wannacry | 8f2fdbcf2124bce94c6610aaca25d922b17ff4046365e1cc3960886903876f39

Resubmissions

13-10-2024 20:49

241013-zl1ztasbrn 10

13-10-2024 05:48

241013-ghrmvswenk 10

Analysis

max time kernel
126s
max time network
130s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13-10-2024 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Size

3.6MB
MD5

2ceb32a46162e048c24f854664e3401b
SHA1

36e41a366a4931787b0376e554da305f33263a10
SHA256

8f2fdbcf2124bce94c6610aaca25d922b17ff4046365e1cc3960886903876f39
SHA512

50a15f9be9b633c1381f1e1d2c1c05c7563091eb95131af3338dae7611959a547a83f9e1c0c7d1625f829d220e9037ffff1ae096ffafd026d06ab90959c65b53
SSDEEP

49152:2nRQqMSPbcBVQeYNRx+TSqTdX1HkQo6SAARdhnv:yaqPoBhKRxcSUDk36SAEdhv

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Contacts a large (2582) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 1 IoCs

pid	Process
3976	tasksche.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\tasksche.exe	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3656	3976	WerFault.exe	80

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133733262244549890"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3587106988-279496464-3440778474-1000\{11A34EB2-9360-4EB4-B4F7-A127E119E9F6}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: 33	2164	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2164	AUDIODG.EXE
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe
Token: SeShutdownPrivilege	4748	chrome.exe
Token: SeCreatePagefilePrivilege	4748	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe
4748	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4688	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 3976	1652	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe	80
PID 1652 wrote to memory of 3976	1652	2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe	80
PID 4748 wrote to memory of 768	4748	chrome.exe	93
PID 4748 wrote to memory of 768	4748	chrome.exe	93
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 3316	4748	chrome.exe	94
PID 4748 wrote to memory of 1384	4748	chrome.exe	95
PID 4748 wrote to memory of 1384	4748	chrome.exe	95
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96
PID 4748 wrote to memory of 2948	4748	chrome.exe	96

C:\Users\Admin\AppData\Local\Temp\2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1652
- C:\WINDOWS\tasksche.exe
  C:\WINDOWS\tasksche.exe /i
  2⤵
  - Executes dropped EXE
  PID:3976
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 8
    3⤵
    - Program crash
    PID:3656

C:\Users\Admin\AppData\Local\Temp\2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe
C:\Users\Admin\AppData\Local\Temp\2024-10-13_2ceb32a46162e048c24f854664e3401b_wannacry.exe -m security
1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3976 -ip 3976
1⤵
PID:1260

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4688

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3364

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8f53cc40,0x7ffe8f53cc4c,0x7ffe8f53cc58
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2116,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:8
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4468,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5020,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3528,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4724,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4432,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3752 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5276,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5324,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5544,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5696,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5836,i,935175784924742419,12714503661654805076,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:4408

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3884

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004CC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
232KB

MD5
fccb518b72760b85abb965b59571adf6

SHA1
d35de204e27829a92cc2372085dfa22b00291368

SHA256
bf2d2c81d5197a2b0171fd5d445f7e2066d736bd0aed15d443ebc7dc14f546bb

SHA512
a059ac6d076d8f99e7a375206e82ea91c3675f5217b30cd52d888d415be20d0c39bd49fccfe71e12d986155983e44032cd4e5aec396b4e0c37bfb3fb93846b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
20KB

MD5
3684c7775bc328aedb86315ec6891439

SHA1
cfbff177f45afdf36026595ba0abd3bb59f86a43

SHA256
e8d182897c2ec12664cd8e86b31ed441f775479b41a7f1ba39278d32e29fed87

SHA512
2f5f00b2018c4632260b7b26ed4d524dcdcc02f66c3e561a3ccef3a023c042ffefc3028329b4c58b59c4186936d51514b892bed0da00a410502b81bc95b6230f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
32KB

MD5
6e2a51539d4397457ebda8454a1936f5

SHA1
ef7d320c0b86e3e781202592fd2e3f3c30570647

SHA256
3d10aec7fe2514f5c8da104394c6bb853097ded5d54bada617c7e0eea293142b

SHA512
479a953160660170ef5a9dc90cd47b6d65f90c2c0763fda0ba0aaa12503208d595e81c3a79f3952c95dd909109aec3ca5259108f946386f2b3bbbc1d92b4cd95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
32KB

MD5
1fbfc2ba1b544583815404b4ad92dbfd

SHA1
d4f89ec5247bf715e314e45848a2710b35e79715

SHA256
35683e41edb1cc791cf6d8c925431d63b500c4e8436b61a26d4676c3f1141476

SHA512
17530db85040c96d7971f0aa4cc768d297f2bfc3075533302c56b2ccc4f4da862e8226b9e642e8044c2061e26a1d2633e344439244c55cdf271d0c58d8b6a83c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
bab53e77e14af887187ca6befc545af8

SHA1
d0daec65f81e9f49504ede380fa03580040ba815

SHA256
ac0a75090eba49c1c4e7d326e0826eae4b2b280da21717177e5c9c9c01484aef

SHA512
dd63492ea81dda2aa5a2d4c779204a5fbbf5049714445496ec7d4664f425293f9a61ea0f446882349008e9f5eaf6b29f93efd8421e580a353f05c13cd51199c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
66660caade8f3c17f846424fe2849eca

SHA1
fe913a90c6f059eb3e7ada1d1ce7ac703d2b2e81

SHA256
72d7f77df6d67b4064e602cbc3c88c74d975f9302a9f00161be4d5acc2efb6f7

SHA512
445a8ad02f0a31bcc2e051c15eeebba5d0474613ad0d5bb61de6cd47742420d134d5620139b9917384e796cc8991b48e4b04827a5b83428c098998c108d70189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
446bb8c3d4d620bccd96705b2ffecae2

SHA1
1e864a9d5dd9aaebc4f5ac8499b8bf81290265a6

SHA256
fbfbaebbeb0f2218b224a3bf40bb6d749c5cfe6b2e1bde1edbdb6cecdddce08d

SHA512
cf57894c61af0976c1d71c828cf4f33e742f75a5432b887932e116b9a41c67215328742cb74320ae6d3438df3a87b256409c12df2e34cea3741a5c81279798c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
2ca07fbeb5f3fe7fd5481e64f8aa8703

SHA1
c2666786a57e580d5d6108bccc7403e7858594e1

SHA256
d9a1a5199a5edf17680141933160680776052e22cfcb68c825c9ee2227284d95

SHA512
282b23e6678186b51c04c527d19103b8d2d1e691196d18b5a102c3ecbb7a7110f3e46dca31e604624f8d9c94d8d6e78cdefebca289d62d0d270b56bdbfedf367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
82459750a525f9a90189dbca0b9350bb

SHA1
b0a4b39d5ec78b4ffab4cc809cd71ea4272a25d5

SHA256
54743763b90cdd69d705e17bbe2d07318d61fc02bc7c8a520a94d6e36091e40d

SHA512
2488cd4d1afa0300d7e95dbd88e7f700e3ef95e7dd3b5fb21e68431ef3a72203f115f57c735eee2e2313b9a863366eb50bf930cee75f8b5994d569cf083af324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24b201506b292d199959d65ffbd0ed6f

SHA1
f0f3041e5c929d9f4eac136d062fa0f632f5e937

SHA256
2c8f5d2f7cbbbc66524899b1c99d0434691e4db5c8b3f6cc55682b036d246f53

SHA512
171a220f2ea371fd19a623e2c24a4e471bc43ac8cba93999794b2ca49002d1f27fb15e22d61eb66d0a92907defacd19713815b26ed877314d5a4edecfc871250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f0c01b748fa51d7c3ca1d81fd63b974c

SHA1
1197ba4b3548371fd4431d77fdbe29ab0479f7dc

SHA256
b9a62b1aed18a86b87bba5887cb30daf2bec33526c303b6adde9f19f15e1db82

SHA512
0bb18dc2091a92a72c3cbe3c73d90efa46125819b60bf53ea81705ee5cde22711f04271845389203e979c9ce5f76161a2106f22d7781098c128ee436177214e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
94e862b5782f9eee517118e5ef983873

SHA1
57e5fa030f325722f316588cceee5f99738003f4

SHA256
427bbb46effcb241970d0fef12549fd10c4b0d9fec00c07eaaff7d489bd7902d

SHA512
768b811ea692f09e12b4f9ab169ef626045259a93d1e5da2817483633ccac9e6a8ccba0db9265d3bf2c8068a097e163d9b9f3093e155dad05de28418388d76f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1a9ff0273904a2af2a183c1f18be5ab9

SHA1
8348a88d7ad18a29b4b31696fc9476a1ac7222fc

SHA256
8de04538f3d24602cc68065d0a258199c37390c1407335aea20eacdad26d1576

SHA512
dec60b190a5264fb61c86cf6715f102f3076b2c99da6733dbfa8ece6b9827dbb6f0f15cc6049e15741d28551229e3a73c7489409931ef479b9a8c7c66e77bffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\00965b72-1fc4-4de8-a019-0dd1926f10d2\3486bc2523b55e82_0

Filesize
2KB

MD5
5ea54c42badbebe204a19cb00015533d

SHA1
c31f8247d622b1371c858e26f82d44b154e9cbcc

SHA256
0b0ff23a7bcdc56a2198db6573155fcc5600b3c9d6b2a1191aae681b38c0b3fa

SHA512
23b20b01044d4fea36fd5f7aa6a6ad229b6128c48cb8f1a246558bade0abc804e67cf32485f421918f6e4997af3f596e67e60bfb19d313690650ccd0b8ec9ad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\00965b72-1fc4-4de8-a019-0dd1926f10d2\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\00965b72-1fc4-4de8-a019-0dd1926f10d2\index-dir\the-real-index

Filesize
624B

MD5
5c58375250c9c17142bad22eb6868406

SHA1
ccb23b1543d0b4cce5efa8f28fd7fb6255a8c768

SHA256
1d0998a65ec1848e58870b73dd132093caa0c4e9b0418617b6d695a647c57c4e

SHA512
b51e49b701386765a20492da90d68458b29e59efc46a2b32aad5272b461c51c3c3a8134f20dbb9fee7060a4fff1f392666b69b5044777e6278bf2229e9194995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\00965b72-1fc4-4de8-a019-0dd1926f10d2\index-dir\the-real-index~RFe590507.TMP

Filesize
48B

MD5
20f359af209253f10b9fbb426625afdd

SHA1
83006d870c483bf09e909bc9d19e4f6e22aeaf62

SHA256
fc3446a4e4f655b728cca013faa9562fc00942b522901f428005b39502d77e40

SHA512
740ce58578b06dc9d7093d927fbbd10b6cd49a6bb7f939c57c10da7400c81d4db3633177115e3b6b8363c12b93d488e12ac4f05b03c3e86f79822c91ec3e6645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\51e03681-4112-480a-afa1-7105adfd9af9\index-dir\the-real-index

Filesize
2KB

MD5
5b6aab4dddaa3aabc054bdb03c76695b

SHA1
a6ad0d24dc3f75e3c88d091c903f3664aafa3069

SHA256
2ece44e3eb3b1fb82e5a72a32ce90d22238f94980a91d98915875157a47fa0a0

SHA512
a7db8eb3dc1dfaf9e07a15b1677f3b88c569382fb8c69fed12a724dac27a63bf46d7acb9b4371b9208bd08fa3072f540d48d424d3027a35dfb36f4f987598442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\51e03681-4112-480a-afa1-7105adfd9af9\index-dir\the-real-index

Filesize
2KB

MD5
45c446ba71ba36e328444542531834eb

SHA1
f2878621117afbda52e85bc5aa7ac1721891604d

SHA256
982c286d805d396bd6a125ba21b43575f44955032699c61fcbdfc03856d21d31

SHA512
6c3948c15b20566fb837c697fa485ada086da9f3f7d8f3c729a7faa463089af7b1dc83b4816e94641e8760651311e27932cf1c488efb98799b318a39177d0d2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\51e03681-4112-480a-afa1-7105adfd9af9\index-dir\the-real-index~RFe58ac97.TMP

Filesize
48B

MD5
cc1c61d668992c69886ac7a608d7b533

SHA1
8241c5065a04ded542437f7dca5beae00a43af21

SHA256
9ec181ec2f149cef37dbe52502c3057f9fb511ddd38dfbca6501e75c3e1b1449

SHA512
98a84c7674240251af30f18764d8716ecf1e2453f95185596dbb1d3a012d5b8234aa283eeeaa4590b97f6bf0fd51fd226908ee6f4c91f3b5edcdb9b9dcd6a378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
d53c0688b68b8cbae366614603ad1e6c

SHA1
ccbda2d3f37e4b2f00658baa5d6c3756507c803f

SHA256
e825559f0b1c8ce21fcfb56884ca223f0ab6c6a2ef101d2a19276eb607e652b2

SHA512
a044e9e4b91a5fa6347a6d2a3420ba2360f699ac0fba9c80db32d84e805bdc6569bf848799acd772133a8bb8e19a956c24a54bef15ecd6e9c1e1df93ff49c728

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
e24da23adf5f5801645fcff66c219e99

SHA1
d6b939bf898dd2990ddc66eb016c446f3784de94

SHA256
be3e2755acca91f4bc7aec20724ed58df5540d43e1e3a81c4962004db563b383

SHA512
3033cd4bac10e524ba2e7fc17f4253b36d5b34e24fd2ca841d77099c3d6e03a566d65250f9729b7b48be5277f091bc6597328272ca66fa888c1a06fc6e3b7c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
1fb824654a42fc902eb1fbb1774408c7

SHA1
0534498a2686a8ff4257d53663ee478535ed8df2

SHA256
11a65bdf2be4bc0e0b8fcf92733351b567fa68150a79f8d6ee80599532073fef

SHA512
bf47b6eadb92b445e0bab9eb247a6ef2e446b49d3e0fb4dfb5385f4caba0c2825f7e6ad3eb8af616efbccf2e9a3ef2a3902c27a2c9fb91bbdf1618ce291facd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
0cb5be5fa52c0f949049ae8fbd21bebf

SHA1
33177deceece9512a691bd4de11dad646cbf0646

SHA256
ec021ca94d012523d662675f4ede3217afe065b9083def512d07af9a5af806a7

SHA512
27f84c2bbbb46b58f0b26b9ac9e094ca553e02d992b6cf5a1f78d5862c1c3efa661e29eb6f8347f14a326929cc75842c45c9d6179b11ebd385b28584daf5c87e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
74b5d570b1571ba6b1b136dacd5b8940

SHA1
e9aaac2cab03b60d64f3448db69c82261becca70

SHA256
b50b7d5c853cb0c45294323c8ec7f2ae8e8687e8cc859937b32e8bd88d44d9fa

SHA512
5516e10e5f862a121493f2616cdf83025c1539f79e956b20572d52a8ad762c77b5f7dd2a5cbdd4ec9d0bab6d10c652170b27e95886c37c94fa0596de6d67b45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
ce89d43abeeac3c99afce763acdaf493

SHA1
3b1bc84447d33aa5c2e90d2f81498249210a777f

SHA256
e1f94c166c2a8319b101f1d01867b78394c4fa9182d906db5f19d0f0dc626c93

SHA512
8bcca35ae113f0a14e269ab42b1eca1aa7de60f4a5a5dca73235e8964925abd4404afd89cea5629d09ec6abe741fe80bec104e8ccec4f75d7e5a5df4b65b423d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5896cc.TMP

Filesize
119B

MD5
ee6d5dcd5462b1e51e687ebfaad65467

SHA1
d1a211cc137c6537cf8fdf18fa2944281cc34287

SHA256
98a65028c25cf187c52b56bcf97032bf0e07a5551014c375348baf9e91c3db44

SHA512
e7374268163fe318ca9b757813b9449ac1a2d7a971b3401220be209c9495a1caa876b39a46ab2625947cb2f5d0e031edd869d6f53088189f584a104cc735f8b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
051b6ccf1a625a75398e9957e0841db1

SHA1
59e3d5bc51dec1eb43a60cf47f72d8df477757fd

SHA256
ebdd30e4186c68c8cdab91fde25638cc6aa0c13fa03a28babcccee5e79e662c3

SHA512
3f06b7784ac6a5853acc0ca7542f0dc2739846ee8b7b3713ebc92695fe2e7d23d41887b330e63b9a7ebb7a233b8f318087bd8427ec726d22dc44c61105075d78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4748_961921327\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
e7d164a1cd1a03b43b4f3fc93848e45e

SHA1
3f2d6b57cc88e7bd03bed80d420823c136b2c7ba

SHA256
35ad0ed8818d343813dafdeba54f3e207935fed345ad62cc4f7ca0aa4ac08b57

SHA512
40004bc58b6fb21b743e82f376609714991a76365093f9dfaa640f59a0884be4fc10d2f069935d5ad0f7f926975d6f23906f353b893304dd421b0e21e3abccd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
a1fd44d5f7ba56869e47a379b72875ef

SHA1
2d8136f5027c14072a7db33501113a779c697e9a

SHA256
94ebfb72e13a0cbf4ab912217060854ee35fd3e45a9355f03faa3a21659449b1

SHA512
a15a44958d854b5eb5af4ed8a9f09721da6f3dd2f735721f315a79ac3388501d27a1e1f9899510af049c4f475308477424960eb9c21969b37e52169ac3114b1a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c8aae39b-3b75-4471-ab09-054bf5c11abe.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
eed640164203d0d0a2a1e7919a6fdbdf

SHA1
9af74121e090cf2970beee82d22ef4ebb886c0ae

SHA256
4ca7fe712b4322fdb497733e015f4ae4496d3998772a6c37305da3cbba3eb7ae

SHA512
1bf6de193ae00189525ea9a685bbe3dc7722eceb6ccfb83c70adc766b6301b4978abf73b2f8f41b865f1521925308e4f96285dca569e9c2b2c61e79db1100e3d

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
069c37bf9e39b121efb7a28ece933aee

SHA1
eaef2e55b66e543a14a6780c23bb83fe60f2f04d

SHA256
485db8db6b497d31d428aceea416da20d88f7bde88dbfd6d59e3e7eee0a75ae8

SHA512
f4562071143c2ebc259a20cbb45b133c863f127a5750672b7a2af47783c7cdc56dcf1064ae83f54e5fc0bb4e93826bf2ab4ef6e604f955bf594f2cbd641db796

Download Submit
C:\Windows\tasksche.exe

Filesize
2.0MB

MD5
54cf39f2bf8104e47989d685010f8c27

SHA1
bf73751445e2cc1a4bea49c208d26bc5893a7b0e

SHA256
0fca232ec9aae1e450e4ae76ddfad8f5b99d023df237793e1d1cff7cc1e20631

SHA512
03c584af4fb4f392353608608f83856c3e038622dcd50c369b06cbda09c3bbf47294731968a761dd78d1cca0c644868b17ede7c514ec14d3b704e781ee1424e8

Download Submit