e7c86a734df3942463079883b96930f223b3cd40b501d32c3d143687d546d444

max time kernel
56s
max time network
129s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 14:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NXOV4.2.dll
Size

1.5MB
MD5

2fd3f4348ffc36ed2edb18c1c204bd3e
SHA1

1295a7987084a4c31a561518b4ea936ba05701eb
SHA256

e7c86a734df3942463079883b96930f223b3cd40b501d32c3d143687d546d444
SHA512

97fc477cd153ad811ceadc60443af544137fd5197c7ba99f6dc05e19aff3d8d364ab41efdeb87b067327d2f4b331173efe1daed3804d8594bf62e046f5399d73
SSDEEP

12288:jWcvWYVU2jcnUh2+gkE+sPIdAfBXjvtQ2U1YMGI:yzUh2+gT+fMfQgI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2156	1924	chrome.exe	29
PID 1924 wrote to memory of 2156	1924	chrome.exe	29
PID 1924 wrote to memory of 2156	1924	chrome.exe	29
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2908	1924	chrome.exe	31
PID 1924 wrote to memory of 2628	1924	chrome.exe	32
PID 1924 wrote to memory of 2628	1924	chrome.exe	32
PID 1924 wrote to memory of 2628	1924	chrome.exe	32
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33
PID 1924 wrote to memory of 2536	1924	chrome.exe	33

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NXOV4.2.dll,#1
1⤵
PID:2240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6839758,0x7fef6839768,0x7fef6839778
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:2
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1448 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1120 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:2
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1312 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3436 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3556 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1164
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x140327688,0x140327698,0x1403276a8
    3⤵
    PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2736 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3744 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1428 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2320 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3784 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4032 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4152 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3796 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2628 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3868 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3696 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2116 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3976 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=720 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:8
  2⤵
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3824 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=2412 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2284 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4140 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:8
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=1412 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3904 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=1276 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:1
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 --field-trial-handle=1292,i,16059735124449544602,15964823987029416790,131072 /prefetch:8
  2⤵
  PID:1772

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:640

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2732

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a8
1⤵
PID:1532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d872e472af2c2c83338a7a97556bd624

SHA1
0112e54efd2c970e61c21952bc44ef05d0ad34f9

SHA256
b16a0dba3626222822369112f74cae5730ae7e7e7be07621e6b66d9b14338353

SHA512
e95062f385e1138ab1bed73dd2b9c4ab37ea92b44b6299c967a525e850c7916f5d8530f165e60ad380967813443bac361bafce58a7f07802718086102878dd35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6d20b95d60ffc0e5760d4bc2631d9a9

SHA1
5a5a244d66ca61f7521ac907371915919250409b

SHA256
1ed650033fee63037f8118e25eb48b5080b14f495d7c88d401ab8122d9bbbc8d

SHA512
f9c62f9906428cbcc7249f4af9f305eedd6678d4f667edd40e8ab37f624ff39206a1ca1e04c7dc2bdd1dad5dfc88a1d038560cb33e103533f3cca215fc11ec74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb9c55fd5bf6faa856f10a6aaaadddca

SHA1
8fefd35629daa70be9143812b6ae0bc2094ed7d4

SHA256
4344e1896deb0d07ff89780beaf35a3c41c2e722aa6967f461aa946691616c35

SHA512
29ad02d7a5d08d623b48b78cadac61138337ed5b2816cfeda3d14753ffe4a00ebd88cd71fc10a700641069dc0aab14bec9aaa9404a1fd7616319e4989ce21f31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36779086763de56eec3a8bf03c96a28f

SHA1
54987d864112b3daf133ecbb7e7f6b5cd1ac6636

SHA256
1dca0e97d5a245d50ba75d57b8bdb99d6eb3ca5f4ba7fcdf44c864278412bc01

SHA512
7c81a7ff96bde21569cf5aa018b3b216b78ec906369e673b06a5ec08bf15b99df689ee1a1a177315977f13c520b50e00605f8123fd6ce0eb5134a42efc622c78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
177992d65d9e36b9341a839306d04c0e

SHA1
f0ee304e182941b72feb255acac841d60a4cbc2b

SHA256
efca26aace087a3eb0ff99ca720f0c2a124aff19267561519f312744a5489ae6

SHA512
58063b4784ca09feb26694311c20a1629ca848a1f8d81ced5fc3ca99662048dd389747c33c2587695266ba988d93d08c40419d5c32be193a1043505ed7493401

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d58d7db20542a5034972c48b1d8b3cb

SHA1
e9346935a9d92e70b37563dc02247c736ae9d45d

SHA256
fbdcbbdfb1e8cedadca8271a775f98ad1f9e47ceb9b2bfe4926e93f7e7ce9c43

SHA512
fa62d011f478d5d74dc331029f32d2eb9fdc8d78a9372742cf33350c311be1412e51eed18a54561bbfbf1c47d48d2b5cc3717c1534161e8bfff52ecb43e18e46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0773b205-7f41-4a9d-92de-a7bc44ec1db6.tmp

Filesize
5KB

MD5
8c7cb603b760151bafa50b2dcd102edc

SHA1
cf2ff4e464ca84445125ba808d782124cde50f3b

SHA256
3d799d996e44f5e0cb5d3ec8cdf3deb34f31b87ddcdb85ea1476e40736279b1e

SHA512
87a9e8b4a5dd1f7d74b76d6bd031c1eafdd235ad783af57471f7adf23214092eb509cdf3b74a8c2ef4a555b722e924ca9222f23d31ebd1f0b61909f201c0d9ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
59KB

MD5
1d5f57b36984d3bc13513937212f7c85

SHA1
6962d480bc6216080b90505c9f25c8a3ed4c8df0

SHA256
7c5544c2101aa4a9ab3bd0ed98d6d1126457f802c8073333d2e7fb7be273dc30

SHA512
dcb01342a2eb9ff3ed03a23b7e0914ccb626e1136c2a24dc4e8144cd785c90acdbffc877408a922519055f0a375b4a31172e3120744de656d55dcd83b84a4f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
41KB

MD5
cfd2fdfedddc08d2932df2d665e36745

SHA1
b3ddd2ea3ff672a4f0babe49ed656b33800e79d0

SHA256
576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536

SHA512
394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
69KB

MD5
2280e0e4c8efa0f5fc1c10980425f5cf

SHA1
1d78ccb26fef7f1bf5bf29de100811e1ac8bda23

SHA256
b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74

SHA512
b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
329KB

MD5
4bdb35f3f515f0cf3044e6a9684843b1

SHA1
12c960465daf100b06c58c271420a6be3dc508ae

SHA256
b835bd77e17447a2dacfce2645a5e812733fe5a777a5e45d9daa56d28675cbef

SHA512
9fa600b87843759b632c2d384596109cf1fb149a5ab38524cf43cab5833cb25c355479aee90d60462764200108cde5ec71f0988504c97ad09e25975cac65bfe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
105KB

MD5
852403b5e072594fe222e28b15e56460

SHA1
0669f30dc8a7c402c5e3c89c58344183be186a1a

SHA256
ebf53b6d88440a415b11e3b9168ad15a3df7d6f21049df74140f6f8c7aba67b9

SHA512
5ec45cdb7d072e30076449ff52bdcd47216d1a1fb38b13422a821d269433c672f235a4237526dae8677e62eb5465f6bc06e9a9d1ef9e949921a5a0c7f32dadd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
253KB

MD5
b6385eec60d281ff466e6a3155f7af68

SHA1
3506c70cd0ccd7740eed10aba83d94e8d17e4be1

SHA256
e32af48b058df0d5956ae06b1b60ed64d86c1fc39448c9cd829b04ce6d4e89a1

SHA512
d39bb39c1fbdfc5ff57c337cf542be7623b3864ec6a7407cebb26314ac0b0d89fb25e33828fe35b239487b4a2239369167f9c105cdc007e1c972dd927a7dd61f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
163KB

MD5
d5d7675604340f99633218bbe4793104

SHA1
ca1df39b7a903dbb856a555db75770f6222e7dce

SHA256
f7d966e98dacbf184660988f6b4482396b517d391e4d0475ffae4fa6f40971c6

SHA512
bd202a6a44ba24d784e3a55556b02d7c20738553832bb42d7aa3205b069913e524c08cf0a348e255b6f0c697f118f190bb5056695ee9d37d37296b9675964236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
206KB

MD5
54ccdd06455dffca428cad08d7f0de45

SHA1
69051c3c4f935e32421c9d09a477eea63a7a6310

SHA256
c99dbf3f494d018833d6ef1287603eb33455c09f68015b1fdfdbb21808bffc2e

SHA512
d101d5e88bf0d5ec00fee46aafeedf65655c537fcae695b2850fa4491e9e818bfae3fb2906c5497a4c1ce29d52171e13736070c5feb8b7a3f45c08b025363199

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5421981b90cb2f0baedc4220080560be

SHA1
68d2ab7b67cc8cb9c71b0c012015b8d9e7607a16

SHA256
b076c2c54e55872479780a9f9f43f3ec7241027a6d8de799becbf4fcbb3cb789

SHA512
ab69bd848b70c405dbbe47693de8e582a920b92d862b46aaafdd61d7315dd0ea24cbde9614bcd257e35681f5f9a7eb688c84bc8532613bb81ff58f6275e464bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6b3da3e839808007bb483201fa63fd40

SHA1
3a49af7796e67591a50126e46032deba63e1e0c6

SHA256
1492ad9d8f1e0eaee900e447310aacd28660ee110f56cc75c3aa597c658c465c

SHA512
e3d57af3564f3484be8262f57fb17fc0a75599bf21ec0686624b76eff98e66b0484d9d291df97ef3dfbca3a41eb426160abb3176491fbb743bf2a9539517c1b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
38f939f11e3c7d0c03bfd105962bcbde

SHA1
b460edc7282ae6402cd6a0b72b4f5507280aca12

SHA256
dd7d6ff02d210f7a257d3b8b17934e3ba47c1ec4b7825e03a0ccf0df4b8d3693

SHA512
5a983af70d6fcc8a55c5426102628a0604a715d0458ab8f3b59f6d30284e9b7b92d110081eae67bce828f302857ebea77e2715097999e4b831cc24eaf3f510cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1002B

MD5
951f15a03ab30669d16190db8119f34b

SHA1
c475f2678abb24d20ef791148d9acf10f8fc322f

SHA256
14e4bd661b4de99380c55b776f743490c0ac16d7e675ce4a833739d198df3a99

SHA512
2f2a5bd2bf72d24a6fc89d36542a693b981abba9341d9599fdcf1abaa9b9209e3a7e50c6340c323c18ac5401d1d6e33d7818ba40f195772a843c9a0023b1a811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7b2f72f0b6066fab8171dc7a6d4363a0

SHA1
7874a6e315a2ff830595283ed3740e7fa619a63d

SHA256
202427b8fcc0748d941303a882335d8d57309e73137ee3f88b54a4f2baf8c433

SHA512
abae7f43ca024ae751bfe26721d9d3023846e2a00502445d4477873ce672ab25f4be704660de613b5294ae5ded33b90caf95d60f34058b66455b6e50047b0a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1006B

MD5
6b63bbced0036c72e591bae3d809e1e3

SHA1
c589c0f2e61ea9bd33e27575b8979c674c42d3cd

SHA256
48164558971fc4a61e9c6f7837580cfe93a2b95194d3bb2c190cf79a41965619

SHA512
f52787b4c0efb8a21627a78a51b4dc594308df4a444734eea10d2bbdb823c07148c06b966bc065a1ac3e2ff4c2fd22a091900d740dabb726bdfcf19e31cc0543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
66a5f5dd54ea662978fea7a8d4466d97

SHA1
a87001c4e0b3b9e2342b9c37b1a93707f0d3d5a5

SHA256
5fa872d15dfd9596917fcd4a73bcd872f645e0c4eb20f040c2e8d71365992e78

SHA512
01660f6a41eabd3b74490ad214707c309d43a29359316d661e1dca4fa3eb5d3bf3bc2f92d13bc12a44cdc5915f309b3f2655fc2f7c845fffcd1cc45e59d87463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
682B

MD5
7289c321e2828e4cc36cf2baa761412d

SHA1
043680ce47f9d826d6544642111fc00bbeeb688b

SHA256
6bef3128e26f14de8249eddb70defb7f891d30eecfe99ea4f36423fd08e98e76

SHA512
d03729deef4d6ce767fe61ea96d0806b4ffa42b6e06bc6fb96cdcbc754c351f3886a1dbd05a406e9e8bcb6762ce9d49303b9b779f02dcab8742fb20b708a40b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1004B

MD5
bbab141d985c15709caece5ea4583fb2

SHA1
e872e2abb439698b47820f3746a9431f3eb3cced

SHA256
cc71e981147322957403bccbe90e2451a1c3a9fddbe66e4c36683909fb683e56

SHA512
43f28848580d000d94f60cbf9b2649595787a4a206c4330839787b16970839806a202a99a27ff64b2bf65ad90396b5448290daf85f5938a8cb7920e646f7380b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cae7ce555874aefae7f71d2a4c4d039d

SHA1
e97c3c2875be62e4ed46feea72f05b3425ee3c7a

SHA256
1507afd158269a23152b59856416d0e213a4021d0c8a28eed550251a7e1678fb

SHA512
3d53e8a6c2805d2a82dbb33604f637031a3887e9eb7f357c5071749d62cd7ef5d77077a88a112a5576daa933e1823bc87ae9f85d7f81646f9f146690aef47f9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6dc35282424bfb0f6b4d427ef8ec683f

SHA1
bcd8069821d91907f86678fb5e1cb085451b6055

SHA256
2c32aa5cbd8e9bd9d2b33778239c54accfcffa49a1e1faeca3c55d1c4d19fc3b

SHA512
a50e066e185abb5ec14dfbcce0bf9d8a4ba1625df27f0a84839cac4861d54d2e2b1bd9799c17b0c0e1532b79685b84bf0dc02f591590ead259192c85aec7df10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
91e50eec7beecbedb9ffbb01234a89f8

SHA1
1dbe265ab00a6eb0950a7c15adbdb5cfc1c2e5eb

SHA256
b57a2551105d00135f8fb1379c79e4db5dae40c23a33c9c33681616f8cf725eb

SHA512
7f58d78b8ebff6bd3d9b1b14e5d46658364d2d448b496a1707d0e3e3913d30af6e892f25e69d083ccc6fd90c2ffc9c9796e62af2332b59acaaa9c2ecdd8cbc98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
29e407dc2ac9571b413aeb2709da64d0

SHA1
4da655eb538f971d9099eaf34516bc9bc361ee0f

SHA256
ea5ca5a8cbb9f132e1c0647dc707f97bd5853f4a017e54e2b78dff64caea72d9

SHA512
67bffa039254750d1ca82a07758258002de879b66900d17d12d50c65b2123c243dd10ad593f51f5b467c3c99a967535ad58c4bcfc0e90476257ad25bf757facc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
66363d110e0651ab28f11ad54ef9fafe

SHA1
8cb0a846af06e4073378f37097366dcb1bcf604d

SHA256
0fde32fa931b1d1caad84df336df76dd3c23dd5863425d1b1ae90cf5e920e1cd

SHA512
a5275d4072f61d0fc447b103ab1137074f4668f789ca0a8d6f90f055aca04e4b9f04df89d52a9aacfcca7f72a3f61f8aa341b508922e085343c5c0d5327c19f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
299KB

MD5
ba9a0747c736e2c3de0c01715436b32a

SHA1
a47e253f656f342dc94700d4f19ff49a11a63035

SHA256
704ae67b4829360013efd601eb146b99f5b5df149f87322e352d2cf54db2cff5

SHA512
8459bc3057b7b5d500e918a6bf8564d06dad51b66cb76dae60d3d61d685852d450288d8c1d28b6667388fe879664f33d7e576c223f4da07e2fcd4131f26c453c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
299KB

MD5
9bddc2bb49ec4770cb3c31dba867f4b8

SHA1
8d225d6ce97ab3223b073541520babd2322d7dff

SHA256
d8a1c8a8b32ed6a6c2ba5d773daf0284f7f9a953504b1d319996266901acda6e

SHA512
0ea160956b42e87a467af794119ec518bad131fa44ee1227ff105c333b9dfba203b23aa9155f74f5e6f0a227794d6bdb6d3ab25bf7efdfc4a761fd0c0c0f37ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
299KB

MD5
29e5fd16564f39598f6e927aa43ae4aa

SHA1
a7589d7bfdd7e2836d85458aae28754fd506d64b

SHA256
876f2deed2ddd4830a5a461e7856686580eedbaaa671e3fb04b2045593d5d3a6

SHA512
46b6fb8a820048f52c5212bb63c3c2918e79b5e2ded0f75355c26764e8882466cecbfd6dcc21fa045900936ab494e239d6dc6f2a9b6229a331b990e360a056b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
81KB

MD5
f96273e8c9368fa7b1c3c3139f7dd242

SHA1
30235be9084eb435df8c26d37ff463d0a56ffd0a

SHA256
2a42e0db2bd6517fe0abc43fff105cb0a9c66eb324e3020c422c8198d516fc8d

SHA512
75161bd06f0bcdc70d599d725f87d8473ab083491a0b88125f0cd3e843204aa782f295610448706ff45133eaeefe68dbd4c0068d654411930107a23e3ad76c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\feaef65a-7643-4e2f-97ae-41c39f15aa84.tmp

Filesize
299KB

MD5
0ca840a4ee871351af1604df9c7a49f7

SHA1
560d70d3a6ed8b0bcc3f11b89e8538e5c4937fbe

SHA256
433e27d65d8d34041b073cbde19adaf81c4002f55fea61f2edd21a87ca8408da

SHA512
c371ffcefc46f14b1c9ece82f184209d18c401c208e970859896bd4c15f822eecf7cd03e01ca2df7bb7b911e6db28a9b5224956bd3ab2f6e31df86b507bcf66e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE4A6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE6CB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\malware-pack_meta.sqlite

Filesize
28KB

MD5
297029a432e222aade487f92fd2fb11a

SHA1
ec9717daf03a6caef12bf3a2a76c3fdbd1f5f152

SHA256
4f3c0e2e22cc54bc649dd15e69a305651bffc71e2e9d585d93d95bdbf6081158

SHA512
0630a86d98cff4a76aa3c2e8e078ea529f0cc863fe9f9a9d00a26d7bbbfd117f97b62c6462a6e5f78ce1ef9863ae18b30d463cf88a9db12bc77453c91ec322b1

Download Submit