hxxps://mega[.]nz/file/4y4WRarY#IbWiGR_Vmu1Ch6MNfqpzhhxUfRKm9-J5KBlQEMDEPQA

Analysis

max time kernel
290s
max time network
293s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
02/10/2024, 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/4y4WRarY#IbWiGR_Vmu1Ch6MNfqpzhhxUfRKm9-J5KBlQEMDEPQA

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133723102831358070"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Quickstart pCleaner.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5248	chrome.exe
5248	chrome.exe
6092	chrome.exe
6092	chrome.exe
6092	chrome.exe
6092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: 33	2648	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2648	AUDIODG.EXE
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe
Token: SeShutdownPrivilege	5248	chrome.exe
Token: SeCreatePagefilePrivilege	5248	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe
5248	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5504	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5248 wrote to memory of 3036	5248	chrome.exe	78
PID 5248 wrote to memory of 3036	5248	chrome.exe	78
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 3272	5248	chrome.exe	79
PID 5248 wrote to memory of 5824	5248	chrome.exe	80
PID 5248 wrote to memory of 5824	5248	chrome.exe	80
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81
PID 5248 wrote to memory of 4176	5248	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/4y4WRarY#IbWiGR_Vmu1Ch6MNfqpzhhxUfRKm9-J5KBlQEMDEPQA
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda48ecc40,0x7ffda48ecc4c,0x7ffda48ecc58
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1924,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2344 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5020,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4660,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5240,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5408,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5100,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5464,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5228,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5708,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5032,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5280,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5948,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5264,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=740,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5912,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5944,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4604,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4600,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4752,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4596,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5620,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2700 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5124,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5396,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5384,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5444,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5872,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5160,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5328,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=736 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3160,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3164,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5420,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2972 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=2968,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=4672,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5580 /prefetch:2
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6356,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6524,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=5632,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=4576,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6376,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=996,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=6304,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=3204,i,370725114351018691,1979691413919456543,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:5500

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5492

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2648

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5576

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:2336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5296

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
821d15885c4a429da1790a3fffd89db7

SHA1
fbfe3ff9685518a531a9a52fafb5c7b3e050662a

SHA256
c666da4359f04dd21d24ba6f10cfaeca9c4518a7f00e3cc467578d8f6c613cc2

SHA512
ee93771f4c207383b79e0eb0595d1050b19ba230fc43311dc55d95caa3c46948846836387524b3e8bce37d483bff5d235888ad3f5799e319c9032bf3ac2a366e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00009d

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b32ca17e14056726600dbf260d0c3703

SHA1
097e641b9b682caf23d12421151f1f0383f4be56

SHA256
0153eca05982b3ec1bfdee34ab524b1dd1c3a6663c8dfc026c9cc04a757ddd35

SHA512
d6c5ed9dba4bc09833cc5e51e1640f85ee33f93b0af70996703d18388e82431f20c6dc17ade4b56d06e407dc2064b720a8a89f7e3d7170e95981208641106ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
9e072c67ada737428ab87a764a7bbcbb

SHA1
a5ac0432d2b72ec96ed8c9871d88bbf84c033843

SHA256
7cb0cd07da913e31448c2b51d361f772d1b807fc7c0138fa40facfceab507b21

SHA512
8bf9909c93e0d88e0b6f18faba59c9dd8b24ffcba82835f2ff5cccd20b693a44bb6fcde5c36275bc20552e44b8ac6c2dd03b2751af88666d8e1c16eda8a26d70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
973119911ee2f095591bde06ebc6f425

SHA1
630224aa847fec782936c982a2c6981ebc0d6a68

SHA256
67c5c231cbdbb88adb281df6a2344d01056629213032aa51092e36ea0d68ba7a

SHA512
1bd9b38e8cc31818e380f22f7d124e560f59e52d449038341dd955f4f3461ce2d522e4e97c565f002b65669fe95e1fbd9cbaef956e217bbfc24cd48a60a567ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
523c063b19d1da6dd9e962dc5d2ef4c0

SHA1
65f89663d6f79cb6995ecaba3413051bb16344cd

SHA256
9bd980273a7638337dbc0ad19cf9fb066a98c4ff8c99af15538e6294c5627b66

SHA512
c3879b302da9532457017a36f46d303b39c1dcdaefb17dca2bb8c986496f5959684d8a6fe36f08fd5988b8010bdef85db55e43d8f2e006b9f1f005d96b587424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3615ac494d5399eaf70fc691fcc8306a

SHA1
42933e12546206bd041b51be89e09706e6f673b4

SHA256
e444cabe61f57ccd6c7616a786ac489792a578603a5f2f1f769a81f84762d87b

SHA512
655ea222aa4026c7c93d2d60dc789b7ea596acc3670c1d10bb92cab5a288379b7094c530a444844bd4c599a3c46a7b82e9d50f1ce8728c23d487355d2023617f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
389f3e413277066e3b1063dc52f2aefa

SHA1
82eba4381e65a5dd8ca78169ddfdda19111eeca6

SHA256
4af75eefc6db5772b4279e619c530d42eee81759f7872bc7f66e6f665c34fd11

SHA512
49af1cab1938db0f0e78d96965c7648d6163b77ef9b153ddf006196029aac44e68e5781799954878c87adbe7676b7f3f9dc240e92462dd4d3da961dbfea4fe29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
05f4a20b1b91826d2efaf4059cfaa1ba

SHA1
5986c7f2aa2d4873778578e02699b78e0c72bc9c

SHA256
15fc1b3b7f8a483cd57ab03db2d1e99396d4f945cd9f5ae0205f1cef8f9d00b1

SHA512
277aa345b022b8419d620ac47b1977a906c6733a7cf37f2c70c3d1128be3f925b64dcd2ff0b799d9f47bce34c431f11abb713476e6d364dfdaf597d3bfcb5786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
6f3575ecb4cb4587a26af4b52365b995

SHA1
aeb052fbcf27dfb52799df0cff71c6b9c88acd4b

SHA256
2b98bb8ea348f8e4c432409be967c6f9341b87040f84bcb37cd3532e83834cbc

SHA512
a4b7d14db46dc9f2e5b012777710db572b9d6f58fc695aa703f9c54004f80aca421b7188955e84042ed8610087057e2fef1ca609a84ee9d00e530152c7aa5241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
8cb1ce5378d66a2db17b810eafcabd05

SHA1
7518edcf7da73846b286dbb67b8834db42fbebd5

SHA256
b46bd4d951914bcd9d0ca487ca98857292c5b4580b4085ab3439344aff656e12

SHA512
3f5749d76ed920033fa0ccfa9d3eaa59897e446518d542e383adb63b0f62324257134a60879a7a170817fd0752f10841e12584913bc89cac5b3552bc5109a1a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
e72c47493f451726f43c877471f4f70b

SHA1
97fad78e00947971095295e6760e2b1b753b5e0c

SHA256
d1feb32f5b041444319c56458f0619b3299b33e51467f6186065216767309642

SHA512
be9e064a2b8f1841d381c6c7bf2336b7757f4a4d647ec67c37cb79fc2c1c23163cb36e033a379c219cd6c43d45c7157428fec9146c7300d7abe8130c69313d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
036b4783061f363d3f05268f35d6247c

SHA1
54041662233fdb14ec03d5082041a1cb0757efe9

SHA256
24812bb22957114d2ac8b717458c93dc6ae69c6a9c1a2df843b05fae75bdcb88

SHA512
f4aff0413232b8cac0a69a7e0b2369228c0a2cfc1c6af198f3f0c43808acdc3c7a1326dd9ffc9d9f4d0ee86d601fcdd7ce806ad4d1c094a1aece8866e08712fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
0508a57bacebf32ac78e42e4edf7eeb3

SHA1
292eef40f0a0a32f3287c2cf46624d83f08bdddf

SHA256
08ccc76b7ff2532a0b4c2c90775fd63b54727b85d026d8bc690a5289c9c7bbb6

SHA512
46d708e2c55e5c5a9b9b170b70949438b64e8c1182c8973a500335faf1913cfa8f22362daf4183d85776a416db30a964805e0b81919688e7b268cb31d9802f9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c7e8e2bfa95b9971d320fa36dd93d3ae

SHA1
849849a359f602a877cd06d88b14a621640b343c

SHA256
e0137dd8fcb18de886daa5801f7e70ad0fb031bcfeaf8cd00080365aacde6b69

SHA512
9611cacecb2c145e3a9c4328896c820d1a6ff5d4dee4a6a80ef3d4c37d4d8334e6464f4fd81708ba44ac5cbe0235500bf4bdfd2429a7194c8e8183660836b211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b3879d309809430d94a8b358cd1abbe

SHA1
de96464378e49d025cd9c059ea0637aa46244daa

SHA256
b87e6401a58eaa7edf0b74c3401f82396b7517148191f6d0eddc72bda262c94a

SHA512
e22dad1df6a66dd8d86ac0c4f8ea15190b824b4ea2286aeea16a67765ff6ab25a7a1e9968d4e2b0bd45b39a46c970304901e1c742fb2e59b3db22e76c298a2ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
54d20378b0fb0681266c363717bc510e

SHA1
e69e2b423eb7e0f789abb1b9ed36cfd517f1ae58

SHA256
eda6583722bbb5e3059fae7dd2795c2f2a74444c1d5090663a0fa71828134cc2

SHA512
1689f7ee7868625e874a49166913822381670b567116f3beef0954cc5469dea72a2e654d5cfff9a205765c282592822b01905df3e5b58a962dd4647b38a5ecd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f05cd30367a1f26cfa79ca86361c8604

SHA1
64286321313242b8ea83f150effb5fe3682e52a6

SHA256
91791cfdfc31c67b8dcb172814e43f70dfb7c2d4e1066ba50dc212698911c76e

SHA512
89a6146a30f4bfed143b704585333ac194067f08e9f6ec2d10eb34ccc9700a67f4ff6fc82934e8643867339e0c91c1c566178bb83360cc8ccadd932d7747595d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
84069cc9a7555699199c9a810e80b875

SHA1
7352f260c10d0442fa74ef90d6c0e4012a98627e

SHA256
84964db5ed4d20b8f8fe6ed5a394f5c39979ebffe4d5dc9c2a777d71e3fbaf65

SHA512
afa59e0af0aabf408449000a21369a325a63ad94f2eb376b4245405981d0fdf806c949f1f3ccd09351ba8cf91f552b643a113a3e2139f3918008c99a7fcb0539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e7ee159bbbaa3e403fdd6e779cf10dc6

SHA1
4ad321bc23467b57cd1559e3bcfce7d6481094d0

SHA256
ff00a9767d6d665d5565555aa60aee051bdbc01f1e0a39e09af949e9b161b0b4

SHA512
ade87ecfc2b7b8fcee8fba9845e683bdf8b4892973ec6628732ff63b6b3e572de3c6b40807d72f5070785ff4925f2a389024d338ce36ca7413d7f88771c0e662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
425e879a682937582f29c5117a431977

SHA1
84fccb4a87f2ff991360ba2fd959a3e7bf96105e

SHA256
f15e2b37e9c7c33a8ec6a91de4a9614095edc99af950bdeedddd03d99a33a0c5

SHA512
afcc9c3df6f10a04bd5d4a6e74ac5bb9f6e2830a7cf33220ba7b3e2adc38a96b94d2b4c0a073052b228c3beb42a1602b2193ecbf8ab9ac2e2f3f0c3f3c460279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fde8baea8e7d7dfc4f5abe346a90cdaf

SHA1
bc8ce24a105a579c0e6ec33a387fed90d0081379

SHA256
8dc7af668988b3d45202b85d6afd2d3128ce037edb9d5baae7ecd3b85f160625

SHA512
ba769c9216bf6324e3aabb9809ac31f1fbc3be1728a733a9f312f53befb3dc727beaea52df34c1f53c4d7739120ae3ede1579082af1f027ee58ca4f8972894eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3dffadce3245f25f85c4f9f2bbdb25b5

SHA1
c5ebb2f6a5edf190492727668baf9e5d9f5f62ba

SHA256
c13f27186725e22728a906e7dd0c4e8334436a062bfc9c3f4f5aa32db933b147

SHA512
c7c42c476242cbe7f5b1485d3f48e8cc303ab14ee5f5cef364d4a10d6173179a79f2820a16774b450d27855ca00aaa24369e6f1fbdbd4b79eb2837fd7fddfd85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
872cf0e05deb34e0b132904f2990b016

SHA1
458850bde785351204683ccd8ff6e7c0852cfb5b

SHA256
b1348d2a8bd52cd5e5a303c2e297e0daf096fd891b7443d6c7bbc4e191755b9d

SHA512
b6a9b0196cc5d8fbe72262058739067b253a4a55581071071798cdcbdc8eb1e18bb7b28187e1b05fdd72cdbf029e145399d32117b28226f0093d952cf4ac0bea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aecfbd663e8a6e828ea400156a9a16bd

SHA1
1db53e78b68f7de9385d63d85d7a7b057c822597

SHA256
125fae8c0b417e34d0ce9aca66a481f874a4fd9ec2cc86d4c979d2e63774a411

SHA512
f4e7912696e0b33351263aea7f678a9b8352f9ac2006d116eda4076bec300a6b2d9580db600bf2298bc5e5878f3deee357bc167474646987521064ea11cc0626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
552245240b209780e0eda7fa051cf47a

SHA1
64acab336dc370dde2672e4f78b5a8356b168b98

SHA256
6ce294803a8777db6397703f4b0473d9562f8c471ccc3868f8e92f9c9c71ddc8

SHA512
0aa32f6572502246817e26a9deced0bcf678d61699820e44a81baf199d96aaa773d9d585a8262b036b1b7db3593ac94c88f36ca6106521b84bb64a75e3f5c9ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c0958ed4e5365efe5e9d3055234b13f1

SHA1
8a97ce7a121662fac66f0d22f375d0ced0d84f94

SHA256
f936c31a9225cb04d9908d2c63a131a4d59c40aaf94c8ae3f2283f3bd626ffe0

SHA512
14a5a5c765515b085d6ee43d7bf3bf5eb2367e7d8f0a7d357b70866ae2b0d2400a859dbd4b13095f2a1a0839cdcafaec450a160013cfae06d727c3aeacad9e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8a9a5c7a49eeb7ed950148d6b72e7b2a

SHA1
3fa465a49777aec5b9925552711d6f7242128e71

SHA256
01f328495d22181ca1e4f46460e5eb9278d0e69557f4a6bbb3797684afb95d44

SHA512
f97220c00f84385d6310f780dc524e970987cea3d089665c0013c541ad5fe5ff1a6894d7deef0a8636fd85948623e67e97b02ad7dfb457fc7d09cec0cdaccffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
38e644f0356b88271a8935020f808823

SHA1
9f56897d7afbda69a68f3059eb97519bf8a0b399

SHA256
909b5d643f6a750944d87f3aca2e30cbc756098dbec79a1e3b68146e8107cc0b

SHA512
391ec3a93c91072c7d38b2499ab74c6fc99c3d5fe818fc2c2a4c71416c62d09b9cd588d1d7ec4b363ccddf4a592ce1b1822ebf657f47f5580f8d4383b0c3b3f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1024de34521b278b2b3b98a702c27d08

SHA1
826787edf56772afafd3d23444dd3f96f99d22e7

SHA256
32cce756ec0a62cc77f06a186589ca7865bd514c2a7b06c55662b95b74ee6081

SHA512
92fce71dcceabd7a6b5c4f28cd36c1584689167ee26e47d6a2fc54eca61fb174b95c4b0824b761a79de32ecf7fb757d3c3ac3e90c1b77c6e3a0d5434a3379c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
212cbf0c705ebbaee4381113673accf1

SHA1
57b1a138f2e9c3b86d41fdfdc838f98a85b62172

SHA256
67e2728b356716e53cd17a3e9d7256510178514531930974b8591b38adb18370

SHA512
7b887f77534d1904fce0f0969f402dd14639184c98838f649834b587947f2b33ad1ea6b57b861d604be135b2937eae47be42cec74f7a6dda6d6d3fc47dbbbacb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b8a978de1d14a7d2d9197f6b2ae5f8d

SHA1
e20e5ff02aa20c91eba4deb2198a26ca34e00097

SHA256
54dde0c11f874f7571410c5ba1a8b96a7b88f3a77070b4c4a9455d85ba79a555

SHA512
e37b4eea3031ac2967206e3cd31cf8daac8c5c0310a664021487a76235d7face5bdb13beded68f4fad0c19020cbf3e6ba98052340cbec81d6c3dbc518298aae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
310e9b60f3670ce57f48c5760f3fcf63

SHA1
108b976eedf35205221913649e3fc46a52faa7a6

SHA256
65927bdc5d9d8a0d929cb5484d7736d40d27cc4aa416c401432161f7bc64c9f0

SHA512
9ccf9d882228e38936df86c8ed0df5dba68acce58212be4dbe8957f4246e8280b3f4741192861b12b144537691decade305b08d0c2c185bd69394f786b78bc7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
91677167a7eaf750f5ea954a37977ce9

SHA1
13243003d6aa79085497d9722f66ff0babe446f4

SHA256
07db05d5a6df249fe4adf3e7866a53106a5651487811c63ea6a9de9c6842f764

SHA512
e0fd0f33c847f8af925402b3a8385e7e50a24a7815b60ca368d32f23a6996f29b53cdfc1a73b9b5136b08788f4c082c9aa176fabe3d972cf65d8560e94d48ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
2bbe6e6199254a7cf97a991caea027aa

SHA1
951a41863f0e09a3b1ec75306bf67f3caeabdd00

SHA256
f612a6f33e47a1dc04d1bbf8e01ee169e670e59372edd70e66d79c8acca1f7f6

SHA512
83bb1adee82498bbc3aa739365cf08f81a689750b7f9fd58604ba0707ba7f44bbcec7affe1db3f3cc83018055ff3396288612dee4798164a08975cfd696edcac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
d3b287b7bdce88a8361080d6a632e5ad

SHA1
bf162f9b6ad3fb0914598672066f1c2f0ed2e33c

SHA256
072a55d9ba6fc6c811469c5f07a226194999a7a0eaee9aecc7206ba918420dd3

SHA512
b87d8dee8dc6e11b8cca9478e94b96b60fb25626f85a03a405477111388b35ff4eae30c0376187a1313ceadbe558968a067cea141417ff0a676339ffd4971ded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
d11462c32bbb268020ea061f1bfb8311

SHA1
106c0e48fee64aedbb4cb6038e816a2f559f67b9

SHA256
2d4fcda219a5dd0ec1afe9a63f84657d4901a706882b6be01f83e41f2abd5182

SHA512
2418697fec50bd58c4414b9993579b37998b3822e0038ddd10e04e074dc2e8d80fa97b70f99acd874fe8da8bba9793c3c073f244d0cb622d4c5aeea1501190a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
f3467b2cbef17439ce66c08b4a6253e3

SHA1
1a9c686c413fcecf65a7d2bc6d5feb820d641df2

SHA256
54e29980d24009f9a8632a423ce63e4339c469517e462fb88ecd85b7f3e609c2

SHA512
f0e252ad861ef15ccc3113bfb70c086432e033450ba68d9748ff1eaa9fd4b0da68e275f1a838c9da5908e66822260fde9030659db33a27c4f1ffe28ec3af392c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
d3948206acb2554a89092fa350daa83a

SHA1
54262162b8f1575d24cb7fd80796bb92b39eb5bb

SHA256
8cb1744e5f118470f813c92ac1c4fc173beb194d2f748cdd3be34d8f48cd8eb3

SHA512
7ce2386d8d91f5d03c0ade235ae267db4460dca45298f9998572522ea401b39920b1e634adedc47a2eccf9d0161315fb601dcd66eca9e7c34f51ec22242024aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
c08cda8b30daf0f971ed3fca378d480d

SHA1
8c0a3593ff62ec10f1c6e88d448eb8e23aaf7662

SHA256
1af0cf8b1e5f3299794832e511471afa6fcd4a10987464a7c043285cd49f0c58

SHA512
3cae2439b79bc45a0e233e9178224eba4164e535f7b94dbc02d703db37513c73c4ea6cb94cd2f37b2c5e3c37f807555c51bb7902679db2538c3f16a9db1114a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
a73ea6e1db27acedbe4055c448f82ef7

SHA1
01769a266d26c4b4b374099606e86b8874ddd55f

SHA256
c3059c62596021e555ec7901361fcde75078ad931bcac6027539930bef8b77d9

SHA512
f9cfe99077e40ac3ff11ab39020d6e159ec06cf50f9b1d156858198d48851d29de8882a18609a17dd30ddea421c6c415683b8d7b14fa30a51ddd1cd76032deb4

Download Submit
C:\Users\Admin\Downloads\Quickstart pCleaner.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit