hxxp://api[.]yunyuwu[.]cn

Analysis

max time kernel
600s
max time network
589s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/06/2024, 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://api.yunyuwu.cn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133620143890656534"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4332	chrome.exe
4332	chrome.exe
5048	msedge.exe
5048	msedge.exe
60	msedge.exe
60	msedge.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
2764	chrome.exe
2764	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
60	msedge.exe
60	msedge.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe
Token: SeShutdownPrivilege	4332	chrome.exe
Token: SeCreatePagefilePrivilege	4332	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
4332	chrome.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe
4468	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 2628	4332	chrome.exe	84
PID 4332 wrote to memory of 2628	4332	chrome.exe	84
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4752	4332	chrome.exe	85
PID 4332 wrote to memory of 4520	4332	chrome.exe	86
PID 4332 wrote to memory of 4520	4332	chrome.exe	86
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87
PID 4332 wrote to memory of 5112	4332	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://api.yunyuwu.cn
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c0dab58,0x7ffa5c0dab68,0x7ffa5c0dab78
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=2012,i,9208393410157487151,14168173014892354411,131072 /prefetch:2
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=2012,i,9208393410157487151,14168173014892354411,131072 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=2012,i,9208393410157487151,14168173014892354411,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=2012,i,9208393410157487151,14168173014892354411,131072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=2012,i,9208393410157487151,14168173014892354411,131072 /prefetch:1
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 --field-trial-handle=2012,i,9208393410157487151,14168173014892354411,131072 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=2012,i,9208393410157487151,14168173014892354411,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4364 --field-trial-handle=2012,i,9208393410157487151,14168173014892354411,131072 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3144 --field-trial-handle=2012,i,9208393410157487151,14168173014892354411,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=2012,i,9208393410157487151,14168173014892354411,131072 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 --field-trial-handle=2012,i,9208393410157487151,14168173014892354411,131072 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=2012,i,9208393410157487151,14168173014892354411,131072 /prefetch:8
  2⤵
  PID:2308

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\RestoreOpen.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa5b6e46f8,0x7ffa5b6e4708,0x7ffa5b6e4718
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,15918107987193983106,14744531888523827941,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,15918107987193983106,14744531888523827941,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,15918107987193983106,14744531888523827941,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15918107987193983106,14744531888523827941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,15918107987193983106,14744531888523827941,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa5c0dab58,0x7ffa5c0dab68,0x7ffa5c0dab78
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:2
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:8
  2⤵
  PID:352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2312 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1448
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7f83eae48,0x7ff7f83eae58,0x7ff7f83eae68
    3⤵
    PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5060 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4844 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2368 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4744 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2384 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4852 --field-trial-handle=2012,i,13778612691096136050,6709676043585019420,131072 /prefetch:1
  2⤵
  PID:3476

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
d9a49a7d6d5ca840cf0f0e937007e278

SHA1
90197e483cc1bf8970cb6012997b1968f43d8e78

SHA256
183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876

SHA512
142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
757f9692a70d6d6f226ba652bbcffe53

SHA1
771e76fc92d2bf676b3c8e3459ab1a2a1257ff5b

SHA256
d0c09cff1833071e93cda9a4b8141a154dba5964db2c6d773ea98625860d13ad

SHA512
79580dd7eb264967e0f97d0676ba2fcf0c99943681cad40e657e8e246df1b956f6daeb4585c5913ca3a93fdfd768933730a9a97a9018efa33c829ab1dea7a150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
5bfb35b1a96d8c5508ea70d6131642af

SHA1
35a1d683f99b4ac55ac23c4d310a1d1ead1fd72a

SHA256
bae5f341f1c36478e26da2e428175b9d8437b24964867364e4728329043ee264

SHA512
bc9a4c21dc77669d22c9f17e3304c5a5e597e9fa70637ce1e2650c487921e1af966aff1245a6e6cb9477c557c8d68d3df93ce1cf876db7b15f617477b9232458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
5db97a6e2251f8d129c6b1fcec47c323

SHA1
e6ecac0be6c079c72b1376e7486844529e080f04

SHA256
ee73aa50e4ed9bd3599a362aa89087a13aeefc088c967093ef15ecd9487006c1

SHA512
34104a2ef259260c2c9f90678f1901a46147c425d44afb627f67340feb8a87a7f4202d491a197306876ac117028e5c3db54909c08dfca7ab1d5c1df301378256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
54a86b9a8290be0f426e13b9a92e9a97

SHA1
5df984188abb5b52037ad7625ee630aab60b22f0

SHA256
9b3f804edac41708f4dc8f118c2f9da5bf3b3bc5d9d09fcd1bfba02b0532e5b8

SHA512
1cf04485a4f0501018fd44f99b0c4027aab8db6db8329aafe89cba7de7414e0a57c1effe3c3c36ec3450d1b1c761554a2b20dedef4be00b13f4f30bac6536061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
34626eb8817ffc680eb7489d1497d88f

SHA1
689aa897820d3655ce510d7a01e9b6514c2223b8

SHA256
c868cec7b300dd29be09b25e1eb6e3ae5ad6e27eb5c472f0cb44d96eda031e16

SHA512
d2a5032f17507a635a381a4fbc61acd03684147d5a0d70a79f0e67f31baa0ece3e9f95d05f52e7c2e8b00729512c031e56f6491f7d8152598dd009db382a5bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
a29f2464f39585c4db96eacebdc9986a

SHA1
ec0e2cd27fe148ff61efcc707c3e11956040da32

SHA256
104b5f92e088d25da67d2b3259ef7a803f94fb74009961a50fc15131ef6e382f

SHA512
428ba621c1773b00de265f604f444159f5c8cefdea99370b1438321b194c873553beea0ba1e17920d6717e8136c25b23bc23cdcc82475aa2ebe158b057195a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
a054f973d3ac49af1fd6fab962da1b91

SHA1
c11732fb331aff33b4705f5b9d0403cfade11b33

SHA256
a79bda4dc44b87a0ad95370b66e660f5faa2f2d9c079bd086698943e28280bef

SHA512
095196a176733354574158b611c9a957f368d1b5b188e4fbba887399e884679ec941cf9027a838e035e235b09201ac84cfbb53a577cbabda636539cdcb85f85e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
4971c9e5e3cd2196ea974a889e15224f

SHA1
965879ebbde0220afa3605729d732cef958fb2ee

SHA256
3ef9a6cac68950788ceb84ca9974c9317f6162f95017241adfaa82766a9e13ab

SHA512
b78420ef25218242344bb81e2e27ed0e7b2ecfa5d315d91f003bc00ab37f467843931944b628ad052c463de33000c256755fa8d48401e81ec5013ff2ce2c7052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
375718e51d90ce70c4c63c6b1ea0ba6c

SHA1
50e039dfb89d57a9253fd8a9b26c6c2f2e240527

SHA256
a66b66070b69cf7888746878508fde0493642fa16203fe46e47dcb9e18e4e8b5

SHA512
04f8c6f355f72bf671cbed22d632d1adbfecb7df65179048d94e0ce2e6f8fc0fcf413c5e46111dc2febabc2c7d7c91edd30ab592f2f0e7078905f907e2c81b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
96647a2a86798d8990551472fa6ff140

SHA1
b37da08b6058ab886cb713b31f488c4ccd83798e

SHA256
61bd692864b3977e8a177260d4120fff26a934afde116a9b21821d365955cdef

SHA512
912570cdd1c644e8fc818da170ffba9a1c5cca2bbdd030c728155244038275d9580dddf7a04d1b62d111502f45d83222ae18595cac6016da2b4ba855523313b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c3cb26dc89b214c7d095573da27f43c1

SHA1
7dfcfdaa6a55ee7ca499149dbe28daa7d5c1e748

SHA256
a2a9ce33aa15c703c75a2a6f3d1457a0662a52776ba5183c40220ec6a1043dea

SHA512
b06fcb0001d22ed6d57125fb425635f302c009953fad4f2113599a50b8f93d0fad68e0ea4414bb0ac1b319e83585b960d488194803bc8d66d91cb2d7f74b588f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
824edad5e1f4c3bc91292f2bebb06bab

SHA1
7b44c646c3044c477e4ab06d474d0fce46fd4813

SHA256
3db688d5cd942bc6de5ee858cb4a89b87a7aa896cec6ea047a023165b7062b6a

SHA512
2fc0e3f5779ab6081ec749bbd102393db90231b4266350022a1c0eb949dd12aa7e22204f91ca75e58a1f96eb805d127da315a46ce317f49e3fb15338de1e0d15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0ea2e0b8fa2a2bdc8604ce97f227dbb2

SHA1
4ed274e7c840962707c3435f27ccec79a855825d

SHA256
d18af5f6d59e5cfef861145fb9d06a827943b679c0a82d769ff3ad7814f045df

SHA512
dd7bf4e8aaa3cdd157f34aede0ee69a89b545aec3b4b0ab65e3da1bc780724e89f41baaa4af645a88e51f6b91a05b283dce3105e9582d01b285d7b2a9ae07673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4b07c3ab4c11d6bee00a379b26244c12

SHA1
e3da99d707ccaf059545178f3660694e7352060a

SHA256
5cf59a68304d2c523a930dffba95213d91e9c010eaed49e6055e58adf2d10e00

SHA512
03486742b1b45f94f503bc1cfa84a5158aed0850e23c2acfeb524fbcc40e5e419fb1cc901926debe2d798b8a1c3d3234394fa1a763d7ed05755d94d05e3c96fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2423c9b11930a27747b3e51830fdfa5c

SHA1
d83a7b2f2da820bda50ab1891c36bc9973d02f08

SHA256
53621fc327adce616b9124b1ac84500109a351aac52895550942629ec8fcb46d

SHA512
11f36af3807e1b24c500631d3451cc31bdd456d9df202d63d4abacb69243bb14e02ab80cdba77daea886e262ab09a9415d42964c0adac7568c20dcdce3227462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
36a9bb41cfe797ef1ed83baf99d7674b

SHA1
232f2e58a139017c98551bbad07c9e8e0e241a16

SHA256
eae69c9aa2562761d6038c69e9a77c6293fceab78ac0c832e4e21dec54a19d26

SHA512
cdecf31ac775dc795f2f28d41d3ebb02d5e252b9892f16ccfdd90c8e18800461fb03e8650be46da82b0cd9c8c4ef2d7b3aaef24399917808c698d79c9319868b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4a4812f51c676367614102f0a5f88e43

SHA1
26fcfeed747372ab99f6a12fd6902f12037a1ead

SHA256
75c0f8be325872e1c81b88f5956b1986f24ca07114c132c72c6efe6bd59349c3

SHA512
463403d94f893bd4aeea75c797b4c179a6feef6dec43565253d889e32a297c43c022da65a5074458ac88f4952ab43ac18206c27ccf2e4e17e63b82f828bd7f13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
33a53f93668d757c7b64cd228abcb671

SHA1
f1bfe6234b3348fce642b46a08d6c8e29013c44e

SHA256
ab75458db24c1a34bb240a66968c1b79fc5930cd640309a3bbceaaaaaf66ce56

SHA512
31bb59d1be08ace6bd62875591553ff86cde6fa859672168e3056bf08d43298864c66944092a9731775fb4d057f3c8ee40d8af736e8f80831f914e22f0629389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
21099841dcbec36b18b682ce4e6e6dba

SHA1
1f2966d5b9cfad18b04952b4d32a68ffb8c6eba6

SHA256
b4ee764572110f0d856ff7bb34d28e1ec6be0b057554599a0978a4c5e4714f11

SHA512
ae65bc76c27d6c766c98d5a409fd4f5bcf5157c14780742801b663071bf1229a663a40f208404612725fdc820895cd0cfa3d5ffee82895f8dbd4dbd2ef4b1230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
24775efee7b1209f6f56902f2dae8d6f

SHA1
c8e3a74a6b01c02cbbe01e83a363baceed26082f

SHA256
903127ed7799b9249ab21d4b80042a33f0eb989b826c1ccede48a81e43472410

SHA512
e1e53e5a48fd6ac103aa8fa10d4f4b4507ffb855bcbbd7a629c0756634595cff201c63f14b9f80cb214ee486c487571797ec522d8834cd04b99e4f9e8534b0ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
36152ef88ce361e3ae350605522c3364

SHA1
11fbdc52b88a40c78cbabd6dcc2185a110e7d304

SHA256
b63a06bd2dff3c1a77b78d756e9b6090e47749830c7e7a46711a1c3f10976a29

SHA512
5c38b09fe8023253cbe6f05bf1d73d383e23a8c41378b33e63dd40c20eb6890864a5d6535f566e230d829e53d43caa7390108b61cdec1a8e2d10c54f04ef4f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
21f29c0557863d2f69b1dcebd05a0d54

SHA1
45c416428de881818c773990bc1c57beb7739f84

SHA256
f8443330314482a36c4b6c3e1a159edfe0813c312206f4abd3d8ee3eb089895d

SHA512
86a7a040fd36f219d3d6a8137c094d5c94eaf1550aa2af69fef2381a9d9e2dacd6bce9455675d99458f81f302e54b95b595c5efe0c9ae3958ae31eaf10f2d2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13362014386456575

Filesize
1KB

MD5
22f51dea74a5d8f33c9944caf2a50b2c

SHA1
87c0949a6f34ff43b0be5b2c2491aa07e1e08f36

SHA256
a2428521ba03535bc21d33a701713084b5277b8859434a1a1263a24ae5d9864e

SHA512
ad9dfccd5e5cdb50bf362b1636b116e371fa4cf5fb4de3cfc26c45cade15d3c3fb9298a49ab00642781c5c70e39223efc2e8b10c2b0eced457c2963145020195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13362014423214575

Filesize
813B

MD5
fdf9a92e25117b1f0f36decb3bded779

SHA1
49ae53a7210b36964b42bce5374afa52d4715844

SHA256
7bc17d7681008e6433538c93d5a368df01cce89cd5a7b1662479cf269f439830

SHA512
105898d18d4b348afb66097da9f4c8e4768a976d578a081316dbe60c0bb0fc48b63e1cb79d2bf3481f0b44d215e460caea71c34c3a9b2ae9db83f72ea3dcb811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
f5a517b601fe4918e389eeed5e0af42c

SHA1
f5133c93820f6e73ff249c3645c1fa4313029f8e

SHA256
f01a71cdde867ddfec30f54ebb921ea1f3c1ab27ea5e602bf4379f4ec9017630

SHA512
de85e1a6a44652cd6b8cde9fdad7ae951ef8aa3833dd786cbd63c461979d1973fad047164fc11c41f6029939fa491347dca2e578016b834720bea259c34b723d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
8e3f4c0a42c6dd152ea5ff0404d937a3

SHA1
fef35731d7452a0b4ba0ba0b58b0f0a99120ecbe

SHA256
0359ff2bebf9e811366e21229473172afac69553af970294ce77e75b6af0fe2b

SHA512
cd141bffb549aa63e0ebf4bb8ecaaf7326b32ff1636098060013d68b8ab1f3b495cec12780aad83c9c5328cab26d7a0e396f0c8c3af7d8fc7e36cb46a162bd78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
7703b08614c2a1fd9c97c1569540bd9c

SHA1
eaee84c1920ac848040c3becb3dc305293e5a4c5

SHA256
f3030b33eba020b14d08bf881c696f7731f4112306a26cba356f29404f80f571

SHA512
7b396da590d83ace7dc39e29be8d900c9b29f02dac53e1cf5f3419d713f5ac3b0ff792290afecf66882697ce3cbaca95eee78ba3b61261fe0bfd671bb9ce23a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c9239305-fd60-4cd3-bc21-5473f298ab24.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
8dfee46b9252b5e1323fe1d0ccb3e94f

SHA1
70eb3d058ca38f495f2d3f74fce212c534e22a0c

SHA256
ad2406f8b59ba5339178f9c3e03589c701458ef73cb617010d264f820e359cc4

SHA512
29aaf64fd53b83a1278b6725553863965485e5d56d043f19f4698db222fe4d564e7d03d99c19b84cd9400fba0f73bc48b235b64ed17ca5559fe730515531ac89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
79729ae1b8bf4d402aae3ab09f0e2879

SHA1
d8bae83043b70f1142a3e2ed7d81ab0d69015e9a

SHA256
24ac8800cf8993f72f1d3e1790d1002ef2e78ff70b242ee251e723b39110b977

SHA512
8942f880acfe54fd74b73cdbee705ca570c2a7981c94e14ffdbf36bcefdc38704a50f59855e2bb2883e443f8b6e14cbf84ce40f328b3b81d9f1bee30df5e2826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
c31c4325b6b9099d3fa9c007ad3a16e2

SHA1
686046aae26ce5c5b75e807e48e11a8de74a73dc

SHA256
980856d398501a500254c358b46c06061d6f66f4f5e77ac049625d24500380b1

SHA512
d4c6eb6c29560e60052b1c24ece9a282b51a3374eca307ee3d6a824104b12fbc2f10d14f84a14830e13ed52252616320f2d10075da5d323a30a883ad4863f9fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
d8141327f7ce5a9444c5cdccfbe1afcf

SHA1
4a5d007bccc8f06ab0fb7a8dd093b7a46ee7a519

SHA256
40c265021811ffa43bbf20770a95f3f506ea036ccf4d504d3632ab073ef40df5

SHA512
d4bc2b678c033cc36bdf5c277cfe6a8a793d142669f009c69be06c6c9e7fa5589549ade8691c7e6fd86ac370acbaf4183a268dabdddd29621232eae6e0a84f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
17033d5b4990301051afaebdc94d4ae3

SHA1
f99d15185e0f7a5687bad8728819dddb6d711f2f

SHA256
d3a99b3065214aa2e29837b3be3d7a2238ca7f34436fc9fc95f6be36eae559b4

SHA512
d9805ca2576c7f8c898134e32c9b796fb890122018200f6b5e89e51d6432818f130afdf4dcac928eeb2663bad81b5731d3578c07e918cc4232f8a5da501ee1e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
2d35b992fcd1d7a5e6898026c41c9364

SHA1
2179da4a069640f77bd1d89eb1e802055b1ddc6a

SHA256
c0f6f1e5cd0e5aecacfba67f7012b8c949b291262d3e614d2506b4d87dcbea43

SHA512
3238fa14161ffc3cfbd8865d6f74746539755d227500a79ebcb38f8c015b83da479d0eb72d4c55b63ef05c55aa66b124df1bcdf4fb3c24af1ffe259be46f5a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
4258b05ad38b61977820f3460a20f2bf

SHA1
3972722aa1ae19fb61a2e396852db7974f9ac5d3

SHA256
29b487d0f3ea471786a92f9486099834d563b132c2c95d207df84421fe0bc743

SHA512
c9a079a6fe6a4963e9518ed75feef44e793ce3ea9471cdc6f5123751f563b3add7c8ce2de4cde383714560955a61965a16a3a10ff8ff7d3cabef755d59b655ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
b8eb7cecb6db6ff942b9e92a837342ee

SHA1
fe805ab2c86f2bc30bd7a20c77de58a307f270f2

SHA256
1886e0d768b77458eea5290899fc4cb155504aea5e1b1178dda04fdaf58ed190

SHA512
92d768cffed1ec8d9b7ba7f2c232d163e26de02af4df3667ebc2a465346d1947953f830c1cbafeac0f47cfaafa44975c8af9a9bbd8e4fd9172737af7f73d296a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
49c705ef2855dbce4ee53e4cf39f51d3

SHA1
9769f170ef3d36cf818394068ddddfed2383d6ec

SHA256
79424912a8922fb9ec7886a6d15783e590f1048a301e4086170ff55691dc7096

SHA512
d0a322c234735e3495b305bde90c8cf0833ac3756f5f92d83af81b8a4de0bbf3d4d1fddaa65fd4ed36cf5edc0b5c870f97bd77cbe8a92d7d7bc68ff421a7e90b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
8049aa4c43537b17ac1363c66831254d

SHA1
d295adcbd5638f261d38b76baae12cef9b6dcc8f

SHA256
249c178b1c94fd73c42e134feeb27c275a2a0749e9fa41ef91f8501dd647ff42

SHA512
0f7ac6e7fb8b230abe53ae65207b5fcacea924f8f8bd4c117c59c4f121b4fc2b175ab34beb15484eedeae0299d6767c75649d5786d042c101c5252e13de95787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
bb1270735fc1ef57e16a59ccd17bcb18

SHA1
7a89d520ff9513bc82c347dd0e607dfef9d1beed

SHA256
f5a8924963163cf8a67bc1239190a9a0e4088e2d1c474c6784e4efd0ed678bbd

SHA512
ee069e613cc82f841493d376b17bf385ca54c4d35abb8df63432e521d7733d8205ef184bcdf85489f7cc70eafccb13336abd1c67679685b18c4cd233ed4e5c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
283KB

MD5
ae65c3751e28c02683d29f6ba5ac6d30

SHA1
d3a42c177315157c7b021e41957156072330b004

SHA256
b0687005335dd363c61ee2467c04849903f9fc15e7914432deaa566ad820f73b

SHA512
a614b5329236b90b0e2108d235fbfac06b84df5433ab4f7550a51b58f9631dde70dd4936e8c4bb1494868d55a66210e54c89438dd4bd7fef62adb4b70986980c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
263KB

MD5
f7431bdb0cb815083d9d4da378aa1d2e

SHA1
bacee088ffa80b037d5be5d50e3fb754ab70af7f

SHA256
8c75a6ff4c72d2c54f96c26651ed7914460793460e94fee6274241a3b2307df0

SHA512
0916a9374b580795212ec2024a9c460c2cb1f27ebb8ae123c396f1bfb8b98523bcec3c3d868a5c93613622eaf46898d3c9b53eb713cf2854616cbeb1f47d30a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
2a71311fd47214d21a0e731d95404152

SHA1
b54280358f7a720b781378441a8c0cabf558b254

SHA256
8324cdd68a659c489d6b10b6a6f44390d60f7956fff9c1b5f1707de3244379c9

SHA512
f4faf589a53af0950972e25e4deef0a892f96a3a96412c0596e5eab62370b20e5d4121472c4e1d77e243d29620c18036d176f01d265092a53c2d57e8de5acd15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
c683a592952da8a6c5c184df7aa80564

SHA1
f71d598d310471a59aeed3996320522f44ecd68e

SHA256
696f9b29853eaa24572af14c3799cbb10d6d90cc15c575ada666e140683b03bb

SHA512
94569ee7a5bf90becc03ca5f4f49c176938100f75613130b3bda97aeec8da0284fe2d8763a7a66452d9de3f8949be5e4269d108afc2edd25f975f1a10abfa0d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
23630c6a53aa6c0a0b819ad046231e0c

SHA1
9ce72e8fa4608d129bc7c75919caa79108411c60

SHA256
4ef000736b2cd5a7a49dae311cffbbd488e953e4687fbbc7b504459514aee06b

SHA512
9e7b419dcd52902564f7199578fcf023b0b5745353e337f246e74d48f4b4ef36d0275fe5bdee3f3bea005f93773f68e0f85e371bf24da951912cedd687002423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c514206c62099cce581fedfa84d44c88

SHA1
d8291fba3c298c73f5a8db5f355745d678f88be9

SHA256
976ffcf749a7257e23ebb6ff0e2e4d449e98824730a896624978b953ce902c0a

SHA512
8d175b00fbed398ee0b4939ef671115997191d6dfc013a07b4cba961d3cffa3d553663fa49a92a18cef1dc35c636263121a7a05d9662e3fb200779ea11942ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
2932858f03e049eb7ec77328b0b01135

SHA1
940b0d326555e0a8be99451eaac4c6c2e1a0a74f

SHA256
3e985d15e9d39d2a97931a19e4adedc107dc999c692d6058745423d0225b9211

SHA512
41602e9301810db08d52b77c0d17f74f7ec7e3cef0a02058df21c04f8deb1d2eac6198397cdf4ba23be000e91761639e39b00769cf5b203732922f2e90271f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c718f05978af9240e8b492d3c92d21eb

SHA1
4f2dc8f3755146470ae1fbce84444cdb65d99989

SHA256
233e7d788df20b5eda1335733752be8d430f1dd0cb0d49c2a1075e69e328684b

SHA512
e1e3d39946b4dc8660616250528ea387314de76273498808344acdaba173e8927776a551910ca195743e46012f8008a786cb0dff767d8401b0efe877586681f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
09de00af1f93a9659b4190acc84a86ba

SHA1
600321120cc91e69fd460ca7d64ca8a58803558c

SHA256
443690b27630139e53dd2489ca139b92d80da7e887c3b2cd960789039782ddef

SHA512
696c145937dbebbd247fed3f52f4fd41782ee10272e90cb80044a4b6aa2d142820aee60f009209055ed90b49782134e9b4431725a6a528edf405561121eede3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3047fc439eebab173264aeaa513ada18

SHA1
3f0d9d5bf37af6763c9906c09c5e92c08a8fa558

SHA256
4fa8d2cc3a207cb5912a3841e9688ce0d873c3b1fa95541bca458caab53d6b30

SHA512
606f312a34521dc6ec49985528e98d585e079d30118615d64d8ef2fe9b393e60a09ffafcfab5ce1d633666151026329f321015c821b50828e4957bd9f8a841f4

Download Submit