1416cb3387cc022686ebac1b51c597a4d6889aac287f1143d6ba4ca4f3ed26b7

Analysis

max time kernel
140s
max time network
145s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
17/08/2024, 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PKHeX.exe
Size

44.3MB
MD5

685499b55abc718d7b2112a8a004bdf9
SHA1

bbf1ea5f171ee06e213b545115287b9672d990cf
SHA256

1416cb3387cc022686ebac1b51c597a4d6889aac287f1143d6ba4ca4f3ed26b7
SHA512

6522f5664d0d1ceda88e185cfc24963dbb29247a4ef7be2433b1e1adef1ec5fe6151608a182fd5fc61c095d49edfa862484d07c4c58f3c0674bde0d577f7a405
SSDEEP

393216:TSiI0REPQ1Tmd8pOUQjg7IdPOVoPPPPPPWYRCQH1/4SYlEbl:xnEPSydEoIIdOyR7QTEZ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683316944595473"	chrome.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe
1760	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
4620	chrome.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe
980	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 1504	4620	chrome.exe	77
PID 4620 wrote to memory of 1504	4620	chrome.exe	77
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 3840	4620	chrome.exe	79
PID 4620 wrote to memory of 880	4620	chrome.exe	80
PID 4620 wrote to memory of 880	4620	chrome.exe	80
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81
PID 4620 wrote to memory of 3520	4620	chrome.exe	81

C:\Users\Admin\AppData\Local\Temp\PKHeX.exe
"C:\Users\Admin\AppData\Local\Temp\PKHeX.exe"
1⤵
PID:376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ff84e259758,0x7ff84e259768,0x7ff84e259778
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:2
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5140 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4604 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4460 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5148 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2836 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5060 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4860 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4608 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3796 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5136 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=812 --field-trial-handle=1776,i,12977881732492582305,9017803084897048469,131072 /prefetch:1
  2⤵
  PID:1900

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2980

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff84e259758,0x7ff84e259768,0x7ff84e259778
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1896,i,17534175942907018859,15073562463658781725,131072 /prefetch:2
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1872 --field-trial-handle=1896,i,17534175942907018859,15073562463658781725,131072 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1896,i,17534175942907018859,15073562463658781725,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1896,i,17534175942907018859,15073562463658781725,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1896,i,17534175942907018859,15073562463658781725,131072 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1896,i,17534175942907018859,15073562463658781725,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 --field-trial-handle=1896,i,17534175942907018859,15073562463658781725,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1896,i,17534175942907018859,15073562463658781725,131072 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5012 --field-trial-handle=1896,i,17534175942907018859,15073562463658781725,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5160 --field-trial-handle=1896,i,17534175942907018859,15073562463658781725,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5632 --field-trial-handle=1896,i,17534175942907018859,15073562463658781725,131072 /prefetch:1
  2⤵
  PID:2172

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c64929d71f8769929406b672778db163

SHA1
9dcbf05f8029ec6263ec43b6958a54626adb62d1

SHA256
b8d3e55babd999d4d2ada4cdae8d09b2b34321266395960c07ec811d08b91a0a

SHA512
9ce6eaea812713c9dc9de55875f5899b21b34e2fd09666590f0a4b3a4c6b3dcce382c5c1e73e01f4066c4b99024cda816ddb324701deabf2756c76e6f5977332

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
a3c9eefabe6bb4f456ce53516f142e27

SHA1
1bb6038188613cef7b251c2876512da443de8d0d

SHA256
ef63fc998db5201b7d74c3f1942a2bc1b480586dec3d357fa0e019d8a0010748

SHA512
600621385e96695d6691b8b70007ef5a603e671cb56bddb164cab52dc0988792e27594f4dc5ff31c8502e40ce1230d382af615536205228b2eaa79ab78b38754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
2ce016e327b4e9ad16ab3a433368ffd1

SHA1
fc00b294e99dede3463164aade482e38831dc812

SHA256
04a6d604314e0870b0f6e0609a4b6fe3d64b2e3161cb1db7b244a0b6637ec693

SHA512
82a4ce1e04446abf39f4952c6b1fd03247abeca16b1e45fb9bb0995cee0cf66839c39a3221c90e4f7d831d048d1e27248206035dd93e693d345ec4b3d3e50c8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
367e0dd3829f7f6fd08841e5197cf53d

SHA1
856a4b6fa8347ffe50abdea864bfb2ee796f8091

SHA256
32a1e0125b025684a61dfa789a24637843d5a3e8d33d633e637736015e6729d7

SHA512
6b0c6d0b45267fc59c2840cc5b01742eaa525e2a4beb2a27d33f2b55be0f838c8411b11810e0c2e6eeadbe1352544f96cf839579ee509c68f325846395286e6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
21b3fef1b60b3e45e4858a44d1cb84b1

SHA1
6702f8f2c987d845078f5be92c1e03a517cee646

SHA256
0f3961e006f445f15680b09455f75272e906b9f965c4c3d9475055c8bf19a3f4

SHA512
df6124997fa2b494bc3f2d70f0a03aa3e455d5debad6bf99ae55f3b8158a4f748f4bb822666ac4ad1d56c5c98f2f2f19819133306fbfa9a6c16f8f84eb7ff984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
fb32a41ca55464495b0ecab4ca9d5903

SHA1
328db6061d9d249b7d016ad055707977ef420e0a

SHA256
084e7153728c2ed6ee23339cef43a4c9ba441d99d9061c8d36dd87a767ab5ed2

SHA512
3276dcada84c7bc9ece6e53faa175954270544e6439fceb547a3bb2065ce36990fd1d4e71c3c9c7b8cc75af7f990bf6dfa2b5663dd8d61e0ffd67d23d074d863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
7a3284ee3a921839425e1b79eb596904

SHA1
207a95ded73f476014ed018c7c43d30651a8f2ef

SHA256
10b0cc8a22afd0a7334c38004c35120476e51779a91774662b468e4c2c1416e7

SHA512
02f1a1c8b8e6c97023b28709b9c35d115f698b15d9d4bccfd369df4da460a63d60f08ce2fb2b3690a6d755a07612cae76a5d57a18eefbf50ccf7d5c5699b0540

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
d61ce3da6de39492fb3dded3b1b0dd49

SHA1
e7e2c18489de8e4b7beafa20c2bf2ce1adf59fb5

SHA256
77e10bcac06ab7359ab1cf2ce98fec4907088289c0c04ab6d76791b6f4cdd668

SHA512
d3fd19a764bf5590e899a0d915ba3527ef2b8d19a61a913180105bb3ac4b91126c681666bc95564ef98818c1df76a9df1bd1ffacda0394cc3fd6a22cbd111096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
1c0ad3bc8af62fe3a97122fa7ad25a76

SHA1
b73a73d729e83e97e2b4f38f3def4c06028fbdbd

SHA256
35531963676270f1cb295f42d45e266618dfc5ba229acf356ebd13642a8b89cd

SHA512
b2d00d7afa6fecb67c0d326d84d3e40dfda6fc59542f0d681d34ee5ec86570cdb791d497c51cc58f38a4bf5a4019620e24219028ac6df9218f6a8b7afe669135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
947B

MD5
a23947e0f12b23912b13cad311052f87

SHA1
945c937e3b9b0c381698840a2621b67cbb8a51d9

SHA256
bc3d7440fe3648716cc62e58d2d7433f4df8bba97bb6419ae2dbb36760eff000

SHA512
5ddb274929299fb4175a2b3e425ac9b4805bb31a9025eaa099c0a099ed620365f82a6efd04c6a9e61ba57ef76763ca753fa828e28f5937e0793348b858b661e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
751B

MD5
4feaf611f95ac810c8d16dbf342efb12

SHA1
426938702cc30551cae9abdfa8b21259a16953ce

SHA256
11643d93b70d7e2618f12e7646597ad80b7c4c29967cfd97e699495ba99a03e5

SHA512
efd328b332d7f3340448daebb45500dfe2b20ae527d5b274e77db0990bd5d10b0245905022c5d5342852c67e0073d79edf37d4716ac0e3619903192b1f60296e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
863443fc2221485bbb5fbf7cf3f086d2

SHA1
0c3abb8dc254780ed4c8968e74badcd248c3b04d

SHA256
e4254a8f01b3e7e1274e82e14a96bf7ff3c0ae64b9caf84dccebfb97ac27cd56

SHA512
739c195bac8aa4d3f13be336706b7c9dc073691efa41de573c2d49156fdbfb9ee43a0d33ca79926623709786d113d5e2d2d16ff6cef13491842ac153ef6bb373

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
ed5a736a677e59d478f7a37b462f02ce

SHA1
3ac35291c92b757e86a1a18c900a36d61264a005

SHA256
852f43ed930ac46697dfbbbca25ca05d2d329303485b885da3b00f26901ddb80

SHA512
c6b3a691f2d52e5f4d0a9cb2cca76433b3b2d9fe3e7437dd4d44cdabf222acf0fedd89536a04e4670d7679c4a2deb39fce68024bceb2c9c286bfb63b58d2285e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
872B

MD5
600c486f872dedaa2591df1ca4c461f9

SHA1
e98fa9255a1e1a6231624ff4e0ce859c82127831

SHA256
bea3259d41a90430d306d6905b9020b13b3a4780dc98acb3e9dad93de68af14a

SHA512
92b8b953616742d0d99c870abfa1aef0debfd93c06c4e01381642b54a85e94c16bf1040a12e903d5ee9fff609998bc37c93a1b47555098cfe9672eaf36919d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
b4bdb77025532d6c9875d7fc9effa85d

SHA1
4b4ef0d1ad19040efdaf52e6fa1c1aa68a7f2fa4

SHA256
507d5116ba896f70889085a8bd9ccfd86d8db72294c2f2518b696d0d40769465

SHA512
4baa5303dc8d389eb286d5fe3af9d5a0c0f8399f3a7fd23140d6eb107d00ae51b342e493be4731773d4d2b0b49f751bb1599afd40c4a8cab2c44ca5fdb210d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bfc624328e17b96370bb182cea645883

SHA1
21c222120946258a8e223749afceae68273a74f5

SHA256
de8427158c1b01a650b4e44799526bff73c3eaf81fbf4080686b6d5f01f2b45e

SHA512
91942737376538db7f0d01ad0d7cbd40785e37296adf2e45dfd719a24176f3c8f61878117c4447d89f88939b3d6c029e75e915658eb2ae3954f90c25c46336ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
55491986184ce4e1ea6007737bd160fa

SHA1
c602c3174afc61c77618375d4c58d99173fdb156

SHA256
4292443b531dbf9ca1ada1696170c89a59b2be92d5fb3ea15f5820b640a15fd0

SHA512
aea225515f08c9d7c22adee77e79568c3bd0f6b45d3246526c13acd80addc2a5c561909d37f1c43a939660850e7266b8e384e2fa3716194b7bfca8e6797050bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ba2d8a53dcb508dc4f58aec485d80e5

SHA1
091fab79e74ec192e03b95cdd59904d78e7e192f

SHA256
3484e032966ab52e3b06c6dcad3f14f7979f44258db336cc537e45fee94ba582

SHA512
2824ee52bbb92fb452fc716ac8cbb13ef63ae7196fa29db58c7c874a5f8c8fcaad14465f217857100edc470f504351f19e760e8b943e634ceb04d2d3bef8f10f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
74c61738029bbeeee4586211059419a7

SHA1
9c6dd8d2dc871f3a7e1241f868a5b9edb681953a

SHA256
039a809eb337304c044a353c504b1451f656b0d93323c2d2311ab00901f19d83

SHA512
f8524e3174382333f6f825f20af97f71ada7b366d89ac880673dbd5ac6375f4461435e4c7221246022368fd0ea3caefc7c843b88489db3af10c2058480751c2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1bfd7cfebc256100730a77c17267e77b

SHA1
a7b7fdc09bb02da9e89a9dc3b49d035406b90c42

SHA256
6e5f5af1ff642a4512ecfde1dc92a38394589372281ae9f937ec000165599a49

SHA512
a2e689e3cba73cd311bf830496cf8834b7735391ad4d173bebde6a7ded34b2ba25904d442daf737b5fb2fa579d2bbec9e686d10f1427438eb121bb677ab4c56a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7793bec0d17ae804f0797b4087b29b1d

SHA1
0acb34d0a52d3d3f55763e45ed3cf09c29772748

SHA256
26c441ec98a796edc805c902601c42157c7e0fa4a4ff4a44c43b4d8957dcc60a

SHA512
9d56588c7d4c16e41769bc7837cf5e011515d76560ed4e8382f3fcb8fb1a157663553e5c8b30c56d9b7edcce537f42c81e92d84913ec9134a27447cf81c46207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
ae020b80edb884f58314b4dafcd1716e

SHA1
41432ef14cbe9c8ef9104d3439a8915d8a59f1ae

SHA256
1f53306a3f2dc2d5cbc26ccade6cec540da7458e5e394b1d8c13d2392efc185e

SHA512
d95ce48f5eeefcecb31a630f26ecfd9b70a1d0862be6c5b698074658f234bc95c2b77740a8a02e4b19669b8fc42131477ca123d013d05b5abf00d72dd111faa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
213B

MD5
046cc08d163fc4578cd1b77a5d0965ac

SHA1
92f503e605c30974baf385f1619f1269b81dec57

SHA256
693a60684aa9ff4f01cb6027e9c938f4701c0c898afc224a0776cb1e18e87166

SHA512
e8b1df36a237bcbbad897146ca247edf75466b2a4030fec620c46932b5c31137f2931cd2758534e4308aed3fb9cc40edf2d7646a38530bcc5e6d7069c19a3b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
1ca793369359462e01dbb9cae7e9546a

SHA1
e8731f8eaf110f9255d13296ca8ed4eefa5348e4

SHA256
555fed996161a8e17daccd18339db4b0fbb6b0b97bc44c41f2e2b7705994c51a

SHA512
3b0c663739831095554ac756c8c487c8ab8cd7f210524f833b0f11545f2d7cc254726a34e8d681261f4410d46439857f136496b1ea8c35ff906d60dae1f39fe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13368331785266330

Filesize
3KB

MD5
5b2b4d023b0089f7619c5eb9eb021559

SHA1
693684c2cbcd88afa985673a1e607aa9d959bcd1

SHA256
73a4d65c1d9079d0fbbf8ab60139ab8f6e79e23c5b0f96b0bc436b9439ab53cc

SHA512
aedb7579e7b63476860e3b20fdd9e4d35756af3c4769be627f72d236e573f21f3fa7b37488e30c10c778e9f25eee9f8efc36a49b61f0b7509f7510ee5ef118be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
9ac44d0d42dfd949a875e083700d8654

SHA1
2d20644473a804e7edad59ab5b5089b3e26e05ee

SHA256
9c19e121b904fa75954b53843b0d0c55c9fe699f826bc955b4f3dfde885e7c74

SHA512
51c11de143c5bb6d8d7507b19952ce23aee4619fd791d964cb75e91dc856b55f6ad582ab0af7286451986b822d083ac8c399b168e1f2a3d761fd2654165bc0c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
176a0c3e9e349c0fbbe2e7b6632e2cdd

SHA1
6203399c2b0b2d4543bddaea7b35662ee6b60c99

SHA256
25346bcef054fc8a5b5d0847f3f20196b6509b8550a9de51efd9193f1f4c5ed2

SHA512
f421b45f33c8e173519bc283db73b02655232d5d4769e6af4bda9a66be24a0e34376004ce89e307dedd6f2c2f74bf1343aa79a0268994a60b4fb6350d4cfa511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
9079226d2b1b999d16a7e7ea4b7136e9

SHA1
5d85b3c13516105cafc722d320c6ecd30a414a61

SHA256
b7064b22366097213c47a7b7f758378d927025442eff43b7dcfcbb0988a5f30b

SHA512
e6ae8772a7b8ce3cafba9e36bab93283589c49aa2ef6d7363de58f7d263c72d96f1f14440eff9be0ffb4829829a04deb8b4e491b9136efa05eff65202b17aa7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
33fd099469461f5f986d96e228abd17d

SHA1
a73fcd0111de9836a27047353c50deccb7c86210

SHA256
fa5e0b806ba8863a4d8c78364e161c94e06270a0f3fd497fd7f589b38c94b277

SHA512
3ebb2a8be41aef4275e06385b8b21aba0062b4f04b894f7e50fd256731361ae3039ea115b38f5f3ab27565653ddb36ff0cfb2bc6cb994e6f2270eeace8e7fdfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
0469291d7e91b4cb943c0911abd157ba

SHA1
738aab51df30a84c49476725732de840376216cf

SHA256
3851eaa93c28b3efde9f1f73728aae18dcdf808f614a61cff3a85fdbfa73e4db

SHA512
24b603d0e04e65666eccc45d4b030feb2078bb498ed31a8e0890def1bf41e6847f9cbf2bc85589a323eed7b91463a17cde5442722afd643b2344bbe762b30271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
f486067c01258d4d716fe35b42e442ac

SHA1
0ba133eea5b13c279b54ab384c783ac5ae508048

SHA256
485e650e18ff541ef970b29f3abfeae6a10f94e4bdfda2dbfd076dd781b0cbcb

SHA512
fd7f2fbeef840975258655774ce174775231acff6f14a7887b4f29f1f595800b0bc8706b3befd2d563816afcc996a96294e3ef3603ceecbdf8ebcf9998846943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
c4b9480e91644337546c467d8cbc3d3e

SHA1
f61c6648e346e3061daf131f6410631f65b2f6a9

SHA256
1ddd001fbc6c23f354f0dd92a6b3bc7a99444b7d3a8930f18130ffea2b94df76

SHA512
000a88118ab3de60599e044b5b410f1ef3cbfc51ce7e1d49d87d9c9e5a904adfceb0776dac5f90f9f8618530877f9d058d04438a113e0f257c50ff6e775efa6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
1d638f3ce016a5a04cb9249256718465

SHA1
dcdabcf62334ab2f279ea8c50e13eddd901f5d08

SHA256
cfc15ff55e0a023243f2f3e9b439ba7de09129626033fd83bf66be7c387123d1

SHA512
7c6d3fad86e950892bfd3b1d9ee73975ccdbc11c088ca30b372e5d1fb8ff62626f425269c7d8a9d90c16a103e443291c542accc373dd979b856032171a2d83d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
b882dc10e2dc8166975a60906a2b563a

SHA1
e2e3dcdba82bec885e8a753d1852a7cf64db97f9

SHA256
31090ca9237fbfa66031bd11c1f02ae29c3b98084cc51c30efef5d229379e718

SHA512
5d307b4f13de26500e4af356f8950029ba48a1349d58abf5d694fa3146463cc9081da1b2b7d41bd0aec621b9eb738d7cb35bdbf621bfcf7af2c71d64aca89e88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
722dff9301866dfa26d3afa3ae42a941

SHA1
cd5566c6d035a62b1d908b81720cfb0d59da390f

SHA256
67dd5b3cdac85535dc4248d2567f53bd4374373f86cffb0f1477422a40330ca3

SHA512
667ebc78c65639177cbf1d8d329883c47a410a9ed2f1953a1724c2389e589aa7b90c97ebfda9c25bb789f9035b6968763cb60ed8bd1ee07c7c886b9436b0fa37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
599f410b1b988818b4fe0b1b3177d31e

SHA1
9954367dbd1e8f4c0ad67a597d128278f8cc826b

SHA256
947960336ddad0c4990e345daf3c427520870044593b98bef749a4d8f99ae39e

SHA512
64321305153f1aafde9089be0cf93593c852d83e92ca86bdbbc5b62f07850c2444fe8cc18d1fdd3eddfdac3c75be09b054ccc5702195cf5306876e39c15f4c1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
294KB

MD5
42146b95f6a6547bdcdd212db53161f3

SHA1
6f4eee3b6200978f631592eb7816a8267f2445a6

SHA256
562dfe82bd16ffdffa479b661c1ad2b15de8ca94c7a44621cadbf1285eac2d93

SHA512
357187b20a4b1652b59f26e8bce350f999a70ac8e6a431968ab8bcc69482f3dc219bc67b570baeb231a5f4f4c9073b6281619c594a72f39d2f0893095275a9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
294KB

MD5
d834c3a14c262afbdbc9843f3ba36e31

SHA1
aea831be0f5f98076d5f1cc2bd1d2fbfe8d5ad8d

SHA256
4702e5b2b5363db7ebcddbe0cec67d3ef706736341a48b629803b7bae8b2c95b

SHA512
fc38fd6eaf5e02996a2b5d5d5f809dcd3b68f98f3031972cf251df91dea299567da16811a6560a70b8131a597e63ae943d719bb10806fc8801fbec29f224fe17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
161KB

MD5
a135e83e8efec86d06c5958f4d6c4c7f

SHA1
f6bbbd46a010b66225391f7d6cf6fc8983b442a0

SHA256
e297be51b638d64531c91ef46b590f39814562879f40b44bfa80ef64a8f6a33c

SHA512
305686aa6b6b2cb7d3847b4e6401dea2628cf141e30d4c2cd43fa8508b44670b9f7dbac86a57c8ee904c3afc013cc632ac3623b1744a057f1ee9d3fd9445d565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
aed3c95a37eb56b9f5d760cec5b6e114

SHA1
58e92c05cd399e1fdc30412603a5a0910099b141

SHA256
f51525039fadc773620c6d7d59098de44251010f0f628b6079bed764349fc265

SHA512
c345209e75358d4cd5e168fa36f42be2f53d938ddc917495053fd03054483d91ac002a73c0330821282201ee4536790aa88f31d9064d734826690a4c9a2d8a17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
4704757de87d1ef161ba3e0931274430

SHA1
5c2f23bc4f2d6cf4b9b8e04a9753716159b04456

SHA256
c05d955954417219d07c711cb61be714df87b7d8bf05b4e11cc6eed17a1b5495

SHA512
270b528fbba74f7e6911390f164ccea49757dd88afd7bf2ee3db3fac108bfac9f06833b7ef3cf9d4a44b0d5d1b2c4491eba455bc460269c101862c62b8160539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit