12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9

Analysis

max time kernel
924s
max time network
1583s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20-05-2024 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7z2405-x64.exe
Size

1.5MB
MD5

c73433dd532d445d099385865f62148b
SHA1

4723c45f297cc8075eac69d2ef94e7e131d3a734
SHA256

12ef1c8127ec3465520e4cfd23605b708d81a5a2cf37ba124f018e5c094de0d9
SHA512

1211c8b67652664d6f66e248856b95ca557d4fdb4ea90d30df68208055d4c94fea0d158e7e6a965eae5915312dee33f62db882bb173faec5332a17bd2fb59447
SSDEEP

49152:ZEVAbJqaITViU3qLkr7toP9KT+uv6WC+5uxe1o58:ZEVcqeUaki9oBqt+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133606584019707372"	chrome.exe

Modifies registry class 57 IoCs

Processes:

notepad.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000ac7c83e48986da0145751ee58986da011db119e58986da0114000000	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	notepad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	notepad.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

308 chrome.exe
308 chrome.exe
3592 chrome.exe
3592 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

notepad.exe

pid process

760 notepad.exe

pid	process
760	notepad.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exe

pid	process
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe
Token: SeShutdownPrivilege	308	chrome.exe
Token: SeCreatePagefilePrivilege	308	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	process
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe
308	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

notepad.exe

pid process

760 notepad.exe
760 notepad.exe
760 notepad.exe

pid	process
760	notepad.exe
760	notepad.exe
760	notepad.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 308 wrote to memory of 2384	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2384	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 1600	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 4848	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 4848	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe
PID 308 wrote to memory of 2120	308	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\7z2405-x64.exe
"C:\Users\Admin\AppData\Local\Temp\7z2405-x64.exe"
1⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc87b29758,0x7ffc87b29768,0x7ffc87b29778
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:2
2⤵
PID:1600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:8
2⤵
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1948 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:8
2⤵
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:1
2⤵
PID:1724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:1
2⤵
PID:4232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:1
2⤵
PID:3964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:8
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4760 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:8
2⤵
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:8
2⤵
PID:1256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:8
2⤵
PID:3216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:8
2⤵
PID:1752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5280 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:1
2⤵
PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:8
2⤵
PID:208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5140 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:1
2⤵
PID:1932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4952 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:8
2⤵
PID:360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:8
2⤵
PID:4272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3684 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:1
2⤵
PID:3960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5216 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:1
2⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5544 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:8
2⤵
PID:1640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5700 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:8
2⤵
PID:3592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3092 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:1
2⤵
PID:5088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5712 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:1
2⤵
PID:4404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3024 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:8
2⤵
PID:316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5164 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:1
2⤵
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5224 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:1
2⤵
PID:4200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4928 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:1
2⤵
PID:1908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5768 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:1
2⤵
PID:4628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3984 --field-trial-handle=1784,i,12113404033891457329,12732363781111178892,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3592

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:596

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:760

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
1d1517d0113258d1368ea848707180f3

SHA1
e1e09448918de4f7871982853bb1afd8e6678e98

SHA256
6965a16dd8f8c2875c279de28ca0ef2ae45a5b57bbace76143bec5111857a1e7

SHA512
3c91f930b0ad2bcf70d91e1a90720dbcdab9e15d6c42bd235fcf68437c6c465bce3bc3d157e59bf1d007a6b23e646c4dc528b9de2a8664a73c8cc71a7c24c2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
edb444874e4115ce2b0c38ffff3f3ab5

SHA1
0a9641061adcd1e37f93c504423e25d121c8c3be

SHA256
65ee0a902a7d5267f3c6c0850a2496650a1b442444f7b67e1c3d07ce01814e61

SHA512
8d4ee3047c8431e992ecdf66458c04d81be872de2751b7c1179b76d46cad3d5533ed50da567fe022c1952fed379cb9007d8634dc65a224034e0a9ee549b018fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
bd983b1487aa9801c99d3bd4b5928ad8

SHA1
45906cb541cd9b0b6ed93424745575f749d1e8db

SHA256
f07ca967bb0167d87d007915ff8f84ceff016dd8364f45659084c696cc4ce478

SHA512
4ca94185e99f7dd7b15ed06768c60ac469c23ecd4a47b73c83157bb4cfb45be0c6b6d2092a2277eaac8e3b5e10311310c2e21f276da6ca0b96f15d07ae45b120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
a86e8cbb6d4cae32ee28325d7748a22c

SHA1
4d0eeddd7bee009a2d0c86dacb95c77a713c5b2f

SHA256
40d4206c5d94fce78bfc4df905d4af55a6bfa16e0bb68f79b208837cb5c830be

SHA512
803f2b07c30fbe5bbeea33ded3b0f818608f63326ea766946a5a9429ad37d4bd0173fbf8642563178c88972954e3866a94dcf34c04ad0d9349355dc5a5bdb2be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
39369d0e7b659dac5c68b4376f659e6a

SHA1
d27109e7c46322d30c3d78bf8c4f173d2d4e8920

SHA256
d6c2cd63c6a9377bb744a75481a204794faeff4befe3e4398f9f9961059ffc11

SHA512
a9576eab2139e7023d039aba3a4b8deed8d0b1bb08214d57299a3f3b4af2df9dd7f5ac9321f1964e84bf7c914bdc333fbcfa96b2b404f792c0d0ea2864c82d85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6a86aa490cf29c30001cac6fdc29aeb1

SHA1
bba506b5b71618db2c661f61a213ab119ce82ceb

SHA256
c9da849588024ba52c248a72d8a8497e7aab4336543ee8eb9066d51bf138b115

SHA512
e99c227df8eb663d9778496b868dccdc17d357d7ce46a6cd75e8d683a900757ab94802f8e91ba5f337bda1be3930827dcddf065265f68d3021a9bfe9ec58c04b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
242a4633d1c82dfd652ac159fa441d56

SHA1
57839fa154bdc16ac40ccd8dbf063eb4f1fe31d3

SHA256
f007a6d63664ed4c3fb3751ae6879b824a8d427eb36addbaa18e7ab767d24de0

SHA512
3745589a3b541ef2aea90be147f1d80f45ca38a7a10c92fe432414d6f661152ee40c7fd35124a90157c9c2dc42e8981834c1ddeca7710e3b1d4c7fe722e36ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0c17ad8c2d2630fb60fd02623854c88f

SHA1
18f0093a5864ac17c56996a6236bf9cba89c024a

SHA256
40f56477cbfdab65c958d17a50d0256a697b8b01fabd714375d46eaa6e45aec5

SHA512
2ad0eb46f31fd4617f9b6e40f165ea7b905e9b51854830f401f592c98f61f69fde16dc1de158065c05eb12f8698b18385215776616ec2e5524d87fc1ed8bbfc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
239e02790a9e001a63d5b93c76274931

SHA1
1c5d31518af9b61ef96769eaf7f0d6313953dcee

SHA256
1fa5da9909025297d501984e36b9b5cb63005e30714ed22bcad1e7322f4a9254

SHA512
fc428eb881c9fb6f58cdb6e01e4dddb514ebb79a0e635a243f6fe7393949eaefee0c9198829f098500f2f913df0ae6494b2942578053cac9be48ce225d7c010b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
6b3db01d42cad55df82c585c82989b8d

SHA1
df1c92d3020ba8d2f6ce062fab46ceaba1f11f9b

SHA256
7babb4ccad36b0b315621e5922e0276f2031ef2037e2ff5baca0d3d2e1ed5ee5

SHA512
05d002e1030292d37f4e5b48793c96ff5ba4be45725d2b7adb18e5fbbc54e06db4f37e38b5c24117cea2f36677e78817faed87bf06caf62e6e3ca6b78cda8a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ae7603036ae80d514ba7be8c5cd191d5

SHA1
5518462e88d4db45134f602150c71eb34b5c8f7e

SHA256
92c09240274e9adf32d2e8a3cd772ada1a8cf11ba401a075f874861e959a9fd0

SHA512
7b26cf0c06a72c37d2c6db8a8520817839e6a40219bfd2c25d69686862e0ef7c5a912284576653a6bc3504a29d0595f54434cb707ea3752a19ecd63746220988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
1c42e85781dd7f5a62ce8211d9d0a90c

SHA1
15bf08480e932afc2f5a4dc9a0b1e7665d5a23d6

SHA256
95431e90c5786fc1a575f41b39e3ce9c3a1104d60543de0415ad0e65ea53c9e4

SHA512
58e039380e9578a4b1295679e07fb4c3c5ee90da38d7248c90b3e79700b593d37ed51f6820b9198e03505719fc390c6d28d48b50755b93b71c545468d3ff2492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ea5b98d32653e454306875f5c36380b0

SHA1
70b5e33ec98b28eced5426f89fe4d3ec90d5f6d2

SHA256
6232a006e5630b5e67abe0d691a1df621a9ded14c387e6dd4b0fd081bba923e0

SHA512
99de4e8e49ea0200e3d2235be734ff36218de15866d5ed31a8cd12141afa09094e3c62939eb0583167f5058e7bccbc21215508a584a157c59d6206c5d5a2dd94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
088b942c0fc0dbad6a947d0967212ae6

SHA1
3edf5954719b76f895a93a8704a62901c72c203d

SHA256
ebaf192aca109592f3e588fcda07faddecb9ea7c2f1fcf19e1643cd26fa11a2d

SHA512
7a3e6b08f631ae75c47b6ca6b27844d5982c3018ba276165aeb4dd237d4eda26e050e2f3ec5d1303e15310424de5a5bd29c6135a891f26725dad547cff6cf755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a9ee984e07bfbc432156f93d9a422308

SHA1
3a0ded14a8893e436bc93adf6e44bf18fbca7e24

SHA256
c7c85c2549ee7a1c38af9eaa5ba8e26eddf7079d3d38c952042be320c000cbb8

SHA512
6756bd0ac1b61f2b9dce999be94c073fe17a692fe8cfcb5d476dceae10ccf8861c7419e5114d86c4c3164810bd8005c8badd85e6874878f87d94f9eae13af0fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
0fb2a2b83198686253ef0fda0ddca3f0

SHA1
c7966f5d8d38e1679924c1ef2af8b82e803dada9

SHA256
8c17e342fc91f6d51efd943d8b753e2c1efe1f1d0e38c0f9995fd8d26beb4e91

SHA512
534dc52c6cafcb8c1327eb2518d0775ce2e6ef2872eda741350bc770e88b47d1f0014ed0bd903aa2c6e9021313e28cbd6ba6e2166c15dd0c5c8ab7cd17609118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a6f4ec619e7f52335d1a53adca1d4727

SHA1
7858449c8f207f840642cb16887a726ad8c24ea8

SHA256
3c605aae5ecd6ec6a9d7975f0760d01d9246b81fd7f8832376459380dedee42b

SHA512
d4794f05dc070524edd1e76059c1a118e79d70174be27014b00f25712c0029703a6cf3b460fca187349bfc12ea9ef5c054ad80405d4592d26d7b58a68536fe7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
bcb91119e47abb6c4317edaa53ba82f1

SHA1
777a1699d03adca340e0549a9c36209b79f47971

SHA256
d7db19f6ae7ab129c80a503d3ae748cc31688bf4c82e3a7f9250e1ea23e2dfd2

SHA512
1d99d48ca873ba85b2af64c63ba9e4511b637d28d206fd84339725a8d670fff677065fb0c3d7314286fd37636df35d2d4e236cb7f0049df6ed6bd6f88c3897a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1a529de429e778413039167d25c8f2f4

SHA1
a293b6a30d78a4228e9715204b21b8729c4239af

SHA256
3f93ec4585924619d2ae50ad6fd3ae8876bdf0713c51f4afe2543dfe8e315832

SHA512
30530ecb06ac516ab29e23be24bcee6190848dd07e0ef330dc1821f10ae21a40245e38c2851cac84cb60547e5af732dc6150009f9a18f90631a7e65bcad5f0c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
8ec8e2ce1565164f46a4bdf9aa66c26e

SHA1
71db5f2005083c80ba1e9a912d381ccace3dead7

SHA256
820d158e602c505f6571004dbfd9550a50056e953dccf657066d817ca8879d8f

SHA512
a0c8cd2e51bafe652f1126b7fd1adfd40b4a6e61ac6db78a1f0a3c49a898b08eeb6e494b6d8ffe768f032a30522ceb532010d9f69efe8197e141687bbb97eba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
b2e9c5c55a1e10b35c14ab8b3a0c6f4d

SHA1
78998363bbf12dedc299f7f94029e4d4392479ef

SHA256
55aa53962180ee4557de907a7eabcc425a174fb4b6f76d228741cbbf12db1c04

SHA512
0279fd1430edb541e9f8c0fb1790be581c864f57014feef9312c78dbacd0a65a892bd77308edf6b672cf3ae832fe151eca5632cbf1d2adc55d137a7897d46468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
8e7025f9df2f8679a0b1d775fbf2a1de

SHA1
21e727d6e12e0338c8b20c09c11fb41d7505b355

SHA256
f07a9ad5e8ea6196b818710bb3df0b980f43be7b1c5636c86e0da98317af8c84

SHA512
793846102dc1a4712b0239994e574d395dc08b328e3447fc6ff885a241534f9401de983522e51d73ea15d399e195d3c58d4518b01405a02d648c3b3c1cf00ccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe587fba.TMP
Filesize
120B

MD5
75c1a3f22a4f4fb5fcc18f4b5fd5de98

SHA1
b94a4265c9a79dfb194647b05b5271a992beb1d6

SHA256
55b7e0f102394e36e936e7a612185b590f96c1fc6a827899b5fb3e97a3f357fc

SHA512
5e221f2cecdbd4997d5735235eaaf11d5ba18336c255b395307c65b6ad6f79e47042b47e3186e9bf80a27cbfc2a98d8d8d15579dd811cdb893b29ce5c1f8ff35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
277KB

MD5
0421e2babcfd6f60d17237b4462e73a8

SHA1
11cf2ed26276cd9749fcfd67fa963158ac5246cc

SHA256
0bdbfb4e8855704e01b0091f63eab54afe2a794045cf1be82bd278b4dc09f4f0

SHA512
15fcf55a3507b68753ac693fb4f11bd96e18cc280ed5a02f83cdfa2325abd3170cb8fa8731412eedae686cc81b4bb010c98be876ded3ca49f73cbba319e085bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
277KB

MD5
efa4f4ec6da1ab640b3f01133c142771

SHA1
cbf4da906bee59a17d9d614f8f94b06eb1872d9c

SHA256
6c54223b26c48d5ebc35bf131841797439a3fd57a5e0c810f1edac8495b66011

SHA512
2a1da285e5bfd9657fac4b8b36fcb94da8496755af62d85c596da82b05ebf8030fde946fff2f368a7406b7d95b57ec576eaf861f9b2a066d0d8b1567d0fafad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
277KB

MD5
1ceed525791d51fcff8c34b57e54c597

SHA1
50c1d28b5d4731326e669c7dbfa85015bf26c132

SHA256
9720374ee18a3643f84f868cd1a7f9da9a92afe4639481523497ad5d0a119b7b

SHA512
b53a5ff71f8887b8bf4d01f052fa5f20e583207ffb57d1c77c4af5118b78d5529e2a61d7fd072e01e36700797d84802e8b793c8164a7e23f6abc5e315021d45a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
93KB

MD5
cc1854610b990fbe007dfb26357ab7ec

SHA1
1b429c8ecc15f18ae464ae52bc22b3f3fc4b4897

SHA256
d68ccd52bc9409636a8799d8c9c578991b91183d44340b2edaaa7c4b62cb3e69

SHA512
7f877995b424c344f86fa74c42435dd2f08f171a3c243664a0aede99ea91ffc694473040af17d804d89b39848eda42a833c4663cbc08d84f1eb4a59b96ea9bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
8dafca2298a169da8c846ba923856ba4

SHA1
0cf96b8bab7dd0dcda4de919e551243a2b3c4471

SHA256
80e25cd41b3c67342e8496243d0aa55cddd698ccab50f5cce6e48ae152d39be3

SHA512
39a13e38fd16c1acf091ae12b42a12563ad7347c27d089ed241afdb3451712da4193f635d2623969112eb2f8815380863570f93775ed15c713293ad4016714c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58291e.TMP
Filesize
92KB

MD5
da5842802cf6fdf9ea9224b39fb80dfe

SHA1
f8ebd776891cdff2ae8e8e36c07575db54964819

SHA256
7f53cf8760d25141247d7eddb0a5620c5d3b4245c49bc262f657b066c196fd90

SHA512
052d8cb528e2f420dabf8e6484f301f61f7c2580c5f110e91a78ed30cd11f140e3d1672e606351c43360358758923b2f6847dba05f29cc728ff2958c6c99b96a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
dfcfaced09a9e555c7a3605a7c078a4a

SHA1
4db632cbef2a175430d11c60b93383ce63b603d6

SHA256
b0ea458ead8647a1c4823f0e1e8e59bb1951b5b14c3065e63a0d76208dcb5c70

SHA512
91e836b3f9ab6a3425eef815e837ae770465edd0643214fc369a0e3cbda1519e0739c0604533b88274e15211ed1620b11ea69bd00d989ee23cf15ffcc9dab3de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_308_UMSLWAMKBBNJQROD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit