hxxps://wearedevs[.]net/exploits

Analysis

max time kernel
299s
max time network
294s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
13/06/2024, 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wearedevs.net/exploits

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133627763726465515"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	explorer.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4528	chrome.exe
4528	chrome.exe
5420	sdiagnhost.exe
4628	chrome.exe
4628	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe
Token: SeShutdownPrivilege	4528	chrome.exe
Token: SeCreatePagefilePrivilege	4528	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4668	msdt.exe
4528	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4528	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe
4628	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 2256	4528	chrome.exe	78
PID 4528 wrote to memory of 2256	4528	chrome.exe	78
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 3204	4528	chrome.exe	79
PID 4528 wrote to memory of 2012	4528	chrome.exe	80
PID 4528 wrote to memory of 2012	4528	chrome.exe	80
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81
PID 4528 wrote to memory of 2192	4528	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://wearedevs.net/exploits
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc6337ab58,0x7ffc6337ab68,0x7ffc6337ab78
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:2
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2152 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3884 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4304 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4916 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4988 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2900 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3944 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3116 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3104 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4292 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4624 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4868 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3084 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4764 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3852 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3040 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4160 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Windows\system32\msdt.exe
  -modal "393742" -skip TRUE -path "C:\Windows\diagnostics\system\networking" -af "C:\Users\Admin\AppData\Local\Temp\NDFE426.tmp" -ep "NetworkDiagnosticsWeb"
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2940 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4316 --field-trial-handle=1808,i,906742935000175160,12605922879458048883,131072 /prefetch:1
  2⤵
  PID:6012

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:844

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:5420
- C:\Windows\system32\netsh.exe
  "C:\Windows\system32\netsh.exe" trace diagnose Scenario=NetworkSnapshot Mode=NetTroubleshooter
  2⤵
  PID:5600

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1892

C:\Users\Admin\Desktop\explorer.exe
"C:\Users\Admin\Desktop\explorer.exe"
1⤵
- Modifies registry class
PID:5488

C:\Users\Admin\Desktop\explorer.exe
"C:\Users\Admin\Desktop\explorer.exe"
1⤵
- Modifies registry class
PID:5788

C:\Users\Admin\Desktop\explorer.exe
"C:\Users\Admin\Desktop\explorer.exe"
1⤵
- Modifies registry class
PID:4576

C:\Users\Admin\Desktop\explorer.exe
"C:\Users\Admin\Desktop\explorer.exe"
1⤵
- Modifies registry class
PID:6016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffc6337ab58,0x7ffc6337ab68,0x7ffc6337ab78
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:2
  2⤵
  PID:4188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:8
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3844 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4744 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4352 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:1
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4784 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4548 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3112 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4828 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3280 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2536 --field-trial-handle=1816,i,10077098760216439047,7410891923890508014,131072 /prefetch:1
  2⤵
  PID:5740

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061318.000\NetworkDiagnostics.debugreport.xml

Filesize
6KB

MD5
ce265d085f92565336736dbad84d41ff

SHA1
e6c5c0b9f7e8e3880a05872be6d83ec28fd7d40d

SHA256
f62ef76862209e7348174e747e416dcd9c9a077d4303a987f6cb727e938158b1

SHA512
9dc1343fbb3c0005a57c77d99254fc947a5e62904b86654afb18cad46cd070f9ac940d1c19b380b070d40a1333d2936b94ef9bf3f8ac9b9f06b92231af89f192

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061318.000\results.xsl

Filesize
47KB

MD5
90df783c6d95859f3a420cb6af1bafe1

SHA1
3fe1e63ca5efc0822fc3a4ae862557238aa22f78

SHA256
06db605b5969c93747313e6409ea84bdd8b7e1731b7e6e3656329d77bcf51093

SHA512
e5dcbb7d8f42eabf42966fccee11c3d3e3f965ecc7a4d9e4ecd0382a31c4e8afea931564b1c6931f6d7e6b3650dc01a4a1971e317dab6c1f03932c6b6b7d399f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
7a924cbf0412e1de06b0e38590ecb6a6

SHA1
db32fdf7c23f28a2fd3350dbd94ee25ce78b615c

SHA256
6ae5ffbda60d117944970cb446612309126b1f131f52f904847281ed4fcb8e54

SHA512
7feef2199bf9003eed113aefd0d28f0cd359e26daf9bde23d918a39af0a9815c641c3befb1650b86cd121bf98d3b899c852cf81a89dc1e416ee3f7a423fc86c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
6ad4482dd0f6565751eb1f2a19189cdd

SHA1
0ac43b25212920fc6b6e8dcba00d0d2a7820aa3c

SHA256
d24f729a35d8b04660ec16401d9565b266ef1b86f5f0f23f95d69ecb9c41e85b

SHA512
ca89c4b137ea37d33a3a0821f8201c2905bfe729656cd5a2bad98fd5abe0a82b67bb0720e084f098a4fe94f9a47752f12ce1c6dc274c2ab148d973d7e4d86293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
10f8230f8f4a20b3f4c3ea19c7a57072

SHA1
e629bff707944e1f741ec71c1ed3f4a44dd93186

SHA256
f8f099a9e80f7f690dc6987c0b093cf47215035e10374caed30cad6ffcbed016

SHA512
5be4834d94f2696950b4f9e0d2a91f0c4f813a35ccefce3d2f7fcae91cfd27bcd0f98fcd0b662d2fede0d4fed3445bc79fc06e10c5bd7d2c562db1d7cf28d650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
1d4ae6ad1a28df040cbce852d9efdc7c

SHA1
5238b7fd5a82049f91eccd100bafd4f8388a0f45

SHA256
2ec49a96201deb214bb52a42ec39241580f93dd8be5dca90f65c0713ae7f8a4a

SHA512
9d3a434ec6330932778d73c24878f197b64463e53f8d5075178927acc2338728203d26440ad3648c846639819ee67e5aa4a0832423d51a93b13e5718a42d61a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
42c74bdae6c1dcc99c880c72a2df302e

SHA1
9780531139697abc00b41d4e3b57e809c6a86794

SHA256
e24e2160c90d3f3a15bbb8e4ce93d267dd20024ab56669bbfbb33216a457fc48

SHA512
241e6b5d989cc912f3afe5fbcd27e8d13675646d7cb9a6155dc79f9556f962e24e4435cc663d246fef90c36487154c90d3bd12857bb3cf879bc00c91cf8f97ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
1ce39403cf68045f5a8fc762006de575

SHA1
a867eb7c62b1313caf7884a44bb1146b56313a71

SHA256
37302bb81f38bb871548e47e0bab25fa16af60344e5b7165c3786e6a5551c503

SHA512
18e5f3f7c03c69a92c7b056ca5642afe366b69cbc1777b756ccd714304f5c2a7c6fdb08931c61a3e11ff12b6a47075158c60a455b0e1cb3ff46d17ca886363a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
70ff3e9940b3a6b99cdb59ed3b72db09

SHA1
42a412d95ce37f758feaefe25969dd2a379e10de

SHA256
a8e068d55dca83939e9c1b4024226c04e58bfc6a6176b53e74f3cd79d68022a0

SHA512
995834398ccc1d5884356c4c322d8192b72d88371161f576a6fbe0669d761a4e2915d10ba29e927fd37ed067c181f5c755bc30f7c04bc7e3fdc19cbe74fd45eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
810B

MD5
77ec3f1146e4aae4c5ea13d3caca8f4a

SHA1
a179b917808425415d1b6418bf93a7542377fc3b

SHA256
8c195c3eaab38ca795a56db8be989a9f597d2262eb6c5139b0a3c19ee809f80a

SHA512
4cff18a784b84526f459daac88446a079cc63f4ddeb32dcf156674c27387ccf95049af3d3ccb4e3f81ad0e2c059c98e68112619d4e647d5aed7eb3e359da4c91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6d8ca4747ba0718042b2c2fd339b3784

SHA1
75040f0cc32d8d4ce8c3455344098a163025c6f0

SHA256
cc32b6ff52398ef24e70206c6057458b296c97904ace99d21be93f3157267c56

SHA512
8e776ac227c1d263dc31b41e8905d53c3632e67bcdc3255fb36fbf2e9eb1450f4047e2e2e59ff40e81283bc753c1b0ebe4c5a174c02b7e00d7798411e5747997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a2e809d66e550060ba384d7be4f0bf64

SHA1
a4574f06e23ab4aba1e07acd58997f4c4d82ee78

SHA256
0d8acefa8de8fc9d2e5baed380c097f1c4e2539e97088524094702bc79d494be

SHA512
8dc3af97fd4d7ab17f1d23083a312d26b236637acc895fc56b221b9cdec5650a6075d9e049181e3e83ebfcda66379b483f68a9630f78851c26a4a1fc090d6acf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4f49e5abdc803cb866f112a4250be9a9

SHA1
2f32cc38bd4d83053e8c5aa6d4e5b05231c7660f

SHA256
665ca9a2afd8e27acfce8497bc945ef26db26d3c3e36ead7aa4fb5e8a72691bb

SHA512
eae925dd4d79090741cd996813caaedbec0029cca6d32ab37a2bee8ef16f61203b876b490e43cd74f0ed797e57c8589de22559c823eae5781ed1c545e633ef7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
01f85ced1d042003499266f650e7e4af

SHA1
9e175ad9e63369a0ae2c5b484abb769160bfc053

SHA256
61f373011aa5601ec5949a1ee27f299f1b53884e38aa93f5ea75ba99d9581984

SHA512
cf11367c83464e3291357c11f53fd2768e60c63ce9664347f17f398c053c2a2771c1280267bd47b2e205a259193bda187b6c8f9f91c51a87b584a7034c5d72ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
251B

MD5
22b21ef1c867f920688ad23503cc59b3

SHA1
2a7d083f7c8e2fea6851d13a3fcb1f37a87d3e8d

SHA256
7867c6dec8a5fd95b544f7590eb8257cad3f7e13e15a938eaa76f04966122c33

SHA512
acde85dd18bbbb3622eecba14de7528723d09db26c7aeae4201a90763c0775809754bceb7819171f7ac146c7f364dd8f4640aeb1070186338ba350b60d18313b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
1d8b61790c5bcf68c2d5561778f1c2ba

SHA1
4822f433147cde436fbbbf27e326968bf12780f0

SHA256
4c5d0ffe60e3ffc1546f67a827e5e0d1108df495babe57114d7bf7943ebab8a2

SHA512
c518dd38fb23b3759b3e9468e34de73177a6a4830c61b79b4aac999ee5cbf605ace0bc525492c35e29835cd8e09f60940a06cf95be48a07d6f8651ec12378f88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13362776407625651

Filesize
5KB

MD5
d851401adf16aac60a8f0161e97bdd51

SHA1
37d5a8a8c872f16b5591e7a09d752167c115cc35

SHA256
6c5da8f4b63f28a3e244569c4201e87b9e4ca046984071dd08cf6cd1dfbea5f7

SHA512
c3a18029616e0fc0e353f10d1370fc44044f3d91bf079d09e6c6431deca4c5ebcbd24cfe1aba9373e91268c7745da571220c45ef8000a49ba34cb3c9a3cdb2ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
d5c14ecbba7c487695e67526c3ede77f

SHA1
cf08beda26cbf0abc4778592958cfd35ba854e0f

SHA256
4a181fc337bca6a9c01655d7696723c594f08309590619c40d7ad8debdc5d6bf

SHA512
3af192bbbe9117b8d0bb55eff63f765c61ee693307cf79f90dfa3366ec8290b924f022d7196dd9100c33d6abc897c9b138a83144421ef7d7f67c3b2ebbd7c31a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
9485aff2a5708da57b2e9a0c634c5fd6

SHA1
fa13db3f0731a177c21fba16de31e2ee027f517c

SHA256
f54fc9a76b5f5441836e7c017562e0464c9f76268349f9bb71344c9fb0fdb842

SHA512
bee11d24e544d2b4728f128e80abab4d8ea6d27b6126c25bb34ead15aec24b31c8b905ef3fc21579908b144bb715a2f39370da01b549c76b2e2a401b883bb33f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
68fd44590bfb96cd371065917a95fa8e

SHA1
77f1d150cc751221274c109be0de0aba66153400

SHA256
77b897a979bce4a8cba60f159e67e480e356842fb761a09efbda5ee623b79b1f

SHA512
040f91832dfe76495e0fbddb06bce0b66ddb5e9d24f5bacaccd4ccf8fa080ba99d7d811b89b92302077a37f563480282915f20ea875dea44871105db5438cde4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
58fd1b45a5914593e9f23447a9a887c5

SHA1
b97eff6b8ad45c389abd7db4352a12b2ed0f9163

SHA256
c886a637a04352f4c117cc3d487361b7539be14e8e6475060677ba105f24311f

SHA512
a8f2cbd9cc3d65ee3794e2db9d7eb38cd099832203abf5a05de5d81cd17e68399fa1b4e12cc0715e0c340d8532ff2a0d350623f2bb3b45665422ca2b6b73c532

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
4166b48e6dca45d48373963299a3af37

SHA1
608094081744d598e80e151996ac285893e1229e

SHA256
b22590f61b9fb1b84e2329ca0806bda080e4a94aaf61b19575c8b8a4ee0f7431

SHA512
143f5804f6aa5dfffe736603abfca6950c02c27f8f198905d4d52bb12c929adcabe845d5f57d4df84310a3318625ddd36a2385be5664a71340c9b25ea40367d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
61f152be2d70f0db2e4a1904995c2b43

SHA1
ca3f183f89228609874ba838498337ff3455de73

SHA256
5b494402ebdc0ee9e6a19fe62ae039665daa126ed37c0b52f9b08f586dcd4431

SHA512
912da3eaabd0cce93d6cb8fb31f3fc99b6491885dee6daa0e1811053514a6e1f3ee9b4c3415ee3b19c7ae5326c54ce5a29b7c084578695a15297f4ceae9d0dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
918B

MD5
e4c1cdf6be4266ba0ce69de53a6c3a2a

SHA1
a2d07a3fd1b7df34cafa6ab0c676c776755198fa

SHA256
9f8cca4f2ab682ee42da3c782a3cd43a63c51ed9bc17af38b6df9abdb651f90d

SHA512
f965e669cc36bcabf94e502a3359c0709d96cdf0e408527606b867d55d9cb13a773ca1f02fa4cba948d383e1c5b80b60f1463bbaf14446a5e9eed8f41541bceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
9d94d0c81cc4c506315ecd89ee2e1920

SHA1
d8a4033f0b984ab436a890240902cdba0e28fb73

SHA256
60e65c92994df755e13fffe60c6eac9d5cd20ae1b18de21c3ff6f73a12634d97

SHA512
8b32de1dcb8e3b7819023bcceb251af77b8f7e4843dcb9fd7ab6a6d31d4326322c3df1b0e5bea6b983ff9e604c517c6f47850952157886dd763b155954b109db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
5faac343a4df431841a950473ae1e783

SHA1
a414bea0a1358e15b538b4e5ff469707210b859b

SHA256
28474ae1e2419e519fc0a97078693cac0b161e7d1aff23108a2f838873f12a4f

SHA512
32fb667f33edff897a2aea131ed260970f0f56754e01c299b1dcd64312025e161fe0f0d0ff3c6866ca76a075057c1f2e0ee8eba24dfd3e5d83e059e7db7f97dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
fd59982f3cdea63e0cd3b8e40da77751

SHA1
2b96942b83d294fbfd61d977d20fdb65e438e98d

SHA256
4ac9a8c42f08c7b129f0a1693c48f2d2928142da85ba05fb9161d6419ebe4fdc

SHA512
2d2c2b4884d366c1c1ecf87b89b4b0b41aa45768d7f28838b25cf81f1e0c821110549cd6948c53dfb819b7e420f08fe40a1e51a1e06825362e68f61758d38f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
2ef9749f544f5b0e9ab2f29f1500c9f8

SHA1
8e59bb3e766f3fc5c145fb37ccc5f5ec94bb84be

SHA256
580446f714d58c1ca7d2cfa1826eb6d8d8cc7a63ee30c147ab7e4151cfbb7940

SHA512
18cd995e82ebd8a1f72b06ec29796bd14faf30501aa2a7e1a56b7fc3af724f94c7fe33b5c711ea4095bb6a285dd35925dc0267f89e9bdf01fe55ed2faefb703e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
855441e183325105a4acfd78454aeb83

SHA1
6eacf237874cd59754bdfa0aed2e7b5b9f7fa8c1

SHA256
2b54f0342606d3bd8f82719fa521f215016c8249361619902f0933d4e3b7ad40

SHA512
c907ef86a2ce3856167733656913b2b30fca91bf79866683ee30891779ed9230a82278927a7a0634d24b264fa9a7c657721ecbc0b1d296fe9745cb996fae5c3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
bdec730283f2910a1e09762c4eb0358d

SHA1
d30b0bff8d15338a9298d34a9c332e5f77b7f0af

SHA256
acaed25c914c053301fa94e280234bff59e0fbfbe54c6d2ea3b7306935675f34

SHA512
d28dfa853ee3b46544cb53ebd9ddddd87b58710f98915ac359212dd630b1809cd9f593b2c45760c5f065c2e6f4badc9b845765b5ab4cc1d6a4f093dd2ecdd0b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
129KB

MD5
742513f7616f5abf74b9dd7b8b565ad6

SHA1
fcf232fe97fddcf3017550018a9dae45d4d34756

SHA256
616294a450c0ee16a522d60f8a56077cf0564cce45f92a694305a1ded48e1ea6

SHA512
d73889f7077462e246cf7ef1b30617ba887a42f8b78ee53bbb4aeac91dfc74d3778d0c092a07f2bf500bfec3b049d3e542e05dd15cf8f7c8f8690375793324b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
d67c9c4bcf687e7a2e8918c2da78648d

SHA1
7bf66a6ab86b99bc48bb124d5c3228600c503789

SHA256
4bfcaab2a5f95bd31d6a1f93d8c714944aad96e799d032203a34e5fb30202756

SHA512
34fc847f71463bef038423c8ec5524a78493523c8238c6fb2b5f31acdb0f2b995353bd82b54182c499af50ef19ddc68d59e1f90eaaeb9ddfca2bcff1086bfcc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
78100de4e87635b74bdae4174c810746

SHA1
11d22e7c039ef60ca689dbaf95905890b138f854

SHA256
93cff1d9978e7665ea753ae685a48157c8007a245c5d41c3c0bdc7342bb22979

SHA512
1456af3eabfdb2fc65626285c65f4f78263d0b4b57921e04b4ec52aa3ab7edb3535ffe89362d48bc4a1a1f83d67a98e046e80f94374128a3ee8d9c3df71288c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDFE426.tmp

Filesize
3KB

MD5
e310e5578a38aa0803fe501af84e061d

SHA1
ec4e52893b7da842778df8d6658b356de731249b

SHA256
904b48d7f7c6f079ddf5453bfe05bd98118a7e69d0bba17a75f2209a7a5389bd

SHA512
36465ac3ee139947b6623b0efc85cbf66dc8640dbb41abb613057b7d4b48e816bb67cc4893bd994f4f81d2978397f0a8361b2300eb5fb38cb0dcf01a546bceb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ycgbzbx1.yyq.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\TEMP\SDIAG_2eaef1a5-dc5c-4b63-9076-aa6503aed110\NetworkDiagnosticsTroubleshoot.ps1

Filesize
25KB

MD5
d0cfc204ca3968b891f7ce0dccfb2eda

SHA1
56dad1716554d8dc573d0ea391f808e7857b2206

SHA256
e3940266b4368c04333db89804246cb89bf2073626f22b8de72bea27c522282a

SHA512
4d2225b599ad8af8ba8516f12cfddca5ec0ce69c5c80b133a6a323e9aaf5e0312efbcfa54d2e4462a5095f9a7c42b9d5b39f3204e0be72c3b1992cf33b22087c

Download Submit
C:\Windows\TEMP\SDIAG_2eaef1a5-dc5c-4b63-9076-aa6503aed110\UtilityFunctions.ps1

Filesize
53KB

MD5
c912faa190464ce7dec867464c35a8dc

SHA1
d1c6482dad37720db6bdc594c4757914d1b1dd70

SHA256
3891846307aa9e83bca66b13198455af72af45bf721a2fbd41840d47e2a91201

SHA512
5c34352d36459fd8fcda5b459a2e48601a033af31d802a90ed82c443a5a346b9480880d30c64db7ad0e4a8c35b98c98f69eceedad72f2a70d9c6cca74dce826a

Download Submit
C:\Windows\TEMP\SDIAG_2eaef1a5-dc5c-4b63-9076-aa6503aed110\UtilitySetConstants.ps1

Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_2eaef1a5-dc5c-4b63-9076-aa6503aed110\en-US\LocalizationData.psd1

Filesize
5KB

MD5
91f545459be2ff513b8d98c7831b8e54

SHA1
499e4aa76fc21540796c75ba5a6a47980ff1bc21

SHA256
1ccd68e58ead16d22a6385bb6bce0e2377ed573387bdafac3f72b62264d238ff

SHA512
469571a337120885ee57e0c73a3954d0280fa813e11709ee792285c046f6ddaf9be5583e475e627ea5f34e8e6fb723a4681289312f0e51dc8e9894492407b911

Download Submit
C:\Windows\Temp\SDIAG_2eaef1a5-dc5c-4b63-9076-aa6503aed110\DiagPackage.dll

Filesize
488KB

MD5
ec287e627bf07521b8b443e5d7836c92

SHA1
02595dde2bd98326d8608ee3ddabc481ddc39c3d

SHA256
35fa9f66ed386ee70cb28ec6e03a3b4848e3ae11c8375ba3b17b26d35bd5f694

SHA512
8465ae3ca6a4355888eecedda59d83806faf2682431f571185c31fb8a745f2ef4b26479f07aaf2693cd83f2d0526a1897a11c90a1f484a72f1e5965b72de9903

Download Submit
C:\Windows\Temp\SDIAG_2eaef1a5-dc5c-4b63-9076-aa6503aed110\en-US\DiagPackage.dll.mui

Filesize
17KB

MD5
44b3399345bc836153df1024fa0a81e1

SHA1
ce979bfdc914c284a9a15c4d0f9f18db4d984cdd

SHA256
502abf2efedb7f76147a95dc0755723a070cdc3b2381f1860313fd5f01c4fb4d

SHA512
a49ba1a579eedca2356f8a4df94b1c273e483ceace93c617cddee77f66e90682836c77cea58047320b2c2f1d0e23ee7efa3d8af71e8ee864faef7e68f233bec4

Download Submit
memory/5420-441-0x00007FFC4F4C0000-0x00007FFC4FF82000-memory.dmp

Filesize
10.8MB

Download
memory/5420-440-0x000001E572490000-0x000001E5724B2000-memory.dmp

Filesize
136KB

Download
memory/5420-431-0x00007FFC4F4C3000-0x00007FFC4F4C5000-memory.dmp

Filesize
8KB

Download
memory/5420-491-0x00007FFC4F4C0000-0x00007FFC4FF82000-memory.dmp

Filesize
10.8MB

Download