hxxps://ee | Triage

Analysis

max time kernel
1722s
max time network
1724s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
14/09/2024, 11:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://ee

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions\Cached	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3073646748"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31131292"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6015eeb79c06db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\LowRegistry	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3073646748"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d2f27e7ae21914c88cd3d290b37d85b00000000020000000000106600000001000020000000f925ee1cdc79a65191b34f049fc0b328c0ea44561c3edeec3e67664681a2d37b000000000e80000000020000200000001095f9039d0d12da2c59266071874d4eb4e3bfe268a76fb45f34336a7081c27c20000000ab36cf646a3407b2dd411b24c525bc85cd093bb55689c5790fe690925999707c40000000cf879468a282ada947fff0be2c02f5ad52bbb325d12f18784c4e1b2c039334ebc2fe2f4a48430010ca783b867588f6c1f5fc193cc3459c03a2026040b7c25b8e	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80bddfb79c06db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E2C04E2A-728F-11EF-92F7-4EC59B34A973} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31131292"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d2f27e7ae21914c88cd3d290b37d85b000000000200000000001066000000010000200000001a524fd8aa3449d0604258bea9f24789b710a626f18a04aebf18e737fc106f07000000000e8000000002000020000000e31f86698b6132511b69ae56295ae6051edabd6a24e13050068af780685c7f0120000000d53bd35bc15c6235b5b5f877dd0f313b120705f203c977bfde29d99856f81713400000001b526917075b17737725015336bbcfc317d2ecd4c6cb9970cb7e5860f5e53fc985f2de26f95f09de53145f392ab579011a760bad56308ac2584bc28f05175343	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133707877921867259"	chrome.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200"	PaintStudio.View.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4436	PaintStudio.View.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
792	chrome.exe
792	chrome.exe
2432	mspaint.exe
2432	mspaint.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe
4436	PaintStudio.View.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	2220	chrome.exe
Token: SeCreatePagefilePrivilege	2220	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe
Token: SeShutdownPrivilege	792	chrome.exe
Token: SeCreatePagefilePrivilege	792	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
1832	iexplore.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
2220	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe
792	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2432	mspaint.exe
4436	PaintStudio.View.exe
1832	iexplore.exe
1832	iexplore.exe
1504	IEXPLORE.EXE
1504	IEXPLORE.EXE
1504	IEXPLORE.EXE
1504	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2940	2220	chrome.exe	73
PID 2220 wrote to memory of 2940	2220	chrome.exe	73
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 1564	2220	chrome.exe	75
PID 2220 wrote to memory of 4600	2220	chrome.exe	76
PID 2220 wrote to memory of 4600	2220	chrome.exe	76
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77
PID 2220 wrote to memory of 664	2220	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ee
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xb0,0xa8,0xd4,0xac,0xd8,0x7ffe7cc49758,0x7ffe7cc49768,0x7ffe7cc49778
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1848,i,9625808890191923828,11113998434227988042,131072 /prefetch:2
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1848,i,9625808890191923828,11113998434227988042,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1984 --field-trial-handle=1848,i,9625808890191923828,11113998434227988042,131072 /prefetch:8
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2632 --field-trial-handle=1848,i,9625808890191923828,11113998434227988042,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1848,i,9625808890191923828,11113998434227988042,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3768 --field-trial-handle=1848,i,9625808890191923828,11113998434227988042,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3560 --field-trial-handle=1848,i,9625808890191923828,11113998434227988042,131072 /prefetch:1
  2⤵
  PID:4808

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe7cc49758,0x7ffe7cc49768,0x7ffe7cc49778
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1796,i,46862516093287414,11876190810724283795,131072 /prefetch:2
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1796,i,46862516093287414,11876190810724283795,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2072 --field-trial-handle=1796,i,46862516093287414,11876190810724283795,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1796,i,46862516093287414,11876190810724283795,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1796,i,46862516093287414,11876190810724283795,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1796,i,46862516093287414,11876190810724283795,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1796,i,46862516093287414,11876190810724283795,131072 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1796,i,46862516093287414,11876190810724283795,131072 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1796,i,46862516093287414,11876190810724283795,131072 /prefetch:8
  2⤵
  PID:408

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2948

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\My Wallpaper.jpg" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4436

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\SuspendConvert.mhtml
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1832
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:82945 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8f3843a9da63a7c396a894b5865b2f67

SHA1
2e7f9776d1ba8b15aea00d84eff977929ed70022

SHA256
76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a

SHA512
06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
82bf03a8a285eb26364df74ca73698f2

SHA1
94bec0d6af9764f7e6bb02779184296aa3de0442

SHA256
9036893fe4dab222503b346a7695b5980a3e095685a6476a331406d403c6d012

SHA512
4ae1bdf221c48407e968535b59fc12fb4175eecb43adf79994eee3605848ecf93b0f40a6962014572b3815e4b61d75652c2e9cda6239dfa6a0cd7ed6d38abb25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
dee8593f328914e2cc4169dd391b9d34

SHA1
439f828808729c9ec9b3f5998385153ed07727be

SHA256
fb42180a45ca7f24641dec154e6499345c72e83c5fe30324da83e8df0a60dae0

SHA512
2cd691adfb8f97da7f4b555d29f8cc7ae9b920607d416b954fd22a8ca9db459dd56bda24cd8acaa2831088289828530cc10d49127e0c8373ada94aef23d985ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
df2fe133c030656a32d5aeac7481a4cc

SHA1
a76c245d0680440afe1c19d48ab60b32ed538f69

SHA256
3eb80a872b5b5b940f8ea66e0ad1010d15ed25f4d491dff2a44a8d8cf0b49467

SHA512
69fb51efa143e5a3ae620f35ea8912eb549fb4ca0cf600b4313f93546fb735d84a2c815a17907c349b84fe8fcff50429ec39f6abc1265ae684747e10d3ab8d2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
1532a20917802a105719bdd8ac2739c6

SHA1
37d0a94a1ff2e8d3fa33dbb3e216326af33893ae

SHA256
53c12399141b4840fe07ae15a7ff58ed1d555a7cd9bdd86944c3d64f1f2b0f42

SHA512
7826b7b3ada40bb8f0d7d64d27f5ef6b85be60c5dd6624cf843259ec953f8f0ff50fee47fa14dfed175e2919bb517fb1475bcd5d3250b653ad68746c5c1dea5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
484B

MD5
d7bd40595bb76d34643c498fc7f8ff3e

SHA1
e0fc56f00ea0795c9de765042eb3ca01133c991c

SHA256
1915024409ee060fc2ef17d91a2a104fb181f49d120688cf84feecd13494b6de

SHA512
a580a6c970a7e90792e722ae4d3609e3b34fb74bcbba15ac3ee74510cf44e65b1c8a85a32842c639d5f311a6508b24fab531acabbaf9d87d08dd16dca0350bf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
751B

MD5
52417c9bbe30b7f0b0a4299421da2a36

SHA1
9ab2689adbc52442412e2634dfdfcfae29faa4e8

SHA256
28ab3381cb52a37f29e61a71f6e6ccb93a9cd0a0b583af8289d9d15688f1afb5

SHA512
8f9179f0c814fe497445612cd359ac3742fccd5d8de6bc7c89248874aab87f5bde7b666d813f5e04bf59d0cbd5cfd08b2e82d913f1ed2b232bf2567904083f25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c9856b05b2f6931726804cdbcdf6e510

SHA1
ebd713a91b059848f91f02087ff559f0d4c52c92

SHA256
ea86cf019be37a8811430cef16da687a32e7316504fcfd668bef5e9ee06d4340

SHA512
1ad774022977743fa26f11ec8e747193e6834dba359f721724f33b9cb9d2ff0f22d66dbb9b69bd40466cb252091e6548131edad228f9662270d95b842a605ceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7d2120c020e02b642b0b828c6bcfb2a3

SHA1
a4c4a95847764b737f189b682e2a1e34e8a6aa4f

SHA256
0442477678eb5d7d39838b8d666d20f497bb8f5c5f7b9853060468eb17d93b98

SHA512
36798a271465593cfa99f8eab5221dbb73cd976cd7dabd4ffcff75fb697c8930b98e1b4f8b183249fe5b884a88e57873b2fccba6f3387bcfbd0b8d71eadfb732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d1c77ae3d4f452fb8df13104cdcdec56

SHA1
53dba17549d95cd0b4ee4c531d768770476fbd1b

SHA256
22f8b5883996b300556d8ca4181b6351841e70399e7881c8ee04b0743f8f1b7a

SHA512
4ab731070405de6dac5b51bd68ad6f12654c2607fb7e628972009e69c4ab7f4eede626c29d4c6990abd822f775e54dca1157f9e0e47e998a423279089fd20d6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
263ff085c5d3c4081c2b624250a58afb

SHA1
71e39d335279c3a6af55b10b3850b1be30b23541

SHA256
f484d635882e6a84131e8d3a3a564990c9e150e619c4d513272598ddc238d84d

SHA512
38c6883710526920468c32efabc4ece7a52b15705d57f0c4c3619c123cd6093a183e5bde68730d8b9588bfd63821013be57fc4248d925f55c391231c662234f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
e5e5d40f2e4c0de41eb7822f30f6499e

SHA1
b0082eee198f1b65e9ebbcda94eb91c7fcacc0c6

SHA256
637b295ab26797e675b59c38d8b61fd4fdbe091783df327126a682e8382c0bfe

SHA512
0a4c31198190bc2d88d5b8875bc6531c67e56fa86b10ad68b9f63a3f4ab2db77173c0a59aed886a7c2979828da44a50ba6ca81de62f503578b052763a652621d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
213B

MD5
046cc08d163fc4578cd1b77a5d0965ac

SHA1
92f503e605c30974baf385f1619f1269b81dec57

SHA256
693a60684aa9ff4f01cb6027e9c938f4701c0c898afc224a0776cb1e18e87166

SHA512
e8b1df36a237bcbbad897146ca247edf75466b2a4030fec620c46932b5c31137f2931cd2758534e4308aed3fb9cc40edf2d7646a38530bcc5e6d7069c19a3b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
e06d5ab6febcaa7984f6bcb81f4d3a3b

SHA1
dcc0985e184233a66bdf371ae26642e0e258ebc6

SHA256
db40d5ccfad87ab1446b7236c0787b696c82d82e654b26f121da18e5e871faa3

SHA512
751969fc7be321373e52e342c5fc5f723519c3b6e1319c8e352a2a7e8d907b72dedf7fc54f32356aa5299e03d0c558d49c6ef900f1629ae75e50a5c48a510e54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13370786690929966

Filesize
1KB

MD5
fe11e2b52c3f6bd95d33da4944bd04cd

SHA1
ed63be8e96640c5d28beeefb67028f1a11edf51e

SHA256
d94849ff27eab23712ad92715e471e57225ef3710fda3d0b3842c3975e5e788a

SHA512
27e383a97ead190a06312bebe3fb4948dc762f982731299813c0e2a7e64c492b8f3a8b690980ee54f9e145da0f8a5bd73527710d4f56b67420a39dcd0d6e5346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13370786694187966

Filesize
741B

MD5
dfb25dfb91d9d12ebad3130d0b815119

SHA1
e7198a8840baa219ea3d7541a50f8f62df446e16

SHA256
a0a5a717cb1eb5d514f42987405c7d3af73e7cfa8f9b1b71eb930286f5bfa09c

SHA512
a9ba10717f12f79096dfde4cee56cc517fb8931bafd1991d3393e3d3dd92aadb7e02a5bfa607053f5eeeea8f752361ee1b33b30ea58b49d549d0c9e2edd5f24d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
eccdb52f9ddcefc32c06a34b094183ac

SHA1
8e3a260d17ff5d1baf4e446627601b0854ab5360

SHA256
6736f9c02ec10b3cacf6c6665571798a9018b4f186f1884a930322b48ef3c8be

SHA512
c9fe3f02dd66d438d6bc4044366d6b43c666fd648e7909b711bbc24171ea0791d9d5b5f089e91c384d1b07ea375953c215706c8d2f915068ce233b79e3621701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
a709180e2c70056fe970e1327a9de5a9

SHA1
0ec9c045de8cc07daf0ad51382335ad5516f40b5

SHA256
6db8e68bcb41ae4233d4f890d9aa49c0fd210914601b09c2df6eb31dc9560aab

SHA512
0779844cfb4fd43977b5e59c4cacbfb2cea3e7602b49a5bb3fb35c4cb9a8d16dcc377754f57dead4cf3359c4d9eb5170843ae171dd04cfe990997e7680fc78ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
31309227254acb2b50405f11f3283ffb

SHA1
9ba286678d7b34af0821f5fe7eb008335d713442

SHA256
d307701a6f81add4aea40d54b9ad6809411b10d494e8997868465128b9a539da

SHA512
f68235f1daad9f73c4fff188ccc90fafb0dcdf1c9cded6f6756bdb48d3f652d1183247e58107834030f3afd6d0e71120541714bb0f9e7c1f1180eb7f49190664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
836B

MD5
9bbadef8de8e23baf8a57c20074bc9c3

SHA1
93725c0d1826bdfc683d47b353d5497157df8022

SHA256
847a7ee98c168a445116dd4630169322169ce087a055af8feee75cb27a8d07d3

SHA512
92f76527b7d63fb41899d06b509e839c64c797d412f65e18a00c1d34cab9957e8c1e300f68da05e9c03baac87c2c2f19483fd6b8fd734e489c42fe1315a759e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
585b661b5919ae87dddc44ffc0f45b1d

SHA1
bc54be1d009264bef3f02755573079908afc3279

SHA256
7d2ddfbd0702f5ac5548dc45c6a1c1cc06c77de0e2a36cfe98e1eb28f581a047

SHA512
e856244306d8da6086269fe1860191117ba90424c5ab19486def8d23e9cdf97ca23717d9c5e71a121d321fc9f60d91978c368d388926f67e9f95bc81706b5209

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
e00309344d5f9eb2f86d72f117c1c5f1

SHA1
1ef9709f16ac19e597a96020547a3798a15e553f

SHA256
d0bc9470f1d53be34a76ed1440bad187c97449038ee4a62b893c41e4c4db0a77

SHA512
b7b687b5ad9d9c566290c2b1afd621a70db104c996b286be31332a3727411dfcd4e9ba7617b725bdb601745e61cb8d3f64254bcc0ced5affe8650692bad20761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
1e287c6bf0b88c14f9fb87d3e90a4ef9

SHA1
10e9a6decf3f739208e12634b777314fcdd19c1c

SHA256
2e96266e3c6345baa619409cb07b6c50639074bf69b2a01e8d65aca8e06069f3

SHA512
0a4dfe7cc290de7690b7c7fec49f0b27b9b9ac146f992317ad8423a22f1d2b203c02f566246e9fb88abd54055c38b3ced5a1a5364cc5e8e15db2993b0c490c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
6fda367f9cabb927607d88a6e777276e

SHA1
81e9a9e23764a3128c43fbae7c1fd93abc380a78

SHA256
e52952e594a80b7815306878065e7fc752ef3d062a62d7229a1790221cb9bb54

SHA512
5ab667ba4a2b7cb19533fa285606277d6f06a1f3bc645b2de1e91334c0dae5b19c9642a9a867395bb6048681b30bc6e6e5983c90af7788d518b2c51b81b0d2e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
eba0fbc3a59c1ca817d4084596bf08fb

SHA1
03699dfb911ddd21422f5df7e3b9467c46f7d898

SHA256
50cc3cc74843353f8499f6ab5dfba12df20324914485a183e962715b807cc446

SHA512
8745850c9ea254221e9ae640c6db92baddcb59806ad3869b2c44f6bfcd89b903503eb98d0f4460549d853015a9095f8effdbedaa693d72410820b56159f7e297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
e8b07778ccfa0e5e290b6d19ea9055f2

SHA1
177c9b71982c36bd5886b77aef5055c7b85b320b

SHA256
78798b4d0c173eb7228d2a3822afad56e863feeb4a0afc065d683d377e69e170

SHA512
535482c722785f5de9f91ac0fad5814ef3ea6d767a8eca9e01bb4af79493a17fb5f36fee8eca632cfbe43df1acfa3ee2d7939af9e68f39e9ea213334b18d9ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
305KB

MD5
707e99922ffadd0695ef5da902e47bab

SHA1
24f5311e07deb0dfd9c91eb26d4e789981fe176f

SHA256
781254517609739764eb1f2de9ba986d339d23a7d636583c0666509a737bd39f

SHA512
8fe506bbdcfdc16fb75410feee0bfea6c1354bd2db4300cfa3594f1510b6ab7eafdc29409f3f205a761e85e80e6cc684363525946f622244e267d3296a917e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
305KB

MD5
82f2cf2bef810577ad23eb0bb49d2325

SHA1
1f906ceb7990674a99c3d02b25780a0e9689694d

SHA256
455654a4686b4b86c6810864f019f579ef6274d24d9ef0b099a4a485abf3e20b

SHA512
7161f15db02cabf752f1a562d4190b93886957c5239647d75a4e9f807be52964dd25c563aba2c82839086053274b31ca303076759e463a7684af5567cb602fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
1efae5373ee0341705877a8fb2b97c78

SHA1
2d65294340a666a9867f4e65c458ad46927b252b

SHA256
62111c4659da2d742bac6bbf05d80dcdf10c67c4249a128453bf30566fb19499

SHA512
918e398fe56f7bb769875cd8b47a5c9d94fe9167e8bb02db260c69af76d8bc9f474d2ae4a513130798cdded53254e65927932317cc57fefb1935fdd6a314e768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
9e058ada5a2c6cc5eed963a3237af725

SHA1
be93a3e0b4dc6660dd09472420981b3f5962b501

SHA256
d657197f438782dea00c4919a51f54cdda8ca1b9ed86a97682f08595f588330c

SHA512
4a962c81cbd7d26472507c47b1b33289dec2aa779a010b4f6d23a64a712d3eb29f7380cdf21df931f4de96906672d9f3e147e5baf646c201f44a605bff5018ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
240B

MD5
32764d08837f0b2d60d3acde10164e7c

SHA1
11fdff4d2eaf684c8cafbb3cc197d676110fbaa7

SHA256
fd15c09a835268bb382084347a9e9510678ba35888d992b13f8201fcbda3d867

SHA512
fbc379d9990b94ecece60003c774210c3961556448c0598cf45dd544f815b200494a7d99f4e6f227a7aa73cfc61b01e09c1ad267b0162beaddea951dafd177ad

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
241B

MD5
0fdffd36a123e8c8bb1fae27834f3413

SHA1
a4cb0b4483055e35bbd0e0cef6179cd69c1fddc1

SHA256
9925360ff83522936d4639cae9e623157fa17fc45631ba6ac7a0caf990e7e630

SHA512
a59d85d01a54751084dfbdaf9a63c0ab701b58c1f8975dfdb92cb4378f9c01fbd5dc9b3b22f74c1c8f2af0e4d9e52e8f102ac2280576eb1ae445a5158ed028b7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json

Filesize
2KB

MD5
404a3ec24e3ebf45be65e77f75990825

SHA1
1e05647cf0a74cedfdeabfa3e8ee33b919780a61

SHA256
cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2

SHA512
a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFDDCEF9C01138D494.TMP

Filesize
16KB

MD5
2058d86497200bb543c7cfded004127e

SHA1
f9f880a54193f8bba0cb207a2eb792a5c3bef423

SHA256
c51ecfc6d2ab381d4a3fd14ed506da3180204a509f15505f7429b162d251dc41

SHA512
2cc86a0a13774daf3b75637d7e5a982d5bc12fbe0b040d6d99cc2797d2eca8265df5ac2ad26b6a4b19754877c073af04e755cae0b4448c8e1a9e795058223204

Download Submit