hxxps://www[.]mediafire[.]com/file/0m8xak5gicvpq5v/Nitro+Sniper[.]exe/file

Analysis

max time kernel
109s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/0m8xak5gicvpq5v/Nitro+Sniper.exe/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
964	msedge.exe
964	msedge.exe
4152	identity_helper.exe
4152	identity_helper.exe
1472	chrome.exe
1472	chrome.exe
5948	chrome.exe
5948	chrome.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	1472	chrome.exe
Token: SeCreatePagefilePrivilege	1472	chrome.exe
Token: SeShutdownPrivilege	5948	chrome.exe
Token: SeCreatePagefilePrivilege	5948	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
964	msedge.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
1472	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe
5948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 4840	964	msedge.exe	81
PID 964 wrote to memory of 4840	964	msedge.exe	81
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 1564	964	msedge.exe	82
PID 964 wrote to memory of 3476	964	msedge.exe	83
PID 964 wrote to memory of 3476	964	msedge.exe	83
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84
PID 964 wrote to memory of 2184	964	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/0m8xak5gicvpq5v/Nitro+Sniper.exe/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99d5746f8,0x7ff99d574708,0x7ff99d574718
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11482234268437009689,12589645463538951847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11482234268437009689,12589645463538951847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11482234268437009689,12589645463538951847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11482234268437009689,12589645463538951847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11482234268437009689,12589645463538951847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11482234268437009689,12589645463538951847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11482234268437009689,12589645463538951847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11482234268437009689,12589645463538951847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11482234268437009689,12589645463538951847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11482234268437009689,12589645463538951847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11482234268437009689,12589645463538951847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:3064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff989accc40,0x7ff989accc4c,0x7ff989accc58
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2288 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3340,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3720,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4848,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4460,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3444,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3232,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3420,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5360,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5504,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5480,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5876,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6000,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6008,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6180,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6448,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6648,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6640,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6900,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6916,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7232,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6604,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7384 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7540,i,1928519937641025246,10600907604283757207,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7520 /prefetch:1
  2⤵
  PID:5576

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4600

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff989accc40,0x7ff989accc4c,0x7ff989accc58
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2348,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2340 /prefetch:2
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1764,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1996,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3652,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4460 /prefetch:8
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5048,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4464,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3220,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4336,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4524,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5324,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5336,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5320,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5912,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3648,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6168,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6128,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6140,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6436,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6592,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6900,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7100,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7088,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7104,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6948,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7564 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7728,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7704 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7724,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7856 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7992,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8280,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8148 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8300,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8184 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8460,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8720,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8708 /prefetch:1
  2⤵
  PID:6268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8832,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=8668 /prefetch:1
  2⤵
  PID:6276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=8644,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:6376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=8988,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:6384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=9256,i,16847301534509368903,3517818360236674772,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=9188 /prefetch:1
  2⤵
  PID:6488

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
ebd1e0c475994371b3998462615f0d05

SHA1
14e355cb59a4e518018b776164c6d0217aca50e8

SHA256
6982055c717bbdaed4aeec95fd9209e1f933093cf5419bc09194366ee80b0541

SHA512
7aa0bc09e0f291418fe3b6683c2e6e83781a2d96af1d36fd47162a132cfb1fe0051135fe401c6f953c85948974aa79343fb88a0d40ed31be7c60249ae21a3a32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\141db9fb-8a83-4dc6-b687-71a4e4774c17.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
0b5a71f8deaca5df37cecf4b0d34bb40

SHA1
b5add8f983e09fce2b4e369979391e409bb73710

SHA256
cb46631826fe985b4c32687954eb8a2bbbf547bae7686569971a2146cc471203

SHA512
e80f97b0a55df3e9150f8805e29c8dd89d16edbb60470f4c5ceff03598d1407ae679f4f06da17c0e6766c0ee6971fdf14b303c7c48d746920d19b58f59670e04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
54c13a951364348b2b2518866a9bbfdc

SHA1
c82b96013d33c3bd1a0d0adf370e76dac08e347c

SHA256
ae01e0a6076c790692d6de6480d781947d92d55f3036d01def96491e49d0b73d

SHA512
5eaa169bb0d2f1285c178267557de0a3001383b6eec9d7a6f5c4a4833cfce2aba68ffae78020e2561b222fc2b5bbe6bd36e81c152b7239fc5c01e516d948c9ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
a791eb6db1727848d643f71784ca3d8e

SHA1
83487f13729c8227240b9ea6c46db5e049bd2c7d

SHA256
0257d99d12765c1a09d8a871b36c5a5701d60f324581f84f5a718fc21bc1821c

SHA512
6242ade2f120d204a7a26db06e5fba98398fa4296129d91e42ba263a96f4166bbc404ce05d0d3495bc1af2a3795f5c30a2836736ec24d48ce9a60887fd8391aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
e7d1bdbf090e56d2a15f5a27bef3bb12

SHA1
d99d308f7faa87edba5ed82b37f5abbb93d516a6

SHA256
f78ab0bd1bd98c3c66821c1f2f789b8cd7d80ba83dfd90f6aa2876029c982ea0

SHA512
923973e7826f21c7db956370b5be4e8b4a6041d36adf93b8a6bd0e4f9477e4e8e051f887bf78fa337832753629a8efd3ecaafbb77f3ae175cb89ba4d45de10b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
35KB

MD5
c46213bccc340301c702a548059624df

SHA1
830110b83c8dfede830f2d305446c37021229fb1

SHA256
fc21d7c659f2951e79f0314e601728d7219a33e771259361b13327db3bf4a9b5

SHA512
e4c596c195ad1f576b922d46f1b5e3df86afd861d04600cd035c6011b6314d242ee3d65bf0b05c2ec819bd546b9d1104ef3a687ea1546f49c7ad941ed1c35e9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
28KB

MD5
abcbcd48b6d813f6a580d9f59b2bfcb9

SHA1
0b00c96fb940309cdbf59bb4866d2423e77c035e

SHA256
f40d718d090a7d9fa4db0b9c2570cb05f7729e6c998c32c1c688f421ca7ac8c0

SHA512
b961f4d2e02c1470ae42cbcdff8c90f3b950f73c7f1182c205d0c5c0f187115283ba581d1dc9259d48004bf71e0b3e2d9d4bee8440a1e7baa553e92fb26d36d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
115KB

MD5
9c5cff803fb1edcf640ea9e4a02b8891

SHA1
43ba340a8b6d6d028b42e9674b66f667a50eaca9

SHA256
4196d95ab415218fc8dce5037601f39e1824f2e57c6ebebf5557ddb3f11b537c

SHA512
287f10790474658acbe31faee48b75fa9d4ff720f17854e91fa56652c673bc97f038263c4261060e0592e41715cbbe48d12f242dde97f8626a93d4332b89d021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
23KB

MD5
3efd8055fffc65d4a8944d4a926c4d06

SHA1
c7392e823ab3f500ca143021c51057d193c505e2

SHA256
319e2c432aedf99b8e3b4cbb5c3bb850bdfab95bec1a6301482207193b6b7864

SHA512
2602cd412546be793f9b0dc09619c656cd737fe681df1f118fc7d3e62e2f8ece6b9c48aaa001f18a10474661f61bf79ec9035e225dc995de133a2eea62905950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
119KB

MD5
ad47211cbf2b5037a632b255bac497f8

SHA1
f7b8efcd83e1ee5b936239c34fccdbccc50cd6f1

SHA256
3ff66387417489de93fa393db6d511581ea6c3b5c75d35190309be9cd916a9a7

SHA512
642166e7a45e073fa05a249d94f4591f30d303011bc8b79efcc04e8475ae07f2817a11fe04b8265a2e6f7bebd8fca4b06a15ea11814c2e8b0a83c38efaac4d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
124KB

MD5
e6500211683946695a759b3432417c7d

SHA1
89f7b9b271acc686ed8c40b11a3db86fce5764c2

SHA256
9dd3e74102924f4d88b5a1bd16b5f898d9763702b8bf778953664fec642fb6d2

SHA512
2970329f555e91c206c4008dcb98ba4f4f7648e12adf2f5f58869a5f47d1462ad9e6f41594c6bf575ef14dae5819b15a253f53b21b32fa87e1e2ec3df8f2d62d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
20KB

MD5
85043f9474e36c34b8ac45f89af790ae

SHA1
ed5bf7078aaa5a7cbcb8f9911f9aae5554d4ff2d

SHA256
22e4740d67bb699c1f00a8d495b395596d946d7990baa0de53e4ac401abde346

SHA512
ef10200a0935b1e70cc31f7b434e93e4fe88d0613a39c58c4a4666b7fa16b54120ca138e96bb710f2d0df8aa1148fbdc39441efe21527cd6b9bb39222574fd08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
879KB

MD5
94734c72693c6e044768bb9479466e21

SHA1
7b5288a513dbe9f38ed0ee794af06e763a6b1ca3

SHA256
ccfc80197a4abd83016038f7bc907aebb9d26519dd274b4cd8d00d1bfb4c2acf

SHA512
3f238dbe1f5a14f9364ba6a426ae3bd67a6682f2206e3ce37dafa70c71928ce6fc71025be13eaeb23b9ae8abb46153ca1f2eae988af369904e7a581968a2ea99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
17KB

MD5
ade0830a83f6832f8dd8f0b27d3da8d2

SHA1
b26adbaff477586d16358ed96ad72bd9a6ef4501

SHA256
237e318a900f1132b1ae46374ada4afc8a8a7eedd0102d7613ef60275ad6e3b2

SHA512
c9f86f21cfdfb78d05d4508eeea3ac93936fd4a63c7aebf7073936ec71a5675507892e47aae7a6ebb0836701d337ae8481f0270ca96700be264e6252ad233ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
76KB

MD5
fc8d52f4988e5194cd29300673f2a589

SHA1
a7ef2407511851022cd5806efebddc3740f29475

SHA256
3f1b7d7e4ecd84220e5ae3df07f066115a86fa7d152bd57ccde42503fe9c04b5

SHA512
2e644fbdabd83f87b36373ba33c991eb9a4fb226b83b95be97752f1e0894bc56db0ad10824fe4fc9ca286a9c47114527144f9a62f110816ef8b6a2fdc614b710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
93KB

MD5
2e33e7cdffbb2397a3860af0d5508bf7

SHA1
36f6452f8bf71ac064267bbd10da6424096e2e89

SHA256
c27d735c6335d7d5b860f84276164674322099c95dafc9801009847ff7ef20c4

SHA512
974abf36476a7356bca6e9fea33b71f131e2aff8121bed33f4acdfe6847f62f3497dcb1abc41fb67414b0ab98f9e1e85ffa73c10c25f33afd1580970d2263230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
60KB

MD5
617f927ff5693553f31ed9f74627bc1c

SHA1
6cd11711163f299a146614cddefea185de42c8c8

SHA256
53ef39c91fa4b4f2d68d15483dcd7a2bc4b089c954e7b5a6808c6560740c887f

SHA512
71cb874971b2654c28181eff7b7e66b7fb3a5cdc269b79a37521e75c99a29b8a9783f44b3b2cfd20571fb97778a086f15accfcdef44483985e6663cfcc3e11a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
63KB

MD5
d1dc88ef5824cb2b83db61a7b40265d7

SHA1
cad3a25dbf0c2a750df576f001ca16f780e89fea

SHA256
d3c3db2b5256d7c5fa7f2502e752ced784853fe0fdd01d8a219bd9e041a579c7

SHA512
a128eee17a885e3c1ba2901fa9fc12278ef202cbe245ea82a8cd60573a5afb8701d63374570113e158c30338005b5234a1963db924e11f866b1eb92ee1c8acc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
76KB

MD5
8890e079e9f34641ac2e83e72fddb3e0

SHA1
3bc76a8ea40f63494a0fdcbc5f31dedc501eb6cb

SHA256
32b79f49ad238f7718e7ba9aa4cbb32e74a8a11a8a32dbcfdbfa926228c783f5

SHA512
f81300eb1ba690cbf4023d96e00f9d1266c74f3f96827206a7ea1065be65dd81cd4054cb76c13e872656b0b4640f34546ace2fcd47f0f8c620ae0796854f321e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
72KB

MD5
6751b2a4d9a7fb3ee0796273b9f3e37b

SHA1
344d00d650da41f3ed0c454f93c3e07fb45475dd

SHA256
0d23c759f4302ff762012a6ff00cbd124858dd9b387ea06eafa727c5e726fd77

SHA512
01511d72e32a751faef57ebb04a8794f725b21950aedc23d75b7235d570ba82a1e99fe2c4add7304499592c494cfaabdfaadf291cfa8a4fd2ff4cd2c184270ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
62KB

MD5
f9f305e10bd8ea1432b9fd1d355ecc90

SHA1
934ce6d59f903d145519d1066bb574c82a25edf9

SHA256
01d35e181e0a373c0fae013280a79616dbb1fc2d2f892b3215c941c098e0c9c6

SHA512
9efb67bfc44f6c31137e0387bac74880f9b93d3645837805ac6ffed7e7fad5be7c3812cd11c9172b767ff4cc258fa140663c33892ba8f28ac2ef7686b3bee0aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7b508899820079f3_0

Filesize
303B

MD5
64543a52fdb97ef0f187a76979abc8ce

SHA1
301ba78a3c1a5f1582643badffe0658780ae8f59

SHA256
30f5753fe590e8616dd78d803eb5d6fe0013cee35397587ee4a65e8302a6d24f

SHA512
58ea9cc0c6eba0fc885263ee320c161c0c5f9947bff8451b7e5110a7feb4e3bef91d12f4c627950d7d6d40d47d14312be2d6ece1687da8e2a89b2e18fa367d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b915ac06282277e7186cca95bd6feaaa

SHA1
2f56bfad26b840125885e700dd3d3a82cd142937

SHA256
330188e284fcc93928edb153e413b88363313f6d8c954617f21932b76f9bfc24

SHA512
ae1f4c16a2cdb44638595b21fe4912750ede366158c6d98ab037a58d6bfd4341a05e32fc4edb74432752e91605320be3697c64b4532411614353b2e7f6b657f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2ce470aab8ba80f4faa42d9e7051f50a

SHA1
0c8f7a1d2c5fdd241283752c880ef96fe1a71c6e

SHA256
08208a7e47baeafd6aab9609fb51c8b42ccb1d5f1985159326bfd3ca21562725

SHA512
4de7a5f08600931e5a9df529a20784a40f1266110cdad19a791d263cb33feccb2994f070ef22e702ed40e7396ae9e6f0a4924df6a3fbfbcd67d12fd4f6b7ac89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
6485b4371690d6d2f26e20ae2e2f8ee5

SHA1
06f08bbf0aa6c4a03f2ef4e8e81730b7943b1a2b

SHA256
a08f0e1a658be7c07735bf3cf44cf84032d5a7856a68363e8cef3ada674e32df

SHA512
13e527a472a0410fd3aaafa7be806c70a9fcb5306e18b3d5966f234e0936e44d93c0c0f0fc887fc32b00ea0bb917f852f19dce703fe29af89ad04061530f614a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
17a0f3e950c3f12ee23a5ee1b8a1d51d

SHA1
c25aec106dce6cbc7a6755bc667e00b0f3276668

SHA256
f9e45b2b5e579c7a4a4ec4a8ae5adb9d3504c5b405d88f8382d1b006106c1a67

SHA512
f58edb991de9d6b6c61d6a2ac6c04df6ec73e6ed555cd03ea5f8370b376c3500de525ab5570285f87cdbc6d6a3b49ea5db3222c332ae53ffedab9304dd50f917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3d2cba1f-6072-4314-97d4-163ef16483bd.tmp

Filesize
28KB

MD5
f93cf4d25c4b4a289182d04e509a4ebd

SHA1
42fc4b84e9a753927a40947bc9e75b94d1bf11f2

SHA256
26d848924a5c50fead9a52e8de062f12bae5d47f1827b821da5b3267e3ccfbbf

SHA512
a00aa05ed95cc05d88c857a0e0cde25765b2676d1cc56a569f2bf5a244d27dabd81e708ac27b6de077693746af0b91048766c4f70c129351567ea2c93f6bb542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
b77628f5e1d40b7a345dc976430af8dd

SHA1
a6ec2bf33d337ba626e32f4790d80b8222ddb7d8

SHA256
3c973f3fa12b169c4076f76321461b90afd2a28e78fbbfa100744d4baa0e3d87

SHA512
7b97a1b33d5b585dc3e689ff5bb9a95d8817bc8c1213eef7360c15c1b565e0908a7935dbaa41e4f259c1fda857bd03fe0b5105b5502dbe111e7c758c20cbad24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
23c7ef4815f407ccd7a02b5e37f00bb3

SHA1
854cd06fa9f1a223e6245b15c7451dce3e5ef12b

SHA256
aad8a38ea9f781b8e96ca3870ef342a3dabfeeff3a75e5c5ed91a664b400822b

SHA512
97c29576553993ee6628280684e6344840f09aa78ec577835a526ceab98b281db5b0020d16d3e27cd7a0cb1b51173bdcd1146d261e154be4603a9f61d06ebd89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
ea8c77fe56f73c9cbeb38dc8936bf60c

SHA1
048abfa8c1be3a897566e9648d06a5ea8de85f72

SHA256
94d682f685d1f61b2b27aead9c623d583118c025a70d45152219a030ced2381c

SHA512
439eb183b980a3260a28cca106b057bda1003aac994431f02816725a1184bdcf8f7d2ae2bed98e933a4b45338939fa9fc848dc8afc4952418715e25b8c4a2a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
0af2fe31e5279d1b89be80314a5365a4

SHA1
f03832e984e01af94cb0141cc2dab67b5241ab1a

SHA256
1a9f549c871f1a66c7ba6d6e3fd6304fb1dc974865ffe528091ecf7b9994c327

SHA512
1ba669dfc5817ad583b86d18c8c9398050c67c6b25b71d04dcfa244da1f4fd428ae4c1ff03535445bb12836c9ddfff774e217def59520ba4b6e4f16663bc0981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
61e86053bb3d28a8c8eb5d9e3a14d5d1

SHA1
ee2f989c27d0a3f5667ccac9c75547a494c2a921

SHA256
a77183543ab394e68a2c274382eaf4bde5af3a07cfcff995a170265ac03838f8

SHA512
55ceb9a3c4e12f1bdfc0623b56276ae3b55e0d7530c70c4b285e00f919b20555cdf2e90849c9d8b0aeab92abd9bfd7932e0a8a28ac22380e65250cf502a18c69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8b36ec1a9a0b91e6c8c217fde7df5ecf

SHA1
ee842ea1dd1c79d27764813a574296143d658bec

SHA256
46a366e1f7fca44e1af454e3d11edea916369791b9ebbeeb04c5b0e1f5cb344b

SHA512
204ca2630bf24f55dd17bc926216e37ce287b5f4b01031bb644a2a25c8529f589c5a35bb78693ec5304dcb78f21b68c3efcb8a78398f62bebd90c521fd93070a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b4ae358c9ccd4996992bdce64f85ed52

SHA1
294643603ab9991d41b4802f7d168488e7f5e986

SHA256
09df685a5c1b6b6c86c49913c784b75baae08bca698f8e3463db8199b2a7e4fe

SHA512
3cd0973d7d0a08a46a1f4ece674a59b348f21066a64a7b0b0c3bc529a70aa29c412ee5847a344e3ead2f208817e275c73158e527613932728fe88018268d1ed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e0cca0ca0d6a1e018fc81d318b9015b

SHA1
2d949080aa1c849004fe63448c0631f2c154959d

SHA256
3477aa4279e3ee45c6d68bb9c067fe9a10c8a37b04286bc7c5593236467d8f00

SHA512
00ed8c3277a8b6bdfe0834aaecb435052c378883ab508466a7fe322134a9a260148ce24d918593f25e8d76d9092c75faddd3e32fa74260819c50551bbd68b881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d44eb32e5cee0cd28715de8ddeea8029

SHA1
862eaad5faaa2ad02e27381f2f1222fbc34c8276

SHA256
e950797837ff672979cc6166803a52b5e0d01bf48622c40982afb33f708ddc06

SHA512
17bbdeba45f63a74b6a719fc23b42707a85d664e4af2f8392230b94004bfd34577cd68cf8118da2c9b87c5c130b75133e2e7efbe80bce5d7adb927b6b94c87a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b580a5f90d673f3f4c138eb8fce50ef1

SHA1
fd1e059dd1809541cb9480615f3fdbb09681a66c

SHA256
ff9d00fed1497762d4d5ad5d3b58611ec168bbf900ea87717b11cebcac3108f8

SHA512
1d151d535bdce961bdc81e69b3343d2b5050aa5e0c8fc08cf51d4ead9e04e28e84129fbe74d6451e2ff21a55d048022b8210d2204c1e540d318ca244988e023a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00d35dc75fe954f5b9b05728d6cb4bf7

SHA1
151dab2d847991129ed4ba9effef9bd08bf24291

SHA256
6a2dea2f2bb99267fe966cfedda19968380168a91037507994beea39917aa8bb

SHA512
a25985a55fc1a6c70079e4d8c282a76f035b821bfe655f97c0f2d0f7150a06b37948974ec18d1b7ecd749402e06699221db106d6892921baf622343a329d3458

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
f5ee48d59c77e8eed9adb117f1e45574

SHA1
2849ded94c1915264988972985ce027fddf90264

SHA256
6abc9e4f5fb921849bec3b308941653111f6d3abfc650f17e7ae4656d0abebcf

SHA512
3932f57f3881f4a44336576c8775d26b6127271f4b259b6d41337f87feee4e35cc685725d6210d985b8381ba4e2831aed0a48deb4292115f958dd61ed90a5dbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
f715aaad7acde0ee4e78574570f005ef

SHA1
04f785207907a659191673d787460daee8d18b08

SHA256
fad29153095ffff375dca1d8f1dd3be816ce84ce2043cb32d26c923442b862fc

SHA512
bfb2373fad924cf985a612016d2b82c421cf07dd643b495c31644fcd6507fa08ed12e771e6de1ef852dae7c061ce8f9bf10767fd7f556d32130e1fabfe5e1550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
e08d17b77491fd7a0cc26ee5e6335099

SHA1
e7c69ebc8392f6ce29c993a15d88ef81995f9a25

SHA256
b99483df6ff8a7d395e755782c1f1165b97a54f77c38ea70412607b2a7a5c171

SHA512
e102aed2996c30a8bc3ac8175e37b5372eec7a716cfed95c4dd684fa2386fbf4db930ea73bcf996d74856abc560bdff8c37a65a0a6549e8b0cba9eeaeba7383e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
0499cacf6eb7a77e58ded996b2977ad7

SHA1
be96aa563f5eeacfffd7b0b2da0f8fd04e067eb4

SHA256
71dc199ca2b482fd1a58190f9c5de8588f504515fee742ed5871eb66234eb2e1

SHA512
f3b76ca04bffcfe2ccd0295000903657a6faea9ca30d91e593621457eb50620932337cdf20ffcb1ee952f7ce649650865b74470df981efe64764af9ce449ea5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
4b64cb7656555939caa9e6ca874a7750

SHA1
44ede98299015cff17ba039c651845c1218683da

SHA256
f467ba05c064e016533dab145234a6997b015dcd697a7dfbbcfcc080eb0879bc

SHA512
25bc1233044e72b4d8c21c3afd4ab0bf24cbdf758596a57a5adeafd61d95c62de29578308354caf5a7f98a904341a97bec0318ecc991275bc55b006c5890ff11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
4d5839a6fb3c3fde301f687b9368d058

SHA1
a724eee32cd50aed410b1e111b50eea5d0622de9

SHA256
295746713e9526c080ef16acbc2f7d2ee4dbb770bf7f5c6e681cd7e86b032fdf

SHA512
a21a11baa93192c2e1777fb204214479d258d62a8def346b5e1e82768a6f430bee2113a2eca16ec91c3b9dc0070df8fcc7e28ea65e9c25ca77aa0258acbd5dc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6f4832f626fd44cbd0eae833b71afbbf

SHA1
3f86170054930a14fb5118b07481ea3f75848d7a

SHA256
5091c322422d1574ebfba5681621a916aebdecce8e1c7360b7848ef385d7bd87

SHA512
5324eecfe06640ca1228516ef222fbd2aa065bde2c64b3d247b8501f01175327f88d89b6556899f54b2c91c5299ca71b59a9c9358f42abf616b9a316175410c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ecfcdf06cf5ac93b3deb17684c7c6b30

SHA1
133e3d172656bbac9bf5492d4d21f38a65761cfc

SHA256
fb2bf8439b85c68df67f21721060a3df5da5bbad935cdcbe786ff046ccab9dec

SHA512
c31e490d0b3f880650c1d20bbcb91ea8ba43a422dfd80424f518f54c311c2d51d3afb23ba6e65762d94c7ad97e77a6d5937499e5f98e3dfae40ecdfb91527a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b916df14b893613769e90f03c7012b62

SHA1
6bc81375fb1444e06e47f52847fb47cd9340c759

SHA256
9038594ab1d91b14269b40992773f0d70e88a977cef8230526cb5283be914900

SHA512
d3e1ac8f11429eabfd5f3a771036b5ce3e9335587e39fd7dfeedfe484cb85c8f9cc58b70b74a9f9ac6cbd7a1635a0b4a78879e93d1e052b5c79e60813b1dd973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
68b017054d58d42871eaf3fecd6c8190

SHA1
3dc2906a8a8d2dbe2d5167f72f441f73df6c6dac

SHA256
33a6861d78de24893b8ce3ce01ac602655c233532bffca29f8c341dae59e4efe

SHA512
ca6096acd683f2a4f8621e7c6966621fcbf2727aeb4c4ff3239fa48579d0243637eb497e711c212e92b84392229541e3bfc7e9318379be26b242f1812428301e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8dda5907e7e709ee758e9d7f93af8a99

SHA1
ce50a143f785d49e0cf683648bf6172c73e82486

SHA256
d174ad00f5f7175c45b353835a483beb0692587e7a69cf5343fa898bc8db673a

SHA512
6c889ec199d41a2a08ce78f8c8c47418221092c18f481804876ead1b49313453d34bdeb5eb77f728cc373d2a3d534154728ab1b8cf99744e07269b927e469c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5820e536d92a61242e2767688f99d1a3

SHA1
d8b5aea0c1d4e3176fe04baa92a4abcdcf524f5f

SHA256
0ab38f496e0bdf94b111f859580790102045f4781127a051ea6e7c8da4d8c4ab

SHA512
493fbd4cd81dec3d59d21365674e0deac6c68431f61a559823fdcf579097c2e6f23f1f30519261d267ad9966fcf48006ba2c7504a62f499e962750dd0b22b5dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\eedad4db-4708-4a0f-a23e-9cb17ff812b7.tmp

Filesize
10KB

MD5
6cd0e1500aee9c0a4ccaebcfb8ac44e0

SHA1
71ab3b8230a00bc5f3c589a2c8d6d359be0ef0f3

SHA256
a852ee49a18c747fead0d42b2c358b56713645d38ee53cfd8044e620e8fa07f3

SHA512
58ae77ef3c85429a984209c5896b911d896b2a50d2dc03fcb64e23cad134993e1f2d557a1912f2e9a8f8a8439a91121b9da28b061c3ad944fb160c9df3c52c3b

Download Submit