hxxp://win10v2004-20240709-de

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://win10v2004-20240709-de

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
82	discord.com
88	discord.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133655679939956363"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-47134698-4092160662-1261813102-1000\{5026A2D3-226A-4F24-873B-A387C5716C33}	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
2452	msedge.exe
2452	msedge.exe
2100	chrome.exe
2100	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe
4252	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2452	msedge.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 4568	2452	msedge.exe	84
PID 2452 wrote to memory of 4568	2452	msedge.exe	84
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3564	2452	msedge.exe	85
PID 2452 wrote to memory of 3484	2452	msedge.exe	86
PID 2452 wrote to memory of 3484	2452	msedge.exe	86
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87
PID 2452 wrote to memory of 2868	2452	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://win10v2004-20240709-de
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5bd146f8,0x7ffd5bd14708,0x7ffd5bd14718
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,10767464395986803428,7403426644749897739,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,10767464395986803428,7403426644749897739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,10767464395986803428,7403426644749897739,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10767464395986803428,7403426644749897739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10767464395986803428,7403426644749897739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10767464395986803428,7403426644749897739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,10767464395986803428,7403426644749897739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd5b92cc40,0x7ffd5b92cc4c,0x7ffd5b92cc58
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2080,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1996,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3720,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4852,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4408,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=208 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3348,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5352,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5564,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4876,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5504,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5540,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5572,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5152,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5740,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5384,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5700,i,11881177708701431503,5314663089559525108,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3516

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1512

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x39c 0x490
1⤵
PID:4924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\358d0fba-621e-4970-8960-a9c6cd4231d5.tmp

Filesize
8KB

MD5
f7b155131c7c18b9cf5810b7f6ff9488

SHA1
dcd4a29e226d2cfef1b739e8f379376c5b28e789

SHA256
445d1533f6bebc85595926c1f7650984bf8061618239d6445e4d2709a2d833a6

SHA512
0b3405f3218389ca0f37639fc701b7d8f24d704020cd1f939779528cda972c46742fc3706f841ac7778c59ab0ccf4f96cc9927f2aa97f50fea3aa86d9a74fbd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

Filesize
226KB

MD5
c63137805219ea320fc66ff9223135b1

SHA1
191c44f68f3033c9d1ac20b29580d38576223340

SHA256
c89437960a363df1b2d53da8baaf618597eff7212180f8a74cdcc5e05e01aa1b

SHA512
fdcbda91047e05c87cb72800423b0d326f024c578153dad097b9a8b653432e13f4f3196d57dc5b26b44f1a5f84c54b1cc3fa9b38a8c268a71bde769b74f4e6d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
20KB

MD5
c7420e502499396427f14ef63f279e86

SHA1
200ced2e2864fc555ab9025737626321f945a559

SHA256
e9b087af675cf99a9d580afe316fb78b098436b221e8c172b884864abfcbe2a3

SHA512
2cb4c4d1061efb2ab270a245ad931b788c26898879a8d3393eda4404af31f7888ee89b0dc05db0c3032fdb084b8ba57f64d5693e6836d891c5a7d56b15ee06d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
47KB

MD5
8022856cf695b8e2b0d1152c58b87253

SHA1
059204afc0ae40aebdbb652ef6d08ac3df9e9a0c

SHA256
2cfc89d052c9928ec0459b4c2d2a53cb48a87441072a60d30c624c9d4a833ba6

SHA512
8015ca969f2e9941cfc9356ffa03083ce186d602f0c3bd188563676fb3a9d901584b33d22e7625eb620308f2d3d426e283861862abdd984bc0dafc4461a66998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004e

Filesize
752KB

MD5
ac131e98f8363eb04e0c0c27b8a7100c

SHA1
463f00a8184561df57536568bb6d5c26e524809b

SHA256
eaf56dcf78453fe32a3f9e5ac1126aaab87caaad286415938e1b28812a055ed8

SHA512
7db397a483627a24c2571fb9aa98607e9ada60859a9a66617a6c7c2a98dc7c1e7f7478cefba15f3fd3bbece983c341a0b5c4930c6a4847bf5ff0f3e90bcf1de0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004f

Filesize
32KB

MD5
6e17059277a81f0fc088315d55dbe8a1

SHA1
e5bece4e3b30faf436a257634899fc1a0138d270

SHA256
0e9928f05246be297da47e379bc18f63a41893871e8b30e55a19d511a58cd6ef

SHA512
65ecadfc7f61f930cdffd5e3f56ce32cb0c9d4c1b95492c8473e789fcc57b7b66636226770d073378cdc4089594d45092e370c2142043ced140de963e1b5bfcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000050

Filesize
32KB

MD5
3b90400153f93ae95ccc6ffcc34d192a

SHA1
84d50489bfcbfb1b476d6914fd34c43e43e9de87

SHA256
757d7206f62d1996785298f81de86e8493d1222c1545b9602c825797630b9565

SHA512
b2e8ecd3804c8c8c9187c0c0a33af651004a0040ae0a99a1a86c15b8f12ff900af2abf64cad53e26beb2c28f620dc19aa2386f023f57963b235c4438baff4311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b4a51ba02ee9fe66674b87c1a7eb2ac1

SHA1
299d410f262d46bb0dcf7fe425643f540bd5689a

SHA256
75db4eee67a239e35a1cb2981ad9d815d29a212f8090d4ff8b0768e238a38b04

SHA512
2dab44c83928dc30e95ab08d610162b59aeed327d1c7a9216b124601d52734df0a75e7d8665b950bf506eaa49ac389b7ed09ecf246fc25749a7a94ff9a34f9c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
e9088f763f0ab5e1351bfa0b856ec69b

SHA1
63751a1a037a8aaffff2e7c4189ad2342c8beaf7

SHA256
6d03ff875d9bb4c734babc2bdef9a1888bba14d3d33dba7b0682ae0afb88941d

SHA512
ce987cd78ab416de0fc70557daa510f21e880034e60c47654d80dfc443dbdcd90edd9163719888ef52bda4794d3245fe8c7d860b0405f61dd36555d7d7f64c8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
0b6a86f8a28445c0abc1ea41edacfc35

SHA1
13e23d7901937d0e53513a915dea4bbf43664c50

SHA256
a78ff339a2809eb06e7b81c64107071e08814d6506090d6bfc5967439fc02da8

SHA512
2894c0ff88a2198e1d7427589079c27c60afe997b12cd3f408c9ccc715a26dccc73e4763d995190b2069600d0a2446abb2ec36bf0785588a9d14d57273ce9a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
41d95401e6de4399646f306188abeee8

SHA1
c2895833ca9ca0e1b166892d1a34c2aec9d587e0

SHA256
5005858e36105e84c45106fdbfaedf71548f82b2f9072d155c2e9f0040807aa3

SHA512
9ab722079cc1624123702cdbeb08283aeaf0914ecdb2f576751b14e229551099ac6af216e268c352855917d00f2a05216e3d70323407abb3bb30c51b95174bca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
597edb2ffc856b84a7fcdfd3b532e682

SHA1
1bf532a7dbff7d7b885c7ea10234504e8745d8b8

SHA256
cdef1918fc66af7a1e6a2fce63a595306c2ae924e1bfee633aea211c252d152e

SHA512
77e4ae807722722a4fd73c7e941e882f0a1c2e7ad3ebd0baf686f35025197779f2849048ba876f03f728b192c300b6446293ddbdce9d2124086a7f8ac48e8c3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
c15aa5fd32d501a72336922d137aedfa

SHA1
a8c29a00b64a01456c63bd4d2e4b6e3ed21e9f34

SHA256
e9ca76e821e4178a2d5b7c55e4dc7c805ba96e5b08c451fde983f667ac3594f3

SHA512
66bdb0dfda28e2cb7bfd2fd5d527f666851f937472952ffe41fa55ab07a6efc9130f4ee95e255784aa52a2ef071841330adc714e25727b38865779f40df342e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a2313044ffb0831d5146f68420cfb22f

SHA1
17b48b8a389a85d41c667b8f00806a203210aa30

SHA256
9c899e9dfd0bff63af8abb1e9d9a96986a2932013f08c72ca52c7217494e7692

SHA512
4d7f141e56adba83fb054e841ec9b6751a4a6be9aa4dd2f2785076057e173651c9352296e783006d8e1194d1d77795f66dd9b142d3efeaaf5534fbd9e39094a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
faf89b8e629bf5d8285a6634f06000b3

SHA1
5428a920ff71782b543f567b8b28836b42a00b36

SHA256
5351fb2e71919316e36b9d3bf1d9e8cbe7cccc398a2e233493bf11394cb0488a

SHA512
0e9703e7014a16873edb404658a772509e601c5e007895fd9eb23eef29b4a84f9d425fbbde10f2308ad87f45e0d0ca2ec413360166b3bb341f65450697e2f12d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ee98c20c65860f6a4a8a0418cf01a62b

SHA1
4ae7b3b720e215bafc72733829471652e88d35c9

SHA256
c4418a872285d410598ec945e5271196ff70bdd91738e7d72b655a5b0e065908

SHA512
75332ebd0d1dde40f7c53648c4f8ef8418d3b1fe17024e25ed3e39b9df3abc434ed0b09cf24b23eb62b085b499de2dc24398eb72d384b3a1fe5d5d2e833ad58c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b879da08fe41888db0fb413972fe476b

SHA1
524c3ad4dae57e7f3e1ff2f7f86be318e17c179a

SHA256
e176757cdb2e2db1bcc985d6c474366f0766c53041f9d2dee8948ea98bcc3da1

SHA512
b506de1d7908ea7a6d7f00dc2cfe4935ed6462a872dea3876b91f44008483e36fece9eb1e8768b87c31a49556182ef0852cdea3d34da35674ad43d44765c2c8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
139f80960e45222901953f5207ab0272

SHA1
d1a8f1a8bf164a247c186c5c2ee881c77da82016

SHA256
47cb6e2cf89bd0b4d58ef2b334eb94a3b8d313854f177edaa674ae70e79e9e2d

SHA512
1305a7cc230f2e9fdcdd47ce98b83b1444b9c1a1dcada73a15c59407757e9038471aec8cea89e840f1a912d324d39556cad95f9a319560e588b9056ea1f0048a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
284e2c7ab7c6ea4aaba1fd8fca36e039

SHA1
8a784fa6ef72dbf87ca7c00b3aa6d0b41000d74e

SHA256
568ca50579fad546e5cb760caa76930b0759d4303b7bc622af71e8eb39d23259

SHA512
e09ba88e825fbfaffd4b4c42fe0c6cc8fd1bc3833693ef330c6bfdfcb632115a9d592d21582e07989f150965f0f1e8ea36f142ae5a1089fabd13103edd6344b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1eebf2ed82646eba1d21e4a05f959b10

SHA1
3f698bb04b629129a5f0d3d851243bffab9409dd

SHA256
6418d8ff1ae7d485a9ed23a852d13bb279490a0d38cd8c8c58eebeb948b8a443

SHA512
6f389fe24dfb5a8e5ff4c19073bbe646a5cc6f60d9ed9e8445ed4bd0e733aa90e1c6168d44ee3c525c9c493fb21b23ff7df45b88721c4dcb2f7e8640f313ba11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2c3b0039c62abac07d4dc4578f05ffe3

SHA1
722507df68a7e0c6f28b6a9ff965e86d0412b1fd

SHA256
a9bdcdc5bfbafb85c1027c423e500878147e00de2a604573e4c0bcdec0179422

SHA512
e8707b5031fee01113ee324909664806822896c393b3b2e55e83609d83b1366e7c17f7ea5f78e4a2d7a62a477e2256ae2f79de21a2de7e8dc1aa3bd43cde3f9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
271d4d67722f5d5e8575a9870bad2e5f

SHA1
9d23f23e6514a2d410082ce4e9123e2bb033344e

SHA256
2261f554138a3d3390e02e338bd9e5e79bfccc3a6ec1a39d752bd00191af34e1

SHA512
59cff9ee78ec167219c89b6edf357981c2de1be8db58e50ac968fff9841a3920fca65b2466c0621bcc6e1dc477fee1b6377c95de4025cc87bd7f059659802d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
562beedcf84cdef7d3fec99d1e8fde95

SHA1
65dc4d2c7f4e5c4a205fb4f9b06d9511448f0982

SHA256
542ae6408b7e61ff86d215f4264c36f44ff85099c615ec5942ed326d08c3e3db

SHA512
ea6f714726f610890555d873d502bc83277d4aecca35d9333491692bd29ecf7267c19e505d08b2859f32f7bdaf5b81995eae4706d6434571bcaf337560bd6dc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
16e5a12808e719e83dc07ab2248a956b

SHA1
cbc6cb39474e447013f94b0bb4e6efb92f9444e7

SHA256
0c737dfbacfea1f8ed4954f6aa87093bdc95abcb334df6ea3c9c8c70c87261cd

SHA512
56827d4938202a8edd016e6bb3e3b4ec994dc526aa28e9b09e0d730678e6b502303552c7225ac1ae0c988c88649389472bf765c19f9cee2ab3818c2598a20f59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dd4bcb664ffe5f2ab214c9a5c3a7d3f0

SHA1
ab846576999820004ed4ecfec14d4e264889ff21

SHA256
00eaa677a7bab28684d5b4c59a08a2aa762c5885cde8332065185b25ed18e57b

SHA512
4f4b042c0c937670a7481f39291d9a8540c4e71159dfde1bc2ef9a28622230633f6d894178c68d899b583532719b8ca176e5411623570e915f24254be3c92da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
12687612bb1c7a84dd739f0c7b3885a9

SHA1
9f4930e6ce476459fb0465ac012d023406263e72

SHA256
5c8779c95918a69961f4f557369f88e0ed9dad522293547abe4ee54a27c56b81

SHA512
f2388289b25aa035be70136218ddc013cfc1f2bf7efca9a80470dd6fa70742684f1fc72d8235f9ede3829e243ea9812d588e82ff2f645cca49e4f47e0f638988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
c5de095d8950bd21e42b708b835d795c

SHA1
1957afe8fbf9107a28c44b7125d237bf2cce0104

SHA256
170c89462e1942c1d8e05a0658e83e768ae2610a2bebe2163427f1160daa4a6f

SHA512
15e451e60daf6221d13ae0a6d8bd77d0fa47a6259c03a8f1205223888b434000806f8fc3f513d385366808987175bd955294b6c10abfbd9cc69f4d3c49bad6b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\060d76e0-61ec-4ead-a211-8c08b7393c94\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a0b0343d-7040-4c9b-9846-8878b64318db\index-dir\the-real-index

Filesize
2KB

MD5
3c8031d9be44f1adf370fc0a25cec2ce

SHA1
0608bfabf44a5bbe495f76c1f914209ded96944e

SHA256
0893a2ae9d748bddbdfe967fe8d22f5fd022c94d41fd641acc469c888849ed68

SHA512
849e42af659090f06c0f48f5f1999754157be5fcfd11b10be65ffc1f2243885813de514cdf6a3603b1f49779d23da8119c6851ed351bea562508478f03849a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a0b0343d-7040-4c9b-9846-8878b64318db\index-dir\the-real-index~RFe597cc7.TMP

Filesize
48B

MD5
f6a77d7d1c7595276ba97b134d692f29

SHA1
faf3760e0e34b1ab55d610375a6b4532f84989b3

SHA256
a1111e26147e229d166b49bcf048c7657d2198ba9c6e5d4987c23312021e5c7b

SHA512
179893dc3abaa42fb1076b223d1eebb9ced76a986d55e4d36c284833ffeb717915c32fb876f32a4ca11c81b81bad3c77961babb14913f8acd6da65a6a6638f87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ad741bbd-14ff-4914-8cfe-85f1c672f78a\c06653e4ccb39748_0

Filesize
2KB

MD5
ad2b869a724746d21e113117bfea489b

SHA1
9bab6265c8e183a7803404bbeaa8ccd57bbcf977

SHA256
48486c06f01eddb3c85d42da54f6eac0e45159558a7831099cafd32b14e7b5fa

SHA512
15da53005dfe79d20c22061d9ec4d9d397b26352d227baf151f8c53e94f1591f864aff461df3aa47d131ca7a5cc44c80d77104e0124a23094064622b4fdcaef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
f50afe677984c4bb39991ccd3e70caf5

SHA1
400f8753124f78641ae33ec55728dfffc22de6be

SHA256
d8e0cdd5d28932bbf9615666a0dbf4ce98055ef57790f614409922c6a8b79b85

SHA512
57451a5d25a5b7f26b573856bcd945d60bc0ce8ced4c05b1aeb70c3169584821799cd87d5489a6af35f8819115f9083166acd135873476c8e7d7c4935f3cca43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
a874230f119c503264390fcca2f2e7d4

SHA1
e0a8790f7d86e30c8940c3df313d0790466d5117

SHA256
f45efc4a380fd904c187a5e40214e210ee08a810f3e398e57e7f72ae3ae42bc8

SHA512
2c771d261a036629c30db73155dc31a42e0ecb90a7982c324bba93c280f030176eddf61362fa6fd01af60b7b5a7535f81106261892085090eb8898e75c05b0fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
4d4d58755811e9721c1eba9de8152365

SHA1
b26b6b73f79600a993ffd5279b932a38cb6ccde5

SHA256
2e020783ca52e8b970936efbae94fea8532d8acbdf852bb3fd976d77b55fcf42

SHA512
7d91c0d3b436e0063249dcd445c9e36111bd1e20624ba05b83e84cf2e06decda1df6f60d52a3371a1e1b8f0ce1be8a8a831b51100dafd64b8a65f3a0561ea72d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
186B

MD5
536980600e7db782bbad4422885f116a

SHA1
4e27d04d05a826700de341d1bb0857f9ac8ef439

SHA256
246ad3e702c2d0376ed589ac9025a8270922f37bd50bb8c961a8f3f3eb0dbda0

SHA512
d6affcce5f960a2d1d087071b1fcf3b9b5b31b40787b0bc52c7f42cef7a69f392196b5ef7315dec0b0391c53e584d48cd1ad8cae1f233c7c043ab94de9396504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
5110e8040005e36b721f7e93f9122a1b

SHA1
f2b67fbeae918998839c1b586329c972def8e7f2

SHA256
38e3c9eeea53a05cb87d8a4bbc7e0bdb9d30f6d76773a5988e0d1ffe146ec5d6

SHA512
b958a69eece00bf3212d9e308c856283077638365492a70fd38dcd0f1248d35f097c02a93c14d9eebc90e05db41c722f3651804be458f160da2596923fbfc9ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
af9a34733372c40bb75b20508ffe28fe

SHA1
192c7cfc0acd68766daf1a1da23e47dd7c0a6544

SHA256
0ee47076004ac5e4ba211d0138cc937c2f25622fb6a0753da0332d67460600e9

SHA512
0b7fec0f71c9604e95591fcd8b0d6f8f7f98009577bff79e3609f6fdad2717ce9374e2a4c5f054de6d71b911a2acbf85eadecb62068c50e70dd880dde6aec7de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
9a119e9661934b3b7cf226308cea4d93

SHA1
2326e2757d2cf4d68d2943ab23ec7933d46c8192

SHA256
60e7f65fea8137635942a34e5eb072e232f6265d3407230d05ef9b7212997a40

SHA512
caa1426fe75a13bd32ff14feea0d0d5db73ab843823c2a89cce8f04adef366f417560c0cb0dbbab2187ae04e5d62631192b43dc07b32992d6d0243ffa101e4e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
247B

MD5
faabe293d478b2da72106042ef4d78f5

SHA1
282adc982ae4c4f9f7ac2135b26be2788e443fb6

SHA256
559760a0823aa7d93d86320ee56d4678e11ec414c6ce3645626700115366c90a

SHA512
8113881c1c82332ad6f6435809f35c60a37bd90cf44ef022ace477dffd790570461d06d1f2c1b6e3b84512e1bc9c57688bfb78c09533797b3ba9537e64b0c8bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe596cd9.TMP

Filesize
119B

MD5
f5938883f9790c515769c6dcbde3c86b

SHA1
0230c5585ae5dbe8ca38a7c6fd50757760ad99e9

SHA256
66d95f2e3478722d8fd3ab6671d8a1c12ef9239a68c54f5cd131cec58e7505ae

SHA512
de25340fb13b28c2879927a8e7d3a8366a21bab583900e91f46f406b34f0975b6abd740c93d0c826cebb64a9004b563306fdb184a011ac53c2bf3edc10aa05e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2100_1976003952\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2100_1976003952\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2100_821842009\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
c1318ece747a9ed54195d1ae0e10b336

SHA1
112d62be1b6175e93aaa5f5fb3bb67f2188155b2

SHA256
2ea428617294f339b4dddaf14db248878562f1f86a088db63b556a656864d54a

SHA512
6680d6003d730737fab281e4b8f4d7d67c59305b7d8e1edeb1ef84596a3137380204e68afdc616779933aab18cfa0799d9a6faea7f669b861b94347dd03fe800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
74e58932ffc5933f91cf2926b4978c8f

SHA1
0d5f20244f01948754d396d2f26eb3cc55af463d

SHA256
b5accc4e4e8f8b0316245ca24032bf7619644e5d927795fff8c4cee38a7b695b

SHA512
43fa173a19b89b052a73f6371eabe9654ca04c6df3e4f07f44d2a2f60ccc3d094ab8f3a7e9ab395ec913bf764c19588c0cf9e4672606149f61a5c4e1f4fa2aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cbe65da51068c389588a4deb7e36842

SHA1
738a4d2d52835e452c0480d9db76871496f1ba1d

SHA256
ad7a2628e5048bbc3f5cd2648de273fc225846bff56f609c70f933b74c965031

SHA512
1e3d89bc3ddb42fbdf8ecfeed1ac6b10a6a3883397928a101ce5d69cf6ff20358725ee40469648740a601e5752a75fc0755a3bc8153dd3778987982d61af29fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60f5c8160f6ab28a0004ee4dcd789d9c

SHA1
1549a3c751a581124227438be727f3a5b7b5986f

SHA256
2d891d2bdfac7211fc4ec72df0e7bb1f5435cb7c61aff063b69b5477cc356cc2

SHA512
5b2ca70b6276cd72a481b6be609543d9271b66ad42b6e14817bc04d5839c40aec05375bcb5e1a9a162fb25754c87d73a64819f6f1f0c3aab1a3e23a330f2beee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c82311ca7a159295079da942603766fc

SHA1
4592c6bb29d9fec843cd222d5a24c770e0764f13

SHA256
e8dcad2bf4ba1153ab43eb0cdd9b98a41a5a8c0844e9e60d166f40d1c8eb82ea

SHA512
ee990d140502338970303c8ede0755ef3d889f6e3a0c2f61ac0dad1fd5354560384fd9f6413291471e5060b5349e9dbbb988b88d36519c7169315d244edcaaf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit