6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Analysis

max time kernel
362s
max time network
332s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2024 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New Text Document.txt
Size

1B
MD5

c4ca4238a0b923820dcc509a6f75849b
SHA1

356a192b7913b04c54574d18c28d46e6395428ab
SHA256

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512

4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{E9F6D6A5-2FB2-4FED-BB92-AA94CA61290D}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268\DisplayName = "Chrome Sandbox"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.xr3e4d1a088c1f6d498c84f3c86de73ce49f82a104\Children	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268\Moniker = "cr.sb.xr3e4d1a088c1f6d498c84f3c86de73ce49f82a104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.xr3e4d1a088c1f6d498c84f3c86de73ce49f82a104	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
692	chrome.exe
692	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4744	GooseDesktop.exe
4932	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 3060	4932	chrome.exe	88
PID 4932 wrote to memory of 3060	4932	chrome.exe	88
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 1864	4932	chrome.exe	89
PID 4932 wrote to memory of 2752	4932	chrome.exe	90
PID 4932 wrote to memory of 2752	4932	chrome.exe	90
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91
PID 4932 wrote to memory of 2392	4932	chrome.exe	91

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\New Text Document.txt"
1⤵
PID:3792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ac28ab58,0x7ff9ac28ab68,0x7ff9ac28ab78
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:2
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4344 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:8
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4928 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2412 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4940 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2232 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3064 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5084 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5292 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2324 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3472 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=844 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5504 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3164 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5484 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5400 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:8
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=device.mojom.XRDeviceService --lang=en-US --service-sandbox-type=xr_compositing --mojo-platform-channel-handle=5588 --field-trial-handle=1900,i,909545027168427046,12741213183677910673,131072 /prefetch:8
  2⤵
  PID:4564

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:884

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2284

C:\Users\Admin\Downloads\Desktop Goose v0.31\Desktop Goose v0.31\DesktopGoose v0.31\GooseDesktop.exe
"C:\Users\Admin\Downloads\Desktop Goose v0.31\Desktop Goose v0.31\DesktopGoose v0.31\GooseDesktop.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:4744

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x2c4
1⤵
PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
19KB

MD5
e78f9f9e3c27e7c593b4355a84d7f65a

SHA1
562ce4ba516712d05ed293f34385d18f7138c904

SHA256
75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d

SHA512
05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
97a3f580a8dd6f4d7cd0a39e4d71001e

SHA1
72b133288d2fdce82b517a26af04304a93437f1b

SHA256
72b228770adf0be690a47313295d3c881a57a4ff7fc8e2b3729dc00eb92e3da3

SHA512
6480d9240ba45a5702c5f0534c6f52a5ae438ffe4f36b31e230879022f157058ed6849c017d29091e672e23b17e03b7fc5b12e4af503f84fadfd779704cec550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ba25cfa8dd0bf89a976f04f60019f56a

SHA1
e29ed5f8f8a9063eee361b3617ab3d2c54c55602

SHA256
1673f7c0f305d9d70cf86285b96fc28f122202430a4f747f2ee2f06bfe8610e2

SHA512
9afb962d781741d0c06e9c8eaae91e97b3d8b4bf69699491f9b447cc6290accd6c45e7e3b43dfc4085dbc3884124d2e72ea17d5e5cb0f751dbe6e9f2eada8565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1dacc04c3083afdce34705ff78d66081

SHA1
b54a7743fb795cc4b4f2a5132129d4a622a14efc

SHA256
ef6a185bfc99511f3785f2def3e6f8aa02bda83e18beabb0416385579555a08c

SHA512
4c96f042ceed114ab62d403749f5774a78902bbcde5f8adcdb11310d7e717db8c4ce3863aca388246a754e399ef97d1db8d37601b4fce1236019cff5f466739f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3d7c844aae42201f40f2fb0f467f25e3

SHA1
9201f6d54e001f9a716eb35c31b80e89031c7dc0

SHA256
b125901a406032ded6de79231d4d0077b014b85ed067f6d24ed5268b94b8cecd

SHA512
8c2f524b8df234daac8e72b7961961433e66a2f47562c5e66ad0e9e79389c53310fea3087c4585c008155b4416f47453d701a3a2868d6ed11d0852fc3c7ee599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
ce7979ef55969e884aca6ec13c2ffbed

SHA1
6b91af38494fe2b7dd38c45c8ffc0651cf0851b2

SHA256
26b97696562a11da41dccad906b5351d401af60fd18f371ff678e06e0338f152

SHA512
30c19eba48cc49de81e196cacc3fda3756e6b96b7b053486052dcd67143f0a9097a37914fdeede5fd095a203f4cce76dd917a1579732044044bbdbc17747cca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mcraft.fun_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mcraft.fun_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
af37047c5717efad50ab84bef53aed4a

SHA1
5f98302b8dd09e08cb70f48ba532cfc5b53e776d

SHA256
b4594d5a8ad39baa515edab042eb6fb6235602c5b6ac99e2085dfbd35aed7aa2

SHA512
44ac3a96af22ddf31c59a61b0f6ac70e090934eede3006d42d3683e9dd8d0a661268a5b94227fbf852ae0876e941dcc77c87192d06ee1c09715ab31542a8efba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3026624ed6cc696ccbb668842978d737

SHA1
6f84f5b515c8ddbd1b52a86be251c4909f61c268

SHA256
90a27394476188cd0f5c21e308e77594bb1e3ae2f9c782c8d24be541f144f5ef

SHA512
941a5cf52f1e499f60f7f7543ebfce3067b4c041c713722302e314853276740a96551009f63afee58139d48f0195295bc786dfc3648b5cce648b6d78385de09b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
045f81382222e841af9b0e9f1aaae4df

SHA1
b31548601ca322b6dc0c2518a7683eb435c907d4

SHA256
e97f114df4f95cc7b93ea8609b859851cf26f303bff3adb4c4d7d942a258de5f

SHA512
5be16daca56d4394a1434715e884ba98328119181c32dfbee6ca622de87a41fad6d9d412a29febd5a5cf4cf4126d3abddd1669973b05d04b8fecfc69f7ea0dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8d1fe87d39f20ee1339f39bbd12fc6ea

SHA1
0a4e184fa3967796ce72d649eaa99ae469e056e6

SHA256
ceddba25461370e9e3cddf206ba517c49b86ae5bb5657f219886f22fd936621d

SHA512
8a8cbe5d3e436ec46f60e8b3aef685ad7b52377980e02ba48589809a3c0e02c65fcd985b12d141ddafb89f948c47c7230cfbd36b01ed127b536ac60c1fb5be8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5a3f379d9280a6db0fa0069d5f962635

SHA1
047a5cab07365e67b8415ae7a57c0b1ae6381cf9

SHA256
f65827018189c5115b326d9e7e9415dccd2f8af7648e07438f22530431462e57

SHA512
99fcb0f1798604d06d8219efbf64d886ea8e19056c48ff948abd753ce87f99faa827ab953f727709ee84dff136c5ca29ed83bb6327b8d26580352c6b6b6a76d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
258c0d8d5fb259a7dfd0ffc6683761c0

SHA1
e73549b55d81e39256fe255233632972ebc5cac6

SHA256
ff608cb70ebc852e148e29d217b0d06ba4614093e1e9535bce20dce0309f941a

SHA512
eac8fadaf7f4987192534391af02d87630d5f1009c864f9c0e596cddc6f1a6eb23c246b201dfe8a5aee9d3fd84029294b37c0c56f27c39d8fcfd07a4d238df95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b2d20e12f5a5fcdb0651e85ed0039cb5

SHA1
666e9b2152ea0a73b1509bcb5783fe030a785621

SHA256
8c084c48d86016b711a1b4abec510fcd03d9947328fec9968fb1e0a5ade7a82e

SHA512
017e7e8af089d6b87db06b0ccce86d4299a88f3fc1c9411cbf5f204147e08abf9575c9bd9271a20ad81b514cb58a677af06ddf4bbc98989731012d253d32385e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
da7599da495d45fd1da203daca641de2

SHA1
dfb8e61c72cf7689f5e484721f0f9515d41ff0aa

SHA256
2ba1670252707ea01f875dd4206a73948274ee0642b1e105c5944f07e9efc400

SHA512
ee3889acbbe2b011a705d51d7f5e806196b935646427f413fa12d938e77d88841eb37426457ac03c241aeed0e4dff0090df05ab44544412b57676e318a148e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c636e1cf0173144a0346f4fcb16aaa81

SHA1
be9d5adffd0cec2c546a012359d9494ced502534

SHA256
6ef7d8971ce0930df7c40824c1b15defc1dedfc49866dfed48e5a5defd238422

SHA512
1dbb95337e05ee54896fba614d3a3ce299d4f4b5820745aec0c7ca3cd03b04e5e9db9e5ce39b569306df5655c291a1de9988d594c1f395ff1ce3e2d6f907ddaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7a5dfc5ae42f9e602b6161394b8d15b6

SHA1
c6a83cea4df1bd452bb8647db8809dc37fcc21fc

SHA256
6f49db7c95997948e6de4141b3550c08c9e6e001b3b51e30671d59a3b238b77f

SHA512
f254d4aae1539c0d441395012a83193addf4b7b44d4173df5eb07a6d4b62f928e1b332b5259a24190642015a08632b92ef148da423f1278631e95d61c1072106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
98bcf736296fa75be057ac8b66835f4a

SHA1
4908edf5f8f1fa23781059a4ee17c2decdaeeda5

SHA256
5385018d6e99e375b7664245a34875b3f4084d01b3e3cc08b27b1cba867db386

SHA512
f8ca8c036de44d1492bedd5457b844feab2bc3d7bc3396d563c290a2988b3edc7a0c4b5525260ef58dd58e24d50dd82080da445a67296b6f80625037784f50b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
970d5eb47634c882d96ceabaa38cbccf

SHA1
2f46804d814bb9abdd307cb883f1d951cb316bb0

SHA256
7dc48fb08e275fdc91fa12d819234b8923092194e9e773ddc0e7f16ebf5507cd

SHA512
1090cb0b019fe126c7763d597659081464c6432e3d4e8b9f64b554f4c748b9133df10eac13b52188ca7e7a6ca4f36a969ab63965ee2b39550e93a9774ae9af96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1e1620741dd59c03223f1616ffdbd4a7

SHA1
931b5ac5db5fe48186b16c94733e12ab65dffd84

SHA256
ac3d07c5f0d186aa10b9f21e7950819ddea9a5c164e7d98c393a8bf10e61e567

SHA512
d2bfcb1a35f9126c2f32d8c130958e89e40316ce67f0bf050664ee9c39f9520b672fb30530c570bc6b3003200097876cdabbc268e729e8e7d52158067177aad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
06dd2620d1f10ba895ac88704240bb72

SHA1
5d062dbd5f46713643017c6dae50a936bfc94af5

SHA256
de6184b8c85729a0d4a0b6135c9317111c5d6090a0a9caf20e986d220abd97a6

SHA512
a2b753864add08a29cd414e7b9aa66cd340cd8deec4bddd97bd54cd763eef7882c4b4961f5f8ed9b41b37e8d910c52468144da1cfef2d3aee98f096a47324a2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
48f22ca16f520de7c22cecfe4277f0c2

SHA1
f455baeada3527e271f15f1fd12d5df3b18cb7f4

SHA256
231e5aa5fedc32d05dc0126514e49e3e2f34759fe1018aa94787583d5e2e4ee7

SHA512
d902c15431d83ce86bae67e02624c2897c265a95f01dec04a72e08474f340d0406c0cfab71fe35c92d3dc330c0ceca54edf20238efc3d79d2f2cda21402615d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d7607941d36977ea048e8c7ed099aae0

SHA1
ee8362936186496bc01445fb2f9f0e1e3ee9309b

SHA256
3c442d248bcb0b03c2e7cbfca7bfdff5211bfb1bb236f0636854ea063344afa8

SHA512
b9bc806f9ee86eb4f349f8e16785316fc40d3030cb66fdd44c46104718e15800980b2aa9a9e9fff793505dbef4005350fe0ceb70da2b77d3aa75aef30213af9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
eddf46444000e4261425601206a09939

SHA1
3af71d7aab1ebde449eb206e94be56537a989f3f

SHA256
8bbbd59606ac7a182bec8ab31adecf31e0359da9a9d1d829d98bc013b6b539f0

SHA512
160aa7d5334dd8229d649315ae1c0a380e8a872e889c787dd09a4723db0f9831939baa94c91efd67a3c03c35311d47a1ef9cd8625bb1ea4dde5c5354051b972d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
72770f09fd184963b8bb63e68d707531

SHA1
0e3e0cd9db6492b78f6cf9a41886aa4db5d415fe

SHA256
8b71de382b8b980c80754f621a83242acc9c63cb3dacf13c242962d0a619faf0

SHA512
f368b53cc64cefe36d357cb31dc79d4fadd966c626e665f9e265165ee027b89090094626fbb8ccf6ebdca020ed54e6ee51322847b2e493ebae82c6325d0b6327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c505d529df77feafeec7427293c63ec7

SHA1
be51623fc184e34870c868cfccccd6766d579efa

SHA256
9eaa1fec119126989d8764d8bf2cc510c9b431f0051a29f90b25fea726029c40

SHA512
c17e99bc2c03fead75467a9e86c587e0a184051b058c1f7bd354cf9b7723745ea6dd861bef5ea39261cd04bbe35e0172a3fe7bd7c84d56215fff8e76236f23bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5826bd.TMP

Filesize
120B

MD5
d2d566e05a38a376e0ba429647741d5d

SHA1
8f8ce6264f86d726bea4a03f1dbef93b02ea2bba

SHA256
2e5f4125a2121cac63fa570e9be6c9ffefcf27250301372dbc64c4292a4920e2

SHA512
740432b93e9827c9eb0d7150e33f667a44e03d813fee20c45ac97b7cb04b7a533887d35f76f3668aef88c83962a67d8c5468dbfa8c917706d5909c5c96f8bcf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0186f14bb683fcfa06e869aea8938d25619c982\be92c00c-8d27-48ba-b268-f1a20fc3f849\b11d5a1907253729_0

Filesize
868KB

MD5
f0f12f875d9c4d82d3a6de5c37c11753

SHA1
930d9f0840c94df9baf433b2b76cd9e5b2bdf092

SHA256
99984d43274144a6e47d76e237b12a640cef41052925aca1ce09f1ea00ff98ff

SHA512
f3e1d9bd3fbcaa8e459609559c10c77df9ae3e37f79cc825f34c8025010b81711065d54f5e965a6945c69624a1d1ec50a6361728b5847e308d5d391c4a151b02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0186f14bb683fcfa06e869aea8938d25619c982\be92c00c-8d27-48ba-b268-f1a20fc3f849\b11d5a1907253729_1

Filesize
1.6MB

MD5
375b1110850372637f57ca9074d1db94

SHA1
d8c66ff1d633c27f07ee60a2f7edc5dd6d64bb96

SHA256
157202a10e3e36a1f751554a98c201fff8936e9d0711f4e4598977855a852dcb

SHA512
1ee00ceef4b8a11c7bdc356a98eb58380908bc336d6ef27ef60717ac36fc6cba10005ddfe1ed3690fab29fbe9b8db3206cec5b1089050a15c46bb0f6d7c9689f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0186f14bb683fcfa06e869aea8938d25619c982\be92c00c-8d27-48ba-b268-f1a20fc3f849\index-dir\the-real-index

Filesize
696B

MD5
abb4e52cf4eb559534850510ce4e4cb0

SHA1
cb94e754e91547fbc91e6b6b43aee8e8b9443683

SHA256
0e7ef3940156ee75b47c85272f2dd405410fe35c7ceda03f15f25a1c4833e82d

SHA512
20e1da70d0a184202d2088f9480b310d7bfdd07464605dd8fae570ac56dd13fa090364701cfd428e9a92d6cea75ea04753f1c01660b2f0f0c0ceda75e52a3aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0186f14bb683fcfa06e869aea8938d25619c982\be92c00c-8d27-48ba-b268-f1a20fc3f849\index-dir\the-real-index~RFe5ab6af.TMP

Filesize
48B

MD5
7071d91bf47784403e3f2e97538d4a5e

SHA1
dc352314020522c998495beac54d857a2c4fc9b8

SHA256
e1decdebd580ce73707dd02a1c9f30132cf49f793a1d87c3def2fcfde22f7227

SHA512
cd01b9ba6db31c44ce6e55e0914a407597dd0fbb5b728908d909738ae3dfc547a4af20ffc4c957bfd2e26a0f22bb9e8a1be916fe98b71d04bb781094797a3d7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0186f14bb683fcfa06e869aea8938d25619c982\index.txt

Filesize
136B

MD5
f061c1eb90f9a515c275a652314518f7

SHA1
e7954071b06b095d186e2b59f886e5f2db60f353

SHA256
51747d57e6a4fb5dde29002d946467fff7cf31b429524e55623de1c76dfba99e

SHA512
1ce24c520d7bfa31593adc039dcd8acb2183b12bcda0ba513b1552438dccb7ac3e957502a64f64c7c86a5b059530187a98cce809df3eea7207117e50f6910a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\a0186f14bb683fcfa06e869aea8938d25619c982\index.txt~RFe5ab6ed.TMP

Filesize
140B

MD5
c46a20ae08ecd393c8f5a270dc980089

SHA1
db65b81fff4f3719b4f28e58f1b562816e865470

SHA256
dbcd1730c1889bb49e04f4a1888e06e550c103e605beafccc2d75960c04a89e5

SHA512
1484f34dd841fc70ab23ab3472ad7e9a571515989de40bd939b8c724f870617bd26d6c66953ebc3cbd4ab93584231ab44467f3548c149d5d9f9dfb181dfed9d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
a6572a765864762031d39f7b45dc350c

SHA1
68e45c621e3d77f7f3883ca11708470f52637eda

SHA256
275222c611b116ded7aa3542ed3d7783c34697d44deb25dcc1fe57892258677c

SHA512
8ec287fe3dd718b887ec0642e64d75ed7eb4952ba26f74e95e38f63d8ca716a831a6d3b50e8b1744ba40982563053dde6ed44199bfa64c1f6bc91a57d409121d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
0ebb29b7ddbf1c2a29dc5efa4e74749e

SHA1
a61d33d62ffa1fbf657391aa4f943872c43990c0

SHA256
d6c4d9352c0285033e0b1752062a06486a719c7c89865272e4ad68c3a60eb85b

SHA512
2f09536069c927e8f6e00aa1e7b883c01cbaf0422dbb269d81ed56746550939b91cf15abe75e945e4db3e84cefd668c17f44222ac209e0542cdff50159042794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
b2de60b7d9f61e7a9881e066007bdf23

SHA1
29810a51a6021420033fb232c6f591dc8ce83da8

SHA256
cdddabacb2da41b61245e7acfe5069b3eca361c937304a07b0a88a2aa2ebfc0c

SHA512
a6552b2ddcc2323047c966ce60720dfd7a19cfac438f33039e19fea1f16fb1999b5b6385aa1b868b8ef39057e13da9bbca7e68676c59c8579ccbffd461c425d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
e8e7b419cfc540fadfa10bda755770f5

SHA1
5f3bc9f13e3fb6ea1e73f1a29c04bb79da0a24df

SHA256
f86c1c2de6de232d9735186f6c072ec355aeca138f405ce06a8b73cb544e4c23

SHA512
d838af39473ed2453aec0e7748f2082cb7adeeb1bdcbb5db54cbe7d61273fd98233ab10c0b9f105aac54197516f5a87040eb6a4b14552bcfad84e5f7c8f12c96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
3434be544676ecd7ed640e38f0004d40

SHA1
f3456cc43e27d56baf0f100ee5c7d417c07e55ea

SHA256
bee743bbbe3290bcd0c4676397f4c718921d73745e8cb51563a10ed21c48e85b

SHA512
9e1fb035542d704436dd9838b2d8fad74e3d7456726c4869d92690986cfa6093ef202b84d4f17540ebc3272a556bd17daaed2b049720af2d7af365f9eb2b40fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58ad81.TMP

Filesize
88KB

MD5
6964e1df7af6f8968c70ac98c1a78b7d

SHA1
7318a64c365c9ca7c187597f0708a1b83e54e088

SHA256
d8c9d117b0ff941cb8b554a1f7ccf08aef390fec93884b0a2a62c03a99e31498

SHA512
3ea97189d27b57d15606d171ffa1fb592907ab21304d641c32aca7a12ae1514241ebe2c65f10c9bce4c3abda39cef211d128a5e21529530184f5cc9eb4945538

Download Submit
C:\Users\Admin\Downloads\Desktop Goose v0.31.zip

Filesize
4.1MB

MD5
eaad0961b52b14d9a323f092ef307d8a

SHA1
feb3aedf16432b063ff93c90623a865a1fd5214a

SHA256
e66264065923676807fd6d7b36f7c9dc52db9ef1c5399b2811738eb5e22a30f6

SHA512
fc42d2ed6a8a8efee0898236526dbe46218dbec657caa5e70bcb18433345d56a010903c155c726a5c9e117e1759cae42560e18da49d5bbfe4e99048fbd326330

Download Submit
memory/4744-485-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-451-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-471-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-470-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-473-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-469-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-483-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-484-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-487-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-486-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-463-0x000000007487E000-0x000000007487F000-memory.dmp

Filesize
4KB

Download
memory/4744-488-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-491-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-490-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-489-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-492-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-493-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-496-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-495-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-494-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-497-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-462-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-459-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-461-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-460-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-458-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-457-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-455-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-456-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-454-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-453-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-452-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-449-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-472-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-450-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-448-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-447-0x0000000005320000-0x000000000532A000-memory.dmp

Filesize
40KB

Download
memory/4744-757-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-759-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-760-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-758-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-761-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-446-0x0000000004CC0000-0x0000000004CCA000-memory.dmp

Filesize
40KB

Download
memory/4744-445-0x0000000005350000-0x00000000058F4000-memory.dmp

Filesize
5.6MB

Download
memory/4744-444-0x0000000004D00000-0x0000000004D92000-memory.dmp

Filesize
584KB

Download
memory/4744-443-0x00000000002D0000-0x000000000030E000-memory.dmp

Filesize
248KB

Download
memory/4744-442-0x000000007487E000-0x000000007487F000-memory.dmp

Filesize
4KB

Download
memory/4744-901-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-903-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-904-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-902-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-905-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-906-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-909-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-908-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-907-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-910-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-911-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-912-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-914-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-915-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-913-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-916-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-919-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-918-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-917-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download
memory/4744-920-0x0000000007470000-0x0000000007480000-memory.dmp

Filesize
64KB

Download