hxxps://movieuniverse[.]li

Analysis

max time kernel
126s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
10/05/2024, 12:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://movieuniverse.li

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133598183439421329"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe
700	chrome.exe
700	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe
Token: SeShutdownPrivilege	1352	chrome.exe
Token: SeCreatePagefilePrivilege	1352	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe
1352	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 1796	1352	chrome.exe	78
PID 1352 wrote to memory of 1796	1352	chrome.exe	78
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 3204	1352	chrome.exe	79
PID 1352 wrote to memory of 1216	1352	chrome.exe	80
PID 1352 wrote to memory of 1216	1352	chrome.exe	80
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81
PID 1352 wrote to memory of 1320	1352	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://movieuniverse.li
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeec42ab58,0x7ffeec42ab68,0x7ffeec42ab78
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:2
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2144 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4204 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4508 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4428 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4600 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4852 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4072 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4056 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5176 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5336 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5484 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5776 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5360 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5416 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4612 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:8
  2⤵
  PID:496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3036 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6220 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3000 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6624 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6764 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1452 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6904 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7016 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7060 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5248 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5204 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5056 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4792 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4996 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5704 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6664 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7444 --field-trial-handle=1780,i,1157416366395423671,10409117207691464658,131072 /prefetch:1
  2⤵
  PID:5004

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:240

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000494 0x0000000000000480
1⤵
PID:2772

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1380

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
PID:4136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7a924cbf0412e1de06b0e38590ecb6a6

SHA1
db32fdf7c23f28a2fd3350dbd94ee25ce78b615c

SHA256
6ae5ffbda60d117944970cb446612309126b1f131f52f904847281ed4fcb8e54

SHA512
7feef2199bf9003eed113aefd0d28f0cd359e26daf9bde23d918a39af0a9815c641c3befb1650b86cd121bf98d3b899c852cf81a89dc1e416ee3f7a423fc86c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cc

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000cf

Filesize
1024KB

MD5
cff8135fad32b2b8ebf76c0d89137194

SHA1
76fcfbd06b2649f5b7d6acaeae9894b163db6304

SHA256
7146d00f0ba23043a6da856326c710cc340e14c76f17fe5e36c3d3da5b92d315

SHA512
c0ed6d842e4bb7e19e04ec1be54e109822ca9e73a5e78c847b340cad0a182278966685c67161ecf82b3fdb79350085630694d2a6a07889c4e55a597b86a9f9b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\814184927ce65ec8_0

Filesize
271B

MD5
67672b25b6da5cc658e6f850267a42f2

SHA1
dfd4f13e52eb1cf4fa6e0bc145a88969e6507a53

SHA256
c755111c53d79f1fb7e6f8e7d36c510c2a3dd3861262d224099e4a4907a27fc2

SHA512
0a74bd1326cd64725548f21e84447ad23b8c01c5419a6727e5dde7f82cc0a37a4dec44755f4d82a0e17625fdbb31f24359f70af5db53542ca151ebfd8e1c23ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9dd676991c9c9641_0

Filesize
279KB

MD5
1033f7149d8ac5ba55d3d2ea69878e94

SHA1
fe735281f45ff782d0e3bb238d7aaa55d67207e4

SHA256
c15e7a76c278ca057f1abe80b4288bac24a87274613af7dc3b6790e6a919e3fb

SHA512
efe10c32bc2b1fad355187038d5e6ed2f8a844b77338819f1b1b45aec4a41db1ca441ae97654ec3a062a9564899e1c22c0334a31f88b0fc50bd29131dd815c2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
26d65259cc97d68f348cc5f11235edc7

SHA1
cd71227fd222bb90b3f7031bb9ac75bd4debfb6e

SHA256
15baafdb5d901c6b41276fd64ef903d832cd4d91c41a8a036b4e45b23fb28769

SHA512
0e1013f0bafaa34670b3db85744efbd849890652c2bfc208dd19fc56d30f90a469fab13c4485b0d220afacb3bf63b9547d277cc89f59018e93e4d4b8b0515c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2f1595ced99472c6e14ca2747baac61c

SHA1
b9f7cbd302880371824784235eee13dfeaf03148

SHA256
2b910c65b680378df5c968131723731eeec3f2b17a367fcfe9ac948dd46c4400

SHA512
bfefbc82017945db7f605dc4f1554a4a38b29e3bc08881aa9ff79c0eec667a9979868967727a0acf97f301f94d459cf1b8e82ee645d5c6d23fb0655b9d802f94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
fc73bf6f73a8996edd6121e9c4524d4e

SHA1
83d79334e7f97e637f71013d3b3733b1d4a4df9e

SHA256
b5558385d67afe5a3e82678ff0262ac4ede3684663ed0d958cb68f6cc8258335

SHA512
04afd030c0140a94608a37aa074c4ed5ce124ce4c011dde587858022d0592909b50d3d94dad7ee4db9f90cb0c5e282a462d436fd7e9dd4af6933d72974c374c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
50d4e692a6b4e47f727fd72b48c0052a

SHA1
8a5cd896debb30cb84273f8b6642d10d9b4a551b

SHA256
c0018fc4bbadb27e41059c9f9d946d42f226503c334ad2680e4ae6281e9ed062

SHA512
083b239704a0df6a76ab2efffd247252058ad675ad716f579d028e7be3afe80623e77f076095961f4b943775c8e8cd83eb37d8b43cf48c96a2d846f2db037cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2bc405c82ab91899ea1f9d334966c589

SHA1
aeb72019312b1da8941dc9e75a7397a0799817fd

SHA256
b5d98f8ce9bd88ee174e326bef324e6965a1129885850d395643c26627ea6860

SHA512
0eaef57d35513131af92ed5f247f3f474dcbca095eab3e7c39cf18b7eee6835a9e0de71e96539d08336e191184e0fd5d6e4660b24d8c1776db5c26b7cecab98d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e586c52f277f315bf80c1f876530ec47

SHA1
16fd5e4f5b807c6dcdaf2fffabe2a6ae9433c6e5

SHA256
dbcb575bcd4223cffdbd9ca221d1888aca36b982eed32241e7a4021246299f48

SHA512
f00ea93b3bbab1110e077b007cff23089f1d4a8bf09109af8898bca8774329eb784386e876b343d5f483752dcebda50dfdb90a527d630e5537d2470833d3f3b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
4c7280d4429dac640da825a71faf4946

SHA1
5794574e1cdec30a35a1129e67b2c1b399a7e5cd

SHA256
451fc0f29ee8452c4d47b3286950f81deb223c5cef743dc6efbec1a8ff079b56

SHA512
7c1d0ebd5affeb89559015fe15fdd3522798983772201368cc2ba4b63987768ddb364214080be002edc9cbe8154500b1f721dafe7dd6b4648eb62dd91655aad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2b7c71026308644f6ac9830fe8e6a7e0

SHA1
b6397822917774ff550f045ce1272c9c588ad065

SHA256
032d480ad36f70afbfc23f84321f2a530d18c0b853d12e086e5afae4e58754f2

SHA512
d96322e072bf28c78550aa114ccbf5bbe8a2a8986748d555eb283c11cc03094d700d6211935f95bfb00039940cb263112361a2bb13a9291a9cba9155316663a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
756fcdba2fe6c890e2327988a3245206

SHA1
fbb78efa368ee308b993caa57c24b543770f5592

SHA256
3841e8bd2eb2f78df1a69958fb78ce42249e6ff099475f33888965ae227b61a2

SHA512
26aa7dba5cf91ee0e4adaffc93eb88430c0b89558efadba4e7c09d2c79e100495176c84e67a38997d7b413f06ca130fa9b6ac057bbeedcda4c363ad89dd8cc02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
8775fdcead7409ad165c258769de404b

SHA1
2253987c48561274b0568eee01d25a3e95c01c88

SHA256
c93411b8a6727e11ba4cf4396345d5ddb7fc59ccf4167d885e88ce96406e74fe

SHA512
b3edafa336406ce47bbf45c1d8e3d4c11e520629aa531fdde966020f573ec5c3d99b4df1f674cda312ff9a2356348b204b488bb7602a04aac7a61f6c335e6129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0fd18f32bb76562c94004ae8f209ab54

SHA1
6562007ed4a26258887e9e5ca9e065fdda7282e8

SHA256
ed86ff5e004cee364a53d850228b74b6986ba961c64a2851b8c9c8800be849fe

SHA512
eb094b5bc58962e008c736174e20c79e8296c5ce699b58bc4dfe90a2eda6b1975b563211b67f824f2084b1d9611ef141d0273c495fb79f84226b1affb3b7d2c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
d043d1e28510fa4d9731c4209851b66b

SHA1
6868591ade016f64ae5c2fd82ab60fcb2f6e9012

SHA256
95d2bffd6f16425fb98655351e73b45decd038cb4482d390a3c306056eb60687

SHA512
51d1467f9641c4375ed4414e2bd361e8a3235b2591336816a93a03eb5c731e00593bb6499823b0e51d038b6cbdee732a43041cbe7afb1b8af533e9212406f7b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3fd61eb301ad264e5ea4840f7f666d87

SHA1
da8868b0d81fda988f1cfc0573d31bdb4b135d0e

SHA256
e8e3e69936ad169a3afa3f3f6a1e3772a412a01a349885d3ca175d94b675cbcf

SHA512
ecef2ba493070079969e216e212054ff243f9c74009b56a842d18435341f76beeb8c89d040f43030cec042172922ac8f997c18153fd1a39f872f42daa5c23b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
07ed1c1b6f0668fb90c4b2da77233ae7

SHA1
ae0bdf416296962efbdb710f2dc00d9627bb2c11

SHA256
01448f1e87a4cc212853a771a9a2b99da880189410242032e0ec63ef2c9a2be0

SHA512
c37aaf8169160f92f0f2ca4af4197fc349cc0725a5c82dc72e9e471d5f4dc0f62e93d712c01de602545b40a434a11a34cd067fb1c2fad8e22ef1e43cc684ab05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e309b3774ea079d9b4f5f09c33693315

SHA1
9b6f945262ba0da291dd82845facf0d7af6b67e9

SHA256
8db105f94bd1530138a9b9408e62230c919664d26704b01929b50de5411c7f5f

SHA512
113b6cebb0b340f93af0a24aefa1f3044074002b17e06d4a1c8a480ad3d60d9b23a85263a81d83e11751d5522d4893c3e0cff7e2578f4b3a6a70d9118b2510fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4d39b67e27c42f0e111585fe4dea5b02

SHA1
fd12aedac2d49ae3ebd830f7f47a180dc5253051

SHA256
3d6e022d84d1921807f83adb58d5e6d694c4f4591990ad35d76981bd3df68f6e

SHA512
b5c08f1aa5138ea293f0a0ca7132260280e357ec310ed5187f0a44df96f2c8769461e4466b4088ec4165ff09638ff8d1f5914ac4519714f2f0f33dfb2a2ebc12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f8a3b8f995c672941d359684033ad747

SHA1
d65f03bc7b639fa3008f2a00f9a24a931046409e

SHA256
a3d9783c452e073d9db096d0003b4e5a093e2cd837958191c16dd295a3134440

SHA512
9d86c981ab6923543a6adf339de587c71e4dfc60e647f557d14b7247446b6902de019381272ab17dd025018085dfe4725cd3adddf7f1b4465e9dff347d88e9f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1c300e6c9d9918cb2ee9e675c731d979

SHA1
8a00dadc9caa3063f77092f98d85c42fd2323a87

SHA256
4e75903ae5b4fd113b31e0c497ea2b2f0c2de050ed3acea15ff152d68bbc8988

SHA512
5500a1cfeda1197aa82a205cbb575d79e16b1b5d6599e3622d34668d1dd89a96d26b7132504402cbed6b79f28439998fb96118ee05c11d3af16e2c6b12b57573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
abc0fb955c4e4333d4054268ec08ddb0

SHA1
ebc302c55fd731a8deaf175467301cfa82181479

SHA256
a0f7d9feac3145f0a95a73911d70af2a501f1f8d8b0be5efbf37f1c424ad48de

SHA512
ac8488e3f88e06ea6ede2abf9c944c3eed0ccc04ae9084b3efbe503745a404748882a078be8e4edd168f04e71212531bb24d9bc8bbd1840cd4467e014bbd511d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d460f11697b80dc54f8a53c8fdf5df18

SHA1
5aa47f249bf05a51de327818fa6d7dd38f6450d5

SHA256
aba0688274c91c814d35b3e20f7e92ddf8493a54dea3cc5aee6e2980d965be18

SHA512
c948eadc6dcdf49c3d47cc3063d9d4e4de775e38e2a7a6423b5f0ff2d743e68a319146fd707547fc2499d0548456f1c07076002e666c5f03c6ccfcf8f6467876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
263c926e2d67d6165d5884fd88c7bbfd

SHA1
fafdaffbdcc5eaad5c483e56b224959a149b2b81

SHA256
e000b4bb9f225a3da77d8adca99f899dc8ec028e487162090d755671095bfc5e

SHA512
21405faab6dcba214a3a2bd1aaf935df76d014945e81061cd0a3d7345b381604816348afbd3ae6f4fbe7e6919a76bc3cf613f4b6a07e2bf5e34d255e875b141b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
aa2a5d458e470b0e9f46741e90d588ff

SHA1
fbdda11287a0e8de660c678594a9f83dfab9097f

SHA256
213c76edc9f9ec43efe0c7269991550d987666fb3bb310f490b2717ed6e6b096

SHA512
23ac222e57565cc2319a623319f4ed30966338b029e9b0f1f492227ca9042f7f9d3d7ec8750e4db346399202ad98f5f67698687784b91f6a27b7330e5f670bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
9fde48d306dfc4d6a5f5f150dcee6d9e

SHA1
650d9f29d837ff787dc79ad3e94989b953fa19b5

SHA256
d5b6cc507d3109bfc3e4f24fc52d8f0d04fa327a5d83f7f67a5b67d0d4294615

SHA512
3c26dd182ad4af353a44bef1fa6ad30ec6f2ed59f15024d57589e737b43bcf509ff4fc57843504fd1a98931715ebd65ae4547a99f4ee64e18180015c847d95ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
e6d75e27d02c5fa988a8b89f28d286c2

SHA1
8326ec412c573df1a897e861804bbf820e1d7f4b

SHA256
b9f57885aefebd7ab88280f803189e8d92e14c51f670c7cf336aec70296460ec

SHA512
3c4b457b33b420fa1dfcd697f6587d8d57991771468a032117f4b39f815fcc0a9f8dd3baedd9699113003c8029be57bdc388a4610071db9e94dd539884f66871

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
8f260dda9b7917fd188f8f3f7eb21a84

SHA1
e8825e050579294692951e511d588ba13f7d8ee6

SHA256
766611c8955f1a7a3e2deee58eb707656a871ff9a9f798b8e794031f69d0013f

SHA512
27d4604c636a3efe0b3d9e2f3a33753c028b3b6f91d16f986cfdfb0845af49b590292b93d59ea66c3121d2cca5ac601fc84873da2501b2f0238829fee1d4fb81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
99c7044dc6e43f2c1d1aeb5559f707b2

SHA1
5cebea8f39ae655299c836ebf4e2761ee2d07f65

SHA256
bdf90a847d2d1cacfe8c5dbe05a9cc42b10609d5399c3734c7628153388c9570

SHA512
5a600973eabc51e408e638ffc716d450193b09ae46698c9db8894f1ca082ebbf6e2bd458c45c6518af095aa7e99eb57b7276ab1b90e4c1b0a0f85cb761474efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
0ef405e97afb37969c37a56651f81869

SHA1
1f5b00a1fbfd2dd5d572667d69be15bb60e21eef

SHA256
9805e7a85887153fd68b714459a63c2d52f99779aad9c6770de54b4b73d63f9a

SHA512
9c65239c485baba208ae0fc8c82407635517520a215d1da31a6f1dba7b1867453df8d2d840dc5556914ba32aa137e7fc24e2a38688cd539e63f94928cc219d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
fb8acf86dd2b7d44b5f2548b0e33eeab

SHA1
c827940c2bae0fd03c1606e9baf3e9c7d83d5e53

SHA256
157d8efc250e02677e10c8061baa895dab0a90115c6dd6c103592fbb816cf411

SHA512
45f62fd50f05abc67c9db5aeb754cbcbb8b3a017098efc7fb2daf75ba3c1d46ed2daea8daf438b7956dd1f0c3f5c81f2fd567c51e3bd15d06e9fc64ebb2bebcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ffad.TMP

Filesize
83KB

MD5
1cd636d2a653a3290806c101ae9debc1

SHA1
ff82aba2e890cca46cf24807b04b85caf684b08b

SHA256
fb373723d100720828523b4d8df3914d87a3324b1ed0e41577fc716511ade523

SHA512
637255f2e9847003262e2832f98a2cedd15e178bbb69f47927cd6a15c9a08c8dbf729a61a4a89dc19f3d5e412e189ea8ea5c60a736ccbf12a2544e26cdb876af

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
9a34dce08456acbea93f4900a0d3ba98

SHA1
0fa3d6f2e41d44a530d983e3d094d956f7772b91

SHA256
0615e657425835876fc27c4b52272d020ce1f344f77da556b233d54eb26a6b53

SHA512
a09628b6038103ae71b7b07c83cda0d0ca14711cda8ef8618657a72dadcb04b0e478d4f8fb57ddc564c360ed1a1e4047b1d30304c001371cb22b381d9aa134f2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
a8b41c62a8522fdf828663fb48025c3c

SHA1
45e592817328a3c0dfe8df0d08b6375b59a6d327

SHA256
60dd2cc8435a9c043b149deb36d7fc7a1a6689d4aabf87303a3ff2a3f88934f6

SHA512
e559f0fb56e5a47700f0a6285fe825e4f3d865be3942a8ede6e8b897abbe4c3830989d4a6d5aabbd15faca831ca28134732a12a32149bdfc4814bc86689f551e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
8287b15820891e4fa59b7acc45dcdaff

SHA1
afd18a8da3ad3507378212d8b2f1120ab3883c1f

SHA256
744e9c10a23b603115f9f5f473288eb57b84fb1e7e1ec1b2232c23573743afe2

SHA512
591d143881bca3bce320e57f923ac11ab9b997ffe2f38ecd47ecc5db4cf4a2949e7b10fe1d43668dd409a5bf75dd7b91c3a0bd0d773eb3bcf8d27ccbcf572f62

Download Submit