5484893a20feb0dc74ff19146521956e41c348108ebdf04e995a1cfee67c919c

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
07-06-2024 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Richup BOT.exe
Size

151KB
MD5

1170a9dc69caf1edca71202fb32325de
SHA1

c0d13761a2d588e56b4ac3519ed9731a2e1ace83
SHA256

0ff6b8d64729b6e333162915b7c6c2d923c44a68260463f76e08cdbcbf6c7682
SHA512

215d084da11c7cfe6d5d2bb0069c15c3d31799b5492d6fdbeda3b141819cde14f395786bad6d2ea89e3197da438566b43f924703656dff9bc308e8e82437355e
SSDEEP

3072:JKta93TRDiicws0MWbs2OJiKF/ODxT5PSOV9u2TNR:J2wX7bJc29uCN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

chromedriver.exechromedriver.exe

pid process

716 chromedriver.exe
5520 chromedriver.exe

pid	process
716	chromedriver.exe
5520	chromedriver.exe

Drops file in Program Files directory 64 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exe

description	ioc	process
File created	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Code Cache\js\fd471cabff15edb0_0	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Code Cache\js\4423012aa1581f01_0	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Cache\Cache_Data\f_000023	chrome.exe
File created	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Extension State\LOG	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\DawnCache\data_0	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\GrShaderCache\data_2	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Cache\Cache_Data\f_000034	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Top Sites	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Code Cache\js\index-dir\temp-index	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\History-journal	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\Local State~RFe57a558.TMP	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Cache\Cache_Data\f_00000e	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\debug.log	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Extension State\000003.log	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\shared_proto_db\metadata\CURRENT	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Cache\Cache_Data\f_000003	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\LOCK	chrome.exe
File created	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Cache\Cache_Data\f_00000e	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Cache\Cache_Data\f_00002a	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Cache\Cache_Data\f_000010	chrome.exe
File created	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Download Service\EntryDB\LOG	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\76f472c4-b378-4faf-b7ef-8abce8d60867.tmp	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Segmentation Platform\SegmentInfoDB\LOCK	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Module Info Cache	chrome.exe
File created	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Extension Scripts\000001.dbtmp	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Local Storage\leveldb\LOCK	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Cache\Cache_Data\f_00001a	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Cache\Cache_Data\data_2	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Cache\Cache_Data\f_000008	chrome.exe
File created	C:\Program Files (x86)\scoped_dir5520_258835372\Default\DawnCache\data_0	chrome.exe
File created	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Code Cache\js\f90206c66b12e3cb_0	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Cache\Cache_Data\f_000034	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\2ce318fd-f47a-473a-b6ae-8ab83e32ec7d.tmp	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Feature Engagement Tracker\AvailabilityDB\LOCK	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Download Service\EntryDB\LOG	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\ShaderCache\data_0	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\TransportSecurity~RFe57d12b.TMP	chrome.exe
File created	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Cache\Cache_Data\f_000039	chrome.exe
File created	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Code Cache\wasm\index	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Login Data-journal	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Affiliation Database-journal	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Cache\Cache_Data\f_00002a	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\8044b12c-614a-485a-9a1c-efe07cab9e9c.tmp	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\5758faef-d22e-4e56-999c-8ed09b184046.tmp	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\Last Version	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\DawnCache\index	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Extension Scripts\MANIFEST-000001	chrome.exe
File created	C:\Program Files (x86)\scoped_dir5520_258835372\Default\shared_proto_db\metadata\000001.dbtmp	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\debug.log	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Code Cache\js\e6def7116e056e40_0	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\Default\98c1ebaa-fbe6-4ce7-b3da-fa9e4ec1c6f2.tmp	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Cache\Cache_Data\f_000008	chrome.exe
File created	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Cache\Cache_Data\f_000018	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Code Cache\js\13b6da9fc3c2b92c_0	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Cache\Cache_Data\f_000032	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\History-journal	chrome.exe
File created	C:\Program Files (x86)\scoped_dir716_1136005316\927fb27d-e52a-414e-9f6a-363340aea060.tmp	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Login Data For Account-journal	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\optimization_guide_hint_cache_store\LOCK	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\shared_proto_db\LOCK	chrome.exe
File created	C:\Program Files (x86)\scoped_dir5520_258835372\GrShaderCache\data_1	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Cache\Cache_Data\f_00001f	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir5520_258835372\Default\Code Cache\js\e6def7116e056e40_s	chrome.exe
File opened for modification	C:\Program Files (x86)\scoped_dir716_1136005316\Default\Web Data	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133622725048176597"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

chrome.exechrome.exechrome.exe

pid process

4984 chrome.exe
4984 chrome.exe
4984 chrome.exe
2620 chrome.exe
2620 chrome.exe
4984 chrome.exe
4984 chrome.exe
8172 chrome.exe
8172 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 52 IoCs

Processes:

chrome.exechrome.exe

pid	process
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
4984	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WMIC.exeWMIC.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	4056	WMIC.exe
Token: SeSecurityPrivilege	4056	WMIC.exe
Token: SeTakeOwnershipPrivilege	4056	WMIC.exe
Token: SeLoadDriverPrivilege	4056	WMIC.exe
Token: SeSystemProfilePrivilege	4056	WMIC.exe
Token: SeSystemtimePrivilege	4056	WMIC.exe
Token: SeProfSingleProcessPrivilege	4056	WMIC.exe
Token: SeIncBasePriorityPrivilege	4056	WMIC.exe
Token: SeCreatePagefilePrivilege	4056	WMIC.exe
Token: SeBackupPrivilege	4056	WMIC.exe
Token: SeRestorePrivilege	4056	WMIC.exe
Token: SeShutdownPrivilege	4056	WMIC.exe
Token: SeDebugPrivilege	4056	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4056	WMIC.exe
Token: SeRemoteShutdownPrivilege	4056	WMIC.exe
Token: SeUndockPrivilege	4056	WMIC.exe
Token: SeManageVolumePrivilege	4056	WMIC.exe
Token: 33	4056	WMIC.exe
Token: 34	4056	WMIC.exe
Token: 35	4056	WMIC.exe
Token: 36	4056	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4056	WMIC.exe
Token: SeSecurityPrivilege	4056	WMIC.exe
Token: SeTakeOwnershipPrivilege	4056	WMIC.exe
Token: SeLoadDriverPrivilege	4056	WMIC.exe
Token: SeSystemProfilePrivilege	4056	WMIC.exe
Token: SeSystemtimePrivilege	4056	WMIC.exe
Token: SeProfSingleProcessPrivilege	4056	WMIC.exe
Token: SeIncBasePriorityPrivilege	4056	WMIC.exe
Token: SeCreatePagefilePrivilege	4056	WMIC.exe
Token: SeBackupPrivilege	4056	WMIC.exe
Token: SeRestorePrivilege	4056	WMIC.exe
Token: SeShutdownPrivilege	4056	WMIC.exe
Token: SeDebugPrivilege	4056	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4056	WMIC.exe
Token: SeRemoteShutdownPrivilege	4056	WMIC.exe
Token: SeUndockPrivilege	4056	WMIC.exe
Token: SeManageVolumePrivilege	4056	WMIC.exe
Token: 33	4056	WMIC.exe
Token: 34	4056	WMIC.exe
Token: 35	4056	WMIC.exe
Token: 36	4056	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1680	WMIC.exe
Token: SeSecurityPrivilege	1680	WMIC.exe
Token: SeTakeOwnershipPrivilege	1680	WMIC.exe
Token: SeLoadDriverPrivilege	1680	WMIC.exe
Token: SeSystemProfilePrivilege	1680	WMIC.exe
Token: SeSystemtimePrivilege	1680	WMIC.exe
Token: SeProfSingleProcessPrivilege	1680	WMIC.exe
Token: SeIncBasePriorityPrivilege	1680	WMIC.exe
Token: SeCreatePagefilePrivilege	1680	WMIC.exe
Token: SeBackupPrivilege	1680	WMIC.exe
Token: SeRestorePrivilege	1680	WMIC.exe
Token: SeShutdownPrivilege	1680	WMIC.exe
Token: SeDebugPrivilege	1680	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1680	WMIC.exe
Token: SeRemoteShutdownPrivilege	1680	WMIC.exe
Token: SeUndockPrivilege	1680	WMIC.exe
Token: SeManageVolumePrivilege	1680	WMIC.exe
Token: 33	1680	WMIC.exe
Token: 34	1680	WMIC.exe
Token: 35	1680	WMIC.exe
Token: 36	1680	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1680	WMIC.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4984 chrome.exe
4984 chrome.exe
2620 chrome.exe
2620 chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Richup BOT.exeselenium-manager.execmd.execmd.exechromedriver.exechrome.exe

description	pid	process	target process
PID 4964 wrote to memory of 3020	4964	Richup BOT.exe	selenium-manager.exe
PID 4964 wrote to memory of 3020	4964	Richup BOT.exe	selenium-manager.exe
PID 4964 wrote to memory of 3020	4964	Richup BOT.exe	selenium-manager.exe
PID 3020 wrote to memory of 2060	3020	selenium-manager.exe	cmd.exe
PID 3020 wrote to memory of 2060	3020	selenium-manager.exe	cmd.exe
PID 3020 wrote to memory of 2060	3020	selenium-manager.exe	cmd.exe
PID 2060 wrote to memory of 4056	2060	cmd.exe	WMIC.exe
PID 2060 wrote to memory of 4056	2060	cmd.exe	WMIC.exe
PID 2060 wrote to memory of 4056	2060	cmd.exe	WMIC.exe
PID 3020 wrote to memory of 3624	3020	selenium-manager.exe	cmd.exe
PID 3020 wrote to memory of 3624	3020	selenium-manager.exe	cmd.exe
PID 3020 wrote to memory of 3624	3020	selenium-manager.exe	cmd.exe
PID 3020 wrote to memory of 1180	3020	selenium-manager.exe	cmd.exe
PID 3020 wrote to memory of 1180	3020	selenium-manager.exe	cmd.exe
PID 3020 wrote to memory of 1180	3020	selenium-manager.exe	cmd.exe
PID 1180 wrote to memory of 1680	1180	cmd.exe	WMIC.exe
PID 1180 wrote to memory of 1680	1180	cmd.exe	WMIC.exe
PID 1180 wrote to memory of 1680	1180	cmd.exe	WMIC.exe
PID 4964 wrote to memory of 716	4964	Richup BOT.exe	chromedriver.exe
PID 4964 wrote to memory of 716	4964	Richup BOT.exe	chromedriver.exe
PID 4964 wrote to memory of 716	4964	Richup BOT.exe	chromedriver.exe
PID 716 wrote to memory of 4984	716	chromedriver.exe	chrome.exe
PID 716 wrote to memory of 4984	716	chromedriver.exe	chrome.exe
PID 4984 wrote to memory of 4928	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4928	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe
PID 4984 wrote to memory of 4148	4984	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Richup BOT.exe
"C:\Users\Admin\AppData\Local\Temp\Richup BOT.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4964

C:\Users\Admin\AppData\Local\Temp\selenium-manager\windows\selenium-manager.exe
"C:\Users\Admin\AppData\Local\Temp\selenium-manager\windows\selenium-manager.exe" --browser "chrome" --language-binding csharp --output json
2⤵
- Suspicious use of WriteProcessMemory
PID:3020

C:\Windows\SysWOW64\cmd.exe
"cmd" /c "wmic os get osarchitecture"
3⤵
- Suspicious use of WriteProcessMemory
PID:2060

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic os get osarchitecture
4⤵
- Suspicious use of AdjustPrivilegeToken
PID:4056

C:\Windows\SysWOW64\cmd.exe
"cmd" /c "chromedriver --version"
3⤵
PID:3624

C:\Windows\SysWOW64\cmd.exe
"cmd" /c "wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value"
3⤵
- Suspicious use of WriteProcessMemory
PID:1180

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value
4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1680

C:\Users\Admin\.cache\selenium\chromedriver\win64\110.0.5481.77\chromedriver.exe
"C:\Users\Admin\.cache\selenium\chromedriver\win64\110.0.5481.77\chromedriver.exe" --port=49745
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-blink-features=ShadowDOMV0 --enable-logging --log-level=0 --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" data:,
3⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Program Files (x86)\scoped_dir716_1136005316" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\scoped_dir716_1136005316\Crashpad" "--metrics-dir=C:\Program Files (x86)\scoped_dir716_1136005316" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffc1b45ab58,0x7ffc1b45ab68,0x7ffc1b45ab78
4⤵
PID:4928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --enable-logging --log-level=0 --mojo-platform-channel-handle=1568 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:2
4⤵
PID:4148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-logging --log-level=0 --mojo-platform-channel-handle=2088 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:8
4⤵
- Drops file in Program Files directory
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-logging --log-level=0 --mojo-platform-channel-handle=2216 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:8
4⤵
PID:4376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --first-renderer-process --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2744 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:3268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-logging --log-level=0 --mojo-platform-channel-handle=3136 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:8
4⤵
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4936 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:3268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4932 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4808 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4804 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:1616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5148 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5284 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:2728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5588 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:4420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5916 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-logging --log-level=0 --mojo-platform-channel-handle=5488 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:8
4⤵
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-logging --log-level=0 --mojo-platform-channel-handle=5892 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:8
4⤵
PID:3084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5680 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:1000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5488 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:3896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6228 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6312 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:4248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6500 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6452 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:5144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6848 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:5224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7032 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:5300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7040 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:5344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7052 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:5480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7036 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:5524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7544 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:1
4⤵
PID:5600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-logging --log-level=0 --mojo-platform-channel-handle=5636 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:8
4⤵
PID:7784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-logging --log-level=0 --mojo-platform-channel-handle=4724 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:8
4⤵
PID:7792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --enable-logging --log-level=0 --mojo-platform-channel-handle=7408 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:8
4⤵
PID:7884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir716_1136005316" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --enable-logging --log-level=0 --mojo-platform-channel-handle=4236 --field-trial-handle=1820,i,1905527146191211737,1490210069553478338,131072 /prefetch:2
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:8172

C:\Users\Admin\AppData\Local\Temp\selenium-manager\windows\selenium-manager.exe
"C:\Users\Admin\AppData\Local\Temp\selenium-manager\windows\selenium-manager.exe" --browser "chrome" --language-binding csharp --output json
2⤵
PID:6092

C:\Windows\SysWOW64\cmd.exe
"cmd" /c "wmic os get osarchitecture"
3⤵
PID:6140

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic os get osarchitecture
4⤵
PID:5440

C:\Windows\SysWOW64\cmd.exe
"cmd" /c "chromedriver --version"
3⤵
PID:5456

C:\Windows\SysWOW64\cmd.exe
"cmd" /c "wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value"
3⤵
PID:5700

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value
4⤵
PID:5320

C:\Users\Admin\.cache\selenium\chromedriver\win64\110.0.5481.77\chromedriver.exe
"C:\Users\Admin\.cache\selenium\chromedriver\win64\110.0.5481.77\chromedriver.exe" --port=50225
2⤵
- Executes dropped EXE
PID:5520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-blink-features=ShadowDOMV0 --enable-logging --log-level=0 --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" data:,
3⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Program Files (x86)\scoped_dir5520_258835372" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files (x86)\scoped_dir5520_258835372\Crashpad" "--metrics-dir=C:\Program Files (x86)\scoped_dir5520_258835372" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffc1b45ab58,0x7ffc1b45ab68,0x7ffc1b45ab78
4⤵
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --enable-logging --log-level=0 --mojo-platform-channel-handle=1588 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:2
4⤵
PID:5528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-logging --log-level=0 --mojo-platform-channel-handle=1956 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:8
4⤵
- Drops file in Program Files directory
PID:5636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-logging --log-level=0 --mojo-platform-channel-handle=2216 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:8
4⤵
PID:5676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --first-renderer-process --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:5952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:5932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-logging --log-level=0 --mojo-platform-channel-handle=2968 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:8
4⤵
PID:5312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4572 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
- Drops file in Program Files directory
PID:5516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4720 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:5748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4728 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:6100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4864 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:5800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5152 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:5664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5292 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:5920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5480 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:6304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5852 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:6472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-logging --log-level=0 --mojo-platform-channel-handle=6204 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:8
4⤵
PID:6644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-logging --log-level=0 --mojo-platform-channel-handle=6044 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:8
4⤵
PID:6708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6336 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:6768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6252 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:6804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6412 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:6812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6584 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:7072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6592 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:7144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6920 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:6556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7104 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:6676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7116 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:7024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7280 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:7188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7428 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:7268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7616 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
- Drops file in Program Files directory
PID:7328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7232 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:7416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8028 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:7488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7448 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:7956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7640 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:7984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7780 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:7296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6352 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:6840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files (x86)\scoped_dir5520_258835372" --enable-automation --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --enable-blink-features=ShadowDOMV0 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7620 --field-trial-handle=1960,i,4387096494918787592,14273755634758823822,131072 /prefetch:1
4⤵
PID:7176

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4716

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D4
1⤵
PID:3624

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\scoped_dir5520_258835372\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
f556652be023c92260dcc8ffab235e69

SHA1
141740f7c5647158b884d04d10c4c9d354807fc0

SHA256
e81d56f5f2dfd7a5a581801776e1ae84661bbb9540671452190ee8fcfc3e6cdb

SHA512
4566d7158cfd1268e41f68577e4ffdd66119dc84a592ebf1efc1b06dd35cd574d1a0a828ad54fe56620b4cb25194620f2979ba87c67902b302c7754b264fef67

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Code Cache\js\index-dir\the-real-index~RFe5844a5.TMP

Filesize
48B

MD5
3bfd4decbbd223e3d792bdc74fca8de0

SHA1
1ca81008cd4fb6acff2ff7e34997e3a6ef29ef26

SHA256
b7a24bd6102b372417ff0f6df73c43fb604c3f54fffe561a53c76889de8e0f47

SHA512
a5572176bcd6a6473bceb39e973ca9b632900a2830c4e7c482ce87f6a13300a53fa848adb3f562fce4162ceae12d7a82767fbd4d4e6ef3a95d64fba9bbb5f004

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Network\Network Persistent State

Filesize
13KB

MD5
e8cb82021927f9de39b9423539011306

SHA1
666f04bd55524bc525da8dc3db78eb6f18a16c5a

SHA256
334226c65c8b7fc06fc64f7260de079075e2509578a9b2d37744d2573bf2707f

SHA512
d97a56351500428fb865427654ab6c67dde97546b3626bd36d8cc361977202948d052ab168c2a5e27f749ff409f7bae9c11209c42b3885452d5103dd75aeb3fe

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Network\TransportSecurity

Filesize
3KB

MD5
3306d0ee21224e1cdde072d47acf6056

SHA1
60848811146097830695325c8be8494437b04281

SHA256
1d0834f7ff17d1ff0693b36b5ffb20331a4121c55494c32a36e96e8682f0b409

SHA512
8b7b325a401badd80ae04cfff887a91c0f88b0fb392d938af2e05b80a83e081d2aa49a0af46cf9eaac2c0d6b4a01a9fe527fa63c686609c733381ad76cbe7b1f

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Network\TransportSecurity

Filesize
3KB

MD5
8a0e899265baf407301c70c32f966e16

SHA1
b2db2007b4f2944031340075a35026e59d810fcc

SHA256
0b3ab5236400cec781dafedbdbe12b4211e5b7da8293e8aef47594d40364d399

SHA512
ff844c2a4940432d0d8b011599f0bab9e5cbbceb36377513fb79c338989aeaf4c24561a330b3d0f699743a10516294df45460ecb70828cf49e78ddd6879ffc6e

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Network\TransportSecurity

Filesize
3KB

MD5
45611dbd74d14665c13e1d7a875d9c4c

SHA1
ca7bfc44d1e2e98f382b6b225a33f117a6eb7d3a

SHA256
8c96fd4befd36b681fa9fe69f0297ee0e7d0f3bf420e316c5eb4bfb28ef77535

SHA512
5e301d06742f2fa5cb3b185fa4e8a6116de46536a37e8b4857a08d345c49c4ff557c87c1ce70b9469d39af35a5824cab710ccc41f30f7846e7c14b57d17355f3

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Network\TransportSecurity

Filesize
3KB

MD5
ca594c43e20f72ba3bedc4bd83584f6e

SHA1
89bafd7f84430544b97ea2f6a40c6ee4472e2382

SHA256
3cb21bc691938c432873e3764f36205536386afa6f1faef5c11d982606c6f94b

SHA512
a8e845aea9508a8e7eb2e3a890a7f2ee7a0a1f4827bcd017fd44b509882cdfdb5837788a6e5cb135cf4e80a98de0a0741f1426338fde64ddf1c7858e2692f10e

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Network\TransportSecurity

Filesize
3KB

MD5
5837f5f2df4c99018d8ac5c7ff771916

SHA1
461321e4f24dda6c258c0f086b46780e1fe6d9fa

SHA256
efeb6c0af99e4c1d89a537abe74dea1e00e986f105528a210c4def0d888801ba

SHA512
40557526f0f84fb6a8f485107c620ea9a2291bfbbf41811cac30a2efd77857cf24a166c8dbd0d426d7331f8fd717ddf6ed2d2572bed79ed9c317716b8ac56269

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Network\TransportSecurity

Filesize
3KB

MD5
0023ca6f05feb65e76022e3fad9b8fe8

SHA1
8c59b0f5680ba5a6f2fabab69f7250e6df1ec564

SHA256
a4dba438aa041793b701560a004d122b5b0892bd2db11324eb4614ef7296bf5c

SHA512
b1224ee89093d72d72fd89918a4bf090153f73b614721827b4e5483bb29bf390bfcd47492746942ccecff2d0dfb282cda165db733e001c2247d984279db7ff2f

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Network\TransportSecurity

Filesize
3KB

MD5
32df388fc6372a8c31b59a35535aebb4

SHA1
d5388cb585886fc5f5d65103cda425f321a82b33

SHA256
067eb722cf7aeff46f83b109c9147d66f6a899ded2340d0a32dbf3ea4c9d940f

SHA512
34884af55d7e020e5959420dca08a383840b854b3b09afd2799a3a9ecc1839e11f84f8f82f8f3624942c965b0e0c6179efce494898a914cd18342ca8733c418d

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Network\TransportSecurity~RFe581bc0.TMP

Filesize
2KB

MD5
a545b844a5b57bdc38c7a064ffaa0a23

SHA1
99fe097be4a29fba4db9051c22ab71a2cfed3181

SHA256
ee4b9d69508116045223668e2af625922adff2c5fea721f5bd8a0bf21a582c29

SHA512
e7f3c9a226c12d5b3dccb4c382a9136830fc9e1a476112cf4b49e112c195de723c5e256d865d0a045ddb22f5473bd9b8bedb0ea0348d17a89bef09bf862cdadc

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Preferences

Filesize
4KB

MD5
cc9f41a669d410e40122d61129cf30d9

SHA1
16927a0133ada65477283517b4d3cf022cd34292

SHA256
0d4766c1f204518cae32cd74f822bb072c81f4ab6567376325a038b46d556b17

SHA512
94fc856138a985cf6467e61d91dd2ce990d17d2b566e89245ead0a14e89a246f2f316dbbd58f504c95232ccb570c844fc3900a7a0a87dd7dfa833088a74af90c

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Preferences

Filesize
4KB

MD5
9fc461bcaa548c2808a664ea91b76c60

SHA1
4164167cf0e10d1add7e63112bf0186a5aa98a6c

SHA256
24d9f101f8f0aa49486691fac797fb88897f03109fa51a3f748883435f66d71c

SHA512
c65b7aef4c3c05ce8b06ee4b4b1f8dc22412675cce8353630a0ec2f8368340005650cae5d06c26970fc31fb9e66a2d01a537f387f5fb38ca8bd62a05b0f0c26f

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Preferences

Filesize
4KB

MD5
c2374c426d81d509abb07eacbb57fec1

SHA1
f1a303d3c128658599dde0416e3a3daa42d80971

SHA256
e3e895f11954be53aab61081155b03a09d0963b520d6431ecf82fdce7fd89a63

SHA512
5fdf8db8a92db94a06878d5b101ad8d4dfd582e524cb7caf458a85620ba1e41d2db395d418a8e68c01bfb624b3345f86fc2bd4b217f6d448f73fb7836decae73

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Default\Preferences

Filesize
4KB

MD5
3d7aac7183aa66f86d2cb0fbe0233cd0

SHA1
49c15c67a809065af76e055b91b0f178c4c56bf8

SHA256
1884fb83ee11c299601edd3927463f168870e7381993913fba8c6a84748375b2

SHA512
7e7e9f8b01451b05c03e61812ead098ff185be286af788d1f6e4fdec174e00cc484df399b2332048de7de5a1a67355a601d3431b103f4840b439f448b4ca89b2

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\DevToolsActivePort

Filesize
60B

MD5
24652d3f3d56ac0e307eabfd8ac211d9

SHA1
dcb15a7a65359ae7190ed5b7ad613ccabada0ae0

SHA256
124f1eb2858c3ea9adb40a3d8758ccfc8ddd09e3e16033741c79f0c865dd347b

SHA512
72bebbfcd0bc65a2247cda87a383e983b62a88686858c9626ff8299e8e8988ec7a59868ceaade545c2c1779cde8bda03a5fa5d163f9dcb0a2e2d50438ddb5074

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Local State

Filesize
902B

MD5
db80ee83261e23747a3b05bbb25922ed

SHA1
9e99b1e2ab97528f8636b3ebf71d6b0f75519dfa

SHA256
d0392e9e399fe7d64b37825a257f57935fad6bd2e667cf3ea0c4de0c2cd9b255

SHA512
a4a81281d76057123dabd07ce14cb73d12f982f300a7ad068aa8e01c6bef6098a7631b24171a695cb0b55610b0f13e913e46c3a51dbe7ce94d76e337e7cea641

Download Submit
C:\Program Files (x86)\scoped_dir5520_258835372\Local State

Filesize
3KB

MD5
442336fea3e36a6b1fcf80e9314a96fb

SHA1
cd91c5548b74336182edd9047e9b65194e53116e

SHA256
e0f855687005636cd480d9209909e15d9452811fa5767e4604f0c30b69891f2a

SHA512
27ad11d4a329cbb06a77bf135635ac04760987aa47cbe840f15988843a066379695cfcf933f705510ea1d1d3ea8530422306192fea36e34f8f8ddfc645ffad60

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Cache\Cache_Data\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
4d51c4332b7bf56096bfed5d754f8505

SHA1
f28213200121dd5d5d6bf59c896216243aa53c11

SHA256
0019c27296a9a9442bd51b150ab5feb32b82e0c38c600e095bd4cca7d9d28cc8

SHA512
a0ab1ce08fa8bce51eb538be8352474293e1eb424d265083800d0059b2c4204580e12d6fbbd8383fe17724f9d300e37e684e122a34763a27bac91b9fbd4a9215

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
87aa2b4888b6722f558a6d8f572c9dc4

SHA1
cadce15ce2690dda3c9ede8d0cf124f2245cd439

SHA256
0a472050445e2672a83664f935662b4d11d94dcb8d5c68cc16ce3df76d48cef2

SHA512
62b6f498412f557273e8826ba76a3eafeca0936f1a9fabe1894a177181bd99ae9d14dce751d9c7e101a6299a182b68219626aa53ead21212d35ced6725836a81

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Extension Scripts\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\Network Persistent State

Filesize
10KB

MD5
1f64530b0b92ca9fd7c9745e81a3b56f

SHA1
8e805bc2ab83c99587619c81835d26e2921a96ce

SHA256
83790fadcaf18efdb3fb0df275e693766c2d65309b97c381b12b5e0e3a9eba66

SHA512
8423f3e2c1f39eb1bfb6c8e58ff10b7442cf9eafcbf1701f25e880c6e64a6e7c77bf0420e731b52bda117563b8ed4d3d4ef928876e05032e6826b040177bfd94

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\Network Persistent State

Filesize
10KB

MD5
e38b328a2a5c02e58941fb1c2530aa54

SHA1
1620efe0c1b251e357adf2d85290510960503327

SHA256
dff3c37923501865aaad32b4cbdd29e117add0c5306d557e3ebede50b631438b

SHA512
830505dcaeeb2837577b5f4a7f9d7713bd24a3b1f8fdc837c30ccb18440e2fb0e7fa3826e12ebe67929a63f7b1a1f85cbeaadc0e322b3f46c849d1d93f43740b

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\TransportSecurity

Filesize
2KB

MD5
d79b10d60758c8e1604e8611b28dbf7a

SHA1
429c395913763f701ab96995699ac3099aa6dedf

SHA256
a42064cb2072c70f2b4ee9b97db486fab6ff465af2a9dd3216dd4f254f7f82d0

SHA512
15596e86cbcb6b27eca59497abcc690e422bf6fbbd070fe519b5c5137703f94fe546cbcb2e5b4170d31cbf3a6a748b24baefa9b94496f496e9f1798d57f403cc

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\TransportSecurity

Filesize
2KB

MD5
e41d4e8d7ff4ee85b12ba8f59d3df91a

SHA1
d793a7d55b0776b2d92767164f82af98c509253e

SHA256
8c87c1bf0d14e1367d059c2c0bb2f494bdafe824f3ac2bfc8dd257aaf8ea5ad6

SHA512
ad052985a604b987dc2b7765074c6c99e07d01a7e074b86e87b7a0a6dc6f0170dfd4a2bcb5d833c87c11f613a3021084c2281f839ec8c4a1bfea3840516a206b

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\TransportSecurity

Filesize
2KB

MD5
35e40173738319451d014a244bbcd0a4

SHA1
9805c3f8e155d047ca18eee8a23db917ce697cda

SHA256
c83ae1033175d9366010ee10f62213185aebb316c0fce10904137c635912a0ac

SHA512
022ba6f73a907a59a8e9518ac67ea543a7aa42d48369d768b26e3a6804a5e59b1f6aa023e02fc2c4ee7e52f8ef7556c04c809ddc7eda4a83159fbb9cd03c1cde

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\TransportSecurity

Filesize
2KB

MD5
6a102dfe42ebd66ccf57c311f017fd1a

SHA1
ce2c6bcf84bf42085669a7b4b08e5affce7fdc79

SHA256
ebbad94428a517ca066dcb9b7e58f6f22238a68f2d817c648460974cb132227b

SHA512
7b43952ad6986470939e1e2bd40ee64d108546d67b0850c215fb40051d44f2c442533ca148b9850a810a8b241abc28218a1bb4b76edef137ed19917c6c361226

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\TransportSecurity

Filesize
2KB

MD5
a48e03b031ae31702687aae268588161

SHA1
a748311cd1aaa51effa631b326feeaa61e44ed12

SHA256
473170f1bf6208fd876249d983396fe6e0e2c5cbd112c96cbfac2f62d8ddfb01

SHA512
9c267021366373d7e27e2914347370b961b1c26e1045bbaa552518f6b13b833a10830b9be6c43873e0afd93f3abcaccbe508bf148e83c9c04237e6d87732177f

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\TransportSecurity

Filesize
2KB

MD5
190578e1af9f006b7761833b9fa3133b

SHA1
e9c8626f3c07b64c73232169e78f9f8a75421da7

SHA256
9881cd423a69dfbf848d1afe0fca9246a795579f96bffcc904fd7d4286aa54c0

SHA512
0c019e8101638b6abf371d5c0c7b5169ae48ff47d4d6c9488d50d526eddfe4030a020b9a5a9700ecd5cbc0fa5f7b230b21d005bc5d93c818a3d60a1c25a0487c

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\TransportSecurity

Filesize
2KB

MD5
e14ad42ab16aaf9cc9ac3f341a04ebd9

SHA1
1efc2c0d021cb7b4e97d082edeaa48996529ac9b

SHA256
f7521a86a2a14fe7670201c6e363be4a1f4d9c866cbe7af7005962d2c84ade73

SHA512
edc88d3003e6d4f57e0389d9db90e72184d42758b8b106d8637ac7483dd35a36a8725c18cc076db14494e8736a9ef357b6476474e95d641ad1e55a418cafae83

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\TransportSecurity

Filesize
2KB

MD5
5482734409afe0cc5563212cd1facd2e

SHA1
7af41c714a3c1d9bc5101ab8211ab0b5855aae63

SHA256
855bb0485ef079d66f12d9a7afb4d66ba1233751faebf52da838b384aadd8252

SHA512
9271ab8dcd51198a6edec000bc99f4370286ef6aef872c7df9427bfc4bc3bcf6563f3fa1a92ca393f049985c70cc41df3e007a5c7597fbca65b12d8d33ca7c54

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Network\TransportSecurity~RFe57d12b.TMP

Filesize
2KB

MD5
e279381b1a4c7a3d28654884ccd6f0a1

SHA1
2187ba4b3ca208177f93c780e62c71751d42ff0f

SHA256
9e694992b86cdd863d51d4e4782f89e74ed1b9f1ae6b8dd6a1746a5db157a6d8

SHA512
9993b982c9c8dbd50feccd31caae67d62a5d76f1b66cbb4325214247cf4c4cb229fc633ba51984c6e77d656a0a15dbd19bc0739ab0711b78d4ae4938938c6b00

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Preferences

Filesize
4KB

MD5
0b0a86fa9d6327e8fb7adf083e371a61

SHA1
33e94e93a445c94a4a34d2e264ee7332e49edba3

SHA256
ce32281efba4cd44359560537775b05e8251d69673560cc292bfd44bfe6bbb0f

SHA512
904b2b0fd04c932a266703deccde52bf4006cd27b3f670e275eb74e3e5873073afdf1d00cdabfd4ca7ec3fb4ce1b1bc0f7e6af8aaaf4f8bfb0cdd27f9bf6f569

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Preferences

Filesize
713B

MD5
e048a8596409adadfe3ff10db8e5efbb

SHA1
332d79dfb5c30c125c8b030caaf0b007b1b1af31

SHA256
e19cd56e347efca1cadfc1fd6875ef82b35631e5cb7f9b54aa4bb9ea71ff66b0

SHA512
1758879d426dcd224c06dfc32ba2930f453e52bf8b9a85c3149cab82ba4c19a6637d6a27ce605e8925c17352ba7eb93223fb7d1441cbfec8252569a08cb11f5e

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Preferences

Filesize
4KB

MD5
16b7099abf7bce07e64c7ae704f661c0

SHA1
affeecff992d0971aa9a0037c2e21eb19d3b582f

SHA256
d8dcab88333b34a11657fcd9137906b5572d7f7ec3f530facef85603929cdc72

SHA512
553c79dc936af9de701119d37d86942c0f1794d03d3360b4b1989a520701262d7d44cac97e675cb9503cc169d8ced76633553ea835b0818946e4d559b4c86be4

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Preferences

Filesize
4KB

MD5
00639bce92deec66013079d7e1b7badf

SHA1
db37a99fd21571b0ec82ebf3e8a196445a5bbd42

SHA256
7714ec4b6ed8ed0d2ee15b5e9610725147d92fb4bcc07520de986d1c65d54020

SHA512
b301ebadd14463f227fa4c8f4684fb0cd8ee82046e1343c27f4b2e9730f58aea3e79e174242dd9300c6f25842793aa66790d79570fd2d9e81f0ab28693144891

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Preferences

Filesize
4KB

MD5
cda16ec8401f25a75e6d2d3e2f03063d

SHA1
d3da41d6380a526195a8b41a6cb6b094c6f9baae

SHA256
51b8bbcad7487d8bb61dc6c77766e2bd8e1a7ec091805a4e3ca354094a546a39

SHA512
4b73639f08b0cfee447765c59e455d288dc5e3675439d673c07bc72c1f7f06620a0efd859275440aa69188a9a8dd530aca98454c1c0a98ba2668ef794ac0e8a1

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\DevToolsActivePort

Filesize
60B

MD5
82295970df2601d56be6e89257777d9c

SHA1
bdd63b67c0847fd51c268359f05a43c7c781cfcb

SHA256
1d59dc43f4a7e4a6de1e82c52bd507456d8d86e44e060b98d9288f3777a31ef7

SHA512
9dbd0e660821f0dab165e937ba034f7c4395ffe117833c02e75e10e4aaaf136fef96981ef2a1de074c6504d39b2a42b0caeafdb70d10685cd7961bc9f8aa883b

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Local State

Filesize
938B

MD5
e91e1f653b2f6b20a4cdd7e47060789f

SHA1
5edce757f9def78cf1eebed788b50cabd733fac2

SHA256
7323fdb35f331d75f4cd38beb6e97e0475bd79ac13bfcbc6c799d90b496bb444

SHA512
bce09f85d5ab3e94f9be2b966d0af3c33f699b5a1a6738d4c30c62b0f3e3b04e98dde97befc9c1d2c9bfb9b65eff114777cbf73cd0c05a476b6bcf62a2e73036

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Local State

Filesize
78B

MD5
8b61e917846ffa930e0cb308c1f1a026

SHA1
3d9e507a7a41e36a1c25659ad72a448368134fad

SHA256
bfe95ecd1ff945712f2697925858b4a50834f6b96d90ab230b448317fc602aeb

SHA512
244ceef0649f72c7371c96667cc829bfbf6c853d173d89a3f206b3384ca95f48f5d5a4defec7897d84a876336942308a9d3357db3ff56cb80c6d9aa1ce5b5fe9

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Local State

Filesize
3KB

MD5
1025beb6313bdeb8c1130fe061ed24f5

SHA1
d7a743d91e92956241d6d0539893834d9e0f004a

SHA256
066438cb4dc1925a13267997ce49941fa8b870ae25e5216237d78dbb471c18ef

SHA512
5d28f1eac479fcc609e9487abf4d0f58db330898be9295256e5ba74d14c30546fe0abeb5f6679a928a430484f51b47977f5100b9822d9dcaefd685cce75eac27

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Local State

Filesize
4KB

MD5
10dae54268e007e47e4653aa1e53c3d4

SHA1
8537fe07815565fe5654fac608e2dfecdf5f91b7

SHA256
701a1b229cb73540d64a8ddce977e2bc613b9a3aa82ccd35c8f8206e5d8206aa

SHA512
eccb25b708aa6a99d9317d41473f3bbdcf23ebb87dee72125c3dafe81bcb39a9edddf85f31bd4167d5116c03ecc83b0bfa464b4c4c4dfb3c93f33fa0166376d0

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Local State

Filesize
4KB

MD5
316ee0ad177c7940757b9453a258108b

SHA1
f223ae32a2129e118416a6fd928352524d4ba6db

SHA256
6a418876450394879742c522d099c899ddf26b16c1d6ee6c5b29253dba27b85c

SHA512
7e0b1dc637a2e28dae498955e444203b39d10afa63a79623d4df8f00b6a3790453cf8ee55e0a8debf3d82cd6d76c2d99396804b0efd475c4dc5d0052a6e64fc3

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Module Info Cache

Filesize
87KB

MD5
71913898c88340b1f2f83d1f234b0db5

SHA1
01ec4bc3cc0fea5f38e090643453dfce7fe54bdb

SHA256
e655b4a13364984249a8ce57d09fc399439edfe995f5a3a040dc9fe3d3b150f6

SHA512
dadacb2dfe0ab11b2bc09130cb39695893314705f7d878f827a63af0071f126dafea754274b3d5484916768147a0c90e7298dddc9e4ea538ea60d6d6f783c323

Download Submit
C:\Program Files (x86)\scoped_dir716_1136005316\Module Info Cache~RFe581ae6.TMP

Filesize
84KB

MD5
8e3f83e2b366237293cf21822d523fd0

SHA1
3f7e90429cf7adcea8cd5ddac48b9417c34740f3

SHA256
27cbad073429b67732f36c96a8cb3cb476f8c87e797b1b6f06df3c0444fca96e

SHA512
5104840065e7a3f3f772e4249c1e07e62e68e9e8792c2dac8f91bc4d6dbdcc2373a3fc4e797abb039e766f7850677d7817653c825835e90464a927b56a795a13

Download Submit
C:\Users\Admin\.cache\selenium\se-metadata.json

Filesize
419B

MD5
0662c0deabd88c323d9d790fc12e1b86

SHA1
282c06f0534a2a735dbac1ebd2dbdae3fa84ad3b

SHA256
143d10ccd2ef8f00a6a4280fc48a02f6bf21856349a7d64c32671707f4286ffa

SHA512
a3a3cd12be7f170c38dc11b25313f6c0b54f471ab4d913ba99b2a218bf689fd9d958e0809be1bcae2bd21eb38119f905f2ab6b929dbdd9b61f0b43a5f09918c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_debug.log

Filesize
128B

MD5
a68588c13c0d49acc21c1484ed07f68e

SHA1
53935eea18798d2e09cbe448fb4da692aafa03ce

SHA256
91422636044cfbc37adba5192c7cc1fe2b62e3fef1e0962661b9457eaaf23d72

SHA512
68748d1ee0eb523f97630f0d84e7e14e9440fdf702a498242c2a8ab42fdca3e5e63e8124d9d269ca757609df16ca9720c5a84586bf07752b543b007cc5525535

Download Submit
C:\Users\Admin\AppData\Local\Temp\selenium-manager11jqZf\chromedriver.exe

Filesize
12.2MB

MD5
1c5de8e61baedc1c755343411fea6fff

SHA1
f55321439addf1d8f3fa89a4fc5e75af3a0f61d3

SHA256
aab0369f03c447a10dbb8221c4fa34797cdbc893d0a1fece13cdec77882439f6

SHA512
3ba80b1c3fb4337445ed83a3677a837142ec156b5442ebea7b41fa5b54cd0b80945bb5e05382b8b676ea7a2a4e6a4f533e125fdbe85c45b726ad1d6f4df144f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_4984_PXMOKZBNFSIDKSMG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit