82aae3112ca38c817ba94f7b1c8d24d05a66613f1a36e76a8f9cb58c990b6276

Resubmissions

01/07/2024, 20:02

240701-yr3j6awgre 3

27/06/2024, 17:07

25/06/2024, 15:48

24/06/2024, 16:39

24/06/2024, 16:37

23/06/2024, 21:16

23/06/2024, 16:48

23/06/2024, 16:26

Analysis

max time kernel
1049s
max time network
972s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
23/06/2024, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FSSEWin.exe
Size

11.6MB
MD5

8f15e02375a0e5416472da63a9961ea6
SHA1

9585a99954d7927404f1df5d1ef742fe92b2eb26
SHA256

c9bb84733d9015302e8106c284897765c4573336bc4d3d5217229ef4d8f1909e
SHA512

5f6a3c09edadc2feee3fc6a2ea2b7f2a0e680f9e74bb4480f35a2836ec2949efdcff2f7702dbcf466b42fcff9b8d8b3bdbfc84f7054f8e8c5c31506472940a6f
SSDEEP

196608:qYg5Vz+Rez4AKeNok8u8Fn7s2gj/CmZSbm9v:qcez4Apo0a7Rgj4C9v

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636509853518016"	chrome.exe

Modifies registry class 57 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	FSSEWin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	FSSEWin.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	FSSEWin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	FSSEWin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	FSSEWin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	FSSEWin.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	FSSEWin.exe
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings	FSSEWin.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	FSSEWin.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	FSSEWin.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3080	chrome.exe
3080	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1572	FSSEWin.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1572	FSSEWin.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe
Token: SeCreatePagefilePrivilege	3080	chrome.exe
Token: SeShutdownPrivilege	3080	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe
3080	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1572	FSSEWin.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 2952	3080	chrome.exe	93
PID 3080 wrote to memory of 2952	3080	chrome.exe	93
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 5108	3080	chrome.exe	94
PID 3080 wrote to memory of 3508	3080	chrome.exe	95
PID 3080 wrote to memory of 3508	3080	chrome.exe	95
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96
PID 3080 wrote to memory of 2336	3080	chrome.exe	96

C:\Users\Admin\AppData\Local\Temp\FSSEWin.exe
"C:\Users\Admin\AppData\Local\Temp\FSSEWin.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3aa9ab58,0x7ffd3aa9ab68,0x7ffd3aa9ab78
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:2
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4916 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4228 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3356 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4808 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4920 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1884 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5168 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5380 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5564 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:8
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6272 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6476 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6608 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6724 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6880 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6900 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6236 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7320 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7500 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7648 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7840 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7796 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8020 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8348 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8308 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8644 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8848 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9132 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:8
  2⤵
  PID:6652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8612 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9220 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9416 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9464 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9480 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9496 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9512 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10044 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9112 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10188 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10172 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10584 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:6992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10616 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:7000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10724 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:7008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11016 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11064 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:7048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7644 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:7056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9744 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=3500 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8796 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10752 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11932 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11948 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=12204 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8888 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=11864 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9412 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=12660 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=12664 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=12216 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=12956 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=13112 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=13236 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=12688 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=9444 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:1
  2⤵
  PID:8848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2652 --field-trial-handle=1880,i,12888740178432082866,7764112958623316050,131072 /prefetch:2
  2⤵
  PID:6752

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
deaf80acdd2b427744c667e147d051c9

SHA1
8b84de2b3b7c540dd118922aea65449ad5b74e5f

SHA256
9f44a02840379013bf430902b8463045819abaeace372b183c4eadb1ae239c77

SHA512
a69116307940e4ef3174d6e5ac8a1eb325c62aa96e2a7fa9c89404350defc77f480c800cb876bb56b5e4c2b017813fffe93de501dcf08af03053d93a842a8882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
02871d30d1f2e94c27d9a100182d20a9

SHA1
beed0c404847a354b90dccd35c7305cc1e40cb3e

SHA256
56fe66393c690164b0788db2ac9afb2ffb44182845d69ed801d8269d576fe854

SHA512
1f214c8ecf4d1b73dd9e750d813611411e2d1b08b2a662667caad66f7986d7394005f374733a90281014ddc7e910ba1e0eca24861c9eb0a41cdc65e66376f984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
b1753875da125e1c27c4111213b09a1b

SHA1
8867df8d3116dab4d0fb2bf80d96171e62904d30

SHA256
dea158cf20e2dcbc8443a7b9ada6589b02b918bcdd1b045459b7cdaae00c9190

SHA512
761b5da8401117483fe86fef4e3d3592cf58d77b26c6dd27418ccb048e69b46e588727df0fc75a27b68c4fa3ed021bdc77ae0e5d7c57707e07d81c105da9b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
30f64a989ba1b35461251f31814b02bf

SHA1
0e3f510df0c466137b364e2ecc0ef90892758cac

SHA256
d88e4a113eb1e0ce3aa5b5ee251789119d2056f0dd56cbed79a2ade9d1dcddf3

SHA512
a849dcc1a37b09586f0660102a895a00d4a61e4819958435c86d91c0d2868fd259a39ed1647455d5af3f9e7b4c927c011797eff902a058cb3773823bcc86fe7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
acea55bc59213e4c3efd600b551f0b70

SHA1
0d1ca6490597f2ebc6306b07b73710ffb56cc3ac

SHA256
4d92c0a1dac7d49e55b544a6c1a16ccedb33db7d628c4110a3b9cdac5446bf1f

SHA512
c623b47bb03560dbb65219b52e0cef84969cc98f87af95a1c67bb5452fc3264775d0a98affca6038d9e63d3879667c91056ba3aed29924eded908c72b5a133b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5755b151f3f361ed6d7c66219fc071c2

SHA1
d3d713dda0750a468a94c0421744101cb1d27d4c

SHA256
7aaa8f22a3240d0dad83da5befc0a8aa075889a21fef7f47174837e6815eb928

SHA512
141ea3a25db8345fa670dc4a8d61987f7223d5e83901ec22f3f0b6c378286171e004a6b06dec2a41f3d69faf32ccd14ee235d4ac32fa01d24a1ee440f93d2ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2f9fdf5a9fa63f823aa4ee1839699012

SHA1
81fc7ee144919a0e07f1b6bda68d51ec8bee322e

SHA256
b84b6e1731f35b477b3f20b15eb7242c9201984ffe80002416091d71fc53c9b3

SHA512
9b54b851770f2bc553a9054c3c8facb722f1a16352721d9b5ed97cb67358a9167a19e6008c97769a4cc9a535815a801c1a198e28dddcfd25cea842cc145f152a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
224b811d119a78d694ecd31f2b011d20

SHA1
3930fd32b3d211ed1c51f72f31de6aa631666b55

SHA256
dadeec80337fb98292ce7109684f3e1cca7d05a9fe929399a69819222642e9ff

SHA512
4a7a4208920f4847b5a01658175b045a058e01bb0151d338819b97a0552879fb808562b9af573121c9f95a66b8bd7545412c927a6eb52f000af45fa50d0b1b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2dd2bad44542aadb3f6379e9106e3fca

SHA1
55da47933a3808e3051e68a1561804ba443bb0c4

SHA256
eb536a5e2700122344bc2e120cff6f9045b0c917b8d107035dd593f06a68d0fe

SHA512
c473a665c1af485ffa03d5dff252728f8ae7cf9f6307d246e23e0724f5acdf5db55b8aa086980d039fbe722e1ca12f55129b6a7d43350cad1678ffccbdacbfe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
029666c077a22da424dc9089359f8297

SHA1
ff5c88973974556339d17ce9a55dbb58954e3fe1

SHA256
6173a23b439b2ab97cbae50c5c656cb680a0459129f4af5faad74c42fec41604

SHA512
60a2eaa21d6f21ff0220b2da1516934fc1693b2ef1597e28a401b62ca22fff248a33341d32dfa50e833c92fd725d64e5daea90a26933aa047317a6b3a4af7ec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5db46129be89f1c1b8069e1fd3aa5fee

SHA1
0319a0e52158ed301fa02b4e50db017063b79435

SHA256
9670cd6d0b3cea79954f61e78febeb58a22f698c80a3efe70d084d272cbb872e

SHA512
cb8f34c21a8fa1c5858473807696b3154394fd69acfd26caac0a9be33e49be2b055af33ea4b72b2ef2062c0ae7d937409b2b85a63ecdcb2179340f5741d81080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
819148281de26a19d855ac3637e2def9

SHA1
6f9b60d860836f9bcffb132895a4ede21cecee7d

SHA256
b058be0315e5fc76716bc26ccd4494be5fc05da22da65ebb2ae841f9658d31f1

SHA512
1561a2705d1e4491cfac363f7ccf55f492502b47d5ec73846134cbf4affe287e9469cc729838cf0c81717afaa4283ea962259a90c3ef78b7bd245721362a6a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fe772b80-8825-4350-8705-08c4327ca213.tmp

Filesize
7KB

MD5
61a8b599fb58a65fc3a69825186bab71

SHA1
8dafbf22a23778da1887826e5914b3d954445227

SHA256
c9bfab65ea6561fa2060db141b6e3d2af0e792ffafbf831782650e8056eeaffa

SHA512
30694e8bddd29b9e19b99c53e7b059f320887de3c52141636292b73274ff6c0ce67bdb7f35ca67810adfd1017bab7453fa827a3fd7d447f7cf713f853a44740c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
7a75dd6da35ac3ba4adf8982b2127fb5

SHA1
c9680ea643b684c423e8baf75c3daea73513d1b6

SHA256
5f944dedabe1acff465c37a4a8b13b73c5340ec2fe3192d09eeaa2ddc619ce64

SHA512
81182457df5c499db10d2065445a33a2eb4b7f4f419df403e0522b0561ec4fe872dfcebfbd7823514db8f79162e1d40d7d52fa07f960700a41036fd9bdf982d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
279KB

MD5
a4725a29487bc8838ce96038911b10bf

SHA1
4876f6c9cb6409475a45e45e18053b7f31f217b4

SHA256
225072723547c55ee5cb9b8fe306f724dd24c565f42cde8b6f06b948a380e0ba

SHA512
10b0a39c76a4e5e93eff91a1f91103765f9f76c3952b287c8b02e3df6cb597b848278af33a7e37f212f2437d78b418378dc6ecf6ae462b69507691e23299941e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
b00199f428445b6bba82a7e1cbc0477c

SHA1
339dd17cfcc7bc9579085860f85548ebfc69f6f7

SHA256
2f31793b4573f0cdcc18a50c668cf1a40a6b0db0f8a108f14e535d45645403ea

SHA512
f6347a10651c05dbe1892d265abff3b32333a78a91b29569723401cc511334b2b6bbee7b5d97567abd760d71d607d3768547c91cddf55261885fb3ef777d13d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
1c709bd33dfe95947092ab37487f83c3

SHA1
ad37b34b2940db2dc7ac2abc3a1547befce27b8e

SHA256
61182c9e200d54e2e1dcaa3608e85b3c72036d381b155d4e01acffe0a1ce055f

SHA512
9c0a900d82e31413b5e1a2c1e62379e71454bd4fa864c24963b4eaab40ecd53420c031886802d44d7acb06bfecc271529c743b58d0bac7153feae6e5c81c451c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580710.TMP

Filesize
88KB

MD5
c8e522c4993b818e1dd951a8f9b13de9

SHA1
c0b8d648aa0434eb866a761456440ca311954987

SHA256
2b41cc1fbe419114854aad523bc2e538b37b636ea4f385c0a764f48fe613c5b9

SHA512
76eef022b34989e5386256ea51474cd311d78cb9ad6415b8070cb924405b01c5a66cabd89a5972c69ff0a7cca1df326ea939218f4c9449bda9a9e9881a3b6402

Download Submit
C:\Users\Admin\Downloads\Vault2 - copia.sav

Filesize
1019KB

MD5
58abc402f121610ee94f890a96dff77b

SHA1
a06c7e6a95e0191dbf146bc3d2ee8a3ddebd7aa2

SHA256
4a511a8e348f536565c34d11d02f4249fd4354ae7d724746a849639c525bebb6

SHA512
72b4098bc279a0ff3a9902ae546620dfe54596e734ec4e32ffdcbc29ecb3fc377d5aa389aaab05d768164927d38d1036666190d170e5a8e5d3f7e871e6bb65c9

Download Submit
memory/1572-405-0x00007FFD40700000-0x00007FFD411C1000-memory.dmp

Filesize
10.8MB

Download
memory/1572-0-0x00007FFD40703000-0x00007FFD40705000-memory.dmp

Filesize
8KB

Download
memory/1572-7-0x000001D13C5E0000-0x000001D13C602000-memory.dmp

Filesize
136KB

Download
memory/1572-92-0x00007FFD40700000-0x00007FFD411C1000-memory.dmp

Filesize
10.8MB

Download
memory/1572-90-0x00007FFD40703000-0x00007FFD40705000-memory.dmp

Filesize
8KB

Download
memory/1572-91-0x00007FFD40700000-0x00007FFD411C1000-memory.dmp

Filesize
10.8MB

Download
memory/1572-6-0x00007FFD40700000-0x00007FFD411C1000-memory.dmp

Filesize
10.8MB

Download
memory/1572-5-0x00007FFD40700000-0x00007FFD411C1000-memory.dmp

Filesize
10.8MB

Download
memory/1572-436-0x00007FFD40700000-0x00007FFD411C1000-memory.dmp

Filesize
10.8MB

Download
memory/1572-2-0x00007FFD40700000-0x00007FFD411C1000-memory.dmp

Filesize
10.8MB

Download
memory/1572-1-0x000001D11E550000-0x000001D11F0F8000-memory.dmp

Filesize
11.7MB

Download