14b8658790b6c4edeac2786679065712c11eaa2f1d7cd42977880603bf1aea27

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

link.txt
Size

38B
MD5

f8e90b68097b0010add870ced0f1b6de
SHA1

5bc873b30c0168b2c0d639d5a326aa3cef9f009e
SHA256

14b8658790b6c4edeac2786679065712c11eaa2f1d7cd42977880603bf1aea27
SHA512

b173869b05eb013c38706e6036c2d3d3cdd59f0e4169a6647078389ea5eeeecfdbc6d7589882224ab7d254eb06024ea569cb838ea2cc6566f4e6aaaaf902a900

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601857085670979"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3560	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1064	chrome.exe
1064	chrome.exe
5436	msedge.exe
5436	msedge.exe
1064	chrome.exe
1064	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe
Token: SeShutdownPrivilege	1064	chrome.exe
Token: SeCreatePagefilePrivilege	1064	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe
1064	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 4348	1064	chrome.exe	90
PID 1064 wrote to memory of 4348	1064	chrome.exe	90
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 4716	1064	chrome.exe	91
PID 1064 wrote to memory of 5036	1064	chrome.exe	92
PID 1064 wrote to memory of 5036	1064	chrome.exe	92
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93
PID 1064 wrote to memory of 1272	1064	chrome.exe	93

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\link.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b227ab58,0x7ff8b227ab68,0x7ff8b227ab78
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:2
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4584 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4700 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4068 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5076 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3320 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5164 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3948 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4548 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3136 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4624 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5080 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5052 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=848 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4776 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5168 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5192 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5488 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1676 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5580 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5720 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5784 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2340 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5984 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2524 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5952 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5272 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4872 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 --field-trial-handle=1952,i,11974136813149730813,7897187215626744783,131072 /prefetch:8
  2⤵
  PID:5620

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta339937fhb1b3h4104hbac1h9e9fafebd4c7
1⤵
PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ae1446f8,0x7ff8ae144708,0x7ff8ae144718
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,11422555578219077962,8000098866320627306,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,11422555578219077962,8000098866320627306,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,11422555578219077962,8000098866320627306,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:5444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5708

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

Filesize
206KB

MD5
340105c66dc377bbf0f52643b0dd2062

SHA1
a5fce229b0af727279ea34a72ac9d28c80cc1639

SHA256
a12c561e8dd03f1ef305aee23f9851895633d6ae7e533846be1ed4e862995ea9

SHA512
d861574619cdd52ab0258a7de5be964fd0a41cd3abffc5d9fdb5177712f657f467f49520639c76636bec2a9814d82f0b92cc904b33f21bdaef201f45fa94c212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
100KB

MD5
f134fda98a277b1c8f20ab8fbe2fbd58

SHA1
a922796190a1f5bbb3c410c6ec591502050df04e

SHA256
27bce9e85eaf3567a4695ba2b612e32615394d80d0a3a2dcb07b1fbfdfababc7

SHA512
2b2e8338afb9b0ca9b5fa3d452dfd80368b5d17566120ae6351b6d03572e5a69cedb97f165fbc31ffb3addcc00506a3fc0761cf2404a5d9826a8448a7c4d9f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
3d459f738efb089b2727fe05f995ceee

SHA1
f3ad3a82a146165b4121046b60ac2071e9ea8dff

SHA256
032fa4c310a2cfcf8fc29241d4d3aeac4f61b27d1fd7fe144d7f26068fbca82a

SHA512
e5381a6e3bdca702bfa988d5ddea81197c565db33fcfdc7e35260e054bbf02bd6f3b580d8d716f6e540990b384fc50c1b214793a869989220862520be8cb8409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b8a39234c3f8332b5ba1b158593b9f17

SHA1
e6beb7d44700c3923d4cfd8284a4e04cf6e8c109

SHA256
9983427b88951e0b8497e7a2c702b4c9c6a2291193a16bc37c99f63f616bc274

SHA512
e7694da74faffd6e945ab0ba10783a0927d4bbaa1857aef6cb0a2f6a826334319052109b7223dfed3dfe6ff8bd4bba872d3f3f31fe8d90a917aa343d7d6c8120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2f6515df3f715afc6f5425703777d8a0

SHA1
82e48cf450cecc829e3186ef670472d6b52f67b3

SHA256
395cc8c6ccef6415b60b1abc13d5f3e1876579e9c575585c58d99a5a6ce5792b

SHA512
b080c92c62f16fbc17a0c0084a01b73bfba91aba982e729cc4beca3bdc632fc9ed0e6cf4cc76810f0bb472801f9d7cd25b634276792f9dc59c7fe975babef842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
900eb0850f809c5750e5d07e61d88f73

SHA1
c743b1762155b7ab7daae1f520b211d74234fc0d

SHA256
74cc8c7602103ef23bb573d45c92f614d894a4627ee8dfe26a30067adc250842

SHA512
1fb9372f58cf6c2f3c6d6dd2adc7a2a1ffdcdfd2c19457fba4e8ae1bf0d90985de24d2605d421acc5e4097028b96f80a6b84f0ed8dcb403043b22cc3c10a1bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
727b7a35af39e0a0fb24450674e3cd50

SHA1
2e6db99dc03a10d0449108480bb2416e345edbde

SHA256
2b10f2532b90ec5849b6f92748dc4155667a9b330d38a67b777f716639075e9a

SHA512
7dc5aa74a79b6c26e7cf51e0c113d50247487c1633332602052e98aedfa7d3894f510ae76432b2b81475d64c944d808d3fcace40f78d10874a3ccd1b28c72a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c99ba047c6135a9c1d30dfa423c226fb

SHA1
5c75a91d6d815ca538c859032aa2c18ca0892285

SHA256
241e7639e9d77b9fcabb5705b1b3206b7280de529a0bb720d0bc0de1a649fa2d

SHA512
890a898b8e41e9d6c50a2fe0a1a587a41499c49730c00a99e916754222037856ebeb3678340468b11a92d5035c0eb4cf3c9561e3bafe98a084ac1d7a7908f2d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8547126bcc5ab93466d9b43009d4f65f

SHA1
4a940e0ae6ffb36e30d44c65b07817e84f76e181

SHA256
57b0bb2b94e84281b6d4083833cfad84b598bdac2b6972b5276f3ea85ddf3296

SHA512
ef5732fba520f5d8617251434654080866c72c8939d70f9c711357a975eceecdf1deb69f32196da91c3976ab69ce7647f25296fdbe6aec5f1e1ed19df4e2723e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0e7c2b5d7edf9cfd6db148061c101afd

SHA1
2cbb9838316e2669cc5164931674f26831301d14

SHA256
edcdb67615fb83411cb3602fbe503f4f545c9dd2e5279dd7c0545d722cd44095

SHA512
48730680ed3c689da8102f0356853195193832ac4b5ea146bd26828e5c10e9013eabfe7b82f95b1243d542266d2581b8a08b3c37f5b37d3f61208e59cfbf3920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
be73fd75538646c1cc01338e20f2a688

SHA1
13ea5ad939a486251a89da65ebeb87d64564e885

SHA256
2646231435f0afcde114e728756f8d115339cbf61ba443d999b53aacc0f8cfe3

SHA512
4f1a92e9c01e01aced3e7f7d15fc57bdb9ade8d1e730966769ddba0c00f5c2779fcc939ecda2a8d8f4d3b37727ce9ae3418612ecafe96fe355ac7473da8c26ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1e0ae825bd418282223a6e9721775fd5

SHA1
175bf3079e71f76efa6459e9a6788ed33cd31af1

SHA256
0568f449fcf19e36bdcf25b96b34eac1a6977b373235ab5de79540a0c77c2b2e

SHA512
5f4bd26bc735cb36eaabf485a31579b9e380053cc778e21dc7de8563b757303a29c70204385af5f8a0990b4eea8262271793ff97e8f708610061cdb1b8301123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
02e2e1e6fc2de0ff23b86f6dbe61d950

SHA1
fd74b8576d70d61c62fb7532e2d13244e5504f89

SHA256
3b9dfa35538d1315da253ee9d0eaaeffbc6985ff1e701a672c176a6201a0d27c

SHA512
29a7dd9d107d1700f4304b6c0bbdb1ba4a9ad20c9e63e57c0ccc1188a5e423ea01a714305ec27d880a011b47b6b5c56dfa02aa0f8bff48c4451b406874c988d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9dbd8165f31da12a7c6494e21fa0f2f0

SHA1
ed38243f1214ced6264d5ec1adc77b74966ef260

SHA256
b8ff35940016a39b4ef7d77a0e3fb3936def65e6c93d73735baaeea5e3d47907

SHA512
ba5997d5c55da432371148b511e13ffcded2c652bbd811c7b1db8ed87c9f30796ccd0f5aa5c3f20960586703768ccff1c991140d1cf7383b5a79da8588fca3fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ab60baf862ac89708bb5cf4efd3fd096

SHA1
877bd561ef925006d124eeef59bd2462aaf7a59b

SHA256
06490be9307346ed9684adb7a8d9164e62d16d6483505963b27074e5ff116501

SHA512
50f4718aec3d945374d6a935496cdfd72e25b7e84a686cb1634f353fd42d4769185762e868d9d5824c7b07502a69f7e880ec8c81c72849b6632b8dba1c20697b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
eecff908803b132ddcebc0ab1fbb4ea9

SHA1
6ecbb2acbf80a44f25f606a4507cfa4db2ba5911

SHA256
621d0c78c1c9d74ec5ee5a5b09dae40189afe8d3b38b0a7bb377bc457960ca52

SHA512
9eb82e2489d5651f6876d36ee5e54ca2bd5f1a853ad7b4287e2d013de600321d73c7b789f17cabd70c4f047c162e6415e2aa3a431bca1085a4e5399671443a6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2e6790c9cffe8840078a6a230c14b02f

SHA1
024df3303c17ccefa31452f233a825fe3f055967

SHA256
f3d4c4fab0c5e44285c2779e988429a936dd41e9a085a576ab78a1f38ef6ab3c

SHA512
06f26ca578693716cbeb3e50aa229deadb683c355caeeac29374493e05b98970e8d6e235a6622db3f28d6848ba815a8f853e69d5fc9e247aab74c2158a9c1463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f8862dbcaef1a445e2ac85d8478d595e

SHA1
3dea9a72c129a1683d74bc023069c68cf61bdeec

SHA256
ceaaeae9d0f5061023f0a306046b99ac0163f305c6f5e9b640f6205730f298ff

SHA512
ce839c08947965d6a4106707b80a53f9ada26cd6c2e1340cb03910e2d0db8daf2ea13b148380d3d62600c7df3022231099b582a2df54869cd6aaf8722a2683a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5e7f597ab226aad77c050a616bbe2410

SHA1
f46365df98529b9175e37e93805fd2732ba2f281

SHA256
ace00a38894297066e153b56dea7f1afb21713d71676a83468a9207923f78965

SHA512
cd5892df637470d6d3d2a0f659b499a2d82f29e988eed9926a89aebde6be364ea32fdf6ae46efc47bbdc175603f24f1cbf356e0a0501ed3f51fc9d6d9795d27f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
3bcf6ab2a79ba3272020af84522a6412

SHA1
17e023e74dfcbb07da95ba3ffb066e4abdd4a636

SHA256
3dcf85fce9747a46ee45c5aecffef77308475eebaced3519e719d3524e250312

SHA512
178fe3d0c61037626c8b76e47b14e1bf03bcb9b8d819f1030a6f7de9f32389dfaa4f228a79771069cb834157c96b90e8b7e752074c50cae49ee434a7387028a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
471ba5609c00f0c4cf9abadbfa2ed95c

SHA1
77c958abd7d980709332838105e491e64b72302a

SHA256
257e15e54eb68af830cbadf7c7814b3309c2e17b854d76b7016357053920996d

SHA512
c84b8936da52220fc5005241989c116ad1962811ad76fe386a4426c50d05eb298da9cf8e9fd42adfdcbd226f48eea08a3bf7013914a785c4ba85e00aa5686c8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
6125efcf41256e7752b1d7989eb908ab

SHA1
476bf1bca586f27ecd4b493dfce25a3a4abf48a0

SHA256
5e9d9598951158ed3a5cad51d8d06951845504dc731ad9502d558ac13fccb0e0

SHA512
1baeada228a7ef9f337b12794ac8f82e3c6a6901cf977e8c761272c8315bcb4989252e17130d375aeb354d579f3cd191a54311647e812901628c15805f9b12bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
262edcc7fac2b69af59c2332db2ac064

SHA1
9c590bb654e9fa3724ac5f8983a00342a15b00c1

SHA256
7c29a0ebd424e0a69a9e781d5be6515f7005c82c5baf0f3be1cf16d63b339e88

SHA512
e4b50b60ecf5c24be41327e55d2892faf189db2c01e7905a70d04e4287674d1cf854eccc5399cbea977bbc01dad7e22b8088202a0fe816767062058a042ee89e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
8ccd46761d0761fd7ea38f212775e221

SHA1
f446ca9f8295ac7846554eb94ddfe79433c07dd8

SHA256
a017560e7b8cb71ace174e7877e297e77355b656caa8248b3cef55096ab5a3c6

SHA512
1153aec27f9b2c682252359c1c8c95cb373f3094d2a15ea5eb233ee63e3d24442d893e1826ee67c1d6cd2fbcd8426fc8a104326bd7753525a3cd91f8695c2090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
e55e41dda719f612c326d7745d7b38a6

SHA1
61e3e6e4d7bdf45521f5fe488aa03d2f28be57de

SHA256
71a020a8489820c362401c9a9f12ef0d3e1aa29a5b75053e82dc112633b787d6

SHA512
d1a52a6be6b1260fe92d2710664b9137e09f555c9c1c9255daa4eb5e0427b9eb147a821f8b17426e08dc38f5c01107796830acb620186a5879ab0ca58d7fde94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
596423accab9e27fd5d81913c15e5943

SHA1
0a419fc985bf54e9b4ec7070066f72ded1b588f0

SHA256
4bd43a99efd4516ed3ce413ec0555d970742cddecff5772bf54a8af11a645c6d

SHA512
e45dde10aaeb9ecb455bc5ef9c2b75f4f9774ec91d085ca8c0a1bdafbbfefe6ddb4d269733223a3e29130e1aae6e6d976889baff1ee6b6c436c49fb8c0035c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
adacbd54dab6f6eb9f008965d711f843

SHA1
612ca1d4258f6ad80d0cb8adc8f479fe7afdfc21

SHA256
02a3ea791922488aebb1c1942789ceeab04e2ff7848b9237ddfa6550dc3a6ff4

SHA512
b455c7dec6007b2f2e0b44ed730640acbe3796c263687e8eec0e62c5e2028544b46729da7bee7082fb724bc3302cea164ea77c43079f82ec4b4b95ae14191cd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
50c71e1fc95918e75ffde1e1e1ac94a9

SHA1
b3a957d09ec74a14ee2701ec9a69f3297da81c70

SHA256
77067589639b645f384a5988abf896b9205b6ceef69434eb71d5bd8e30d9be1d

SHA512
9bcc8160ff0a1fa5ee4dfdc2b845f9bd15485ac1303f7e44e71b807a167a3aea78e4949461244864e03d0a1542d70c4828d013b691627c08f85e9ade7b9ee92c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58120c.TMP

Filesize
87KB

MD5
7e75050e47c000c8d424cf0d9833cb26

SHA1
dac2c201be0973358a714527aa39f82e59e0afe4

SHA256
8e87caed6ea9e41b663a584f5333c9cd6a23995b712b6453eb1db75c7c230613

SHA512
2ff60f88fef867a3a6b794b15272930dc30b87af6b53ba4a9215e5b0ee9417839b77c87efb88e4622523ca8bfc7c57b0f6f62d7e43c908aaa6c374faac01f3ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b939718435832695a1028acd1c000d4

SHA1
43d166c9a3c5a9c3ffb7378ca1b9f39097581d33

SHA256
2be3cc7ea847ce585e077d879e66637568f3818c8570047c56b324e1ea69e812

SHA512
7e4751c4db2b058db6a82c3d158ffbbe4fd928b9b4216584d6bd55f4d0c2d2a900701642c304fe2ffe03519af7317c71ae3314d43be809e055525afe853b58ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
54c36027263d496aa080ff2f714b7e9c

SHA1
5a230e5f68082aebd5cef27183ea395aba79d752

SHA256
83cb49a8d51e9f3aac2d90743e5eebb335a4a1147eca378133e800a7b4d01fa4

SHA512
ce70f1ac59b66c6719188a5ff9e9743a94b4786ecbde1c247814b20c1e45186ba46d451d81ef92591812286e813f6e7629baeb773efc01c499b6528d0b9ac4b0

Download Submit