Analysis Overview
SHA256
4bf509a709fe242815fb225e40dce31cd12810e60531fbf48259b680762e8780
Threat Level: Known bad
The file bqlcjm.zip was found to be: Known bad.
Malicious Activity Summary
Detect Pysilon
Pysilon family
Enumerates physical storage devices
Detects Pyinstaller
Unsigned PE
Browser Information Discovery
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Opens file in notepad (likely ransom note)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-30 20:26
Signatures
Detect Pysilon
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Pysilon family
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-30 20:26
Reported
2024-07-30 21:41
Platform
win7-20240704-en
Max time kernel
119s
Max time network
121s
Command Line
Signatures
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7289758,0x7fef7289768,0x7fef7289778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1352,i,2770888208346405673,5532758691297471580,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1352,i,2770888208346405673,5532758691297471580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1352,i,2770888208346405673,5532758691297471580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1352,i,2770888208346405673,5532758691297471580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1352,i,2770888208346405673,5532758691297471580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1144 --field-trial-handle=1352,i,2770888208346405673,5532758691297471580,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1456 --field-trial-handle=1352,i,2770888208346405673,5532758691297471580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3640 --field-trial-handle=1352,i,2770888208346405673,5532758691297471580,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3708 --field-trial-handle=1352,i,2770888208346405673,5532758691297471580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1036 --field-trial-handle=1352,i,2770888208346405673,5532758691297471580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=748 --field-trial-handle=1352,i,2770888208346405673,5532758691297471580,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2844 --field-trial-handle=1352,i,2770888208346405673,5532758691297471580,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 142.250.74.234:443 | content-autofill.googleapis.com | tcp |
Files
\??\pipe\crashpad_2772_LUROKRDNBRCMJNWT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 5ac828ee8e3812a5b225161caf6c61da |
| SHA1 | 86e65f22356c55c21147ce97903f5dbdf363649f |
| SHA256 | b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7 |
| SHA512 | 87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 91cccc01c2823423dcfa505f72bb4e8a |
| SHA1 | 7e57f6156d45778d4921f2a8cdb30e2fba3e06e7 |
| SHA256 | 0f08a89a06a735652ccc25ee5b4c4fc05a9d394f0d86943d6ef7d02e23fe8586 |
| SHA512 | 785ba89e70d8b284c7175eee33dc10e17a79100bfcc955acfbad73042bea1e76add948c60d161c8c7ad412186a308ac7ea99d0a9d4c4f881f3e4f566a40d3c12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | 4adccf70587477c74e2fcd636e4ec895 |
| SHA1 | af63034901c98e2d93faa7737f9c8f52e302d88b |
| SHA256 | 0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d |
| SHA512 | d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 2115c6211c45e0d97d539ebd38a1d84b |
| SHA1 | de7603672b75ba5d2e102f96ef11aac1f030454f |
| SHA256 | d4f7f4aafd2a3eb29451264ed5d7df15fd11bc4d7a3001902fd269b7922965d0 |
| SHA512 | d87d2b71dfacf44c322df600c30feb60d03d6b58d12114a8851f987355d776a04f22f6f1a053c931325418c8d5c66ed1e0ca5295a76c89d5f580f169b218ae9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | da92ef744fca0b34895ce5709adb6b70 |
| SHA1 | 983c67129438190e252fc2c347eea1ee78936865 |
| SHA256 | 49fec45011c3dcf2d3268f5120bdfca8dd929e76c7120c5dcb3023f21a6b35ee |
| SHA512 | 9548dcd711d96c7a7c62c11c77d045073b9597ccd853616bbae019c8a8631f84e3e8a5e07d9dc07e593a12865b641fe2ddfd07066fc425c139f291e669ca0891 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 0201967c2420af0cc44f68bc3103f6b6 |
| SHA1 | 9b7a38d5be227e650706d47c09095fc076e27aff |
| SHA256 | 4a81b4ed438b7f0280e2943962ef3ac1358e4013e45d3370733743d120cd04f5 |
| SHA512 | 25a24e1f960fa84ba63424b73634b3b4bd348aff1f9d9a2182a1929c7445f520588f21f2df4653c56139ae08313db2037061cbfc06771821ab20b38c8e0107ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d5180809-0032-4660-93bb-d5dc329b686f.tmp
| MD5 | 72749645838b2ff090c698b8718dde00 |
| SHA1 | 10daa7dc9a58caf2bfae7da6297d199d5624022b |
| SHA256 | a33a6b8c5af5d7f1a6507f3fe7c96c9a67319666820597888bd6644fd28ac6a9 |
| SHA512 | 84861f5faeeec4a4b9105ef5cfc256512733c09b8a82d6fff4303ad16a5dfbfd42246e957ed37882f17bb703ce1fbd30f4dad98c66ca49eb4376dbdb24dd85f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 02c95ff64d76e80f06de6aa82544a94a |
| SHA1 | 2d5a226fee99f20433950efa83c76881a59c8cf6 |
| SHA256 | 3be35926ac621dd3f2c8237bf20566ba164670c3873f52f491d8a1294ee9854a |
| SHA512 | 3c5aabc345cdd3f33af091a35f8d5a3744436c19a32dda8851b7c299c67a7c39ddf9d4226bd8f2ec83cf2d3d40668e3f3c07c1add52822743f240c1dfb11899d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-30 20:26
Reported
2024-07-30 21:41
Platform
win10v2004-20240730-en
Max time kernel
133s
Max time network
141s
Command Line
Signatures
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2721909339-1374969515-2476821579-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2721909339-1374969515-2476821579-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\discord_token_grabber.pyc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa0e63cc40,0x7ffa0e63cc4c,0x7ffa0e63cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1988 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2332,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2292 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4596 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4804 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=5036 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5160,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3752 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4572,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3568 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3352,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3444 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4468,i,11068514556214489581,14191793010561519771,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3192 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 74.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.74.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 142.250.178.142:443 | clients2.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 142.250.178.142:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 216.58.214.170:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 170.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1216_NVSUHNGXOXGUBHTA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 62569361bf322cc449ee96709b74eb53 |
| SHA1 | ce366dab742441c57bcadf20d6ef1b12217e7c39 |
| SHA256 | c8f7258b3aa6f43c022120778f5a4147918271b2b45e120d215c9018629256cb |
| SHA512 | fb339d3b76988b6af0e053c7d9e62cbb3c854433ec95fa4083a9e581ca19ee964284b371c5c2a2d2348523802ade83867c505ec664d87f2733b1c1d2ad68d6e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e11e978c5320e287c85ebd1e96ff1a5e |
| SHA1 | 4f362a5fe9b9fa20c72d8bb263e4a32c472a4f13 |
| SHA256 | 73af68b2866b412dd928a709c0234b3efdb02aaa565637174e1e2f9c887ea2ea |
| SHA512 | 3230aa984c92654bf297eabba65438535560edc2c79ca3a0b8f0efc54725fad0baf38a741d6b0236478e035b390298d19e76561dff74add627ab969ca65a69b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d829b09be357dd323adcb4325f9a315d |
| SHA1 | fa16c7067db47b9e895ccce42d3578f986e9d741 |
| SHA256 | e7fa240f3bfe058bc947ba1add8a30ca99f3c5afdcdf39b4812d3b44b4d04b10 |
| SHA512 | d4478a65cd1a023b654a892359c53cd3f8660b5116843601e5b1765098d8d68102e8f8660591525990078ad13cf68ae24905a500503a5376bb808a6a58b80d8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
| MD5 | 5ac828ee8e3812a5b225161caf6c61da |
| SHA1 | 86e65f22356c55c21147ce97903f5dbdf363649f |
| SHA256 | b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7 |
| SHA512 | 87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ced0952759e0f59a97de5943b7f0e436 |
| SHA1 | 1f83c937738ed020e9c4d2da797929934fdc8465 |
| SHA256 | 7212d0be185a73a61258c19408f5f4a3e9a6e7c62e66cbb6a5090eb9642360e0 |
| SHA512 | 84b20c8b8bdc6e0f9ff19fa242c72afd55c1650f23e3a95fb6c7aa3b44d5741df2a6aeaf732fcdb8fff786979b8b4e2a1585f2369190cd490693f05c0bfc7a0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1cac5259f97900f62ff829cc2972fce3 |
| SHA1 | 6035f7470eddad87318afea11fe5dde7b65964aa |
| SHA256 | 3506fab3889fe3f2c214dca5c33413afad4658ed5afefae7a6d585698bb5cc6a |
| SHA512 | 616663363b6358c8312fd3c2d00c0f8a85f6bb9d60e608a2b6f35f7d9def738cf2751ec77aefba8d9c54216bc48618110500c4846a8c6e0bbd75793c97aa64c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 319088f8fede97329e4f771315124306 |
| SHA1 | a60390b4eed539e5ebaf4a54b90301ebd24704ef |
| SHA256 | 528702eaed6883c8e60ecd9716d74dd0a638786c9d5a14968a13feb156f1b126 |
| SHA512 | 24132e1fec4e6dd56508a40c0f4001f5e2e3de9298b6a43b1ba777f8684059dc54e45e4655c9d839ab4539c30d347d9e203b088d9aa1f39b1b20d943da6bbfc1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\35e9cd4b-7335-45e2-bc56-4932c8e47c0d.tmp
| MD5 | 08c0955b5239e8c7d860e356c6f1e302 |
| SHA1 | b2a01ac7b3a71dda12af7aa049ea0e29056f2217 |
| SHA256 | 9794ee5260cb148b5b3edde63164f26a8461d1e598bde2320b17df9819335d24 |
| SHA512 | 93f0840b5becd953edec7d22d449186a4e87695280fb86aa877c7bf55913234c8b071396b5033f7956488cb380fd4220b8c1a5bb8000ee2b1f5943e9fef9ee1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ed9d3fd259d570482c7a932955bcbde7 |
| SHA1 | 9c1c2cad748dc967fbd0f62be76db08c56e41fef |
| SHA256 | b36841f34b13f05d02e7567548bc51f04f40f5162812eb0f3171f6a577f91add |
| SHA512 | 5ca0b329f70a3f58fa075eb6251fc5a73a05b3cb85058897e8ea669e3343108c86623b5ae51663a5338c72fbe4fd42bbc76ef6101e01b554599667fca8385361 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 53eae2697007d5a766695df7a4c0bda3 |
| SHA1 | d5ee73948df0a879acd48468c7eb15fd8ef6a85d |
| SHA256 | c389078a7e88e006b79e6c4d93067d0f4293b6123d2146a61a3329f6260e5905 |
| SHA512 | 7070b054cfd57f3096b01281aeb1f9814030ff192e6bb65cdea7715860f5a66de7e78615fc20d7f4f97da044d60b138be8364d2a1a1a1c7805d478c30dd46daa |