aef13f3ec8abf777929e42aa3de86774ab8362f7fbfcc0475c7b912ce253c002

max time kernel
277s
max time network
277s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
03-07-2024 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoDox.exe
Size

81KB
MD5

ec51cfbde4a4df4eceb8313adf8d93ca
SHA1

f8925a067c34ab1b0e7da2de961af20247ace3fa
SHA256

aef13f3ec8abf777929e42aa3de86774ab8362f7fbfcc0475c7b912ce253c002
SHA512

1cc6c73c33ce6d00c102f9ed3c6733c532f131b00761fd4ff59cda87c560e3ce3e06dfcbb8a886976ae5084c9d36c3f02d9afefca5b1403c20b53735fe24bada
SSDEEP

1536:9rsgf4VFHlI++UIoyjyCL6sf+Fle8Ifvl1loJbh76e:ClI++UIZIsf+Fle8Ift1loJbh76

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

165 camo.githubusercontent.com
170 camo.githubusercontent.com

flow	ioc
165	camo.githubusercontent.com
170	camo.githubusercontent.com

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133645107185076298"	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4868 chrome.exe
4868 chrome.exe
7280 chrome.exe
7280 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4572	firefox.exe
Token: SeDebugPrivilege	4572	firefox.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

firefox.exechrome.exe

pid	process
4572	firefox.exe
4572	firefox.exe
4572	firefox.exe
4572	firefox.exe
4572	firefox.exe
4572	firefox.exe
4572	firefox.exe
4572	firefox.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of SendNotifyMessage 31 IoCs

Processes:

firefox.exechrome.exe

pid	process
4572	firefox.exe
4572	firefox.exe
4572	firefox.exe
4572	firefox.exe
4572	firefox.exe
4572	firefox.exe
4572	firefox.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4572 firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4116 wrote to memory of 4572	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 4572	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 4572	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 4572	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 4572	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 4572	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 4572	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 4572	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 4572	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 4572	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 4572	4116	firefox.exe	firefox.exe
PID 4572 wrote to memory of 4904	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 4904	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1836	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1572	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1572	4572	firefox.exe	firefox.exe
PID 4572 wrote to memory of 1572	4572	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AutoDox.exe
"C:\Users\Admin\AppData\Local\Temp\AutoDox.exe"
1⤵
PID:2444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.0.1094291148\1368975668" -parentBuildID 20221007134813 -prefsHandle 1724 -prefMapHandle 1716 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87d82677-81d8-4a0a-a714-765f496b9c31} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 1812 285dbd0ad58 gpu
3⤵
PID:4904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.1.1694665418\2132235723" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e69cdd60-d418-4001-8fe1-dd013d6aef6d} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 2168 285c8872558 socket
3⤵
- Checks processor information in registry
PID:1836

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.2.485633870\624698674" -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 3184 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cf1fa0c-ddbc-4caf-b92c-4f214b1e2cce} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 3160 285ddf8d258 tab
3⤵
PID:1572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.3.309984985\1029695870" -childID 2 -isForBrowser -prefsHandle 3420 -prefMapHandle 3416 -prefsLen 20972 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9348dfce-2aad-4551-8e93-af0023afd429} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 3428 285de77cb58 tab
3⤵
PID:4424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.4.196541784\2031326928" -childID 3 -isForBrowser -prefsHandle 3564 -prefMapHandle 3568 -prefsLen 20972 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e87f31b-cf4c-4df5-97ec-f73cb793250c} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 3552 285decbe858 tab
3⤵
PID:2892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.5.2041311111\6232622" -childID 4 -isForBrowser -prefsHandle 3664 -prefMapHandle 3668 -prefsLen 20972 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec4b5429-9f7f-4956-a910-5435ed43bc5a} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 2860 285dedb3d58 tab
3⤵
PID:4812

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.6.1746712657\1319233941" -childID 5 -isForBrowser -prefsHandle 4184 -prefMapHandle 4172 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7904b31-46a1-4feb-83ae-e6a590bf9dc4} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 4196 285e043ce58 tab
3⤵
PID:236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.7.1806168379\1283053382" -childID 6 -isForBrowser -prefsHandle 5244 -prefMapHandle 5208 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fe5e376-c0c9-4a4e-a421-c8b36b4a8382} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 5240 285de2a4b58 tab
3⤵
PID:3084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4572.8.910808812\822352912" -childID 7 -isForBrowser -prefsHandle 5672 -prefMapHandle 5668 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48e16b06-1d08-4d9b-a2ed-cb43dbfc4819} 4572 "\\.\pipe\gecko-crash-server-pipe.4572" 5680 285e34cfe58 tab
3⤵
PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff83e3b9758,0x7ff83e3b9768,0x7ff83e3b9778
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1280 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:2
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1724 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:8
2⤵
PID:4372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:8
2⤵
PID:3624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:3904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:3668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4468 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:8
2⤵
PID:5452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:8
2⤵
PID:5512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:8
2⤵
PID:5616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:8
2⤵
PID:5684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5060 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:8
2⤵
PID:5692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5064 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3160 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4732 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5096 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3452 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4544 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4464 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:3044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1584 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:6036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4808 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:8
2⤵
PID:6136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5272 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=2448 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:2360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4556 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5092 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3756 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3860 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5404 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3156 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:2932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=2504 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5628 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:4804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6016 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6024 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:1256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6196 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6208 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5624 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:1972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6592 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:1264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7124 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7180 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:6032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7556 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6952 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7756 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7964 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7892 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:1632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8252 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:2304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8060 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8560 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6596 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8840 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=8968 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:4352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=7468 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:4304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9236 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9488 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9608 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9636 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9616 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9892 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=10144 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:3808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10272 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:5516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10412 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:2112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10536 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:6148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=10672 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:6260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10832 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:6556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10860 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:6568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=11272 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:6852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=11192 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:7440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=11424 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:7468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=11916 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:7548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=7908 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:8012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=11868 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:8020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=11676 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:8028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=11460 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:8036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=11404 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:8044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=11752 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:8052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=11152 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:8060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=12040 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:8076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=11156 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:1
2⤵
PID:8084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=11792 --field-trial-handle=1844,i,15115284092333211541,15747141168688439819,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:7280

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
70KB

MD5
c71e661f482d2a7bfc565060281b324f

SHA1
4f66536e4d59091e4ce33e84207965c51330ecbb

SHA256
60edc95aa4f8233ce27dd1b122a78632a0b9aa5be0f183b27a08dd9fc58a4932

SHA512
7bf62c927d45ba24d1465977e8d741b2aba4faee95f7d3767fbbd781c62b3c6bc97e1fb9f525d43f3c77202ae6f8904f3389c3ffc84c306c43be876ce4a180c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
106KB

MD5
12db4747c919800260d71579c658c235

SHA1
62cd7b4d1646452e4fcf800e5c726785fb3eafbf

SHA256
1db7e1a8992d246c5f8f45ac7bdede320af040b05933ea88452b2363e7cffa5c

SHA512
cb7cb75b01d6eb46741c083de628a3a378b5a8f1c93c89fe2249fa37c37fed7f1060799a354754b365cb53da74ac270fa9e586967ea9dbb44a2bb9d9ec4d01cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
329KB

MD5
389bc2bf98582752a4b510949998b379

SHA1
22d770c03a3dc8f2d09a185cb54cc12539a8d5a4

SHA256
a19c339bbf0a2c72fd8a8649199a72738ba8e76592d1346d55d0caee436fd391

SHA512
164c3ae54ffd18dbdb692480ae3e028bfcfc39bf762416dab64ba6991dd40250344ad36c0c15f73074609fe0072ca770642697a666f27397d95594f843904477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

Filesize
163KB

MD5
14a32802c868f4db6f3c09eb16eabc41

SHA1
495baa8f962b8a3398a104d71130704d16813fad

SHA256
499351b522533faba7cdc5906c25df3c6251e119a964e1cfdcc10ad8badbd6f4

SHA512
cca1ffb880acb26e17aa032bbf05c65fc56780bcd076aae23eb61e3327eb591e79426a7448329b11814c2cebba406b48712d3fe1d6a4ad7c83d1e0196f53338e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
42KB

MD5
54476cef20aa3e041c5b14de32a5ab6a

SHA1
032a1be25a46f795208b0365455d34e1e3b17760

SHA256
189be432c6fdba1e70841382153b3b2ac08aee391c80f6259066364be3ec461c

SHA512
0b8ba7bec920a0b73393fdcdb8fe399473965646b32ddee7a6734fa222476780c40b8ff74e528b12b2844cc15278bf0c065ffef32c227243829950623946d56f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
4521a57bafb3ae07c929bd705282080f

SHA1
cc1d0688c4c4b70bd75bd19f52d0a73d456c290d

SHA256
5dda4523965b907c5ac5777b660866543254cc9ddeae30e6bfe1b48fe2be1295

SHA512
6b60089cf3623f481c8e4de2e0f7974efb9b135992e8da956fbffcd82a2d8a5b13e49575ef6a1874ea2431a2daa1b7133b4c5259b4d570e0d05ff8a79e176409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\954491e4-9fd9-401c-be8d-50eb1b23b64a.tmp

Filesize
5KB

MD5
0e9486e2c51e3d950876ccc42c0342a0

SHA1
0abaf29977670b85c7dcab697f8ddaba263ad7da

SHA256
061df9946809a7131ad36ba98feb80f5dba08a14f71f9025e51e60c24329a791

SHA512
7bc259a97f82e3e45be2cb4f65db3e03b55ba398ddb3b2bf98ec021c435fb432e71bb4c9eaddf9a74ef24af190bcea5d30f245cfa70f6df03d50491b680d281a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
cdc13d09711d7b5b4869187c6e2c78d6

SHA1
ff270a0ce27796a73e480c277d47bb423e20f25d

SHA256
bce30da5dd22743d94cf03d00b722a391caa0df5b09086214830129f4cc57973

SHA512
943c886164ab7074de9cbcb35606b7bb8c3703ab02f21df61f8b8236aff0438d0a66be2a83362e7acc702dc20e1594c9edb2c9a92d80de34f4906128d59089cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6f06c381e4d8b92efe3b6ed92ea0ac0e

SHA1
10573fad308c75df21daeac4123ad46c4f4a625d

SHA256
a5fc776a7c7bf4c7988c3829e2334d28571cec3fd6ec5e978142b3623e516ed5

SHA512
022927f36902ef9990ecbc302d7456bdaec4a0c21f9289c87099a3051845b555632e85f99bda45bdf8a6e731487ae24ee1f120596f6ceeff138b54463a06004c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
531B

MD5
be4421c82b5f2f9d3017004d92c92a6d

SHA1
77459cefe3f50962bb8a55fd6ae6f7e701bf8828

SHA256
f2f4390406d05d8653c3c2fa5900ee96cceca9a8b42c2e49451e0253d5dd8834

SHA512
985932511f0c6d894491efc21d7a0d570ab7949e89cfc45802b9d050975abd509ffc85a095a30b9ca0d26227fdd5540bfcac363f8612680a0e995a398a5d3d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1021B

MD5
cf738255355289ee01bbce18b757046c

SHA1
6043d6ff9486e368051e553b9a792e9f350f24f0

SHA256
7b4701795589a721f73d9758c266d60a330c34df18c18eb96fb9d89add0844ca

SHA512
994d17df61867b131dcb76b757d3e9051ac4beaa1da1cf6686ee20d07dbcfd26486270c1607022bbfc9a57034d90c67d1f74a8330e22441218e30fa9a039e01b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1f701a48205dff8de3001d41eb9cc594

SHA1
9c8e031b27c660041473c3a9598a91b24c54fb02

SHA256
eb4c35e3fe2511909820062fcf70efdf68ad52d8dac80b078a1f08219a9b9066

SHA512
9e29c4faebc1d0414c9bb847e27bf27670cc79d6f4c8895de2c9a1f69693413c8e7b63b386ef5f4fada105696d56f4612076f7ed83e84e91eacc669cd047b39a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e1cd2eecb4d25595ed5e3f440c3b09cc

SHA1
f839e1a7412b50487e595f4ba8bf090715010e99

SHA256
80c4daad833a8fd31874c6d01975f648d8ac948bd111b98c2348bd0c6bd4de16

SHA512
f828eb8d75b118a25b2c038cc00d9419dc46037685673d1741fabece34bc6acebb422dea3db665b40d1bf616749370c35136516b442d1026705474e2c2be3678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
b0167e4dec49bb184ede318ecdfee8b0

SHA1
0b9aa30149828e92724365a71af37ce0e0958eb5

SHA256
c8566ff76f3a531468ab3f87bfbcfe306dddd44b11b2c1cb6525557822c2eac0

SHA512
917369f7cc0467ecf14e349fc090b77b3815aca9e17de4e59c53a2cc18df3f4856369a71d3b6d078fb43686c33b6e9426713f9ed9707a00c19e7845e90d35c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
da30d26daaf573b4afe3bccacb6934c5

SHA1
9d58b5493fea5da9be69d89d0b0ebeb425badf08

SHA256
d952ebb35418b143741def976dd2eeeb5be9ac847f5d8e19612c5b564f50f9d3

SHA512
44b6fe1f44e58134ef24d296336b91e333ba76824953dc4eb2a49fbef42da746df51c7d3b56d606443edafc0639d1b7016533a9a9675aeed70f2739c8d8366ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4d3608701c1a5746318317c56a24b0d2

SHA1
0981899da84d3963d5539f80294fd1d35d23e8e8

SHA256
f5a1a4204520066d79f285f11cd22cf1cdfa33cfb3b753ae9e00d417af1efc4b

SHA512
f35f158b33962b3e38e8125be5cd4826cba3abf60af61e4cace6306bd01358dfcf062f0c3d63aee9b944741ba5e8fb26ab941739c9f3bb8166a4d2ee9e05ff5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8397675780385b3df740f66937e347dc

SHA1
263fb48f56a1ee6aebf7b447a091fe80444f4324

SHA256
4cb3c20c53d3d3b8ca96d428b5d369189836a210e67e233384dcfcc64a51ef94

SHA512
6d75a489ba610a3c5ff972bcae8cb5a2a682f02dec9863367fa786e2ecad14f9fe65c427e14800f7ecb7b2c8d726e3352ce384bc6e2b9d56335b9ee4a9e036c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
092f694febdebfd45752a587b144dbb7

SHA1
9a046951cbe5b3fcd6808057e1acfb0ec4cca13b

SHA256
9fef961cdd00034743f6b87da7e2a768e064541672398f703e6cb14f8b041df8

SHA512
d0aa8ff4853b15d63a1e3aad81fc1ae67b770de709fa6d4dafd72730fd29d3c3dfdc754df2db98ee89ae96f2537e6048ba39f309c407aa489bfebf4977375fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
21198fd8d445fed474d9ac85aa43f324

SHA1
f9dbf2c6f96b31d2e43a4b2fc607a354442520a3

SHA256
b524b97ac29361a779493428b01c1ba9b5341a3171a8b05f2b61ffff276cde0f

SHA512
bfee55bd031da083e1c5ce111ec119d8bd7354aa64069c1f0346febaddae10827c7d2c6051dd4abcb7b90c16e85ecb5007dffb4e3c9cf8dbc05876c375946bea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e51d0351b9cc491125a64ff2036700ba

SHA1
6eac4f169153bb2ad2eb23e2e820053c812794b9

SHA256
bb8f6abde3fa7693c85daa38c3be21428e8cffb95c8e0299fad6cbf149f5ec3d

SHA512
d0051440f12a24b96aba80f55f9f48233ba37b85551ef7694f1b0e77f28bfef67611827fcd87b720855248858d17f9e8298ef12bcc9140c938ffc5d30f3d311f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5cff2bc63dd78b48169982e98e347752

SHA1
350fac8931c262604072f8931f7368bff7517c85

SHA256
0cb3de5af461ddf42439ed105959465dd8f5ca0b2ce97a8a0299c45ddb2b3823

SHA512
f27f44f19d0c37869d845b8764142bedaaccd727a178d8ec8270d0f2503f69c9ca2779ff94a024b5f3f5682702ac7425c1c1428a99f982a392d7b2f966c93967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9525faebe0265a0857f8cd8e57a95294

SHA1
c3b8bfc03da6296f2bfaf3b292a2ffa82ba26eb7

SHA256
e017feeb0a718bce7db2158bcedd2af6ffb74a1e5a683cede063b4bd18aff7c7

SHA512
6e2c58d6a9ca5dacd19a077266dee311d7ab6404b01de70e5ec844010352732e77341a118579bfc9b65a1eee0f9baab59120127b0f68bb8eb180edc3403b2660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dbe12d9c6db043546b3fea0e816160f9

SHA1
17c783491cdf670fa47cea06cc53ad3cdd39bc71

SHA256
b0d4441ba38df3ec4aba09b10ab7901fd1b57497cdc3599eeea57297aaff957f

SHA512
7eef8fee588c34642d8b1d142ef36ed2fcfb11870300d96dfb5da46711c9c8ae87deeb1ee196c95d51174aa70c1932ca72f5e37b1a81eecb0b03341c791ebfd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
b49ff50ab2162c33a6d3f29f4c31854e

SHA1
567290365216a535036d04d1032de4cc04828261

SHA256
b1ef72d737b1080e3361ae7485b0e835ac958a8cf57a62f9b71f675fbe73843f

SHA512
0c8c68bd94a97c5cc2a185d097ae8a2283e1d816aa3a8464f7668cfa75e55ae5518899e37e18d47be7cf457c2db5e7e86bfcc3640e9ee24a0121dfdad6bea859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
0a999d24b8f92edd2eeffb881ea7a284

SHA1
2f91fe6302fea6859be5e4e3d8ab3c2883735376

SHA256
6c5a9cd58e50b36c16976bed9306d0ae8aada8f6b8387a4ce6af4b55e9dda7be

SHA512
2781816c64e70d4ccec2fb3b5fc5659a1a32b1f19b9e5c987e1bd9e0a9fca407344c2ab7cb9099522f2c7ff5d9920bc4dd85b4e3a40421df39f8e73aeb1ff296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59c5b7.TMP

Filesize
120B

MD5
929cafc448eb2c8e758d758c65e64f9b

SHA1
851e68bb9fad349bd64ea88b4ea1b1110dc8809d

SHA256
38b35f5b7017740ff778242d2449584901c037f9ecf84aa4b88cc6c3a1f57611

SHA512
513a62aa1db513835a1cddbdba1c96ab80736f368ae6a5746b728d16aee6b1ae72092abcc0eff4d53e677d15d96b7960d0683008716403ac468d61a93ab02911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
287KB

MD5
874ebda04435a5a32f9be91cb4189665

SHA1
e2acb6dd062d84c237d485d80d40f1bfbd688202

SHA256
85ac65517656c966e927ea8de0ac2808125b56818a8195ef0b8ec5dc6ed0295c

SHA512
c63527ee3c652ca305ecf4005df86bd3500928a926e396b9d4b99dd538461c35ebe6b924050ed0ed38e245a4fb5d240bda6626ff0b88e8da477361b758e30613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
6ac1b41ce439dfea731e9ccf6a4779e8

SHA1
94758d24de8affc0ca786f8d86f6cfc7ccc93fbd

SHA256
87fca33aeb649b04a957b3dc8c716b758ab5930e18502212c590ed5eaa38cccc

SHA512
8f9909d15002be0c399035814221b3c74d39c7ec426c9e974ab558e6cb3933e722f7df33c6748c15cbe862cdb2c8f931fb79ba77c53d39f63c4c1dae37d094b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a69f6.TMP

Filesize
93KB

MD5
e2a5ce6207a8a5300b791cbd874669c6

SHA1
c59b452f80bbb2acbbcde0ee7220ceab0f985a94

SHA256
a80df15de2ce20c3f9fcf676ad5892a365af731ec4a91a197500a0ef7d027b2a

SHA512
24417b396d6167aa8318de6b336420107471f9966c0163ebb05ee4c4e66678004a286c45045cc61df0aca626ef77c5da96a015acd6833d517004fb82bb63c45b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
4c82dc074c4f1c0d5893167ecc87a2e9

SHA1
a42746dd592bc3f09dbfeab11d41109dc2f88c65

SHA256
380eb0eabd2d7cca35ae316a6a665242fbd60d4d4754f0053a5da8ef5240d554

SHA512
f30ea415dac005af4e0752a2c2b32419987b4655b171665cdeb121419c7da23a5d0b7c54f59deae060b07f90c8b0589c8b8041b46806ca9a223b5b81ee3a1b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\2c93927d-7da0-4a17-b8d9-4ffedeb1df43

Filesize
11KB

MD5
dfe0bb0e07b58e4317b97d161a328e23

SHA1
b146a12e04a7a64bf9deb1aae713796f14c1a603

SHA256
9edc4bdf3276734a86b6a41062c5cd1908f3e928fdc226ce9174395974162b84

SHA512
1f866a7efb4feeeb804eff1fca80893a77e56b6070050451ac2a127775675f163672850e927c284475816e94d8edac5e948ef5a1a2463c5342c1169b615e7538

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\fe876edf-8fec-452f-8c09-2183aa00d2bb

Filesize
746B

MD5
f725ed0efd3331f8d2e4c82fa3633a66

SHA1
0f8c898e7defcaa121ebab06bafc631866b26ca0

SHA256
457c983a001f9de599f43d5062e7832ef93e63e06a5f045441012954cd16781f

SHA512
3d7aa57f49decfe55123705e17da7ae7ce4d8f18a94e63986d059a8696648720b2e58856861e0aef92149ba1cbba72a26dfc5d924d3f5c37e60a38b51329aec5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
92954762a574a654db3fcf224ec1c299

SHA1
d8b034979fff4e71cd29a86429b9fbec710274a9

SHA256
bc3b2bc4eba1adbd92de7a06fee663bd55bd11134f8ae067359e9c9f9207dfef

SHA512
eb3cd9f161d12628eaca50b4d0040746149023098384c4f557afda201202516db0c865de30110722771f352da9d725890379c6933980ab4631a963dbc48c8deb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
862c52bb3149ae47176a08a91318b3a4

SHA1
c62fdb992b2c048006a4c12ec3e8754d15619cfb

SHA256
e6f4235cfe36e67a641b5083c10b971cb3fe4a38c47b4f77e9fc9c536634b773

SHA512
b1a0020cfd3aa96ffaced6f4079b038598e8ecae63f1e0034647a710c7c04d22f4917ccd559452d880d6b36c362187a048cea469ef2f83e1e5fd3e3de32d2f32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
a5262e0991ab17019da8efd569e88e04

SHA1
22c3b6f637e694bd7ded0774e742a53f8d003ae7

SHA256
f90858a016e327165b2bdc7c1edb351ff326f4b3d7484e626740388184a3f6f9

SHA512
6c5fa179cdb2d958123a1aadf1515030eac8b45ae84ef8c0ff64c7160c76da27c8829219988cc7df7a05a062a0899f46e0969df7821835f16afae9ceff7abbe2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
b215f8d7677e2531d529f1f7dbcbb87a

SHA1
3d6db2e8eb85ae61a56eb6b6ebce6d81696c6a23

SHA256
bbba831a9e430fc08699a4075c33274596d00e7db338279a69c4da8859c01d96

SHA512
cdae9d0c50181ef38397e663e744b9923b471dd60182cc74b4d93f3d0360565cc3843a095472ba782a44e03832f8b0d8bffe11ea725122e3bfb824bfc9e7f977

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
44112b2417ee4309931c097aa1929715

SHA1
8ed77e1ef1b0a06f69fd40e0dbab634c6b9211d4

SHA256
7b4ad4a200760cd6784ba377d9cef28f4cdebec9d52fcfb01a7bb320a940c3df

SHA512
3c9d4cb8a1600a697c279c0b8c77933d4cb5bf270bf143634b45b2935c05afdf2406f7c4e6ae6a7889aecd3ec9985d0b3a762f2e487d6b808050995d18ba0278

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
731c0e733fe1e3123d366af7c8e578ae

SHA1
9756304ea773dd9cd96e5996dc79de2ed6a9ae9c

SHA256
8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359

SHA512
d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427

Download Submit
\??\pipe\crashpad_4868_MSRNAGNNGOASUZMK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2444-0-0x0000000000EC0000-0x0000000000EEA000-memory.dmp

Filesize
168KB

Download
memory/2444-1-0x0000000000EC0000-0x0000000000EEA000-memory.dmp

Filesize
168KB

Download