hxxp://151[.]139[.]177[.]59"/filestreamingservice/files/7328c320-d4ba-400d-9867-f3267c7c1e76?P1=1719165803&P2=404&P3=2&P4=iO%2fgwjk%2frpt9MeFdma7MP%2fVqem9Bt4B7PydjcLpIBXeJahmtYjrm5uiCH1kDyuUfcoUuNXnR9JN18pSPJbjC7Q%3d%3d&cacheHostOrigin=1D[.]tlu[.]dl[.]delivery[.]mp[.]microsoft[.]com

Analysis

max time kernel
411s
max time network
411s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://151.139.177.59"/filestreamingservice/files/7328c320-d4ba-400d-9867-f3267c7c1e76?P1=1719165803&P2=404&P3=2&P4=iO%2fgwjk%2frpt9MeFdma7MP%2fVqem9Bt4B7PydjcLpIBXeJahmtYjrm5uiCH1kDyuUfcoUuNXnR9JN18pSPJbjC7Q%3d%3d&cacheHostOrigin=1D.tlu.dl.delivery.mp.microsoft.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637613262205832"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1584	chrome.exe
1584	chrome.exe
1268	chrome.exe
1268	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe
Token: SeShutdownPrivilege	1584	chrome.exe
Token: SeCreatePagefilePrivilege	1584	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1264	1584	chrome.exe	89
PID 1584 wrote to memory of 1264	1584	chrome.exe	89
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 3044	1584	chrome.exe	90
PID 1584 wrote to memory of 4568	1584	chrome.exe	91
PID 1584 wrote to memory of 4568	1584	chrome.exe	91
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92
PID 1584 wrote to memory of 2384	1584	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://151.139.177.59"/filestreamingservice/files/7328c320-d4ba-400d-9867-f3267c7c1e76?P1=1719165803&P2=404&P3=2&P4=iO%2fgwjk%2frpt9MeFdma7MP%2fVqem9Bt4B7PydjcLpIBXeJahmtYjrm5uiCH1kDyuUfcoUuNXnR9JN18pSPJbjC7Q%3d%3d&cacheHostOrigin=1D.tlu.dl.delivery.mp.microsoft.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccc05ab58,0x7ffccc05ab68,0x7ffccc05ab78
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:2
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4088 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3472 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4092 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3356 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4116 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1604 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4776 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4324 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2564 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4392 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3460 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4796 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1604 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2872 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4992 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5088 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2880 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4184 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=2332 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3400 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4212 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4976 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=940 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=3260 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4876 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5384 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5440 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5796 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5444 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5772 --field-trial-handle=1960,i,15502459538224970058,18118541263306278308,131072 /prefetch:8
  2⤵
  PID:2956

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3240,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:8
1⤵
PID:1280

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x404
1⤵
PID:828

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2072

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:5088
- C:\Windows\system32\certutil.exe
  certutil -hashfile SHA256 RealtekSemiconductorCorp.RealtekAudioControl_1.40.287.0_neutral___dt26b99r8h8gj.AppxBundle
  2⤵
  PID:2872
- C:\Windows\system32\certutil.exe
  certutil -hashfile SHA256 RealtekSemiconductorCorp.RealtekAudioControl_1.40.287.0
  2⤵
  PID:2216
- C:\Windows\system32\certutil.exe
  certutil -hashfile RealtekSemiconductorCorp.RealtekAudioControl_1.40.287.0_neutral___dt26b99r8h8gj.AppxBundle SHA256
  2⤵
  PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3625c05c-d018-4078-a683-747f29b032b5.tmp

Filesize
7KB

MD5
46d81fa6d75195b3171094c50b983b66

SHA1
6601a5aa35f15d80f7c5bfba5c646be94cec3faa

SHA256
7906e5040c94d67f4551bc3b208b100a472358b484e87e3930735b642734c548

SHA512
26c26e0961207f2bdd96b2ccb4d7795dc93be23fe666df8218a4654ca77b6aae46e68c1a4f70e28baeca7c871b3df0bb23bc651a123edcc123abe6918881ad9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
69KB

MD5
921df38cecd4019512bbc90523bd5df5

SHA1
5bf380ffb3a385b734b70486afcfc493462eceec

SHA256
83289571497cbf2f2859d8308982493a9c92baa23bebfb41ceed584e3a6f8f3f

SHA512
35fa5f8559570af719f8a56854d6184daa7ef218d38c257e1ad71209272d37355e9ad93aaa9fbe7e3b0a9b8b46dfc9085879b01ce7bb86dd9308d4a6f35f09e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
328KB

MD5
bd1a7a2a6dd3a0e0ceafd66f23467ed7

SHA1
bb09ce7974ce52b335fe1c1652a92eef0bb6b7ca

SHA256
ad03bd58c4bdbee99c99fc76641672fd1ea7ecdca057f00aa519dba4fe16e1df

SHA512
b879438834179dfad2a5e41dc1b1cf31aea825a5881418eab702aa697c18369c133a5052903a063523fec30d427794bad297ed37df6436056fe356db65311dd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
105KB

MD5
a1df0a3e48a4c3741e734b4942c580f5

SHA1
37e1b17489a54c1872c705f279aee81de4a516c0

SHA256
228acc1960f14f6b2e734566f965c82943e73b7bf8e2cc8558637a7a74d0436f

SHA512
f81ee33c46099ed2003cbd20ba9808b2f54e3d8ef7025b54cea77fb064386066ad46ab12fc6699f6a01c82360395f15185f946254bc88339eca1a7114188fefe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\118157d9bd84454f_0

Filesize
19KB

MD5
701f4c82e398a85952adcc935a99c43a

SHA1
ee1f929354154de7c3563133bdd586ce95d8f7ad

SHA256
72cf1ce609bc7d3e10eeb29f8e0262c1cad99c543869c8e8066821dffa1c7b4e

SHA512
e378f7c951f7c28cce97264a7d05fd8ea38fe77aa562fd089ae41840bbf98c5ac707b511fd3a4c0ea3585dd231288332dac6e65faeb7d425d0d2c1b1d45543ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\81368c0962e37f6f_0

Filesize
280B

MD5
ce90906d0879773378e32247a42b1f03

SHA1
c7cfab3daa0d90933a4b7740f209755df30f6a0a

SHA256
8bc31ae10f43b813a38c37931fb37fa0f424bb16a1de941a8bbe9affa16fe246

SHA512
887b414c717afd501029e201f66205f21ccd4e33207d675f51798e57ae155d646f5bc69cf0073f0c66ab4641a4e87d038bae24a4d39a73a73f35481d8272859a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5d474024fd0bf8cb9e0944e61d890953

SHA1
8c84bbe6ff090ce3563fcd1f14da0bf66bb9b5ea

SHA256
58a27067b1ac6faaa6a22072b86b5e1e44460a854a4dc048aef78d47f0996858

SHA512
ea48e3267125b250d48710fb93f5a93696da402edfeec629262a0df0187ddba65df925360959b858654419360856250a5d5ebf8ed7a0dd859957684924773474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0dbaeb1759d164a0e33de9a84d86e456

SHA1
d3acefb3b6b7ef00f0f55ed9023d75f8efc1cb60

SHA256
e64ac3db19f8e1ed9d1be1e504b0accdc2e39cabf2aef6bd185516d207d85daa

SHA512
844e73767abed62341c13840d386e7bcfd06c7306d5f0719a9291aefadbc64ed9f84369ab68025f21ab572deb5fa2b60a5dd33ab999ad00c208b596bcf88c9e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
6dbbd4344eb1fd19651f1b2ba2168102

SHA1
45e1b4eb3076498f9386d700cd17484cb4b04ad6

SHA256
3e70a4ca1adf6f859b0f6900b6641e487f967f13cc4e011bf7b8db7411bfdc2f

SHA512
a08b8a0b04ed92a157ed8697502c154bbbe0d8696684d90378aecb8a6db1b20d0e83c456c79c5c1f5bde1fb804d990102bd2cec0203e0376570459bd867fbe28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
03f82b13127775b980ecd42e077bbea4

SHA1
9987d41c6906e5b83e2ce168bd2aaf92900e544e

SHA256
60ce17d97ad106ecd315cd2b25bf11232c1240d39811317350f5785a301d114b

SHA512
950012bd09264d66ba2681e1f1b6c9f9bb5a619661d2007dae61c71fbd1fa6429da13f73f71dcea7fd218b4f0511cd77cf472c86c7d29584f4efb71be60aa61f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
09887fcd6047de08c211767229e5e639

SHA1
22a8fbebda271a17c895952832904f2a9e6fff40

SHA256
61a95de7ebd83297e9b203dbf5352878439a2a481dea4c109f24d53026aa4217

SHA512
117b1fbd011c561c7735d57e1b5d33e013968261b6cb942c57667a5022ffeac42d1d4e6ee83b89f4c5e0cfc3be5ce5f26ea97b8ff0f8e654d97bb3a17751ec0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d07e85c13d76032897d6ad7f1f4cec97

SHA1
01c61052eb900185e9c732ff13b4393e9ab8bf3a

SHA256
32a80d51673f1fc95ed87a8ab860e868ef3cc6c39fdc47ddede6247395ed7225

SHA512
1465cf00c71f23d1144fc08998f02e60ee48c8bca1a36e3fe7d11a3dcc7460448c71f20c1c7bcd2941ef9b63428550456684443bcdeb7bc6aff5f12214e86ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d931c0242fe5f1be7c91335bea69b3d5

SHA1
f4d1b2fe5ad1ad55b0e7105d4dea99cc363b353b

SHA256
f722cb2841c880b7be4e0387e9e819f27b966d5412a0eeb13fceb7bf175112e8

SHA512
7b3811c36e28966f2ed107ffc548dc69fe40524d19781140ebf6c6fda6dc9aff76a02589552cf917ac33fecdcdb7f88c1108d8149c5692d34fd6def0ad5cd37f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
72503842ca189a81e94e970874ae12a0

SHA1
e2e6f7221d251df8b10c08a83a142d36b63d4b3c

SHA256
ff19b60b7076d9166cb45f1fb4f64b4f7f044c49a5b9b2ccf35a80b3b5e1845c

SHA512
cb8723d7e3b97c46d39986522e5a98962fad9bffa2e2f75ed3e1ce81fa4e3953d6a6411ecba314dbeebf82d0a6c3e911868478f2974f49cf58946a74508b2ae5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4a22de404982f5d8d15c80b2b57e06ae

SHA1
fcff012a7fbbf17813539b2fd78fa456863abd92

SHA256
fbfe0e2d434e68cc4c214a979e566313fcdd7dc63f248923cf074eea4bb92e5a

SHA512
9feb73c8d51c8eee8dcf7df980e633b21682466255da77306ed2cd6fafb6f5a9c9f5569a63499034bf9278661d7d2ccf35fb8309ba5290aef9a26faf7a27152c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
618e11a34f44bbaccc7f86ffc53c787f

SHA1
4523fc3df02dcea0349a4318fa644b288f66cdbe

SHA256
e9ad0da125a0f0280321d6d67498dabedfd4a4442561499c2275f03c5eea4fbe

SHA512
ebfff3faddec79afff1d94946250c03503d97076a6de92cb7692ffd5427da43b0f15d0f9ef83db845621cc9c62b613479be63ddaa466e6ab8e927a848300c904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
54c88a398223fc8bb302cf80f946275c

SHA1
f905f363fbb2b1a3e69d1413919fbf50c01e832f

SHA256
5c246350d7f86f9c2a46c3a49252cc42e31255d902518f65e40d802ae8a83a34

SHA512
fa23951d867720643d38aa1038ada5a359df980de1a38a91bd5180aaa3ddebf9521977b5f36a25a7e866a0dd45a9d4c000f34b42d110a78c5dd58d2e6d2fa9d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4fb1b90f4ba920e23de5ca306da4a629

SHA1
38837dd499fecc7338b92abd92a6c8b452d903a0

SHA256
ac0c36eceee50d7a84bfc5b7b59640eb025b063c5cd97b82342db01ee0873a26

SHA512
de5ef0fdf57f67ad2ac191886358063c6f7a5cfe05e1106dd4a61ad9c916c25cff76cc6573cf7e671751fd97bc34504b3c801ec8e399e678e26468ec46ca0b88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5a44123778a7fb55e0148b04a5f3317f

SHA1
a5c23ee4bc6309c0abbe5d70da1b017cd9a37530

SHA256
667dac58b1c5789027bc06723f11076ac176f743ff466a5866963b3d29efc4fd

SHA512
94561f4aa2f42a95cba58f8f4cab5de55ed492121d21053d388429661a8eb1d42a094f94c75babe60838492947467569a6565cfa5cc658af73d91ddb531c57e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9effe63c1cd93b6e6eea77d18efbf600

SHA1
c777f8d6c09af8823a45f896f0c972b83c30ebc3

SHA256
1ef59a5bcda052446b8c3d7dc0bf3c04f1bf55310795d2452cfb47e22e95e208

SHA512
757d39530ecff19425958f3f2bc103dafbe478f79aec08e50da8ab01c018bf141c37c308aeaa31886980110985962dc62eb39be56a6d3e3671b3136e87d3b29e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
be7590059818d6a67e88d3e11b69ca25

SHA1
0e0ddf1426e7e77067deaddb6961140f63cb2493

SHA256
3ec6c9071fe5208c53110f496d40405d5741c605df20b3df287d419492f3ff99

SHA512
8850c41fbaa46e571a418694416c152d566a0d43f741551dd2e9e464c59a70f25b490d190f055587dab6ba97979c255886c6b93fff47b54ec01b27faf37b6577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
343e8f428ea79a8f1101a7bb82a070e3

SHA1
a1891867beb9fb4baac91186e4237608b926a597

SHA256
8108aa021b3152a33eb499240a7383a8148fd6fb09393800ddcb406f8458dc1f

SHA512
ae8321d228135ec20abf579c6d36a5d0cb1d3d58e8d4c333633089432e39b65a513824f42a1107b07aff73700fe89179b482525ea54556158bb751ea3ab35a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f813f02eb2e7e30a06997679c596c31a

SHA1
f94435041806b2ca9316e0515979ccf1adbb9fac

SHA256
055a4c011b1ef70348dc1b47d69b1525b0dadf92747104ef93f4d2a144fd0ef6

SHA512
f99a66a8dfeac4e4669a6773dcdf6bf08567a759312c05f81cd986a1c9bb6908bb13d9c3fea5f865360bb7e9149a4cb70c80db3d688ceff715f9640480e446c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3162fc25b02fe9510e9e7ffac2f6e091

SHA1
f50ed8cbb8e437f1e18fe05529b473dfcda8c499

SHA256
dc382e05179adf58c84a9d4507c2beb91f53b44260d034fb28850ca85683d131

SHA512
e42aa9eebed559bb94561ad3f9f1ce8bd5466b6ae65d7a668ae48c8e740c702b4f3b474e3a12f6a2fe41f5f72083c039b71fbe4022c74805115964857f268f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1ad83b7376a71e76812dbf9d9fd40a0f

SHA1
d4f959fd6894b64b52f51e3195d3164118820d09

SHA256
09ab9a8d0a062b89f37c2405e604da4dc0dd9b5f5d5d4a26cb0b598a9954b69f

SHA512
301c83c9de98b0f1f2ca75b0432406000d9d6da46f44adf3df798bda5eaa46f76fd434062713a4048c4bcad91c2aa535633934c8003e10712d1fc632895b75a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ac5217cdf80fe284ed2890b769f067b7

SHA1
93cb55edd887627d733a0fa38ba2fd29d9967d37

SHA256
0b4951306cdd10d0475087a8e9b610a5595eba9330aa6e2d362d18af926eb511

SHA512
0a36f416bb667fef6d36d799bc189f071c7a2c1243e3270b5727a605252432bda23e07981439c3b91091b46f1a7f88c4d1562e5dcaa7e23277b1d45c16b7dbac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cc425ae066aff2dc4e43cca471998337

SHA1
08574deb5f7ed8605f724413d753bee0b5878b46

SHA256
f814ebd02bba2415a3b48f2f7a169eaa802243e553ba5e4c02413c7959016523

SHA512
0e46e41f9c988e25cd8dd27d85967c7e33ccd6b39643ba610ec24dc54283b4340dcf6142ddba44e7899a4204472924988a5dc7424390e5ff1e4ceba4b8cbe9f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bdb24fb1f4b7ecd79b33ec8e8691f9ed

SHA1
e24cf76d7fd8b7843476ed763e699d9be929d9ce

SHA256
6dcab9a06cf49c80f6da003e342ec8bc6732d62dc0aa2f0bf96b37b41405e594

SHA512
1ad3f0968252fc447f2f3009162c5a15812d57f54eda76fe761d6757b839afbec443c987f7d2527a9bd0cdaa7a12de8850c4698ba978039cd1cc233a33621712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
68a8047cdf77197dc859c310b0d92e34

SHA1
5289110247218b037fbe2cbb4251cc76727451f2

SHA256
ae90d1ec39b520275c5fd4b11eb9e2769582c3a90cf7a6ab11d5d0fa32b81f90

SHA512
b070c23c8ec07469f401bf85d0c7babd44dc4f9e9c6ba03db973f4aaba33ed070f007db2a3e8905fe19e5cd8e469dcfea2f456fc33ff6935869b21f45ebb8f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
df23aaca955c6e0745d4a5198ff14051

SHA1
5284d1a21ddfedc4c68971715edafb5544c3ab29

SHA256
4f4779ff2596abcee3c01f6e5c69a8177291aa4196e622c73d12a5936564287b

SHA512
d46295017b07b742fb9c8026d75207c57b92144d918e0219c1952579c7323ac3d98bb7e7a02a41f55ce1d2aafd8a23b944366fbe85b91f1e295178a30f2d7d8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
faeff854595f0d00fd0326a01bb355ac

SHA1
11b4f43bf189571298fb0a771c8ee7d0595bf48f

SHA256
11432b78968e9c86c13f3a5445b4ca93261a057da20a6e317038b322a05daed5

SHA512
fb07c02e942f5934f8289a5baeaa90ab6d1d9ae7402e7731add9a67abee2315c24f16607551f118591aa3c6adb121212f133541a8bf83c9da111d3b250cd74ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3683e77bed4b135efb0da16431bb3e62

SHA1
1c7db42f6268e610de2635f77c07d70f234b1d75

SHA256
23d079d81347ea6fdea98047717a7e1721a2825818b951a25bbea13e4a297142

SHA512
9da2fc7838ee45261926d07d8f3defb942e3c30fdee9ff07daddd4c4aac676506e21bef2c294d1cce99cc7e69e00427ec290b9136677d3e63ffecc6d044ef9c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5dc4ba.TMP

Filesize
48B

MD5
302b4d646a15688fc4f203bee30de984

SHA1
29ceff97b2610c13152adfd1043024b09a995fce

SHA256
5f197273acbbf1691489ce82187cd5a419b29fe53b017d5f25c42228d105ddf5

SHA512
7753add28815adb549cccad3cc3b5905625c3b0c7b5946091dccbd810ce425520b1c0b0b727b2c5a33916cc76cbb802efe9ae6e37c371c792e4e93cb5284d1dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
c8b59e6fd0c0673a194df6c8fdcaeebb

SHA1
f5c5c0010b9c925263c53f5b81ba24fdbeb38306

SHA256
961a3087f9edc24e417aae620e5d49623048f118c84a3a4f97ea8c3a62687dfd

SHA512
be5e1ebbae3143d347b791bb40eb73b55035148b1d75cf8b974f56c8bafc70ea71a7ec45c3d859f7bedd5231c6712db6f76c91eb742fb774e1b66319fd362c52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
450493ecc5fc9d8463a238e885e55896

SHA1
107779f287258149e8a0c3eb141f8484fe1beeef

SHA256
c434835fcc8f9b335c98308688fae12451362ca6413efd6060e8429ca2e4d7f6

SHA512
38e120ed878fa27972257c86ae3380fb982660201f58dafba4a8379b8b09a92f988d0d74e221e5144410adb9c048744b6396d8e8d8c29f9bec290d149def8ba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
419197fbb574a516a158eb586c77e3ef

SHA1
741bac900b997064e25796049d6b9f0487022ee5

SHA256
78cfbca33870c773e29b1373705a9d97418730dfffbf85886922b3b7bef939b3

SHA512
5775d65a658289272063e431fc9e9cb673ee637029d0e46ab085fdde159f7fc195973ec554844cbf45b6750ba1d68cb794ff980fb7356e86a5450f3b3ac246e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
abc3d1c93598a355d34eacb4e8a1550b

SHA1
8c60db0b3164a776176f96b933d2c65f7cb52246

SHA256
76cafad46048e8705dfdd126ebd64768c5d4b59281c5cf1bdaca4f5aace9bc0e

SHA512
d6ead40c381ef8d130b0166d87956f6a5d82e7d5505cb2374e0d6fc07e8e73ec8a5f6db8aea7d45d9d3b33fcd35c1fee555e32b0da9ae933ce9c7eafad4ccb4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
4ef7ab98da4a6e25e7f2d90836f667ac

SHA1
25d866e48e903e78b93f087290d00f576d4bbd17

SHA256
4865fb761c6862eaf0b482b90976f0183466ca5bef01bd2bc0f452fb5adbeedf

SHA512
c279b2dfec5d81d74cdc3fd7ed8f67588c166709cf95661277cd5b2d28e3a40d72f4d7b96c818662cfb43b9ffba42de1bd968458bb21b83dc1c2983c088967dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b7646.TMP

Filesize
88KB

MD5
04a1e7014c92d9ac6b5cf339fe707459

SHA1
29de1e076fa97c2e9be70fa016d905cd951e5453

SHA256
8700d4bfce318658c6593220a243de9b61df7431fbac89135d034ea1ee5b554c

SHA512
1a03f271cc4eaacc6c534319d5960d78fac9bb4fb325214ac04dd3a8ae44bc2589f52cb2a1aec4fd76ba1c3bb94a5501e2cae51d46d7b8b8be5468e0b498062a

Download Submit
C:\Users\Admin\Downloads\RealtekSemiconductorCorp.RealtekAudioControl_1.40.287.0_neutral___dt26b99r8h8gj.AppxBundle.crdownload

Filesize
9.2MB

MD5
3429be2dd84d1988f0f6575486ede60d

SHA1
1f9d7d1514dee58123b0d69be8c7117a9f8bcf7b

SHA256
ef47361f8dd1286e97768421c5a1b8e2f7a17db0e7aaa8655a8c437002a800fa

SHA512
ef4f1509fdda60402f88abedca6d6d35a3acd0ffea132433091626f9a48b7de9286811af8703fb3440757c39b6a0b7c26a93495e38dd00d4f53647681e54ba6e

Download Submit