wannacry | ab14c3f5741c06ad40632447b2fc10662d151afb32066a507aab4ec866ffd488

Analysis

max time kernel
146s
max time network
152s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 18:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Win32.Wannacry.dll
Size

5.0MB
MD5

30fe2f9a048d7a734c8d9233f64810ba
SHA1

2027a053de21bd5c783c3f823ed1d36966780ed4
SHA256

55504677f82981962d85495231695d3a92aa0b31ec35a957bd9cbbef618658e3
SHA512

b657b02506f768db3255293b0c86452b4dfdd30804629c323aaa9510a3b637b0906e5963179ef7d4aaedc14646f2be2b4292e6584a6c55c6ddb596cff7f20e2a
SSDEEP

49152:SnAQqMSPbcBVQej/1INRx+TSqTdX1HkQo6SAARdhnvxJM0H9:+DqPoBhz1aRxcSUDk36SAEdhvxWa9

Score

10^/10

wannacry discovery ransomware worm

Malware Config

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Contacts a large (3126) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 3 IoCs

pid	Process
2580	mssecsvc.exe
2080	mssecsvc.exe
2352	tasksche.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	mssecsvc.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\mssecsvc.exe	rundll32.exe
File created	C:\WINDOWS\tasksche.exe	mssecsvc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssecsvc.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 24 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5146F091-9386-42EC-961F-65F7FD409DFF}\WpadDecision = "0"	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5146F091-9386-42EC-961F-65F7FD409DFF}\WpadNetworkName = "Network 3"	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c2-21-78-98-0f-cf	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	mssecsvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	mssecsvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5146F091-9386-42EC-961F-65F7FD409DFF}\c2-21-78-98-0f-cf	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5146F091-9386-42EC-961F-65F7FD409DFF}	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c2-21-78-98-0f-cf\WpadDecisionReason = "1"	mssecsvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c2-21-78-98-0f-cf\WpadDecisionTime = f01d1dd65143db01	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\c2-21-78-98-0f-cf\WpadDecision = "0"	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5146F091-9386-42EC-961F-65F7FD409DFF}\WpadDecisionReason = "1"	mssecsvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{5146F091-9386-42EC-961F-65F7FD409DFF}\WpadDecisionTime = f01d1dd65143db01	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	mssecsvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	mssecsvc.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	mssecsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	mssecsvc.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f0061000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	mssecsvc.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
2012	chrome.exe
2012	chrome.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe
Token: SeShutdownPrivilege	2012	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe
2012	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 1692	1908	rundll32.exe	30
PID 1908 wrote to memory of 1692	1908	rundll32.exe	30
PID 1908 wrote to memory of 1692	1908	rundll32.exe	30
PID 1908 wrote to memory of 1692	1908	rundll32.exe	30
PID 1908 wrote to memory of 1692	1908	rundll32.exe	30
PID 1908 wrote to memory of 1692	1908	rundll32.exe	30
PID 1908 wrote to memory of 1692	1908	rundll32.exe	30
PID 1692 wrote to memory of 2580	1692	rundll32.exe	31
PID 1692 wrote to memory of 2580	1692	rundll32.exe	31
PID 1692 wrote to memory of 2580	1692	rundll32.exe	31
PID 1692 wrote to memory of 2580	1692	rundll32.exe	31
PID 2136 wrote to memory of 2908	2136	chrome.exe	35
PID 2136 wrote to memory of 2908	2136	chrome.exe	35
PID 2136 wrote to memory of 2908	2136	chrome.exe	35
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 2012	2136	chrome.exe	37
PID 2136 wrote to memory of 340	2136	chrome.exe	38
PID 2136 wrote to memory of 340	2136	chrome.exe	38
PID 2136 wrote to memory of 340	2136	chrome.exe	38
PID 2136 wrote to memory of 2032	2136	chrome.exe	39
PID 2136 wrote to memory of 2032	2136	chrome.exe	39
PID 2136 wrote to memory of 2032	2136	chrome.exe	39
PID 2136 wrote to memory of 2032	2136	chrome.exe	39
PID 2136 wrote to memory of 2032	2136	chrome.exe	39
PID 2136 wrote to memory of 2032	2136	chrome.exe	39
PID 2136 wrote to memory of 2032	2136	chrome.exe	39
PID 2136 wrote to memory of 2032	2136	chrome.exe	39

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Win32.Wannacry.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Win32.Wannacry.dll,#1
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1692
- - C:\WINDOWS\mssecsvc.exe
    C:\WINDOWS\mssecsvc.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:2580
  - - C:\WINDOWS\tasksche.exe
      C:\WINDOWS\tasksche.exe /i
      4⤵
      Executes dropped EXE
      PID:2352

C:\WINDOWS\mssecsvc.exe
C:\WINDOWS\mssecsvc.exe -m security
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef60e9758,0x7fef60e9768,0x7fef60e9778
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1204 --field-trial-handle=1264,i,7778225742088579811,11246828836835250046,131072 /prefetch:2
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1264,i,7778225742088579811,11246828836835250046,131072 /prefetch:8
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1264,i,7778225742088579811,11246828836835250046,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2116 --field-trial-handle=1264,i,7778225742088579811,11246828836835250046,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2124 --field-trial-handle=1264,i,7778225742088579811,11246828836835250046,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1424 --field-trial-handle=1264,i,7778225742088579811,11246828836835250046,131072 /prefetch:2
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3208 --field-trial-handle=1264,i,7778225742088579811,11246828836835250046,131072 /prefetch:1
  2⤵
  PID:1712

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef60e9758,0x7fef60e9768,0x7fef60e9778
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1244,i,11370854603141613597,9450592353219539842,131072 /prefetch:2
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1244,i,11370854603141613597,9450592353219539842,131072 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1244,i,11370854603141613597,9450592353219539842,131072 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1508 --field-trial-handle=1244,i,11370854603141613597,9450592353219539842,131072 /prefetch:1
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2136 --field-trial-handle=1244,i,11370854603141613597,9450592353219539842,131072 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1012 --field-trial-handle=1244,i,11370854603141613597,9450592353219539842,131072 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3220 --field-trial-handle=1244,i,11370854603141613597,9450592353219539842,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1244,i,11370854603141613597,9450592353219539842,131072 /prefetch:8
  2⤵
  PID:1640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
44691fdf709576c5467bd86b9d95cecb

SHA1
9c0e49c662f20cdd89217f1bb4b4ba701e659697

SHA256
bbeef7deae86cbdb634c26982101647e319bb03dce941d124f0ab0edc8a76de9

SHA512
e52fb7f7091ed7a21944c629081fa5069f47fc076911101e20fdcc183c35b7b460fbbfac56f1f91052b1d35a35e66ce2dafce70349ed34ca6f16ba1e1f1fabdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
1de7aafaadcae203f3542bd7e0030f06

SHA1
1fc1709f548b224cd882140dfee19cae30c1203a

SHA256
c0ec18d65e2151d63da0b7ce54b7da0c777d557689c2d0a1ee50eeea0c323982

SHA512
0c3e8a974f40062e81325a85fefd6fd28769f474b83603742743ec6cea24f6cf5fc8de31a18e460687f7cb15bb27ee8c27e4f325ec6b14c3add0620421554438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
abb6a6209641e1870120ded0e9a6eca0

SHA1
efb57614897be7b9aadff90458455fa168f2f01c

SHA256
7c55a5d0f906b40dfa2efd23a5d4310c143b5d95d8ba0fdd1be515fc8cc53d5a

SHA512
e092baa53ebab3867e443d7d64944cb2d4f1ad3072a7195521f4e73035605b97589d7c7bf8cfd0dbbc32b4bf9c966a13aca847af03ef166555cee6d6a2e805fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
446ee1548605b4d88f3e69aeea011f7f

SHA1
9ad57229dd2f1302dbf6a900db97ff66ad9d3c74

SHA256
b9022bb973847d3a7c9cf82944f1028efd7c38f274d17b4a6f2e89f66e57c080

SHA512
c3f98650fa7ae236cbe3602c0d24e1befcfe4c5a53a461af5154ec21dab8bde405860e7c492fe352c612627d0944d75c3626ca5ea04b7c89ad50acd2fc2cae25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
bf9f72f482456002645d1112895e6554

SHA1
c636bb97076b0b26e8b538fa904137ff1049bd9d

SHA256
11e834b1d16716979cf6583af194c3c320389aace4ee5bbc6060c205a534188f

SHA512
7a55e14d23ae18d81a0713e1cf644b454f23634eda36b8c8b9fb0af27d8d5829fd264a674a7f128f9eb661fe47368ac89e142b5fe6d6d995e7ec43be49b061ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
77d51ff2b9077efa036e8bb5ccbd4d66

SHA1
3da45e2a47bb169b68102c952c54f176826eb2a0

SHA256
e2cc368d7b75573bdea44a9c74e7b2c31c25c9565fa5dfa2e5f8912385b5ac32

SHA512
38cc69e9af4f304938c2ed6c90139eb7ddb0eca8880ccb42a43382f3723e6ea41cc4dc00c10251328410975e059c0a5c8191dc32f444518010377991c1c688a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
632B

MD5
e388a1673cd97a84f2507c774ed20622

SHA1
a37ffaf722316023b848cedbf889bb7073825792

SHA256
69c587e1ee0316911faecc852a89c3ac3a2e860e4f037c6f0ad583dd74727d3a

SHA512
79e15ab4d87c895734f1df048f04b0f70d4e86c3f209cc4bf00a40733e09638064c5a21b77d938bf77e9401b8f1a996e390336b8119a9c4252b7e3c03da1d02b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
f8bb490cc99009ca9157a171db397109

SHA1
3695efdacae168829748d3f580af7979f69b5360

SHA256
0f94cea8015a0674470ca1d763d431608d2125ea42cb4f4ac54e7251cdb8d883

SHA512
a1f4ffc41119897eb43a283d4111c057e561ec712963809903cd4301e974cb0fdbb60dd8b369d4fb57e9b85068707261adce28c16e674cf432bff6e25849c7e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
e4423d82b03a4a0a58a4c355835f9aff

SHA1
fed55674499da5f76091f78a92ff2a2a620236c1

SHA256
11d2f368ede87404c6d8d6911ce83bfc7f07546e85ff5a153e4509a3baa0e1bb

SHA512
8d88cd6c8e1750cfcd74921e4b067cef01165edfaaea77fc3c7856200c84d80429f04d3cd54cf07f705f688d8c1ed808fca0ad04864982767777fd489b4119f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
293251ff58db08e11cf9d61deeac3c37

SHA1
ab4f7b632a4308c069c908ea4a887a4bf8b3b64c

SHA256
45384b5fdbdf9bbb8b4aac06c9871bc63273ea983043c7fd8407fc2185aa1d94

SHA512
f1a14a740a91dbe11bee182596027ce3fe7a16d0f113996058fac87f429e69ab0786acab42e348401ae7d49c3f5d26ce1fb19c67c6cf4b9f098be87117a02496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
a3b1587cb8ecb818a3058687acfbf986

SHA1
08c10a337b224accf5593c5d657272439006a1de

SHA256
ac44da48df2b4245ffefec8fe29bd9c1710c4bc8321417e487b9c94eb4c4c7b1

SHA512
cbf7199c9969213cdd3faf099555b51f128c09b1bf19b90340c80ceec9a7b9a1b7eaecb740f86d3fa33de59e701488fa0ea22081dabd880476141684ae678ab6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13377463275646600

Filesize
2KB

MD5
bd56b4fdcf0bd96f969fe8ef557ca3b6

SHA1
304ef820aa283ec93f170f7c59d5d27e992d312d

SHA256
0f0e4aa9b2d36cd95c2e334fbb3abf5d6e340f3d182f27bebd940c423cf46453

SHA512
32c5ccd3650cbf9e47335fb31099aa6b94c97c005d3392707611dfc5c7dc2ae0ec0833b904f96dc9fe59a2e150b374c303085d5035c95dbb1301631275ca02c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
82054f65c36a7fb016c926becbe13919

SHA1
74caa0bc982d88ee6b787109dacde4b4667bf8ac

SHA256
00d54aea0f117813859c5dd22e7a51d8d65cb0531a79e724c74ce4609257db63

SHA512
d654ddcf1a6638b8a2097c072fec6fd027cd6889edc13b2f7b13d826cc5d0f76344aeddea8817b96d427b68d1e3633061bf2d805a3656985c37da62ea719a321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
21d9a3fd61cf38ef9f6c66fb0d767c1a

SHA1
f134671454df89b7e099780ab8a310b3ea7328b3

SHA256
867b4518a209d7b95472fadcbc61151eac01654cd886af5ce55c966e99b3813d

SHA512
0a6039e562784ca87ad23ca733ff994c72197a43851e82d1aa2b26a16becaea9e9032dcae984e58249d49af8da00fea72434e76c2bf944f98cf7fa3c248afc77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
76d949312f8ed7a1633d373f0d4e5773

SHA1
5f5960f737ca29cda52b24572b67f1576d3ad22b

SHA256
5846d6121a5aa7dd4a6e296271d7300d312ca03415a69be8b39e355c973111d2

SHA512
6d212464a130f6d5e5ff35cedee0aa34d7c201dc386f775743097d8b2f5b6ef297555f5cd767c2f1438b72b79f82c9171c947bfde58c1b0e6088ee1fc2d40d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
d89c771f339d7d96040098a218521028

SHA1
8293720bb676440fa860b840c1e9ffcb92cb8a27

SHA256
86e1b92b3b4f5aa4ddc6190987589c86e9bd40795082413472a5ec5bf6b2f719

SHA512
6fd5d0631c5544112af4f976e48a61201f027b6e464f11fcaf818f2e92bac501a91a2135be89552fc0c15e3c7a4e9e774fe2ec75a9742375f164f1e218584158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
485B

MD5
a7c0f3bd3fd340ab17c44f508d5eb171

SHA1
c5c15f14b8513fd6d559349d81057c8f914cb16e

SHA256
f8902fe54f3604da2fd11ee347d8db57e3f1c2f21bf9673b7c4ba05ff019dc5e

SHA512
d10ee974c29e0f51a35f59caa6bf29ce08ab4c5644e570b6b5e6d37e63b8811dd302ffd5ab3fccd04af0b2ae5b31a5c7b45c79f643ef7692fc0fb4560d0fef37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
19B

MD5
a2f36fd75efcba856d1371d330ed4751

SHA1
fb7c3dff0fa2b47c6f0026287d12d16d05d14d8b

SHA256
561fe33b81dac187686e9e50103590f3a857f4e1b9c8ada714d43964b938ea7f

SHA512
79ca96560a074fa678cfdc06007d0e1e01718831d18c4a800c5361b8ba8091b46acada47418a8d7be3b626d2d9af5cf346abcdd88166a9d1634f81157ab1ad6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
a8c6ff4abc98af7cf44c5693e5bc5d75

SHA1
572da6ba6a5e38c7c16321653eae026362ae0692

SHA256
6cb043f57e001e8c3faabfd2703826bc4ce7d4cc6c4d980726b46cbc896af7ca

SHA512
f165c8f8195e78329637bfb1ca125db0788014debebffd07b111ac4725738b1403096bf39ad62102a59b00cd74669a528eb002fb877579ee2c7a0221f2d9fe78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
1c0c23649f958fa25b0407c289db12da

SHA1
5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574

SHA256
d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf

SHA512
b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
315B

MD5
b56d5f58b7818574358ab07ff1b840d9

SHA1
87f78caa4942a3208e08faa4326f5f7e7dca5402

SHA256
b25e60fc77b225cc946f2038dc1c2119e85909af8d86f112cf1c1c33125641c9

SHA512
57dd3a5b22260f30f8a5c815e949f9441a3350078fb3046e52f40b5bb2769c7dfe3c0ba683780c789fbfc41121f6987dc96aa085ed3bc05259c9ea8b468cacce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
12275f46db968e27e4edb23a4517904d

SHA1
1bd41f5f55dc8532c45c5ed91bd0823deabe3d3a

SHA256
0b9769e63620205002586d7dbefa19d6c3573ffa65bc86eb49113ec271feea4a

SHA512
084364c331be5c6b8c537a6c56b732ccdbb45f0d74a1e0ed89ac195e9ae43e15f15c953e3ed188990f0abb7e0e6456fa4b6b34562a02c180f7c061a7728c8b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
eb9507b9d8e962eae6cac20d772c91fc

SHA1
2b24f8891f732015a19435d66c0b0758dd767a52

SHA256
bf9c8542ccd28991a8105b6c6e11ae8571e8077a91ea9875ad75d54f539a1a7c

SHA512
cfe70bc4b15636e7d04af5caa3771dab596f0b73a2af3a410b8b293ca33baec80f2ca05817d5da7cfc4e52dab293a040af04f1f47b990e96d7ed824052013f98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
1c2107d4e3c80dadb6b349e42a419049

SHA1
b38b68088655a66e4b2111ca3728182fa63f9d04

SHA256
6c8a27990ff1de53260117dd8a16297f7412a238b2e508336745f3c051daedbe

SHA512
66d8dcce40e3dc33ef7a9a5d79ecd299ad598bf411a038425a1ab526742d154cc48285bd530e99a6b79ed9fe4f296a1c829891992bb350161642d40d3f6ddde5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b236b1ce-1aee-4907-abb7-2d25c0328146.tmp

Filesize
347KB

MD5
9d7ef77234cc919f326ebb368e888a32

SHA1
aeb9a6e9a5a205b6d77d5b331b366e1afa11d011

SHA256
4db147ed09a9f160c829701af766f2c23fe8018ffe536d9ef8c6119dfdde593f

SHA512
861bf31f67224a36613a84d5e64e0216a891cd425dba57ebe0acb6cf32948636fcfde56c79d7111285327a407ad66d7eee79219be051b0f6b64bd02fc71f26a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c766f494-10d8-4179-98cb-3cb39996451b.tmp

Filesize
182KB

MD5
cdce9fa490e79c206377d7248074729c

SHA1
7cfe893c3998a71c8e249a11a668d32f0ff182c5

SHA256
c3c9824c929697efa23de9acc3bf4c64ce511bee6e8b71ce6fa26fefa70d7347

SHA512
98f61142769478f7b506453523ce332f5b693f58955f35f3a0e317844b43a419d918afa138d50ae55c561099e8c3333d0075cb3d500a72ed158eb2c4be04cab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
e74053642f048b1cbb8a325054be0794

SHA1
48db711d6ed3eeefc112f9bda76781bd606dcc79

SHA256
477833a1bd6558c27975eb60eb6704a6904ead5d91150bf7c53b3a72098caefe

SHA512
afa33269aff9c9668ea2de9330d05d2880c0c018f90006624f1c5195630616eb194198177b2323c7acab02d55e3aeb587ca3880f2f366a4c79e270fc09a4791a

Download Submit
C:\Windows\mssecsvc.exe

Filesize
3.6MB

MD5
90a1e06d78737b9a87e8ea42f76e2544

SHA1
785ddf8bd3add2da415cbc7c39aab7eb21407d20

SHA256
e1bee0f7a7cd0ac8659033d9e67bfc83ae03843ed30dff8ca590f916604a6de7

SHA512
40ee623eb975b3890d3e8260e76963d078a7734c040d4151fa0cf11fd6e2421f5ea609f67922a51c6df7a09f077087361586d5f40208bc97ee70531e2a3df5be

Download Submit
C:\Windows\tasksche.exe

Filesize
3.4MB

MD5
0df2ae526d7350c2e3d1383c07a6be04

SHA1
06c4d41c60736ea1e0bb1b095536499e05068442

SHA256
10111f53da4181d548ea77cc91f02a15b9ede3f111f074230761f2afee7cd637

SHA512
9ca1ca36dcefdb1eba3152bc2d14c9dceb3360960338d13db5f8a02327aef80cb0ab238c2c1f3d2dbd7fd75124d4199b5cd63f173a09a0dea212ebb265f8453d

Download Submit