hxxps://www[.]google[.]com/maps/search/50[.]8505,4[.]3488?sa=X&ved=1t[:]242&ictx=111

Resubmissions

31/05/2024, 14:10

240531-rgvcgaah9y 3

31/05/2024, 14:06

240531-revkfsbe56 1

Analysis

max time kernel
230s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/maps/search/50.8505,4.3488?sa=X&ved=1t:242&ictx=111

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 55 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	NOTEPAD.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	NOTEPAD.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	NOTEPAD.EXE
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	cmd.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	NOTEPAD.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	NOTEPAD.EXE

Opens file in notepad (likely ransom note) 8 IoCs

ransomware

pid	Process
7220	NOTEPAD.EXE
7384	NOTEPAD.EXE
5232	NOTEPAD.EXE
6300	NOTEPAD.EXE
6672	NOTEPAD.EXE
5220	NOTEPAD.EXE
7268	NOTEPAD.EXE
728	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe
Token: SeShutdownPrivilege	3048	chrome.exe
Token: SeCreatePagefilePrivilege	3048	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
5220	NOTEPAD.EXE

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe
3048	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
728	NOTEPAD.EXE
728	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 3452	3048	chrome.exe	83
PID 3048 wrote to memory of 3452	3048	chrome.exe	83
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1388	3048	chrome.exe	84
PID 3048 wrote to memory of 1748	3048	chrome.exe	85
PID 3048 wrote to memory of 1748	3048	chrome.exe	85
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86
PID 3048 wrote to memory of 1456	3048	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/maps/search/50.8505,4.3488?sa=X&ved=1t:242&ictx=111
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c84ab58,0x7ff80c84ab68,0x7ff80c84ab78
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1892,i,3337134565344289520,3211825696380685249,131072 /prefetch:2
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1892,i,3337134565344289520,3211825696380685249,131072 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1892,i,3337134565344289520,3211825696380685249,131072 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1892,i,3337134565344289520,3211825696380685249,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1892,i,3337134565344289520,3211825696380685249,131072 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1892,i,3337134565344289520,3211825696380685249,131072 /prefetch:1
  2⤵
  PID:1216

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4528

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\google.txt
1⤵
- Modifies registry class
- Opens file in notepad (likely ransom note)
- Suspicious use of SetWindowsHookEx
PID:728

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\google.bat" "
1⤵
PID:3940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K google chrome.exe
  2⤵
  PID:2468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K google chrome.exe
    3⤵
    PID:4192
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K google chrome.exe
      4⤵
      PID:3712
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        5⤵
        
        PID:5064
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        6⤵
        
        PID:4084
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        7⤵
        
        PID:2592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        8⤵
        
        PID:1504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        9⤵
        
        PID:3432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        10⤵
        
        PID:1388
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        11⤵
        
        PID:3720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        12⤵
        
        PID:372
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        13⤵
        
        PID:2684
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        14⤵
        
        PID:404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        15⤵
        
        PID:4420
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        16⤵
        
        PID:1700
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        17⤵
        
        PID:4260
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        18⤵
        
        PID:400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        19⤵
        
        PID:2416
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        20⤵
        
        PID:3076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        21⤵
        
        PID:1516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        22⤵
        
        PID:3160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        23⤵
        
        PID:4808
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        24⤵
        
        PID:4344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        25⤵
        
        PID:5104
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        26⤵
        
        PID:2568
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        27⤵
        
        PID:4536
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        28⤵
        
        PID:5060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        29⤵
        
        PID:1636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        30⤵
        
        PID:2860
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        31⤵
        
        PID:1460
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        32⤵
        
        PID:2404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        33⤵
        
        PID:1368
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        34⤵
        
        PID:5164
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        35⤵
        
        PID:5216
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        36⤵
        
        PID:5268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        37⤵
        
        PID:5312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        38⤵
        
        PID:5356
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        39⤵
        
        PID:5400
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        40⤵
        
        PID:5444
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        41⤵
        
        PID:5496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        42⤵
        
        PID:5548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        43⤵
        
        PID:5592
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        44⤵
        
        PID:5644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        45⤵
        
        PID:5688
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        46⤵
        
        PID:5740
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        47⤵
        
        PID:5788
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        48⤵
        
        PID:5832
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        49⤵
        
        PID:5876
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        50⤵
        
        PID:5928
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        51⤵
        
        PID:5972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        52⤵
        
        PID:6016
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        53⤵
        
        PID:6060
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        54⤵
        
        PID:6108
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        55⤵
        
        PID:5180
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        56⤵
        
        PID:448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        57⤵
        
        PID:4472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        58⤵
        
        PID:5844
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        59⤵
        
        PID:5412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        60⤵
        
        PID:6156
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        61⤵
        
        PID:6200
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        62⤵
        
        PID:6244
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        63⤵
        
        PID:6288
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        64⤵
        
        PID:6332
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        65⤵
        
        PID:6384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        66⤵
        
        PID:6428
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        67⤵
        
        PID:6472
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        68⤵
        
        PID:6516
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        69⤵
        
        PID:6560
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        70⤵
        
        PID:6604
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        71⤵
        
        PID:6664
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        72⤵
        
        PID:6716
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        73⤵
        
        PID:6760
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        74⤵
        
        PID:6804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        75⤵
        
        PID:6852
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        76⤵
        
        PID:6896
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        77⤵
        
        PID:6940
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        78⤵
        
        PID:6984
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        79⤵
        
        PID:7028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        80⤵
        
        PID:7072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        81⤵
        
        PID:7116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        82⤵
        
        PID:7160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        83⤵
        
        PID:6484
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        84⤵
        
        PID:6952
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        85⤵
        
        PID:7256
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        86⤵
        
        PID:7352
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        87⤵
        
        PID:7412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        88⤵
        
        PID:7456
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        89⤵
        
        PID:7500
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        90⤵
        
        PID:7544
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google chrome.exe
        91⤵
        
        PID:7596

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\google.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:7220

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\google.bat" "
1⤵
PID:7836

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\google.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:7384

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\google.bat" "
1⤵
- Modifies registry class
PID:7100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6556

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\google.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:5232

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\google.bat" "
1⤵
PID:6740

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\google.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:6300

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\google.bat" "
1⤵
- Modifies registry class
PID:6384

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\google.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:6672

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\google.bat" "
1⤵
- Modifies registry class
PID:6392

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\google.bat
1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:5220

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\google.bat" "
1⤵
- Modifies registry class
PID:8148

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\google.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:7268

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\google.bat" "
1⤵
- Modifies registry class
PID:5596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K google.bat
  2⤵
  - Modifies registry class
  PID:2360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K google.bat
    3⤵
    - Modifies registry class
    PID:5056
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K google.bat
      4⤵
      Modifies registry class
      PID:5956
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        5⤵
        Modifies registry class
        
        PID:5960
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        6⤵
        Modifies registry class
        
        PID:2404
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        7⤵
        Modifies registry class
        
        PID:1636
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        8⤵
        Modifies registry class
        
        PID:1192
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        9⤵
        Modifies registry class
        
        PID:5496
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        10⤵
        Modifies registry class
        
        PID:804
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        11⤵
        Modifies registry class
        
        PID:2556
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        12⤵
        Modifies registry class
        
        PID:4800
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        13⤵
        Modifies registry class
        
        PID:4432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        14⤵
        Modifies registry class
        
        PID:5384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        15⤵
        Modifies registry class
        
        PID:7492
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        16⤵
        Modifies registry class
        
        PID:532
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        17⤵
        Modifies registry class
        
        PID:4092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        18⤵
        Modifies registry class
        
        PID:7784
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        19⤵
        
        PID:432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        20⤵
        
        PID:2720
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        21⤵
        
        PID:5504
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        22⤵
        
        PID:5328
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        23⤵
        
        PID:3652
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        24⤵
        
        PID:5172
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        25⤵
        
        PID:872
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        26⤵
        
        PID:1840
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K google.bat
        27⤵
        
        PID:3580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
d4f25cb2ceb8b5e8da8a687885cf5b7e

SHA1
1f068912cdf518eea282b7e78cda4150d36cdceb

SHA256
e999802ea9b95d5dec0cfd0e248bbf75fb050bf34ecbe6d0425d407748ee0254

SHA512
f8668921d3ee8db1122ac8b5ca2e16fce15fc99cb6898ec6e962a7d2b25c60a5a626d1622091da457e73d40379546a6eb4a9b13f29916fd0863814bfecbfc2a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a551f0d701f2019ef8cc182aeac8ba76

SHA1
8d9cc84408edcf11828814a920ff231340b4688d

SHA256
23638b7434b72b092395c58d15c2a9ec149ec92d9a112cd38d9e0b85e71cb0dc

SHA512
63723c054da44a53a396e293d51ab3342367ff3e219d0fd234887c1735572f9e7924eaf4117d1d3f27daa743f5ae905f2accdc6e7a7310063e2743bde31c62ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f0ef2ec4366c7e96ffa64db0455d33b2

SHA1
5def1d175f052bbdadb1f26b9edcaca77b602341

SHA256
52aded46b1e3625b6669e710dc7351f32ea6c128e6e35ac73af43dee374b7d9b

SHA512
e5e96f7089f0b24d234d477a1deb72ab350faabab2aedeb0368cea2abf038ade96c31ea7454ecd0b78e202a80e57929ab2842640f04b1afc4f55e397ccc3054a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
6a5f995ec27849bc06ef7dc7f00fa4d0

SHA1
08119e1d7c981d98655995c5bc3378cc07c22ad8

SHA256
1e363a57f16bf6e5f63753c8c2c96a1414e95cad45d46302f04b0e0b14174282

SHA512
6bbf2d9e0a3c8217d16343111a60239e706708b468e8a3728e71f466f8bb1424d7fbe93124dc2491a5bdf61f72feec3f08400967d076a5e650c25ca91f9f81b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\Desktop\google.bat

Filesize
23B

MD5
98295abf618388055fe21c00ae0b2672

SHA1
2e462204e545c228f65b5f1aee90528ff080406f

SHA256
1c0e5ab51e2462016b29f0d019d851e266f0026627a67d60dacc28817878f0bc

SHA512
a5ae59c5e4bb8a648c48f343d6e43b2e7918faec76a86d7b1f257af32dc50563f4ac295902b49d04b6d1df8f1ced5002aa114295cef43ec667a4be2a107a8b4c

Download Submit
C:\Users\Admin\Desktop\google.bat

Filesize
16B

MD5
6b9d9abe94499f99a28c771c600e51ff

SHA1
80fdf4a860a3890b78e00fb547f6c5e37a9f6170

SHA256
f7bd7f81a369da4c4028d90fa89b3b06cbaf2d2cdcadbf7117dd2995605e86e3

SHA512
d64c9852af98fedd1cba5982336d44fe3de89a47ea669e40e7d031f427955cfe719840242b2e1ef9349d5fb970a707abb6a2d3c4081207b4ab0d8b44a7be75ae

Download Submit
C:\Users\Admin\Desktop\google.bat

Filesize
24B

MD5
43daf0158680d9b2e7e3c823ffb9ef3f

SHA1
7df87b88f1a10d0170a89e84207281d959d1fd11

SHA256
715113ad18669b8e8d6f8f6eeaf3c664f9edc556079c39620b97cd666de28d43

SHA512
8a1306db4454583a2a2a88af16a5563a4de772ef0f31189198431daddf314bd5363f12c16194b3653b2f763ea25f2dfebb966d11efff00eb37b3b397da69a06f

Download Submit
C:\Users\Admin\Desktop\google.bat

Filesize
13B

MD5
a5b3645eef52824e33a1fa9e25b0288b

SHA1
593092a2040379e24d6d75d8b6bb9b49f5a5ff18

SHA256
2c1aee3a0bcd0c281f54a7187e2862834b44c50bfbe1915b82f1dd1a367dd5c1

SHA512
799d62bb56f2105491dd02b369840a4fa9919fbd7a18ff3269187a0359d760502b83b36b8d8e3390afda949ab622d67ca93390038181eb2256f6637e3180947e

Download Submit
C:\Users\Admin\Desktop\google.bat

Filesize
39B

MD5
5a1f51b2c28469ebbc7b1bc161d28ce4

SHA1
3ac85583b97cb17d8f997c45bf97373531388c97

SHA256
1f33dce94c8af18619a5b396c2ec2a0cc08feff85435492183a9fc0930cf13b7

SHA512
5d4ccabe7acb1f65925596c007b81e8459df774808380377e8e141c4cd23cd49b5911e50e04f973d554eb56efd687a0d7ab893a3e9d46cc73d1194b70802cb84

Download Submit
C:\Users\Admin\Desktop\google.bat

Filesize
79B

MD5
0a0750a2f62905760cf78b4010ffc26e

SHA1
99914b170aa43bbe9154440ca46b622f45553f2e

SHA256
57253cdc8d62079dadddabb23319d129765f30dc6b90fdd54235bdd1a0b958a2

SHA512
60146859004d039485b7f57e5982adc8843152c46f6c55ca7ff06b09328bdc5f8bd7a6ceb03c40600fc54ba51e36c57641bbb39fc3557213b653f13449ae84cd

Download Submit
C:\Users\Admin\Desktop\google.bat

Filesize
58B

MD5
c7179f2fa4ad2bb8cc7cfb022804f81d

SHA1
6206e18343a5b624df699fb35b52781d86c9e1d6

SHA256
edb6edc07c9b36c236dbbdb9b8a9398833c3080d1438579a008d72c1ca9000ef

SHA512
a742cdf746200047565e2c6f33d40a944b36a90c6cbc2f94e222e2ede268b8728fcb9241e3bb9771505f3417158a7809c16fe053eb59443d71b4b257c62d00cb

Download Submit
C:\Users\Admin\Desktop\google.bat

Filesize
59B

MD5
7c9af19288344bffe5fa2f66d0e1df36

SHA1
e9de754e9d35600d8db73096ad937179764bef81

SHA256
30d05f9956c974d8d9d61eb6823fc923404242978911ea6951cf99fb987e43bb

SHA512
755e3c3833fa1f4f8ace2637596dc93b33a9ec395d7136e0f30ebe6b5bbdf80f1415e750f4f1b31e670e67e65a73cec0332010e22cdd16500676949b701387c1

Download Submit