686fdaee9dd34800c8e5fc2448a1c5cdd4486980cdd6a2994ef84cd8e1efd4842ee6a6f0720396305d98a2694974c60c7478ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b3f4fb4f2364d413b83a692db6d80109

SHA1
ea33eb6e483da56bbd657bb0f2b1faebe8a230ea

SHA256
49fa047d45e56ac00953d7da38936757e71894a3c352de84dea3673990618e99

SHA512
61ad2529a3ae64e9acb042cf377ee2ae0711583478bf3ee34caaa195834a1dbe0db2f8ed9dd1da1e2f7d7417b984d5b8ddf273f9ee6b06f1b72c813599ebb5be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\1cf058ad-34fc-4ceb-8b66-a94f495d922a

Filesize
746B

MD5
f11d515492fbba30f4fdb9c34a69e4e7

SHA1
8abbef6d48b26fb30f3f71888cfde49dd6ffed04

SHA256
fd6fd86761aa796a96815a7975ddb3a743235d49a5189155dc6dab6f9b617795

SHA512
ca3b483b96dba5e23d5282294358620ad9d99eb0352e916ed1f1ba91db0990d5a06851d66770991efa7c4a3d76674f2a45fc6b673d473cc8878d93221fff4bf0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a2973acf-a228-449e-87ad-480c99934cc5

Filesize
10KB

MD5
2c24af3ae80dbb62e7592107b944cda8

SHA1
8d0891cd980c1cca4bd92fe3f0592bd44c1eca70

SHA256
29b8454cb35199c76016e3b103c328560b99f41bebb5fc2466f98a02770e684e

SHA512
6bf46f192008d7e37e1fc7877cc3792514de9ac672a67fdc1d7cca4e35df8b0319d60cd304a6f341dd3481b1587623fda56298cf4307558ce7cbf6778e41d78a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
8b5f1bfcb1620ad44788b95eca232cb7

SHA1
8fe1da83262e2425bc33dc40b244ca9638dd2027

SHA256
dc455b5d21e502f71b03bcd36de8f54280b16e09e9de9d1e70bf345c667f7bcb

SHA512
7bca6904034562517363b7145ef8afdd177b2a418bcd5b43c8fbd30cf79cce24155a268f7ed2e03a8a8303aee678fd184f1094d937cd54f22164e4cc9eb1c514

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
e6101fa3ae1c7cf56073f4b923f8dcf7

SHA1
901d394a2425934f244e6b1d07de035c54efbbeb

SHA256
d5599e2590939ca8f538789d6c4bc80d34bdab77f27ff296c5b7d9334134f2b9

SHA512
29f8d6b4d0957ab891954a4e4d44b86d9e3de96dd4027a8370dc0cef12eada0c33832d457348144e0e87713d90a62dc0adaecb5d16a22664f7affaab38714ea5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

Filesize
1019B

MD5
4d756122516b4f8350572ab3d465fbb1

SHA1
8a1ce50e171d6acc9e72addf206e6d3c681d072c

SHA256
8a44801411e2832c1d179d00ef599d6c83caea86fc234466edd8d451547664d4

SHA512
647ae76445df0e07b6ec1ba0aa9d460aeaac829f4d579d931d923e83e0ccdeb43f4e2a2a8f342692fa797f23efcfc63315e795c1c0a9cc61c89dbfe8b8602d6c

Download Submit