discordrat | c2ea962a324fc25a5702fbea1bbc613ac986a2e718211a539caf6b06a39a0933

Analysis

max time kernel
968s
max time network
980s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20/10/2024, 01:17

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

image.exe
Size

78KB
MD5

a508c8373bf5c147a4509f6a030610f3
SHA1

c0b086a6e387c4d84f5661b9d79d3b1c87c27011
SHA256

c2ea962a324fc25a5702fbea1bbc613ac986a2e718211a539caf6b06a39a0933
SHA512

8d2be2cb8e84e96327a0cff62d234a870d6f72ddc9aa8735c4fe0a0fb2afb7a587bc03c9e391093d23504da0042328b35ac1c53ef6cbf286f4c75a3efe8e198b
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+RPIC:5Zv5PDwbjNrmAE+BIC

Score

10^/10

discordrat discovery evasion persistence privilege_escalation ransomware rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI5NTg2NzE0MzY4MTg2Nzg2OA.GTk4Vj.43MIMngVXUw_vBG8ewsE7UIYhWX_ziblwhT734
server_id
1295866837308801124

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1156	NetSh.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 25 IoCs

Web Service

T1102

flow	ioc
31	discord.com
69	discord.com
114	discord.com
116	discord.com
118	discord.com
135	discord.com
138	discord.com
10	discord.com
143	discord.com
141	discord.com
144	discord.com
139	discord.com
9	discord.com
12	discord.com
13	discord.com
14	discord.com
106	discord.com
117	discord.com
140	discord.com
3	discord.com
142	discord.com
5	discord.com
6	discord.com
7	discord.com
1	discord.com

Sets desktop wallpaper using registry 2 TTPs 4 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpDBBF.tmp.png"	image.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp9701.tmp.png"	image.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp321A.tmp.png"	image.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp7AEE.tmp.png"	image.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	NetSh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	NetSh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	NetSh.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133738608755384462"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3364	chrome.exe
3364	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
2196	chrome.exe
4964	msedge.exe
4964	msedge.exe
2528	msedge.exe
2528	msedge.exe
1900	identity_helper.exe
1900	identity_helper.exe
3180	msedge.exe
3180	msedge.exe
4472	chrome.exe
4472	chrome.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5372	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
3364	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4184	image.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe
Token: SeCreatePagefilePrivilege	3364	chrome.exe
Token: SeShutdownPrivilege	3364	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
3364	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
3364	chrome.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe
5372	taskmgr.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4184	image.exe
4184	image.exe
4184	image.exe
4184	image.exe
4184	image.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 2592	3364	chrome.exe	87
PID 3364 wrote to memory of 2592	3364	chrome.exe	87
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 1848	3364	chrome.exe	88
PID 3364 wrote to memory of 4620	3364	chrome.exe	89
PID 3364 wrote to memory of 4620	3364	chrome.exe	89
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90
PID 3364 wrote to memory of 4556	3364	chrome.exe	90

C:\Users\Admin\AppData\Local\Temp\image.exe
"C:\Users\Admin\AppData\Local\Temp\image.exe"
1⤵
- Sets desktop wallpaper using registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4184
- C:\Windows\SYSTEM32\NetSh.exe
  "NetSh.exe" Advfirewall set allprofiles state off
  2⤵
  - Modifies Windows Firewall
  - Event Triggered Execution: Netsh Helper DLL
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://roblox.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb91b83cb8,0x7ffb91b83cc8,0x7ffb91b83cd8
    3⤵
    PID:872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,5363071407409534321,11572034206015598249,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
    3⤵
    PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,5363071407409534321,11572034206015598249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,5363071407409534321,11572034206015598249,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
    3⤵
    PID:4960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5363071407409534321,11572034206015598249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
    3⤵
    PID:5104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5363071407409534321,11572034206015598249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5363071407409534321,11572034206015598249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
    3⤵
    PID:4280
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,5363071407409534321,11572034206015598249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,5363071407409534321,11572034206015598249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5363071407409534321,11572034206015598249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
    3⤵
    PID:5308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5363071407409534321,11572034206015598249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
    3⤵
    PID:5316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5363071407409534321,11572034206015598249,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
    3⤵
    PID:5468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,5363071407409534321,11572034206015598249,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
    3⤵
    PID:5476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7cc1cc40,0x7ffb7cc1cc4c,0x7ffb7cc1cc58
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,15678349602798501489,2603963600870601471,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1844,i,15678349602798501489,2603963600870601471,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,15678349602798501489,2603963600870601471,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,15678349602798501489,2603963600870601471,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,15678349602798501489,2603963600870601471,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,15678349602798501489,2603963600870601471,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4496,i,15678349602798501489,2603963600870601471,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,15678349602798501489,2603963600870601471,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4884,i,15678349602798501489,2603963600870601471,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,15678349602798501489,2603963600870601471,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5016,i,15678349602798501489,2603963600870601471,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5036,i,15678349602798501489,2603963600870601471,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3808 /prefetch:1
  2⤵
  PID:5372

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3948

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1484

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2216

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\TestRepair.bat" "
1⤵
PID:2852

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7cc1cc40,0x7ffb7cc1cc4c,0x7ffb7cc1cc58
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,6142976021099028082,7140467917644241863,262144 --variations-seed-version=20241018-104821.244000 --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1740,i,6142976021099028082,7140467917644241863,262144 --variations-seed-version=20241018-104821.244000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,6142976021099028082,7140467917644241863,262144 --variations-seed-version=20241018-104821.244000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,6142976021099028082,7140467917644241863,262144 --variations-seed-version=20241018-104821.244000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,6142976021099028082,7140467917644241863,262144 --variations-seed-version=20241018-104821.244000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,6142976021099028082,7140467917644241863,262144 --variations-seed-version=20241018-104821.244000 --mojo-platform-channel-handle=4440 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,6142976021099028082,7140467917644241863,262144 --variations-seed-version=20241018-104821.244000 --mojo-platform-channel-handle=4556 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,6142976021099028082,7140467917644241863,262144 --variations-seed-version=20241018-104821.244000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,6142976021099028082,7140467917644241863,262144 --variations-seed-version=20241018-104821.244000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,6142976021099028082,7140467917644241863,262144 --variations-seed-version=20241018-104821.244000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4996,i,6142976021099028082,7140467917644241863,262144 --variations-seed-version=20241018-104821.244000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:5360

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4332

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4088

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5636

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:5372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
79e90b79849ab24f7077995c4e45f1d5

SHA1
3dae744f25bcaa1b690d61b789a8b1e58a790953

SHA256
3d2a7a2b6c89618f30d26fd5dac9ff7d52d6cf1d3651fd7aaa1d1229464b1507

SHA512
6169379e245102bc4b1ff74bc2c7cf356f24fdef55e5f3f8a7323da36f6ca92f1ec38bf230cacecc89c33e12e1b201de417a570a998f31cb281bed3ae8f8deb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6c66b9b5-ae07-4417-82af-bb4e195d44e7.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9b255129deecaa3bc03389ce58f2ea75

SHA1
750bb4bebb172aded189f2775b86c9304a6484b7

SHA256
542bf213e2475b2fe0bf5400b39c481f10576546b0554ac561ceff970101b016

SHA512
700d976230aa5e98d2bf0e1ddb256793727b9a08a29a739633b8842ed774bcddd7ef2794b7d855bb8be0016b7d3e233c896aed45b49e0a31aec3a538d1554305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
a0862b8226cc27ba5bd0bf5010518828

SHA1
fa2c0c42e756b535f12433259b0296e38f468203

SHA256
49e7825c3ce1999c77a65abb586a3aed0ac54b8f7a49ed9c3195939cb78a02d1

SHA512
ec9b86f81a40b8b18301cc205c9481bba253c8c9488b0fd3f58ecbb0711277f49fb6b131812e9a371ae0ee4f4c908f3463ccfa9dffa2a98b991949df725ddc1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
a32c48453d532f80143464422ecb9473

SHA1
44565597526dd3387a14c94040022bde574628ca

SHA256
e9a9ff9d6a79d9878ea1f03e9b0e219ecea8a41b2b478084298b77bfc56a553b

SHA512
e94f5564e051732b251f2e625e8a487120147d9616810d2c4b22b57989ae43bcab5f8ea1c9a4c9116bc4b27259deb5ecb58b1d90bb51916f97aeb8813469fdda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
ef54141955222f9bd85b53d9869012e5

SHA1
01a31a1f4bd4b7cbcc64a3eb4de947296ced0997

SHA256
d52dd795598bdaeb1fb134b2ed39774f164979ef27babdff143ae16623490dc6

SHA512
53b8be60e507b5d77fa466e2405be60d701a7b43ca9cd3a7b74fff3f76627fd3196a545b1e9e9e82d10369227bd115fd45937a8cc592cf080cabebe45d27e6b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
0be1f1c6adc99b1c6974f23db7799d79

SHA1
589ec521ea5e49ce503cdf164f7d42f55aed7a8f

SHA256
47551cfcfb655f32d5ce3c5f8e3e51c1b34173f9ef25966a4ac79c81f16fb7df

SHA512
2f59b8a04d71865ab90c6a9776066e88cfa7da228157790bb1c13c1635e1328fbdc9b198d74c8709ddc63df801b8c3ce6e56c6858ad4f8101419e5811d84ae16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
36KB

MD5
fe9e909296a6c27f5b6f8e8e29e97114

SHA1
fe1adee74efbabee11419399dabd16752217f5ee

SHA256
543138e8c483ee5e4bc411d738510203439c4de2ddbb39ce40199a69485c7d98

SHA512
d04ccc493233712473078b6889808c1a574240227b290b9af434cbddf38a0e788b4f95535b5973220159fa9182b15b45f53ce80ccf89b943a0992750b90804a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
62KB

MD5
50c1a7bfbe54367271f77203fd806c5a

SHA1
c224ff0ad20341cffc7a0d5d3cbd131143af902c

SHA256
22c4ba20611acbef25780904e39fe8b610b8f5185aa0c82c60083c03e8da91d6

SHA512
db83429f4641fac4e78156b660d32993b47ccbba2349220cd30a5d1a8058f8afdfb89b9ed854efea96101c35101273bbe2afd144dfd06e3e470820f2240715de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
70KB

MD5
07b2da423fcf67c1a9970b4e02b4906e

SHA1
6566f38176b06745475059191e6546ef245366c3

SHA256
a1b24a2c1ea356e485ff58a7dae0904c232230be9bbc391edf001cb990b5c36d

SHA512
cb8fe2d65e4bbb0c575fe6c8a2961a189d7ec51ea00b0197a28905fcadd7b02fb0bfcb5821539329aa8f8507d266b1193b974fee1ecb0b12462f31df8c724e74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
93KB

MD5
ef261f828590c66b1b84240bc4f643b6

SHA1
f7b7c16d87e5f43ea9ca34b20e74845391982432

SHA256
377729951050c53ca726edf9743f5a4d936651d7489cbc63636f6e7aff302733

SHA512
6a0c2761fca15d493f96e6e61f8b52b0e4f01fc7b736cfe989d88931ed479e0d5ec65c1e82708700b8e359ae10c038657e5caeecba662feb185d87a192818fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
137KB

MD5
eb7895ba582fa7cba9531ab42d9ed8c2

SHA1
740b43a2997f24d6859896bb46541ba2ce208f8a

SHA256
4966326cb66eba65e26b589887981530eeb795373529563244f4f29f18cab78f

SHA512
b405fe99fff3f9fbbc2849f4deac45cb3cd252a66e7f11fb20ed16e93aa0d63c752569bf42961910adebf0915388725fdba531283c9fc963b7b4221e066a357f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
99873640d7d432b2ffbdb8ea84ed8a0a

SHA1
884eba958c9571431539496568c8622d4b68112b

SHA256
736d8855c6a2940b850ca596d065c41a30ff6b6742101766fc1dd99cb0290c72

SHA512
3f91310d865796bc45d7d0fbc5e86a0061be5001f01c59b28b51eb2e64d5fe4b56ed3e0edc7b432e9989b368acea7b8ca60b1822047dc656bce120782c190bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
c7e5201a1ab6d90fc086f6019bcf1b1b

SHA1
25f952ffd8e1a40d5be9347b819af3475f4f4b1d

SHA256
83bd64c475a5efcdf289071d360be34ee31684cfbb47a91e01c6a73b1b13fdee

SHA512
89aab382337e9cf8eb7c577be669dfaa3faf8ca55725ffb6f056d3758c08c642d7914eb1658e9eb6c50e33ea24f3b3effbe94010a407f56fe3b89f53fca8e5ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
179eedd7b0b9266e70b1af58b8adcbf4

SHA1
e2cc547e3ff76e311b12f42e186ad153e1f40304

SHA256
409cd393f87fc2a51d117638798fb04e654300c384a7df6f056f82226503bd3a

SHA512
140faeb7e062f38bccfb6ee8ee64083bb5f06c5706b5409fd56a95d685cbd79bbf5ab3ebf0721aa32394618cad87fdca1b46598a135ebaf49b2af0fb16469d08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f638e9202c745fc7a78e0b53a8f921b3

SHA1
20db8c6be88d7bac42ffbffa5b92d5139b77838f

SHA256
8cb1162faaa7db2f5d7171a64b137f62f7811cd17356eb3782bb622afc26413d

SHA512
cfa9e87657b0b12cbca46bf586b531d328afa06724de76d2a1c93ab9f303dc814c6ed22330ab4bc5098bb3a41ef241e6966ad27519955fadf1454421e019c121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
dfa5a61048d3a97a4e20a062fe5ca30b

SHA1
b7f39d067e50a99e4b9007605fde17a4505184a7

SHA256
8e7ea2cb97467d9a97c9e9ff7ea55b4055873508c29bc3014fa4211ff3dabbc1

SHA512
57370a4025672792bbc3c75eb98902a0c3e72c4185cdc3a01d0a563265dcfe411718d2b8c115c07681ec02acf69db4a5b50356657543faa8b45ec1a355426ec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
27e3df7276248b4b0109996702f38738

SHA1
22b7915c6d586402dd0ce259917d9a5bba9637c4

SHA256
aaffc702770b5628fc0ef673d7794ec9f88588cfb28d8f35d828032e9c1c68fb

SHA512
0e244aa06d524429c5e56a0e2d764ae1bfd5b8fd0b7f990dbf87e8f2c57bb59614e343a528432794336afb7075eb0777acc9174e23ea4d5d891f3a8a30e44201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
3843e9e0a3d8481961f291d1444bddfe

SHA1
342d4340f4ccd45467fdded33b421550de9a3936

SHA256
b0de626e95a2549bfacc04609a0f6f1687e4edb13ee781e9b8a0533bc12cb1cd

SHA512
b65cfc0644c9e33917fd8d168c2480739185d350e074abdac8081b26e521b84a520a6d391bab1c95cd9c92c31fa7b02932519772b06f684aa0ee6bea04e71279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
5bd3f4b8ae1b96c04ea4a79693dcbc8b

SHA1
377f819c8a07b597eb608841bd0a33901e1ab130

SHA256
290216c01cbd6f73c3cdfe2ba6538de6973a06bc8e4bce6b4e17cfa822f4fd02

SHA512
02b329475613316b49d878d296c7da8e4a19b251b5ff761ba405980cb08936fb4eb9f079e844af0d337c443533ba0d5f215ff6653fa300896cbb1d63b2bbefc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
1d50053cd2ea8896f2c8f09645926293

SHA1
3c014151e83b0228e65450c53d1a993d9da19e83

SHA256
35fb143ab887d0cb0377fe1d7120416626de681ea7d241a988eab9c397a5e324

SHA512
af044706f55cd65fea5ee91c354af683b8df448807a6ab93803b5ce287725a4b6a85494d8caffe9d1d6bd66bfc01b2a4f3d47a4f9d536c952bb83a78ecd3dd1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
17c0a71721ddeb6c30944e67f672a334

SHA1
aaa9d49ff3f9c318c3b1243a55f94c0e7924d0f4

SHA256
9e15269165d888626010d149c89bc1ad4d9b5c5b94f06e082bd2b3a6bc60c9a0

SHA512
d7b83a89c26c99b977d03266266042e2e858955bebd2952839035f94e4f5ad4b7cf95a4db4095da0f52aea8490eebabb89e3442fb4338ca1e02f5fe07ae60fd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5ce4916a3657dfc2a09beecb2b62bd7e

SHA1
0c18cc0761673ce66e8499fddd9a955bcd71a9dd

SHA256
70c74289a3f2388aa407fb848d66f0730a5a1c7794fd2a166be3342aed4498a5

SHA512
88d501456844aec4206875c9fc2a1206da44f9f8d24df24cffca777a1e0fafb53170c42825b1da31c55808d702e2e691a73e26cbe52139d53009b498b454f30c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4eea4f94fe378e28919ad613c01e67b0

SHA1
d3f76c269ba43b8a65992090c7af684f115b89c7

SHA256
84d5cd5bd3f00d19f13720aacf0b063c3b94ce5f6bb0f609062fc12f0de61c23

SHA512
a458c90d20fd26ba2aa150916e2a6840a83d8657948fdacc0d691138dee10c4d53df5b7de6fdc4b612f4aecde414ca4e3bee85140a6977b74016b88f37aabe36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
4b02fc0c680ded163f2f2c26d99cb343

SHA1
507de0e5ce6436bc6bb5a243c7b8115aebdef11b

SHA256
31bfe18c0f5527ea5998df961f97b3e6e6e8e04ee28670feb2743b53c581ac1e

SHA512
13bfd3a2806d855c27a09e8ebade0ccc5d161f97592954f709ca3d7ea814ba05d4ff10aee9ce0e76ad50bd3143c350f6feb6c9e4d51f9fbf5750462a29180ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
d35c8c94bd24c82ef4ae7bb8aea00cad

SHA1
60030f10981698b8e90b51790bfc5dcac97b8105

SHA256
5d48204484652e8e155f1717d98d6bc8c2f160a7c55ddcba85b7b84f40308882

SHA512
c714cfcca7b2a3f9d42d63fb7d863d1f8d0b8ea7b5f848aef6b5d36d5828e8aa97426a66e5b2c0eafc8fc8fb308819a57e41b09b74a0d00e881513acbbe19931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f6f85516ba10e98714b13dbe5eb73033

SHA1
ab4f0d72c8e543aeac8ce5599423284ed3dde0a3

SHA256
f31e623a6c1003ad4941283a1132b197fd228b636f726413191e603a14962ca1

SHA512
f4726b056a6481d4016e84a16da5f347a6c6415e2c65e8d3c4dc11e649bdc102094263821235eca2b4725fc722afb04f3ac5797aeed022c4453e87b0e7e2b5ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
b99d8ff94a0b2c9fa20042d2f00b5c75

SHA1
b7e8d50b6372b24debe8b55f01d4a2fbfc1a76cd

SHA256
5db3c7e49c4519a66daed9f5c20b30aba10c3b5e1f8179a375e45d54bb2438f2

SHA512
89ea61cc1e7bf44364b8bd4db80935ff8c6b9fd3b3bcdafdd2c240d2a272f7c41a1a0d560419c36194f7fe5ca0076018e9527591fcb270d7c7cf495059856d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
30196ef807db4b131345d28e90b5f189

SHA1
f6f7c7401ef22b272350befec32c1c260a74427d

SHA256
3f671258a8da313ee235c02ae78e2815dc09c7516d81a029991e634be7c2ed5c

SHA512
c32dae2f3ca21867d8c2174738a98999844d578a114c8fa5c9f2efe0a6455b91c33b65893727d0e3ccfb5e0f7295e6ddbacd0250788ae655147a1649da27a259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ed8a40baf0072bb2995386ce938fa028

SHA1
2416decf8d214777547fc5d016b3332c2f513b9d

SHA256
a088588471868d57bb5764034ce235fe86e2509332bc922628bc38036c6b6184

SHA512
d122922e108b2cb28f0502da4724db34283739f193c65c84eaa44c82b0286784f1630cd41434ba13939a8fc67c7a7ab7e77eddedd5c573086fa849d0316ebb5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ceb18d1b7a0b421accfc977d73002515

SHA1
b559e0fa3b947f0e353f1e823542d2c48cfff9e2

SHA256
1f1d4fb1d173a34ec5db85e7b23eb92e3d271b92e74775c52fbb5408a2587a07

SHA512
9d0b8f5e7375f70726f9ee3e8fe5744f21214ad4b83be5b29ef3a7dd9a53c0fb9e4cefa0ee85cdfeca532ab2a9f10f8e7c933d45ebe38f02eb164656e44c7162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d84c5c26fbd4e22642db778302419de

SHA1
cd378f16f2ff7184b353375b7fee41dcf154f928

SHA256
1f0bbd19bba87b8d010b39d2ebdfa851ef442ff06efe2213fdaefcbc54afafd6

SHA512
4ed0778ce585fe7ba1b887223b14cb73f29c0936ce432e008fd705d84b0252db25b16534e07b9d4c17f200e190f497660e539e9f07fb40f45158d636a9bf5f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7c0f1ac3c24f4afb9b02837c0610bef8

SHA1
0695e2a03493c3eadf8c26c38e2cf4fb55e69f82

SHA256
6ccd917165fdaf0f3969115bf6d3ecf9742381d93df4b6f72757453c41790758

SHA512
414ad60d41aa2481708f2a6959e3f2f450d2abfcaeead1a88ab2f8d72d2e211a09cb6fce074ebdd0cae020af3fba0b437bbcceff2af307cdaa10faf18a48ccb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3767329fa4a260c265e9f12d0a34fcbf

SHA1
390f8239235f7d95480ac26e582fa3282eed91a6

SHA256
4dcc19d333793f9fad03358375821add7e7ff40440e1cda31bbf0dcabf525496

SHA512
50ff22844ed5b46899233215b6066bb22e93b2de0284878b8184fd0f99149f4f7d1b034699b0537703376b6ea8572c145c09f8d90b7142b85733b57aaa893eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7502f39a43044ff84147e6caaa0dfeb

SHA1
aecc10c0e8f5dadd3fe1eceeaba570138e09f82b

SHA256
417997f0fb5aee9968ecf882c416ff7f238c30cd5edb3677dd604caf361d0009

SHA512
51f090518b20349f7ab297d7d1716c3aca492adafc3546657c55196fd1c85710a744e12155873c3190d79aaba1c686ad67ac345a892a01d88ebaa79cf64dec92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b30ad84cd498be943ff9b6d881ffdc65

SHA1
8261bf14d0c045dd621eadf387a9a96e057de0e5

SHA256
5584d382f6f861f40a4cd9821d8e9725803f8ebc2496ea1f03ae8410c1393557

SHA512
10a2998513a91e00e51d0a727c50a17ad52eaa354437867a38da98e7487716e21e3fe07e616b8d75d2624f2f398e5b137544897d0ce28e6d84406668f0b025a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b9e4a20d6f91fa1d31605cafb44d1b0

SHA1
9718e595e3e5791a2fa4a027c51f92f068310269

SHA256
3065474ebb1bcbc8aec90fdc6d20e049ad7bd2f37f1fd8a7c50a901843701de9

SHA512
b78af4766964e6f8fee1638eac18bdc602fb2ef8070e3c1ba83809d69f1944af80bfd96f6499b9bf56cffa96c734a78948811318fe69050b20d777956ec3bf59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53935274120f70e022cc9eea9fd53605

SHA1
3d693387d1e4b6cb736c33cc046eb20c3158d915

SHA256
cf0ad6526cf9b6b57892170eed830c9078179020547d42a33b1848cf7e916356

SHA512
6f2ed5b422f339d672a183b12dad4fe24bb7210456b19326829dc064cc9970e323d0ff942cfdf80877118d475cf301b4001359eb1096bc6031a99f2f85ce094a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3cee2010f32f6e13ba9e8c28aca235a5

SHA1
c06e60b013ace3f3ac4eca51bb49c652240113d0

SHA256
9f42f9200bc518bc376d94fabe3d32bb72cf43aeb2f54a578b9579242c6e9e9a

SHA512
fb502bce5bf5bcf21867d9f0c2f4c9c8c0aa3bb8a7b8e6102768843fdeb4f1de05a88531849823e9a22382f7e25ec63e585724544df4900d773157fdc5b62b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
90b53e9146999fc0d3c6f76e8aed26cb

SHA1
e3a1666edc36604e58d1487cee7cf2cb81220b27

SHA256
28fd81508a6d33dca4e8a74c0e8ee978e4d25b3653011a3956b04fed7803eaab

SHA512
798bb47385561c30379d2196f0f40805c29430190c574c986a4447f3b88b30bfd233233360d21794a8a7eb7f6f4c67ffb8c4aa00a4b617b5bea9cc312491b1a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fef07b5bb054f35c0701990ac1685a00

SHA1
414ba7faf7ed2558805cc9ca9a4ccafc75873ba8

SHA256
8697844d547e4f5f5b92544b51409ed55767213db7d27580e9ad58298d6aee37

SHA512
fb379809c2f7b7fb41c16f83fcee163eac0cd5b8cfb8b3f3a075c79262d680fd1f83a53a26eb0feb0b87580fe1398f9b983a670e702c05642d3a7310b859754a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7fa55078750fd4d5152bb98466d14707

SHA1
afedefb8fbb6b3d700c068c3d0084f376b901b0c

SHA256
ded20f43809b7ea944807b60db378599894447f99f4c2caef4253adffc96bf1d

SHA512
140f2609a70384cd30f9f645e0ddb4cc8b118bdc39cc3bf0a47c192d833bad20e00579fe75b439f2b900c2de34439ff1faf9a03db6a3480f8452d87fe2c011ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f391c8a75c5bf68d79087f4cf7c3e91

SHA1
55fc7d393220d099df7758b6e1b38294bc495310

SHA256
39ef3cd2b165d814adb516ff03f410e37a4f8827292126a8f148f149ce547d22

SHA512
fad6dd25d3e848325b37cb48d87817ab425170b2ba851e6150fed2a771fa060afbf4d7f57554fcbd574d983f6948080ff8ea71ce18ee6000c091b14bcf79b4da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
252e7bf0b51cd47a526decdf747ffa0f

SHA1
17e97c13968f6d4792af4c497cc0be901967512f

SHA256
46116545d31984aad1f7fb5f656383ad73133c617df9d4a571deb349b97275a9

SHA512
c4a7b7f638ae2a38e8332566fbcd4b1524a8429404793028b866ea818df6ae14254854998465867062d88bc51ae7ee22bfaf33206aea4526055582c62e158483

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
37416a248651f9d2cc04d27b08720d91

SHA1
4840c3905ecc6184036096b2bfea7f9b4f4cacce

SHA256
d47e947beb31cfcca77393b7b59bc86876591d508b3a4565c9e2ebaf49960776

SHA512
bd0eb9fbf7cca0ff6ae487fd86ede51fe5432a01cd7c53afb1413007a89f8b7508ae3b50f4a3b996b169f4d70d0931019d465b5272ddebb7f23faf289ced9e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3616074965ed3f7638001ca0e8137d3

SHA1
53aaa7b23eaa807ad8c76bb81808709b671c8652

SHA256
ea2c9cc68509e197be026da0d88e911d91d5c6dc07523cee04bc34d792695513

SHA512
53f9df0973b178dc3163d49911511f8080b67fda159ffd34af9cc5285e4fd5ce6f399482e203794eeeb4cb7c74772ccefcd290399ad0f6cd4800f429763b0fd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b56c61b28d4f1ebdf80e547841b8d926

SHA1
109654694f09cfb35d8fd1d8fb5e11a2fba2080d

SHA256
fb2b47efba0e88cef1677aaddc446a58ae5874aa8e5e3e02f9d899ffe99b540f

SHA512
f122056a672242ecd247805da5d505cabfc6c7d635dffbae6d8fc04891967144f289efe5d04b96d72e11b2b322fa2c717dba8216751f7e39e784517d0e639854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0815064103cad91eaab6d27f27857aa5

SHA1
e317b2bec2cbb0cc27b2a3dca4098e17855b6d1c

SHA256
03c42da2ca3b45b2054fd8f177de9110bb01f55467d029df21b6eefc77e0a20f

SHA512
c06c0e4c0e035a7567d8a3de13fca8990cae3c01669c50bef617679605f6e946ff9fe5d1ed43b38d401dda03ddf3afde0d6bb8dd02e03bcc37bd6eb128d93a00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e4b7a42bc4d8b5c6499e238a34aad8c5

SHA1
f77c1e172d4c104e8cfc22ea2794c6e198373966

SHA256
020a0698e297aef60b54144d5ac0e6986c6f3c3a46271be3e394cfcd6a4fb4c4

SHA512
58ced84527c4fe9207890f312ebaf7aa5f1db0fe5ffdbc611229f2eba164c9ff17c78ae0310028c4ec2bdf0ccd749cfc4993b6183dc554a8f3bb86f63d67ba37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
45c5ad5cd3bf8aa612a662e84089f3a7

SHA1
228ac53f95b34fa0623ef6569a56d2ab7c859f76

SHA256
f4bad57e47f3a9c8b6481decd3b54a10c5690f9496d5fe13e503c45a524d8759

SHA512
8ab898026bb4f79cd651dc30a9a7def53f20267c956c93c9d320323b48744e31def33e53a7a991d2fb572f4e26905d428d29bccf8a8fe023a0d3453631d2ca62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30edc5c2f22403b58a671a9f253c0384

SHA1
4420e63332ca08189eb625d48201a856a47b646a

SHA256
52badeb6beb1e64cbb7f662a52bd62739f75db663d797d67eb5c7ef34ba5941b

SHA512
18293f7fb3ff4d060c34bf308d2d4dcfe0af22133e3e63522ff71ac66f8561619adcca9ef8a822fa05cc18882a8a33d0d061b65ba89362a23067721a5fbb0642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
80ef2b53e6a70f9525d2e7a4e5deebe5

SHA1
9e2f25d72f176f419060b1eed517e98371ee1c9c

SHA256
84904baace062a08f3930efdc3071f951b550cc3a6287d3ed5904647a1a17655

SHA512
9a2dc4cbb78ba98e574cd3b4763688efd0ac094aefdbddfaae13c49df063849dd17536ec4b8080ef1beb8b9da4e9ed215cdd0040ff3543e8b45dd0516801c5aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
76262215b23761da69d392f8e4d2d25b

SHA1
38ca14583ae053196e3486b4ca0f333c5cc52be4

SHA256
d346b48514fd646e7e9f1412e5572a957dd6e31bad541e714ef20970ba7d2bbe

SHA512
67e39bb59341f98105c6b43f69937798a3af34f151e87409dfac944d3fee02b8bf4cdda409bcb64c27b0501e5d100cbe10a0004f20cde1e3bfb1dc8e78a6af30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
968e12bfb207bf39f020758ba5716c23

SHA1
30a72eff9151e3d4dcd6a95eb3af17df953ab071

SHA256
425b5a615a7c4cbd5e86231dc52fc22ed1e7420d8a5de456dff8a3e110f01003

SHA512
59a48d1d07bf7031c01c76b197a95a6398cddcb594c5854ed9909faa271e13d4c696f55ed81c7cfc909a0c88a7ed45e61965c5059f37bfbb836af51e005362e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24339c69149e7c65a568286f94a8fb05

SHA1
86eed5c5da80bd01bdd72a4268ce10d941c71289

SHA256
5fda90d5e63eef72d6094155f3f2e0f39bd4528b42f13876cf760a6f0c6e59f6

SHA512
3819b908fe47b5cfd0cf9326101ac1c0273f9d63dcea341e5903a8c3e475b3a211dc445ecf4b23a03211b330dfa38745d191b2ef11a1089e8fc4b4e817d33792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ca8f61d346e52c59843c9b447cecc79

SHA1
fcf5dd76a833a2ba1e45cac0d5cfa33126bedc74

SHA256
29e6a02f2050d8c474b7911ea901d52565caf29b15d9ae140e120a3cd3e0c0b3

SHA512
75d831a89fc62a9bdb734948cb0b096c765a8127fc692b219272ce7362e55241c724592b42690d433bebf9a28d716b7acb757b3afcb2968056b0147cb58b52e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
888aa027f5109527034454ce3bed9b60

SHA1
d1583aa154675a73d11b60f21304c7a92d7cc2fc

SHA256
394d37b42dae0585214e0b7ee2c0bf16db69c1e3b79ddb82699b25919d162f23

SHA512
78f1e6edba3a39a025625c4c13b380a3ddce47622f1759ad52788233d125159af4e6c6541c286839836ea8f82fb547c91db798eb9cc799ef5082d7e003864702

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f687bb019c7bb18eb88bf513b68348fc

SHA1
3870007cb3872c36cf0ee5977f1437291c568a9e

SHA256
334a95400a1b6de9d65790e3397cedd3d4587682a9ed971bfce49cfd74bceba5

SHA512
c8b9eb3347c7111d4202935a2dc3ee065db88a6dc8ff744b20db74fd6e188e37cd9d9e103b4e15c49f11e178a834c123cf70a7c3fe0effea2feb6c2a7cf2679c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4fd4454f9c4d7d290c3402bcb57263f8

SHA1
01ca709ab72a1bb0696b1a4bd6985c70bfb71539

SHA256
efa66acccd82b661e7d75060207f9a1ae5453bd9fa980925e6a802b0855aa361

SHA512
a854f5674dbd8bf799f6890b5164249a8fff05ca8b0fb5f545e67e177cb8ffd5a932b48dd968d6b0f4d590f995f147d3d5077f3b6767571eb389d1f01720eafc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c8cf146a3d7a3d45acb88fd7d91b955d

SHA1
3fdf3e67c7ad14055474b4732a235c28fd1dd202

SHA256
3d21d823ee5d3fa476dc34014b11d53090e541145d41c4f515726eaf10eac48e

SHA512
197bcf1d26f94c246e974e6e2e7ee699c147f24d2b2060fb865baa4c342a45eaa69d58d6a8cf18702b2a8a730b76fc7cb9f7cf703e6d90aac3fd176c9adc8150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c90b2ddfa8333ed6a70a444f8171729

SHA1
c8fbee1593241b1296a3391bd99bb5681cac1123

SHA256
2ca006e8e8c639018940fe9836456afba6768f7d97566edaf274989656cb49c9

SHA512
234e281a5eef45f33d9dc1d9c4818b7f585b2eac4f2c25293d7c95aa43f3d22e52676b3381f5eaadf4954f3c6f6f45a85410ab20a3deae719b39624b0d4d51bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39c4465af68730ae18aa43104de54535

SHA1
2e16e63129a06fd9893d5d5e9c8ac02b9cc1851e

SHA256
a2a55f0d0fa27b41df167723b23a1f52da415651a1a614ecd1c14348afb15f16

SHA512
a80de4128dab7a287f627133d7ddf135615c5dcaac5fb78ff9c5e0d1998d01f428fa649c063e09e00aec7e61d9286987150e540024a4b405d7b07e0629f03d57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
741bfeec264dcba03a419225885c5c67

SHA1
02e7f781cef72ed7cbfc7ddb3e0d551e4576cdcb

SHA256
07ffe76f989d536d8051541c69e8dd092efff8d07b98bef69e2d186e57e2afb0

SHA512
7dc3b6fbc73ee77e49977a06b1b41b4cd320bfe2ed52a09a8b98ba4fa1db69c0f6b57a523b69f6c4b282e8b33f6eae7a897c4fc96162e28c974dc17978b236f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a2f7db6fc6152a83d585b0bb7d71ae0

SHA1
5159133b30e131990a0db0f6c5b517d3fd65b68b

SHA256
ecd65a03e586a6d7f347789d2801a0d16c3a64a5784112439d0f1c7d802bbe20

SHA512
d11151d40acd07d619c649a7dac03a73fdb7bf41b16910c1856b3144e3239558597dc2af23e292e4a2422fdbc2f69d1eabb3b7a70d9ff42275f437ff79681108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
da31acc4d42831adf7209f427ed0e1b1

SHA1
4f77885ca1a400079d0e6213285ae5218e841e99

SHA256
6651367bbc30970118acf04182e49931b004e11d13ab3f30f1dc6b64f6aa6d03

SHA512
4788178bf7737f74761b84737e2f154b0acb3f8988f0d63ead6822356fbf14c5b801735b1e0252124f039edd01967ddf9e195ee39057fccce99507843dab5f46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
050cebb08e5bf50e6f7b286ad8a3698d

SHA1
537724882df65355e6e9235ba135547fa6fc8df6

SHA256
4f745edbda9fb8a03a9901aea70f7d98911d2826cc7e8f480529acd625062eab

SHA512
4e301476374a1e7bccce19ea71db151d6becafc4e32a93d954738a2cc7bd13f50edfe9e8b2d6f546785ba97b4fdd01482731097beda10a11722124bb284ba628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e02b1fca5173edd0ecf8e0dbc482e019

SHA1
7da01742f49d82e09198a7b6fdd8b8c2a8602b93

SHA256
24e526a24096738d94f44a7fab0564d4ecf1e114fc288f4c7136f16014e9d114

SHA512
d87ff364a1845d0ccabfc33bcfd1723104bf4d1f16f9276b4b881a15b1fad820bfc666a4fd7ff797b710186c114b885011082fc0a4d6335167cfdc70c8e9f48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
237d2bff450daaca874e30d5873a4e45

SHA1
a2919e5eb5060aec7a683ef8c5e875b9ec22e7fb

SHA256
c0f782ec7e0e7ef9a349a9fd793b49e7e2a42859c12d238333fb9286be09b668

SHA512
af202a35c09c5d000df90eabfc4b4ab03ad1490e766978cf615b87ae3bf2a7a4e6cfb7974d5e93e9fa441c6728abd89a086279901798fa3fa695130c7d276972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
22dcdd360f62922acacdacbf40e08126

SHA1
a17bef082fb55e7110a1fefeb614c6597a5b9d55

SHA256
703784bd66c021fbbfdb5c9f19c6ffc859a6ac833e2dd4f322ac7029db2ced35

SHA512
b8e55191f119131020a618bda44c3e340381e5a332f9f60cbb3dbbd392153735af18b5c35f7f252c4d6b31b46b6ee76b7262bc1c4236ae41423a80bab281aa14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
f4964e5e5da4d7801b80462c29dce774

SHA1
ff71b61926ee56cc17fc44b64d19ed28f30fd9e9

SHA256
92a327d094d41cf0938bc30a5954eaf3ee48730f585d1283bcc7f93ba2d865a5

SHA512
15998f0c5a4eb5d05f78f2e1300c7263f6cc37edfae5bc0991f369412c6133d889e300fb66832d99b9618f15f8a88971cb64383fb648060037f1f64bbcde3150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
edd4aea1ed731e4a85ce7407abe9ad15

SHA1
ce69643f14fce8b89313e3fa188d65eb7aadb327

SHA256
01136941678d15b57f61325320ff9351b19b4ee1f0d4eacbb25caa1c456afdc3

SHA512
23f21a37488947346a83a852da8ef5823412b086c9faa566703add4d98c7beffe8a3eecaef9e85fbc0c27112ad8d93eb41d60d4e2459ef68e739dc77d18c04b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
afa289164b9ac3aeb583f107254e9c3f

SHA1
a00f2fe11baef981030ed7a2d3592cfae44e7be6

SHA256
6cf678af7d5fb4d8d74815c71dcd4fef71731e4aa4f17522ff9bab4cf16d1751

SHA512
508e370f9174635236090a0e40687602fff80dbb57108c3217b22a84f0d040d3fc754c3c2044631d50a0fb25d69e58d75d7591e36f8d83bf8db50449309e6bb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
cb0506ae22a20ae8cff002f880213f31

SHA1
5af33bab030e92be9b6c6a0b33cde5f710ce3003

SHA256
f4305a421f34eec78affc87b668d31d65e7c7d83130ead08c4b93f998fcf2375

SHA512
ae968a530f1b41cdb6d9b5c71f51c93960204b0c3136e0a0f4f0c2039e217cad60c23bd31313e513188651f5c487af0e7828b3f5db9671a75b9aad814abb48be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
d1708714f391e19a5eae3eadbaf08eac

SHA1
514c7d1477c9bd1adf839dc7188b1445db996d95

SHA256
cc6ea5d01fd82b51af61a703fa87b65899967aff0ddb2cedb28d2084911c27d1

SHA512
ceac3c08578e4a856a7b97a8041af87e1fcd1198b683ba797b89a9e835987d81abfbdbd3b7cf75d75edbd8dffee0c23c4f5cb238e17bd9d78dfbd1aac27c2b7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
e3b7e2b35b88087bea9c53431ce8b37a

SHA1
f24e6e7ae3f97c30076e58e2739af6146d6d18a5

SHA256
dc5fe43ce5a572d421b5e41e4d1a7a1cca76cd281cd5a08d69222cabe4f5a164

SHA512
5bd026b3e64edfcd47301a0a4614bead6471ea00b11a133e037e4f2f22fcc4a9dcb636dd715421ba50d4bef264a3dea85cd45932b44a4c8ffb18c024e55f4484

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
2457fa0a460407a3bcaf12e3d0a9a573

SHA1
024703a98cf717ef8fef3590c44ffcbb27161897

SHA256
d851569de5dbecac2713080af8f1dc06b9ef678dc61815753b612292ff88c382

SHA512
cacbaddf8f8df40d996e4a075ee709de18110664b14ce4c9049f063ab3dcdeee57bef651ac8f092c6a7c5bfe92b36bee13bfedd9e55396547ab535b399849de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
117KB

MD5
80b369ee2e4da4ada2d156fb1b376de8

SHA1
1f09f8a39afbd024e17ae4964e378230f1747d50

SHA256
0dc980ed8e6129fc05180542815c725d4b3b7fa5fec074d88bf460fa1b0d3985

SHA512
80167560a3d4d9df52149534e380ea72e323218f7710a9ef9c6c675283094b1650fa3ff599afb68fad78f0317576b4fb5609a4ded6140ff024b78fec5453579f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
39ef48c4c6be10f543f110ac506cb80d

SHA1
40fbc107edbace48387b494ba03466f07ca82304

SHA256
ce877f1ebf855354c546b5a9ddcfd09f6de365e08965d72c909be55baabeea2c

SHA512
1be7c3448467b76c9e67be83340410a2be52d22b1390efbdad76ede3be51be28228b0643d9c82099f8508696734080b5cbf7c8d53d8a7907a8ed1fd48dc34827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2a6b7c226df74ac0d1603c635681cd85

SHA1
8ff2e99e73d9cdc5926b89036b27ecb3e7bec06e

SHA256
80caf4481fd8922c87dc070ebd979cc5725ce639306bd872c1024fae2ae08923

SHA512
e2eab3123522331b299822bab2b684fda2e99e811d0cd93be1c28e30c786c6e864aefbc56a31c82c8d17fc571f82370ccd6b918aba97109fd927fa3d53a1d1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
689B

MD5
ec66d59ee399767f14f3c64e32914941

SHA1
b00035f355a331ac8539ffca115505e225a0957a

SHA256
79126967f23873cf24ed7c8135b7ece6d40af41a75baae78157f4a6e45d22ce5

SHA512
8fdfa3ae7b4c1f89a5b9859997ce756386a5962bdfdbc1ac4b985ad9c845bab2dc8c443ccc4888dc7f4ce22ebb318def95c737a4f4a2d39c3abb6d762cca0f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f49348bac515bd383af13408d49e84d

SHA1
62b43d0097f0b9a6cb3e4f187afb0e713302bc7f

SHA256
b9d62046dc7661f8547b40c98c8f91c2e34b3bfe4abf267e036bb02083af38e7

SHA512
17f0a7f28daafb12c01422ebee4251414126b8083e3f5f0863af2e2e3f7b5e49172fbe277d3ba2ec19e65328cf50ba43392439202354ae971a6803f0652337eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd94b0c10ad91ff2cce56404eac9b9ab

SHA1
c21672867adeb122c301e931017c2a14fcf00183

SHA256
79cea8a79597d50058aa7777bf4932a05b5e4b3f8ad6dceeb543c5396a1dccb7

SHA512
18740b67c8286b36ea28a15cf645b4f1645d3a85750a93f2119581223640a37eae38a9468471025fd0c9cb497bd1a1885178d5c04fadbfe8a76665afb9438d53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
655d4dfa513d5d8481c2936986a14787

SHA1
14026e251c9fd08c8124676fde62a4a2f18bd7c2

SHA256
6b17cb0766578444ed5ee3466691b4c47451e29a62e0d1702942c0dee564e840

SHA512
d6a0954cc4e6da176e181f60251c1a6a1fd141f938478e33bfd0fcc1a2db93112d89ca0e917f58636f947047a6ae1a39a6796e2f141b5b6358b57e6a93c1d927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eca5a711f03fc877bc153e70103e7767

SHA1
ac0b750840005cc21ad8be80fffc4b1bbc96dfb7

SHA256
f58f1b97e3350fdbfeda7b1e9cc2dc1f68df1a087590e64eaaf1f69089aeae50

SHA512
174404679121e69c29927f890ca5eb681ecf9df79ad3578f14f5f31478ae1e31d9ac0d419a35b017ec1aaaa5455caea7826033106c02656afceb8b28825c3cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc77c26c953d94f6a01f930abe879017

SHA1
f11fc2e311e48f1c8437102fa1b58286f1eb573f

SHA256
a8c719ef7a727bd7fd2b6275f2644a9ed7c3a7b729af19ae939fc62d84fcd6b0

SHA512
cb0c64aa0b2901e693a89d0dc1d422235add50b9c4d719f6714b953d03cef5cc1826ccbcf6e5643b6936aac8b011c648e862b89fdf4154b73c59dff1ce1024c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe607524.TMP

Filesize
1KB

MD5
a823a1b11cd8824a2461ea41fc680ef0

SHA1
facf27ceae153a487a7f0d1ac9fce517a493bd8e

SHA256
1aba4b13d3a618c997957524d4d4fc424063efa328533daf961726c33282e896

SHA512
2f53958fb3a55e620b28f189633b5f0f3b1b6f2c468f93bc3902110a04bb8f508d8d4340d61a42a66ac7331b2c1012afb9187c2498d70ffba36b52398dfaa266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72b82407518077a8d85bf3ab45d100df

SHA1
5e644c6628a050d9b4dc8c20f1eb475f2e5c9d0a

SHA256
7b2a98bb2ebb5ae65d25542af2b5a703dc1107a8b9c59aafa621dd1466398424

SHA512
e5f2f68c4622f6408b5b8e9359c823be8e662d81c399c85a50477168304e150741f6047ec97773aa299e31be9aaa24d4899a1f69b65f7eac99c668674f859486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c1b3469d2109745b0ed372cadabcadd8

SHA1
4f703260c6136f2d2e9297e0ca7ea78a37cbe349

SHA256
5de6baa3d8c9a4cf0cbfca7f4b09755f603e3750a33d4cad2473cbf02d4c1c73

SHA512
bcb5b65e7fd722696848ed376b2c76c7457c40482452a2fc3a62d3bbcf8b3efd178fa10a6946b6c237dd70b85dfef0895679f3f3aa6cbe977c625fd2c0a4b8e4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\ae2fb586-c50b-40d6-a533-b6049c7fbd1d.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
memory/4184-6-0x00007FFB801F0000-0x00007FFB80CB2000-memory.dmp

Filesize
10.8MB

Download
memory/4184-4-0x000001584A010000-0x000001584A538000-memory.dmp

Filesize
5.2MB

Download
memory/4184-5-0x00007FFB801F3000-0x00007FFB801F5000-memory.dmp

Filesize
8KB

Download
memory/4184-2-0x0000015848D90000-0x0000015848F52000-memory.dmp

Filesize
1.8MB

Download
memory/4184-3-0x00007FFB801F0000-0x00007FFB80CB2000-memory.dmp

Filesize
10.8MB

Download
memory/4184-1-0x000001582E7A0000-0x000001582E7B8000-memory.dmp

Filesize
96KB

Download
memory/4184-0-0x00007FFB801F3000-0x00007FFB801F5000-memory.dmp

Filesize
8KB

Download
memory/5372-882-0x000001BE7D4A0000-0x000001BE7D4A1000-memory.dmp

Filesize
4KB

Download
memory/5372-881-0x000001BE7D4A0000-0x000001BE7D4A1000-memory.dmp

Filesize
4KB

Download
memory/5372-880-0x000001BE7D4A0000-0x000001BE7D4A1000-memory.dmp

Filesize
4KB

Download
memory/5372-883-0x000001BE7D4A0000-0x000001BE7D4A1000-memory.dmp

Filesize
4KB

Download
memory/5372-878-0x000001BE7D4A0000-0x000001BE7D4A1000-memory.dmp

Filesize
4KB

Download
memory/5372-877-0x000001BE7D4A0000-0x000001BE7D4A1000-memory.dmp

Filesize
4KB

Download
memory/5372-871-0x000001BE7D4A0000-0x000001BE7D4A1000-memory.dmp

Filesize
4KB

Download
memory/5372-872-0x000001BE7D4A0000-0x000001BE7D4A1000-memory.dmp

Filesize
4KB

Download
memory/5372-873-0x000001BE7D4A0000-0x000001BE7D4A1000-memory.dmp

Filesize
4KB

Download
memory/5372-879-0x000001BE7D4A0000-0x000001BE7D4A1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads