hxxp://femboy[.]kz/SZCZUR

Analysis

max time kernel
85s
max time network
156s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
18-08-2024 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://femboy.kz/SZCZUR

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133684781993272437"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe
Token: SeShutdownPrivilege	1420	chrome.exe
Token: SeCreatePagefilePrivilege	1420	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe
1420	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 2716	1420	chrome.exe	70
PID 1420 wrote to memory of 2716	1420	chrome.exe	70
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 4448	1420	chrome.exe	72
PID 1420 wrote to memory of 2456	1420	chrome.exe	73
PID 1420 wrote to memory of 2456	1420	chrome.exe	73
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74
PID 1420 wrote to memory of 336	1420	chrome.exe	74

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://femboy.kz/SZCZUR
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb6d119758,0x7ffb6d119768,0x7ffb6d119778
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2668 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2676 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3040 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4968 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2716 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=836 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5488 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5052 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5796 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6136 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4936 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6128 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5832 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4424 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6416 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6332 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7052 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6432 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6936 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6972 --field-trial-handle=1744,i,15844289618355952781,671078090175685925,131072 /prefetch:8
  2⤵
  PID:2968

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1676

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x200
1⤵
PID:4236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bde7940abd784d91f9236ffeea928533

SHA1
1d994b328619ac40307ec13707ed98f692e43e01

SHA256
e54c95fa9510bd1c09c70fbdd534fa96b9add223be9158e32c12173572b3ecf5

SHA512
61cdbdfe8a9df3aec8a4281912075cef72072c9d6f96ab74e201fe532af138883b50223fee268a8e0121afebcfce1c8036307cfb66afcf2582dc76eca27b4f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
6a9f8a43ed57be66a5a7b597c3bb5c67

SHA1
88a5a500d8eb7e2998a31038bedb0530b3f57d50

SHA256
af5634624da18af64b82d34b72fdf42c74b407e1c091bd2e0541a8b339735107

SHA512
6e7b8f81faccfa4f435d10908dd2936cc247704f2b7abfd16109300861fc51632e9fb06a88e7e823df4d89d6b04bde713cd68bc0bc31a5cb86c1ebec1947a816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
419f54db009f0fb69df178f4a27d113d

SHA1
1059657cbc9464905586b1f2b2b874b971618d7b

SHA256
145b129bbd8d4533b006d44df30de3646e014d12a56d22adfef9e5d75aa9bbd2

SHA512
49a87bc5b6b278ecf016a59585e0fea6a47eebb5ae6bc43b13e5220cea14d77efa78db4d507a189cfece8890bba0dfcbbddd1a21d45b2591f9234dc17e1077a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
176ba076eec3b56f16489c2cf46a36df

SHA1
af2b0d782f5231af94fbe7363ff149815134d878

SHA256
56f625472381286244eb76290914209490cdcf2445299d436480f1583919a6bd

SHA512
77e59c255e0a11310c3e7110fd6af1f782c2ed1044ddeb433b9e5922276c92d2dba512f51ebf0eb434deaea3a2995be00039afd19e8b70826faf367079a8c09d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6871732ab12ee1b4ec9838b7849ad109

SHA1
aba624c0b26cc0b6182d3d4dedc1cc031190a862

SHA256
9cfc1ce755400b5d9ae81ea4d50f36481254c2024739443c1d8d93c6f00f5c9f

SHA512
e79a97504afe0b1a4bfa013f97e355d06343eace40821ea429e5abc0dd256b7e391b7c539d638f073fcf0f5f154c9585bc528debbbb16cb7fa64d32aeb35a340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a63765cb17de92140334b34a6b8db6da

SHA1
1040ebd5c1c453cc5d1ee17e47623a08ef53f617

SHA256
0e9fe4b81b41e12b9f458ba741777f68bc13f332b8f1fe8f2a7ca00ffa42838e

SHA512
6c6838049b342cf549fde75d9ba49fc3f04838d029542abb6b644ba61b00944692e6442edf9b4fc4b6ef6434cf89fa79e11265629f5e16284c329491aec9cfab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
408b8f8280162034fda9d98a5eacac85

SHA1
6cbfc665bb78b4ffcd4502d7fe30d59bad102319

SHA256
2bb2bc5d5c26b8949c08032c3fe3a0e517333d5dfb68c2a0081abb5e0beaf705

SHA512
2708e2fef02605afa02a600339f1f48d771df415386c48380d797036024bf8698aec52079d1bcaccd94f5d702db2c4f57d3a3980da6a38f43df2fd64516bd9cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
540B

MD5
3cd351facff6ed1512ee94e9dafe5a6e

SHA1
a5d73128036cd467e4760b1b544651d58db085a7

SHA256
675c7029092f474ff19339e45bfca2bb3bf173a779332fdc0393677476330992

SHA512
8564d3d15101a526ef047f3d1249068346997d3672562e42de8df9cbc7a5cf2bb01f32d9d5ea93957969ed128244f092fadd6f62d6fad7455fdb0f331a7f28bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
97ea106f430fd22baf038361f4b7c872

SHA1
7d1cd53f9d060fec6c6fe8ca5ad1e9b3ff0d7271

SHA256
bcbf3ea41cb8eb4aeb3610ef5ad2e25e4a07683a2e3117ffd72d3b0e5a21c463

SHA512
63847e9688414676cce6a21af52f1d69cb8905ccc6bc411ba9196e14de64e5eca90a09a28fa9348cef688ce86b2e66f81928eecc1e9a868c46f8be51e8f35bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
e37ceb3949802cdb25169dc14b88c9cd

SHA1
c200dc0d46c3d11feec9671c83dce20eca83461a

SHA256
f7d2c7b9738bd25a4217469de74389b0179f649c8fd95c8579ed46836f6d727f

SHA512
12ba2cfc52b210ef81fa2b85c4aa6c3e9d07a855c4947bf01a34685e773ba55e758bdcfe843412b5791dfa5a71db41037101108e0476e003448df49cc804abbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
540B

MD5
1d10783defede82eff491fd0e0000b4a

SHA1
7837ddbce25264eeb8d031bf316a8c99ece73028

SHA256
b8109c1111c067cb82cbe5d447cb89e4c71bf09f7fffac90c0ce2c420e206ff1

SHA512
14e6ed5d5115559210a6f0d752c3b060d17179d7c22f104920530c01398c45610a1df43aa39462251e4a70fad32f1729c02e45c66deba2aa348bcc21ae7b4c77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0a3e0cd7f4005ef2029410a9c874771b

SHA1
682ada22d5ba7c98006b682e72ee819fcea52895

SHA256
139a749fa4e16b0ddca6035d3c0ef9ea3ba15eb2b11e7f4b24824006ccda5cfa

SHA512
7894833a20f7ef1ba368e501cb0091decdf663485ba8ae60f2752e8e43c1ed31bf37e1c7099d286aa4754042b5ae8592e8d22a2533e901ac96794fcd315cf951

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bae1b10351f3442c4b854d01dc765dfa

SHA1
e5b370090fc9943d2b6b4cfd05a8df0bff4ba0ac

SHA256
35f8b89dcb067fd5034d10985939502c14a3e0f51dd9a9d190360c2eaa0ce44a

SHA512
1505a85ad3d9c39e88851c7ab6dc5f7d922adb41c0e9804cc19a794ca907db8280139b6c1125afcc67d359f677d617e0e30db292ec9604bf5d3dfc2c6ece7319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
46da6f6e3fff8e613c06b40e388e2561

SHA1
b77f2c3a32366952150ce9bd4507742ea99017d9

SHA256
a57ba1a6e1b31cff29ae8e92af9899fa9af775cad635780e16c76b98d47218ec

SHA512
e4e6290b6dbf4b01628d3e04f5dd156fd0ba2ab1acbf6fb8e2b36b63186f85166e5d418bb27ed1ddb54199e7eaecad53b8438c6133f09fcdc03ccf0a87b4c12a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c9e17b346defd654d37f2096a7754d92

SHA1
b205ce68255d7a6fe54dbecac1dfbfc94c2dfdbd

SHA256
ad3aed6b091257a35ab613d0f1ec315feb7debc6f6e3e684ab5214f154d73516

SHA512
108efa99682c1ee9996eb0961ee4bab4d1f4d32009ff7cb08311cd85a571693792d33137fb39f2e9f84ea73592c60c173e57c8e153b744a03c51f4060828176d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
685551b7dc212eead5e87916793c17a8

SHA1
a7e2057fd8273535c3a9cf7f6a550cc155b2ba3d

SHA256
aab33e727978405b87bcaae9f85665c8256e6e1011cfce9e4c801b0fa5c5454f

SHA512
02e11f90c22ec1dcfcbeb4e3e4b628aa502a04a29f54f502d7c0fb62a547ca33710401d1d2f77cb4d7a6a61f97062ea078d70471885497c98f9c641c81e909ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cc5b266cf32a1c8382747487594cf618

SHA1
317f0e4d3c033e960a57ee93b5b1e105f6b69cc3

SHA256
feb59e797338de5b7c29462c742672b41d2abc8a9d06c372a4ce01889446fd71

SHA512
a988485830c20d0ae20e7b7e0c8e63d412c437e52d3e85047f3a6480a7932e3326b6e02f1c15635123ddbb631b8f178db21269502240597ddc9d6918af9a5185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
70918c950d21a57398541261beee12d7

SHA1
1ddb535586b08e50ec4c54cb8b50f109f791974b

SHA256
875d018080e8b61246f344628bfa6db3ce5747fc241d40dfaa781fcfcfade823

SHA512
9df8274241a1176948f2e06bc54d44a06c812c086e56b4866f50ee0507a841b20b02e9b3fde9b03c8297e9905bb2779352a7fd631dd047994cdaff449e734cc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b7c683001a8cdca637150614690316a6

SHA1
6d57ca86cfdf9cc690f5fc972568ee18810b183e

SHA256
cf1414657bec323877b3c347036cfb86df0146f51f7905fc1b730a52e8e3a194

SHA512
c1c463e4114392d85c94cb361007674c0e0dacf2270d675457f0326f5b880befd31315e064003343abb2bba4e557efdc2b5fb9ed4f080db4e2d15bf38f739931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e79a52f31b1f05a69f549598d671d103

SHA1
d1b6ab8a7df8e72757e023652448ddc8acb13baa

SHA256
3bc4f979f9156621d4ace4e6306c513d5e806c6c4dd9023fa7872fbda69c3f1f

SHA512
5c737d619380d47dd587b8dbadde1a636889371dfd14df38414cf02c366b97fe4b7f7d609051a7091c489a4a2eb290f015e9cd36bb5ba7b05d47899bf0f4997d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
00052d365686f45a6e5db8e6803c5210

SHA1
edf53f151895e750ae5de7fda11628ef5d2a1e93

SHA256
688a759d87cb4365a44c4bd5dbb7ff7144c9b9761b9050773862dd16c64719d4

SHA512
ea8c24303c97b4f00d3ba1a8fa299dad49e6d410c0efec1bc0eeea90710eaacea61a224a0ac9dfe36bd754cf27f85a577458d74b0f3fb0d0b939bc50a8f6aacb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3e8d12812b8aac7768dcd74f21fd8fdc

SHA1
44f97b57f7db5dd4c8b9d4f6dd32e2af3b1bcd65

SHA256
e4df7ab68160c9f689a1880ec9e98ad01f83f3a9c833415ce07fb65a473a97ba

SHA512
e5d8ff415ae18ef9a48e239cb1a6fd2a1cf82c5eaacc76776bfeb935e28d4529a46596910fa1bdb1a680dc52175b4dd58639260ae59810107ebe4c09ca66d1f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
044f67b891ebff39bd708dcc6ab74d35

SHA1
4253a75505ca3c68b5b7760b0abfb7fd0c5f4e6b

SHA256
80a29373058efceacdf75a7a1e0a9e753e19165c2bdec031a0629727792ae1c0

SHA512
3ff3c29f062849f0f9ceb3a79629188445b23bfef3a9a37eadcc5a247eb2e8a5550f8f6e741e90c28690387eb3ba36a30f1a9be560b9d1bdb64d749eb700f243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
a616be4db748b6c8b3b231111f4913e0

SHA1
639b4a0d96e7630634b2b7af2c782c2a9f6769eb

SHA256
c8d061f984e353d948947c7f45a569d03284e980615db461915862100be17d07

SHA512
77b740b94f745fd0bcd7be15f4fae7fffbf4636e9c7dc773defa3fe32d596b26107a91c62ff49fe3aac36dc7f9af8eb9dea42b75bb984244ff1e75d6db2b263d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
7b72a84f624413650a5b71a4c1b34fe4

SHA1
732d34a1a2587ab5d090459dfe94b662d78c8be0

SHA256
58bd976aef6e908100c7461501f05c7a018970dbbf747214494cb7789b3aaf65

SHA512
8d6325d318c6447b1560d5a879a88cf077bebd4beceede2c62fb4bcda57e897ceec7ca7f4a34d30396082b3549e8fcf5be5e3a428a4a159f4eedc3d8cfb37b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
fceaa18367794de45a109c48310f403b

SHA1
a0c2e314fa38204daee1e82c814970018b9f2c12

SHA256
364233a1f451ed0a8664eaf86c29f944c369703a9c38815d03187edc801398c2

SHA512
f7bbbc6f814060a605341050d829539478a0b5760e401beabc76e9e69c815ed10b44cc5563250ccd218bf74af324d6b9f388aebcf4f38e4d1ceb8df634720a66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
b4635a7f5257ddf4a5c971ce95132461

SHA1
c0aefe5b3de86174f7240592934b1b3cf7538139

SHA256
c6f794cf668724861d7de8565fbc4bf979d949ecf0723ebb5543a947a272bbf8

SHA512
e8109185f92eff34400be1ea72bf4c30a682f99c1345db54ae7aee60935587f4dfb1f1e6f798801b63c1ed0c766f135111d441a53a952d92e17172fa0a3a1640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
1aab75d43b63ea380591c28a260c636d

SHA1
ae8539c5aec9100d501c1d2d96d41e93dde00f83

SHA256
32d90b95b6fd4a2f2a70b97ad483921f21696c76b5acfd0338683f203c4b4336

SHA512
81aeb23281182071d564f02a4d07dd307fbf658af580ee4a6208e1f1f156c597cccc674c6e552258e43959d533732f0f02b9e6dff78f92099763eae4af6c1d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
202KB

MD5
2d1401d5bba2e2c1a2d1f7d81ddaf1cc

SHA1
0f416ad3da82a0399685dba340ef689fd42abeb6

SHA256
0babbf1b0b24fd18746ac603806dafdb6609f04a35b4d770c8c8ebb349d7e0a3

SHA512
4ae4532ba382847083e87fe27959ccb5319198fd400c9103d780cbecd21a400ba1ebb2731db64138ec06f1f01d922463a839e8a3ebd301db0f63b9f6fa4351b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
123KB

MD5
2736827ecf3fcad5cff6e848631eee73

SHA1
ca43bc979bbb251961a1ee79f84475bfbd725187

SHA256
c4d03754d46c060037983f7aaeea0588519cd837a4069a3a4f8696fd5d4449e4

SHA512
06f42dd941cc6741b58a666fc9dc275f0e465cc386d64a5d171f81765ae5af67abff73320a39bbfa2c0b501139e354067269ca6ba46289ed778b009c577b0f24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
a99bec0182d2cade1d749cfe19cc554f

SHA1
11be668724b3e716941f4c35ee1b4dd69c607ed4

SHA256
eb9c635b8a361c06cfc7e9a3e97d103329f3320a1f4032813bc20f99a2e5a40f

SHA512
ac05b9924c3ef16cb81ee4823acfb524f40541573736088acc4ae9c38476c62b2405b57a403bc750bf4429a7720573f99bd48fd73e3e5713895f8d215b44cf77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
ce119cf99402a43e797acd7867d7bae9

SHA1
478a3b3aa45f8003a10893adfc5c5a2f8683223c

SHA256
3d6dd773d516f3ee096e35d7fb21498fdf87e6a0c9d1d82d7ae2037c6c1843d3

SHA512
5132d6b6123146e8d565e6e1dae207c650f47ababb2d18f40ebcf971e12e59ba723cd95a99cbf7c681a8d8d85b3896204ff4a203b5fb7e9fc3f1edb3ab96373c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
122KB

MD5
cf00eb253262ee3a0b1ce2c724790e93

SHA1
e3aca25f50dc9b3f04a928e6a088f0e9cf21f2cd

SHA256
637dcac455a7203bb0fa91ecf739c5f2aa0f42130b558950243f91202c3a6cd7

SHA512
a3f14beeb9c63a3a913325ed551064cbe4f51edcc93c0bbbbd3860969493f61897cb386abe70c6d6ed5833bc3b81f615aa3e72493e64667b2c7c641a92e07279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c6d5.TMP

Filesize
95KB

MD5
b244c151f21f68bd3bc167073c1f9a1d

SHA1
c294d8b1845cee6c0003415fcad51b1f2d4762c2

SHA256
94f5a4dbeb7233db648a4f8da6e8852c5705786ed5bf9aa078aa8c4f733db6f7

SHA512
140b7688cdeb60146432500285cdd87ddff63ee89f9666d7c92bb7a26c2f26b98ddcf7597c1af07a98bd999c07e2450836d59a958bd4af42fa93924d6e0ac248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
f93ad8c4725b61cabd14407ff8d982fc

SHA1
1f615c69c67350df5f470996c53491707760c984

SHA256
9536779c85eba7a3339a6c30ef154cc0ab1f9dfdd9fd175aa28b878b1215103d

SHA512
3c9c4ec4efffa01f27c054114989b30d5fdaad2a0d14fb5326865b28941060559f66c00a3492a602b5a9fea6b508da3889b1ed9f9f9698d95cb262d935207d10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
2ddeed51152dd45c5cbbf377777ec3a9

SHA1
f8f378da072b457c8c122e40c88d75307cc10a17

SHA256
057e8ff3a86afb176f5927d5fb8cc463bb57ecb68a05ada64f532936716480cd

SHA512
e45a94a83732d9e3dd2ef22dbb6ab00e522ffc3e24f1f39b8708a6279a33b2f6ba9711f77d87ae6e726abb61e43fe526bf9759f82076dc715f251e2195db60a3

Download Submit
C:\Users\Admin\Downloads\media_images_ptok (1).jpg.crdownload

Filesize
4KB

MD5
0d9406f22c33746ab08f2ae809c4e029

SHA1
f85811fbeeb303d78ed6e029593fd80ab0c15ce4

SHA256
7b4efa4e224f9a9befa780cab54fc03cdc1bc6d90d78dda68856c1b91e26b9b4

SHA512
5d047ce63a638fa81cc526be6feb755a53a168ffe03abf602d5ab084bd3b89c93e05bbe9edf4bb42c0f960765d264272a29bdd44d1b4b1b7778171ce9fe4edf2

Download Submit