hxxps://pixeldrain[.]com/api/file/AiXjp2hH?download

Analysis

max time kernel
492s
max time network
485s
platform
windows10-2004_x64
resource
win10v2004-20240802-de
resource tags

arch:x64arch:x86image:win10v2004-20240802-delocale:de-deos:windows10-2004-x64systemwindows
submitted
10/08/2024, 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pixeldrain.com/api/file/AiXjp2hH?download

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677928714878093"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 4 IoCs

ransomware

pid	Process
1008	NOTEPAD.EXE
3940	NOTEPAD.EXE
3404	NOTEPAD.EXE
1220	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1936	chrome.exe
1936	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	chrome.exe
4740	msedge.exe
4740	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1936	chrome.exe
1936	chrome.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1492	OpenWith.exe
1492	OpenWith.exe
1492	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 4440	1936	chrome.exe	84
PID 1936 wrote to memory of 4440	1936	chrome.exe	84
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 1384	1936	chrome.exe	85
PID 1936 wrote to memory of 2868	1936	chrome.exe	86
PID 1936 wrote to memory of 2868	1936	chrome.exe	86
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87
PID 1936 wrote to memory of 2252	1936	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pixeldrain.com/api/file/AiXjp2hH?download
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff95f75cc40,0x7ff95f75cc4c,0x7ff95f75cc58
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1580,i,16945729820106311888,18236476432212055357,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1576 /prefetch:2
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,16945729820106311888,18236476432212055357,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,16945729820106311888,18236476432212055357,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,16945729820106311888,18236476432212055357,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,16945729820106311888,18236476432212055357,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,16945729820106311888,18236476432212055357,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4956,i,16945729820106311888,18236476432212055357,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4424 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1152,i,16945729820106311888,18236476432212055357,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  PID:1452

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1516

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:376

C:\Users\Admin\Desktop\Kebab.Chefs.Restaurant.Simulator.v10.17 - SteamGG.net\Kebab Chefs! - Restaurant Simulator.exe
"C:\Users\Admin\Desktop\Kebab.Chefs.Restaurant.Simulator.v10.17 - SteamGG.net\Kebab Chefs! - Restaurant Simulator.exe"
1⤵
PID:1976

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Kebab.Chefs.Restaurant.Simulator.v10.17 - SteamGG.net\Kebab Chefs! - Restaurant Simulator_Data\StreamingAssets\Settings.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1220

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Kebab.Chefs.Restaurant.Simulator.v10.17 - SteamGG.net\Kebab Chefs! - Restaurant Simulator_Data\StreamingAssets\saves\gamedata.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1008

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Kebab.Chefs.Restaurant.Simulator.v10.17 - SteamGG.net\Kebab Chefs! - Restaurant Simulator_Data\StreamingAssets\Debug\userlog.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3940

C:\Users\Admin\Desktop\Kebab.Chefs.Restaurant.Simulator.v10.17 - SteamGG.net\Kebab Chefs! - Restaurant Simulator.exe
"C:\Users\Admin\Desktop\Kebab.Chefs.Restaurant.Simulator.v10.17 - SteamGG.net\Kebab Chefs! - Restaurant Simulator.exe"
1⤵
PID:4180

C:\Users\Admin\Desktop\Kebab.Chefs.Restaurant.Simulator.v10.17 - SteamGG.net\UnityCrashHandler64.exe
"C:\Users\Admin\Desktop\Kebab.Chefs.Restaurant.Simulator.v10.17 - SteamGG.net\UnityCrashHandler64.exe"
1⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamgg.net/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff94b7146f8,0x7ff94b714708,0x7ff94b714718
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11960529936333992842,16406311823885721975,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11960529936333992842,16406311823885721975,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11960529936333992842,16406311823885721975,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11960529936333992842,16406311823885721975,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11960529936333992842,16406311823885721975,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Kebab.Chefs.Restaurant.Simulator.v10.17 - SteamGG.net\Read_Me_Instructions.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ea019efeb73acc1785fa56718eea2f5a

SHA1
23febd7cda4b63608c5251585bef17f314a0db2d

SHA256
e0ac539444e64872639f1dfaf91fd7af72ed084af4882db984aac033040e00eb

SHA512
2d899bed49665c6394943a76631c6a6556d28ab788947f48770d888e71289523d2643146b4a9aea4a3caebc5d7e64f20155afa340fda2dd6533a104e75577ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ca8c6354a515ad2388e93fa8fad510a8

SHA1
81f59f4a51e6afcfe76d440fe405133ce71f0f8a

SHA256
e903222f3c9c76c1eed69e9e843367eb6dc3b7f22962cc8f74e89c895ae07600

SHA512
c11f2c47ef1adea595f446dce7bea316dc53b10a5001fb090ba8f07959457229800fcc9c43ae8d223576cd81d2c654ce1f7f0c7e616e948f6bc1a065c570e23b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
169caf0cb8f71136220554d000ebfa57

SHA1
25a87c5b2e3c889ef0f3576fa5e4d2285538891c

SHA256
912127b19b26a4ad1359dad807d7c0f2f87372c834ae227d871ab3f13dbb96ba

SHA512
b5143b294bc0f967cfdada94948a409c762a6f2ee8fd37a8fdf8820414fef3655f65edc7be5525d54b6d5180656c4b4c176c248cd7ffdae0966bba27d70e2e4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
1b73787ae79abe05370485c5e423d20f

SHA1
a5a25a764ac6408c363b98fc2fe358d811a31f6d

SHA256
2e71ffbfebba19d33276252183910525a19200fe2711aea2c6fcbce96598f1d9

SHA512
7c652ac457fa095e545212bd33243f1d7752f0e5ce8c796accefdee5c378030a355da77bcb3083e2ad3068cc79ef54e217a9f0d483d6ab3fc47f8abb3222ed77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a30b4d3adc9db5ceb893c9427a37bf40

SHA1
6e843f205a18f1c110344900fef1e9dc5cf13cba

SHA256
1654ee47d45789d090b1720c42054eb4bc03eedfbe0ec669f7230021941252ae

SHA512
d9403d390c59d3ebbc5ad1787f2aaf924243aee8d9cdf837da71f8bd405c85810ec66b8b4606ff518e01e7a7460f4f108d8e034ef28b5ad53825ade176d3b4c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a37ec82d0bf299bd51f5453e3fd9d5c

SHA1
cdae9c98164e194414fec5900220a6a2e5f32cc2

SHA256
f6e2926d7f0a8a27610f6af7f69eda8b254801d6b17cacb99246214a88f30bb7

SHA512
2bd2a03eb7e09cd97da8c4a07a9edce9f6a22f37f4d4f613c6a313a79e6af69dbfcc1e5eb0b3ecc397ee968c53989336ef86b6c8e1e692122514093d8024ada3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56d74e7337a1254958faae3df49393f7

SHA1
87382cae6bdf24a79fd711431c3e7a2dd7378ea5

SHA256
d13e58ddf7b9c7e565297f7c45487d855eeb40d585e21da1eeb0dffa894ea307

SHA512
7caca0b7f5e5ca5b414fa03368edccb1aba911db4cdb135cf8b66e733cb62abb9f95f2c88a4d927b1da85931800d149211eb7866b677f9215dec5411e18f217f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f770db982777a59abcf839037d293a2

SHA1
10b70e6caa40c7097de57600838a34a0ffb4ae68

SHA256
4d72ca81e56c32edadd61caabc45b4546528db10aa60a808811fb93375e9f05b

SHA512
0158f0d3641b4c4bcc1d5f2bcc04e9705af3891c60c6c4e6a4b65f9048171f0973b0388bd2f587fcb3e907308b4cc516e5146408ff9b285d1d2793d63fc1c9d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47464f4459682dc78258b9156df1399d

SHA1
ac266612a0a2f64f3ed27e1ed723a630d091b1c5

SHA256
d46394015cf10668c999b2302e65f02cfa2c5dc8bea673d12fc0f7b9b5ba4c72

SHA512
960a08c18ac759370b07966295b30a4fd9c6b9a70b918576996a0c4d3b1bac9c607662587653e54129831214ac6180aff0d1a1b4a106e67e00e767ad3fa18d83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c46356c3ceb658c8d333d503a15ba50b

SHA1
b22c09b35bb4231db8e0ff74712fa4e82ae98ff8

SHA256
7a1c5dd271eb83b2dee718896b57465ae0c93fa509e57bf13d26e5eb03df04f2

SHA512
bcef10d05e4f8976b568b278cf95296d196485e1644dfa0dc46afd8b4025512d425f2fc54e688fabe4ea76e6a64c5b8974d33bd409bb9878fce0c1f2acd54e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a5e0778bea7f9eddbb0b2eeaa3283db0

SHA1
8c81a10678c8fc7db013be083017d847e18023bd

SHA256
f54c1ad3c7591cb2f30494dd954a90e8aff021442589419301fe52a08e3e7727

SHA512
4f3bf946f864493544675add5a2f127d772342f9c1cd5f586e11f03411408a6aa1e6fa17fe40b31d7eec1fcc7ff5b197fde9795f2667a54708f560899f399b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff9cf4cb0d0e6878accff622b39e15d1

SHA1
772ac7ace0cb60a509ce607023ab529efc4dab39

SHA256
7c681dc4fc34656024cf5141d70858415840ea467d4d589be1f91759c5c025ce

SHA512
73854f86b8d005622199c270ab89db1824cfb93b034e90fa277a61e83af05daae5dfa151a9d1146b1ae874f1a56f74bc4022eab38454520bd7f1685a98774cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6550adfe8456a0c4355e5872871c2e7f

SHA1
a30c67b778ca7de1c0f68f8d8853725f8fafe727

SHA256
fedc7fff14db7bf49de5a6fd67384fe86bb67c730461319267ac84a087eef4c6

SHA512
38e370b3d2f8db0e15d618a6e4aecc688df34b9830db5635902284d5224c1876e1a1de120b11b51fef0adc70c51bd2459218d4b5d33dd052ebed124b633152cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
86a187366909c1b9ea7ba0e826f4517e

SHA1
6bcb41ffcdff64f02ff94c83ca5f2c37bb43b231

SHA256
e42ca08354861d1439518f4eb8ee76d5a15b3ba91baf2427841398ac5d8cb894

SHA512
aee4b646eeca6637c995e5c16ba592952a116187378799deb9cdd16bb5b2fa6b1cabf2e4ffb0c340bae7235c20a70ec4dec936e0fee04331616daa79111c39d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6075472988ace0555a93fc73469b978e

SHA1
24fd244589640e2567b80a0b64cd82af05d807cc

SHA256
124847abedb5a40c0064ac187cb443e09730375704fe1a78dec5c3d9c60186b1

SHA512
cc65b7aa622c8ba1d57d52a03daeba7fb1da10fac2dd8dd74c83b0d1c90fba4360abfb5d4dd47d248b5036d8830c32847c1efd1660f7993c1cbe7642d850d93e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6aa8aba36d987919edbbda010ecbd642

SHA1
8f2df1124019ed2ca06f7ec8dc17a21d8f6c1241

SHA256
3ca4e43303c1b5581c4422715cf3c48942b10023d2d17ae442f709be2956306c

SHA512
f4f1c803bba2c6338d996f8faa8bfe075ca67599a10d4fedf20fc043365666444f76067b65ab37266f937c760eefbdcec238cb01f37cad4b3f5d21a170f45e4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df389177968e5f96bd7d5a414e5e9eac

SHA1
dc34e4d9c79053eaa2f4b467fb717aa7743f893a

SHA256
e8aeb125988d7af04381d11c157539ea922824542d509f0328f88d8a966c8199

SHA512
aff9fa512a1b37c895852dbd492b41165148f104683fe23a373eb7aa36398df3a4b1407126bb16aff0d8131826363dd847c563576139acd631f552880c424fe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9011557d710199e08bcab77f3d50cd33

SHA1
2a1e958c6e468fbff9cb82c5500654355576b843

SHA256
4e448db52d9cbdd4fa49bc5963776e7ca8fb5233393bdae72d37ae1dac7c3a85

SHA512
fb4234481fc647ecd99e46b52a24466d5608f2cebc73f7766836fe12dbff72fb143e2a3cafed06339935cdbe9a2bd47c3ebd24e09875ae936a05fe0119fd4d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee689f69728d44b4b6db06d948cc9abd

SHA1
628d0b58397949d9552641e5021a64d97109a7f3

SHA256
ebed5c1163f32cc8ef7e43c3c486f9f589b2c157a02c36dfb9872b7de25a2b4a

SHA512
fee14da2dad2a104a88f052a08ffd7dd7f1d4b34e810e4120e863f88cd35b560a90815ae782dc17380a9d9a95180db52e62e6e7b3a2e45ed6d6c4e0fe302b86d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
54be22b1ae18d037dcd878e83bc40881

SHA1
91f1b756ef6873cac141168a363966dd1d2ec672

SHA256
207b067252c8e0c324bc498290f35e94da3d6c4d528c26f4e8dc238bfedcc8cf

SHA512
638d245948eb85419e4494a5a04b7be0f26cc81f459458a0c49526fd9f61d7be326812febeee141bc564e70122d1d01236f077e3a3563ee231c8c6c002634c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4318311ed27e859783dbf35328ba5aff

SHA1
dce51750e77fbefa30ef3952e13de2cbc605299c

SHA256
847c8d2fc944104775e07f460d9974839963347a9d77d719c1c450e9ad0124be

SHA512
7cdf9a0bb886d68eebc580d257cdcbf71cd2f5639d9f108dc00d750ba84a0e2b1626f06f791e86d64be6ee8378bacd1655b75e6a435cf66dcb73afab21878832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a20eaab8aeed5d64070b35ddd226e73

SHA1
4c35557af8fdf429c3fb21359eeaefd9088e7753

SHA256
ab7be82a325afb41e2e9034827a32972f39d533a6c67c204e4cb9c61a266bda2

SHA512
9375e0359ca6f09fc11be4354f19e0ce560f591cff1ad90031ccddf918e33e469a9e8e78a1cea5c9b7db39bb1bfbe37d5035fcec18351fb39b07176743d9edd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0262f2ea203fe65c7eeb9990c3afaa67

SHA1
5616c46ed6a9f4ce02ff595b934087a9c8de2256

SHA256
8eb355231185f9cf411bd2e7f055a043553e1d835a487c619c0e41afadc7fac5

SHA512
889f9a38cd870b606adae59b148a302e50578f3839a1f8d980599905fed243e233fda96a269e41d11bc80dd3260741f648ee2a4482610554f3ce72160636f49f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2be7f5508e3a11a2e3239cd52a896ffe

SHA1
b6400ce78948fd92244d02e296fa49f3be8fb3b2

SHA256
5093a4db37c457f91e51b86dc7181cc7c024248b2f8c08a4e8e49345215a4b8e

SHA512
c12ff8256113e6a7062f51594e857938652c5b4adcafcd79c79427f4b0fb2322c8b2309baaa8756c74272f270e47c6eff7d36cef01c342834d8b53b1974f19b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
587991965402e25e2aeb57d3d3aa904b

SHA1
93b0f7b28481763fb0683e4e8f288fd17746d8ab

SHA256
b1bf94402f9ddb6545cb354f4720081e5dcf8c769d4a6aaa954818805b8dc8a1

SHA512
e19eee2bdbcd0206854ab5fbd6d5965294ad6dec1477b30763fbe07db2aac11c17cdebef3780c1eccfbf0dc97516d2af9bea3eb2b6e7ae7bebf9346756c79caa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13f3617a9dcccef677aa67e66fb5093e

SHA1
cd7fb3e95742d968dee73310528c91bf3fa180ec

SHA256
ada89a752f3b4d599f60fdc59ec1d18917a6053deb3887cb423ff930fb1ca10d

SHA512
75cd85f8a7b9c499fa7d98ce6a94c914c8923fa4eb7c3c276aefd29dad4f5a80458c1d8a3cc84a974966bc41677e0b4a0a7caef4f48c3f86c53401a2e7e3b73c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9ae7081ab9622a15e83a6abdcbf75ce

SHA1
c42fd9c617c92798e70d5221e249509f22f654f4

SHA256
b38b94b1ece5e506795338538debab83cc134e21633f6d9021dc6e0d339b9de2

SHA512
c4a0938429ad1a2844a3c2cd9c280c98490e65429e009c793d1433d651bd9b69c696cd4e8654795bb355741c9beaad6c365fb3087faed5bf573fe8c7143ed83e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
540d3db3ccc0f7a92364a5eb6780d1d7

SHA1
33994cf5c8646c0dd1b5b23e6fd61f70808511b0

SHA256
baf67b9c642b4f8f0e6c3742fa09ec54f6b3e11438c13869e853cf3abb35900d

SHA512
a2adc692b9ba99093b4fca2ee9182eddf95bb6a4974737ba88f8c3d1e3d48a666bbc213daf2161a0b321a4b4374a6c19f75be067d95bbe996688ab78ac4ee28a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4fe4d9ede7484eb07845e0af7b656254

SHA1
6f8441e067f22c13bfd1db40e8e888761a2a5b5e

SHA256
130abf73f785352644539da7573f9a16772fd0d52204b5b3698b0efd457e75e4

SHA512
061cad49cd84809916df09167624048268c8f6bab0c7b2bee0bdc6b80ec1eda8c4d92249bc4d3e27c57b6db3f89d78d1fb5e27c045b11aed50016ba89d878710

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9f4d4c71c056a364b1ac6005df124a7

SHA1
a376e9153aa26f49b8f6665a37f471cb08687353

SHA256
dc6dca922a6b47b7ddcdd2b3f6435eda0348ef2cc8aeb30a00bbb63f3ae87a3c

SHA512
6e25708be7178a4f8acfb441a412118723c18f5c84d85879fc7f4cdb55f07ac5c039e29e7f45e4e74f29e2f7f7ad1cb8819e0a92e8650c3e654790e4d98f293f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
18578974a7237504aea21082796f66aa

SHA1
ab5b0405be654a007ff07bbf625fb23e694f193f

SHA256
a56cca2dedb2a81553b9742fdc6d5637f42c0df0578c6785c65c5673d5fd0889

SHA512
0cb72b1763721b85150255954e50d574981f7d4bbcf19691a241a10296ba8ab7f64ee4687aa7225393006d974440abf20c9c461d51f7c444916959df42561f05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28788538a152950ee49e501847dc8156

SHA1
bb5ea9879d9141da2de5c6394a5be638279ef802

SHA256
0403c8b8c4c5d6bccee3b294dbb4683263125e155a4dbef2b5146a124f4d63bb

SHA512
aa7cbb4bdfb60bef4b62959a45da895a438dda3b89b4047c02bc13444962a41640f48642f5a337c0aa4de917559c031f3b602b5da6dcccde0654de1438adc1cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d899348b403d474d4f6bc58e91426427

SHA1
f0abdab75f27998e310c3fd504ccafaabd3fe0ef

SHA256
5078884e451cdea1bfd7ee8c544507b36c68f4b32e641ce0e4cfa35bd2c2a71a

SHA512
da825d6d93a83abb1d0774e8ee19f9c8aa64478fa50193061da840e04f6bcb00dee5c9a882c3aac388e2fa2ddeb00217d1aa550ee8deeadcff7664e4170be242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c132b4e2dc99ee4f617941a0d2b3a0f2

SHA1
9affc6d02ff47b0c4382d2fdd27808e19e39cefd

SHA256
16be994234d05a64ecb247f7462415d162a9378cfe620283a8f5fea5c5881562

SHA512
2bf98746a8db5cefcabef8f156ee513736d8d6df90fcc082cccca774e7078ab1076035666230a9dddb6f57c78d7df14847058f6823994825c32daa58f4498743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e0cfce799ec90dcb2a04cb17c5e08078

SHA1
3d8914cd96cbee8f85758782e3964a85388f187a

SHA256
76f52dfcfde842ad9323a363c4854f53902047fa42e4099fb22ebdb7d9d44594

SHA512
7e94397d2d95782082038d3146bc34502c4bb965837af664784522379e4c825346f67e652811086a1abb2cf04160ba856b83034bd1fd4e7c0bd920dd489f3c82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
de7a74f644443d2b55bc6022529af2c6

SHA1
03b6497ee915e13112b8da45384ba0b92e1d3c96

SHA256
bd7cf7d5202fda612854fdee36af00d6dcec478632f1bcdded97de9bed6427da

SHA512
d0a3bd166c9ec6d00c95e82fc417f3af3351b1d72f37cecefe7e7a95aa0f2fa8b2e8948e7fbd6d6930f681342c984d3f730a1a5702fbe8d70b5e3a90dd31ba33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d63ab0f7bb8b7afa641960b672474dd

SHA1
a6690ab2a803884e27aaec9e6549c45c39c64e17

SHA256
58a5293e5feeb8450cbdf9c40dda4d5959ccbf8e49f906dd65331c5048709296

SHA512
3fd5a8770326cc84eb21aaa403bc7bfc4a5cc403f817f29b42afedee73fe932bf3c214f7099bcb17abb99246605ef672b0d8647566d884b6b48c7207a24350f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
851a36beaa0a7d32e84a94a00ca32350

SHA1
93411a227ff76d79ad86ae6c948e32030ed8bf16

SHA256
75c921a8232a183f9eb9f47ba8ce2289a9f1385e8ffc62ed44a13661a32c0531

SHA512
de833e564eefdded0054147bb062636970cd39784e52b363470ac0ac64e76aef6783d678da6aa53171d3c74db9aecaf31b1762bd89372db60189926c12549925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1c2721c5e8ea3eaff7d12dc02caabec7

SHA1
17295b5d30f8599b57f4a804e18e6f1578f4ea11

SHA256
8109047c1ed08ac29df0fb45750fd7d7e9a8f4fe9afc4057f501a0ead3ddefdc

SHA512
ab728aac03b913bbea8886a96255502b81594ccd2652c1fc43d0e5ef3105c96fd0ceb577aa554abaae79c35109cd88e86774759f6c7a9abd0e8d1f796bd0b05f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
448B

MD5
547d34da94b09a62f9f151dc4bfdef34

SHA1
a8ace9334a5fef68a68009bd9d0fb3a9f2c07b79

SHA256
37a187610fdaa62859cff1e6168c593114d6bb6214813eb6bfe6ba2e415fb0eb

SHA512
629a953d01f1d75fd12c07c24d381f0b15a8d3df09d6aca5b442195751d1c5f3a945caaa9f41624aba5fdeb1d6bfc1ff241bc3173374c8e2ff5e89f74890ba52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51f1b647f1992c2a3d2d859ab1cf20f3

SHA1
80d2f033ac27478be6764c82dd88b09d2840282e

SHA256
d4e928ead175a30df1ac87ba933d100e0a631614bfd8f173ba83c715961943c0

SHA512
8cde19e29ecf25fefbaf51f25897e9de7e395bd0a5249ddc2953580c4c44d949497ff1c8bfda77e91ee2293333da7b689f007bfd6554740d348792b964702c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
20a623601391654c34c886620d9d9cf1

SHA1
7546e89d007ad6e643861d752b0ced915a3d442f

SHA256
a63d9d294e57bf910a3112f04163f4bb1bec815ff89f41ddc34692cdf563740e

SHA512
6c8efbc4da2e339be36de827a2ea1b9d63ffd064c1425427445da9c43e57226cb6aa65256949ff5ce77e8c7295acde18f72de73f0f4bfb592bae690f267607bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
24678131ec98fc53739b4ac179536b9d

SHA1
fc1e56c0bb8e08ea3f27ae57c8c57e7739845f1b

SHA256
bb89dfb5838b7547a953bd7c974f2dc1ab3558e99a72aa7bb4b35c0d3279ae87

SHA512
5708ff63eefe394f7489587585a1ce0c6cff4837653142c3d594325ee8e51b8b4b6c82e7d11a793695e7f69280390275e5676d028bb57e9dad3fd2b0f34f5e2d

Download Submit