hxxps://github[.]com

max time kernel
169s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29-06-2024 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641269134636583"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{4641E2C6-D1F0-4864-ABE5-1CAA6E309A53}	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exechrome.exechrome.exe

pid process

4960 msedge.exe
4960 msedge.exe
2168 msedge.exe
2168 msedge.exe
3496 chrome.exe
3496 chrome.exe
1224 chrome.exe
1224 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exechrome.exe

pid process

2168 msedge.exe
2168 msedge.exe
3496 chrome.exe
3496 chrome.exe
3496 chrome.exe
3496 chrome.exe
3496 chrome.exe
3496 chrome.exe
3496 chrome.exe

pid	process
4960	msedge.exe
4960	msedge.exe
2168	msedge.exe
2168	msedge.exe
3496	chrome.exe
3496	chrome.exe
1224	chrome.exe
1224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: 33	2244	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2244	AUDIODG.EXE
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

msedge.exechrome.exe

pid	process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exechrome.exe

pid	process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2168 wrote to memory of 1608	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1608	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 1372	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4960	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 4960	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe
PID 2168 wrote to memory of 3096	2168	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8030d46f8,0x7ff8030d4708,0x7ff8030d4718
2⤵
PID:1608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6550144760776168971,11281640176478130336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
2⤵
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6550144760776168971,11281640176478130336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,6550144760776168971,11281640176478130336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
2⤵
PID:3096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6550144760776168971,11281640176478130336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:3556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,6550144760776168971,11281640176478130336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2068,6550144760776168971,11281640176478130336,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1980 /prefetch:8
2⤵
PID:2656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff44dab58,0x7ffff44dab68,0x7ffff44dab78
2⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:2
2⤵
PID:1068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:8
2⤵
PID:4012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2108 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:8
2⤵
PID:3992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:1
2⤵
PID:3612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:1
2⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3608 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:1
2⤵
PID:3332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:8
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4436 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:8
2⤵
PID:4520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4748 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:1
2⤵
PID:1364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3368 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:1
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4996 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:8
2⤵
PID:3896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:8
2⤵
PID:2296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:8
2⤵
- Modifies registry class
PID:3612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:8
2⤵
PID:1200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5960 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:8
2⤵
PID:1244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:8
2⤵
PID:1332

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:1948

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff6e725ae48,0x7ff6e725ae58,0x7ff6e725ae68
3⤵
PID:2192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5800 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:1
2⤵
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6096 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:1
2⤵
PID:2996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:8
2⤵
PID:6008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4664 --field-trial-handle=1892,i,4436848004557502399,7280841881139934703,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1224

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1424

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x464
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2244

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
225KB

MD5
d115c0a2800145c06e066875ba331616

SHA1
b94c5f0d25110782e939d1234141b70e6b238653

SHA256
113e69d83de21cf11879632723c532d28df10a53c0c2cffb663190f82c50570e

SHA512
2bd24181e53bce956c5262bcc641c323ec077f5a19193fc56a74d3704eb1f4d76b47076d1654c69cb53ddb9a93bb880ed49fa0ccaf46321723da6cfa99c4522f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
19KB

MD5
5abc2d6a81ee083df5c49e83a342037c

SHA1
1b17bb65749f39ede44e145735252b0d56fc7003

SHA256
e2cb2ad4bb24d27e3b8e92e5a7839d4e68ff613d7e91e19a2668c7c12739267e

SHA512
0eceac3e1207bc2e31238db6880ed6f4026e0ae2ef9f102e08b8e6da79a5495c7ce4bb32c4ecc50ed2f2990cfd1610cfa974b1864455c325560d1d070ff48f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
47KB

MD5
1af625b5988f4098155457b42c9e7604

SHA1
f101a2737ad079176c92bc2684f8961b074ad710

SHA256
44d44ea3935d534f44d0e33117954cadb08b712269e12e10093755e3d4885014

SHA512
b81654c38578ee6acb3ef12ced4fb5edaeb698add94d68a6745db933582494170ac6a048022eeb2dd734372232673f7ed50102fc8fc3094e3804110b20172d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
Filesize
808KB

MD5
2bddd552038fa6582707fe3e183855ea

SHA1
7e622e9b8256f94a9051934534f85137a8b9c9f1

SHA256
5a196c59e04a05a940f87c32c8a2c531a68d1f31570d324492b0c71f41fdc6f7

SHA512
e8c0ea81cdb036468b9ed3b8bfdf6a18202c4babfcf64d1c5bf69aebd0780c485779d4bb4a3774b690a64564bc33f2d957a006aa1e3dd81f7405eb9c71131334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
Filesize
32KB

MD5
a37cb5b2be3ac24f85e18e0f6af90e18

SHA1
7888cab4667f8997bee7cfe1357b6d090e5f987b

SHA256
38322e4056896c3d332335130caef7ebf6f02a9e902e87adeb3141aaaefc5eb1

SHA512
f2772d825de479756299954d0d6b67c3c940e41a2e2329a733e755b8b3d107c53fbf845d64330ae9b75f75f56f872b9f6fbcefacb55606a0ae7fda58eab6b384

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
Filesize
32KB

MD5
fe0cb11576905a924b316b72b715c2e3

SHA1
31a833346d235602a4fc51b49ef9bf57d9d1409f

SHA256
ee9fdfd767036158d8d3bc22f6c3095c5bfa6c17d4611eaacd45a5a829a864b9

SHA512
0227816287e01021bc07b84db89642ed0cc5e1c3a653a8be2c38bc53dcb17cd62b1a45051cf143ba9c2a5880df961d281192547fbb0788d95659ec5169e98ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
384B

MD5
c51b0637328e621f3fda8422027de485

SHA1
6cbb95c546f851ca6142fb7ddf4b5e50fc8df208

SHA256
7bef64cbb35d8939a839455fd18a488ac2f705b1643cefaf214b780051a4c4f0

SHA512
299bbfa250513a7b5415575ca93a7c562466c821eeeb8ff64ba85d4613872fed567869a011584b12af5ac9164d63342dead59efb7d0427deff3b8c7cdcf359b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
efa4c74f9ed282dd5819ae7dd3dd880e

SHA1
2690e1d47c54d37d0eb45e27a11eafddd722ae6f

SHA256
a1b389ef2affab1d0725dfbb554d3bc0159d7ad74a6a977195ff784253dbfbd2

SHA512
6f57383c82d920491f1e669d2f40b0aa1763e28ebb52e9a820ecbe5a8106d3af82a376b497ebf2fee94fee67459d119dbe077a71cbdecf98917e6b7ecb99e662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
ea860804f3b15d0a8a4f85c31bd57570

SHA1
44cd61a4b27c78b13e30527a7a2cf75dbc486e65

SHA256
d455f125ef41f7665eba13df64c7abd5fd23ce1dd05d021863497051afe3d30e

SHA512
4cc605f7bf86b199aebdd53e296c6b84d09e49c808d68a11e430b515a1b662d0d383e81c62850b8399939fbabc296f2a55921d682b1d601b46a36d3f53f8314b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
c547393847f2a97ba36e247c504245e8

SHA1
888b23d81c71abcc999ccbc7c56c1cd04d865ba3

SHA256
76fd6b0a27f0d35f727cb48c9f15764a4e44be9a97644a40ab7a6eafe04ab57e

SHA512
c47cfe03abe543d760b8ebb83fbedaf9ef7c6d5ecd6b74d11a2198b4eeee9ce540124160c715077aeae1fb84ee43691c406a3e480ba4b9005ff19aca5db4ae1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
fa59a0584a72b1c1223c49419458d872

SHA1
6024723868837415cb28eb58186e51eaead23528

SHA256
869cf646c5f3122310d542555eafbe23d5f310ef2bc2054acd973f1fece1f0d1

SHA512
b8dc6da11ab481091bcb17587b8f3de13065343bda742cdddf2f07c0f3b8c13923fbbda945542c2dd73eb6ee829dddc3bb4cbfa1953f892f83950e9372f61b9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
7a772c3d5e1b7bafe3dfa8d321cc2137

SHA1
ef3c67cc6ba1d494de1c57dea435bb6ac1f47591

SHA256
46b22538e67384d54f5a1a6464fa68368f8771b0691c7774edf467538ce1d46b

SHA512
c6ce7ccaecf76a51d59f2a250395a27fae9fe2857ff5292a464208c69e862b136ca48320cb7c09320e5dffeb03b1f674b5731e192a2a818d7c0b44ec0b904851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
fb1f4a1629bc9257a0554af14a7d43eb

SHA1
0bd4c7abd2a20914356ee9c49c8b3e0e56633b23

SHA256
bb994a0d20c46db2cda5da22bc2bb9ae42364b6bc174a1b2984aca669c0401ea

SHA512
048406cafd5e8bf2402ac67a2f407c8113197798a0928f42ade20836a8b558bb53a97776f20ea9d1e8b49aaee9ccb1a181febea4af94c0306c94431cc75652d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
a0d7e70f82c19b7fe5f0e5fd0669319b

SHA1
6c0f9c79e7d11d3a367c203b031394963ea22a17

SHA256
1b324a710f7e788047257ae469bb7e4aed009733a8bd403109a2b4829853f2d4

SHA512
fc36d098abe26f52dfb65a19f5c6a00407aae6f21911baaabc110b030d5c9aae20fcaafba5c2972b8d3f1807b7db1b68a9c48b04a1cefc7cdbe3e0a226071339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d26c9574e68281b937567d3570c2de0e

SHA1
d1ad375a12e4eb68de531071ca228a3a06e74f89

SHA256
2ae89522d52ef83847c4e381753f78040dee63ef9fac73f98263c091e991325c

SHA512
46eefa3a4429db7e4f6a70757d5be62c70b3d68d2c58fd111466a743ae1dd06770ab0db4b1adf502e0cbc46c92bb8661cb0a777f77f9b00c23493f439bfd9bcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
d4bd793762253bc907b5df3af70986df

SHA1
7a4e60122d4ba4ee9f368a78662a3370e5b785a0

SHA256
769a3b895797ce9dd0b761c2898b5ddb19d17a8bcb6efb4c731373f47cc9f516

SHA512
23fb232024aee5c7afe37f3dd17d059e1b9f50304dc7f666b2f0b3670451e338d02a059542201b088c11453b7d2ad0a7f482cbc38c77713a2b5d54d93533d80e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
e9b8f226915994d6fcd96f91317a001f

SHA1
65fd802020b2194f9bbae8f304f97e62f3f747db

SHA256
49d13bc39a76563697d4385e88542234898e256afaca65dc32831ef134d37c1f

SHA512
4d9ec93399df63efc1834af039edbe10122a75d83d5c0bc401146de0c793e7503ed8991befe5fdbaf8e248d7fb9fdbcabf86abb11d114b70c28301cfca809562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4af3f3da-777d-45e2-a786-22eb8f890773\b9ed6afd3d0638f9_0
Filesize
2KB

MD5
ac4601782a57d51ba2dfa5dd0e0c7b77

SHA1
0afa2ca79dbbb4b0f42a7674157f51eda9cf084b

SHA256
fa22bdb503e77d8c046a77aec131ad7f8f5b990549af815a2fba5e2c357b3aee

SHA512
7ce824427d786b83f3f367b44a20a673c50af2a15eab85c1e992fa6cef613357fe4a91bc4821ec69fec1bdd930cf88ac80c43df2085ac65ccaedac32176cbc14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4af3f3da-777d-45e2-a786-22eb8f890773\index-dir\temp-index
Filesize
624B

MD5
d0f74ce02d272c099cfac5ef22bb7552

SHA1
e3c09a051b41e07e7bdf7f066f5b33cf295c985b

SHA256
b9fed635c5c49290a350c036ee21cc4c8344e2a9ae26e6552b49188f909650ea

SHA512
4dd26aa700558e6cc9b3b2f6cc20213dce15d93b5e842829cdb6606de66ac6b3f929437e6bbf56e5c3f5e22bbad3a9810465496f2b58221f2614ae7c952c1415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4af3f3da-777d-45e2-a786-22eb8f890773\index-dir\the-real-index~RFe57eb3b.TMP
Filesize
48B

MD5
dd5ab4f0396d93471bd354e1a3633b29

SHA1
1d23998383335f2af28225a277e59fca0e6bef82

SHA256
7b0a80d928920995305adf9912a5ed4de6703321b04f5391f74c25bd3d7f9b6e

SHA512
f4ff19f011bc543ec71011ade9edf6b2e7ecba7576e1301b0a3b6b9fdc02f72aa381de0077605165320f3f7befcd8b119443dfa8d060c43a6f9ba6cdab91f0ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\98104e8b-1300-46d4-9cef-fe5c466dcf52\index-dir\the-real-index
Filesize
2KB

MD5
f572b12de2c717f4db1d72fdcdb6773f

SHA1
0b6577d66d5d121747f43ea98116f29ca2d7bc5d

SHA256
444e1a11eb0de0167d0609bdfc0bb94f2138beb5d90d09f8591f685a5c7f724a

SHA512
fbbad7922930b8e088aa18440db06a01b69e0e2bae7b79011b9fbbf3f9d9884cc5b67dcf2169235ef57c0510d3693cabac918ccfa5a11802f72aa5951dc522db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\98104e8b-1300-46d4-9cef-fe5c466dcf52\index-dir\the-real-index
Filesize
2KB

MD5
51ade8ed8ae2ed98d2e300a2f198c07e

SHA1
409840a4448d68c4585511e99c1b27130a376a97

SHA256
549524eb7f5da891127876d7ef7297bcdd3c1d8cd68282c79ae511875cccb62f

SHA512
60e5b0a12c1d4cd06fd17dba1277813b283da4959eb42d17b7932d094e7375586c849e415ad04cd4f8ba251639cdc8cbe499e826925ed1a5a04b2607b808baa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\98104e8b-1300-46d4-9cef-fe5c466dcf52\index-dir\the-real-index~RFe579049.TMP
Filesize
48B

MD5
c99f80214b27185ea0f3b426dd725b98

SHA1
5dbc2e1f2b56eda56fa00969c25ef2c2cbf87f7b

SHA256
6d1ee001a11d5e24a2afde87cfd4d112c97fec21d54216c9be3c1672bf6b542c

SHA512
1b45feef246324bafccdbc9071bcb62a9bedc0b87ce3374e7484fc3014c3b467d1bd45e58a5c7c587459c72595a700920bdc6b2580e12ad57d9bd2ed15f93a7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f8c37967-45c8-4486-9cdf-2d801fa786ab\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
183B

MD5
9ffa301192703f41c2eb4581ccb48f54

SHA1
b82790f6adf2c6bfe82f670fbb35dfebc04ef5db

SHA256
a3da56ea865c358c9871d8a330001ea7fe3c1e621527676864422dc8329f0378

SHA512
649c774bca6e872515cdcab0723ddac967d130c1c62f2957141b3f0e115556e59a735a12911e8598dcdf2d4b1037f29f82a92f57492fd802c9f7ff430e3749f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
176B

MD5
7d327a3088cebdf29c238cad458a1769

SHA1
196d707dd04b261cd4af31758fe0916e974ca894

SHA256
51c54c9d1ebe5725f10614ad5693e9ccfba216f4324c3071ec7e0fdf7e5838df

SHA512
3816fccad0754afbcce39e9a24ed72ee00ac8ae56eb387399280b14575597aefc44dfbc7ef6d9a77ac15a29200dbbae367f1cedda0287ffd612f403740b27c8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
178B

MD5
258a4a896825e1d4b9f04a87c8c0abaa

SHA1
42ac0b19927be0ea392538e7f456d8955cacd2ec

SHA256
10051c18daf895011ab1ba3d9c1ede1dd6411ef1a3fd884946a6cee93243bb59

SHA512
38341fa23eca946b7879fe2c5c6b6207a8e7f93cb43945187beb927adb6191bd5857e75f0518ca828498a3141a1d43a02ff6c92832c9b55a77a5df41ed423830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
187B

MD5
d46838e072097ae556c1a0e81b6700d7

SHA1
fd3008ca20c58fa9c4b25f11e4592cfcf99f4895

SHA256
7f459f4e313240e9846f9a7756f2e2cdf506aa33c2618cf65f2b855db47836ca

SHA512
2f34a31599824f7f87d8cc2fdda63501c56f3a95e50646a3e7ed1d43d9ca7b9aa64d22d4da854b033e609dd438ef092fdc43ef269e2e15364105af575c1cdbf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
112B

MD5
6fe31ab4e0efe445d5fa2e2be89a53c2

SHA1
537bdd81ab8ba424c7a2bf9739059b99f100f218

SHA256
3a513ef2aacd0c029c5ddff5f3c552a92de4d1d752e2b95b2b032dff7134d04f

SHA512
3b77daa3c47ea6e6cf79a1ab610d762253c8aaa83aa2efaf6f55d2c89956c8abbc8423d71c4422c361b2375199a817193b66503a6c33ea259a5f15466c320776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
247B

MD5
1a4f15b562c2fad3739e2955f8677653

SHA1
3e0d73f43460750acad92614983a58bb4c20f0d9

SHA256
3401119e95ffa770772dc39a1fb1843a511c9d30e12b404397f1f4041744d539

SHA512
bfcc51e1e36ae4836d790f1242001dd2389cd1f9ddde645a403da5e9dfe0c0ff5bebaf3b7e6810568361fc35ef5672ca1b9f88cf23965c359dc15eb793da202e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
114B

MD5
678dc2b34823d1190f73de89d2ea9535

SHA1
4de6bf0ce5b192fc659fe553060df922ede08850

SHA256
82af5753336b572c23ea9da8cdfc85d214659d13efaabd8de197017c36373b50

SHA512
38a296b7c2320f0f69de42c92d9ec6bd5a95b58b40341556d7ee4f78b33264eca7e27dc211143f2e8745b78ca0ae68ae6941bae64f3387959e0873fabe860462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp
Filesize
183B

MD5
db0b99e1db3b23168059778ad05b537f

SHA1
8ec6808450c095e092a65dc314a65c15cc8e1f2b

SHA256
48c9c3c413c3701a374280eceff2e6eb017d9246b3e468a841bd6600788fbc2a

SHA512
2fd66d2d8fa7f3420980fd181cf0e66d7b883c5f89f250f2f8a47027f94fcdcc4bde79956a6130198f4bb21f1b39e0606e0b1986f76699f6960f7776befb5706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5782cc.TMP
Filesize
119B

MD5
6519fc4b6b9494e6b3757832319f5ffb

SHA1
82a5f0409e67670a264b4cccd9e6ac2d776a1a9f

SHA256
a4b6f5bf533379969bb5b9fa06dd9621cc812049169d34b9a6ee4233376ab827

SHA512
6a18f3c03749c8c679f1e24e918fd2b08a5b5c3399904f457f53fcdbb6648f4c11c98ff14744fe0c5468a515f969f13c87c0c1fe35c046ed322a237d621f113c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
9430af9f34823d7fd29e6888347e4490

SHA1
d7fd489c06c36c0366938b37406b9a94a1249d9e

SHA256
b4d76b9b68f9ca40c48139b1e172988211100e2f8cb286eab4dfae25cf83c786

SHA512
7d9806105a5fca2cc26ed0f1bfc70246d6ab29c678bfb27caaec8bee24398ae59d89cfc2c4e54252ca1aa9b900e6d599ec919ae1ed5cf49be8b597630fb094a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e3c8.TMP
Filesize
48B

MD5
5768126a710a3b400512e2b4904db85f

SHA1
a1dcf33b4156a5bf7a10ec645ab803674dbfc138

SHA256
10e809ed4c3ab2e044c03211767dacb2305592cd0b6edb92bc7e7d193807f464

SHA512
a54a0cbdc73c421da531410f98092761774bf1a107c35ddb8cc7343f659807b7e2f965856aece481264ff947e13d132e50deed9f26b5e93894d2826a8f48459a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png
Filesize
673B

MD5
88dfa96f9642297ff88909ca4e0f7330

SHA1
ed8655bf13e6cc49395da4c760168c4148454b7c

SHA256
5e5eb084cf1a650b2e122f53d36f85b67ce6e39069e399a46a25dbd34f7be286

SHA512
cc2deedfeacf9f26e48cbb26e222a219905888b95634c7d91d6393b84248305ce8940816bdb3bff0f5384b9dad90f4e3905b229e06ce4b1023a1439293b240dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3496_1182576774\Shortcuts Menu Icons\Monochrome\0\512.png
Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3496_1182576774\Shortcuts Menu Icons\Monochrome\1\512.png
Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3496_267157180\Icons Monochrome\16.png
Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
255KB

MD5
5449417a6873b1efccea83c1bc4e4637

SHA1
4cdf43957cf953fe9502b74c2df762a3a5dcc06a

SHA256
5adb8a903a0aa8bb6f79d4cfc4e00920448a4514f68b18a87aac2950603c1e0c

SHA512
639b290061be2607fe3bfab1c6460b578bd74c0556ae771fb42e7c3e178992d3c9dc9e30b2143601d9810e6813a7913abfad25755aa122e651034f04baca256a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
272KB

MD5
949d34a4c10aac5893e9a05234fbb9fd

SHA1
ca462bdd753fcf1a06d4eda42b429958026fcccd

SHA256
3ed039cc454f829f3daa61efb08bbff5ed6728a87e19876a367bda5c2d47d228

SHA512
e73566b0a58c605a284a184ca95035ca8089913e22da7b9fee7b43aa44cc286fb1004d25136895ddfdab06aa670dcba8f57b16411808b268a2fda8d3ebf5c7df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
272KB

MD5
cf2a053c6cbc9d1ade9d9edf888db87e

SHA1
e9e78462da7d927f5bf0f0d0c2c7acdbcf5871ac

SHA256
dfddf34f1b385845a6667ffa728049c2441c8a28593e0877955f9001a40a6daa

SHA512
9914b1e34ada25842789f9022df2232a7519abe82672ddc0c10ecc419e5fcea10ab04b051eb312ded1f15ec1a76b4117a8933e75cf68fd41f665e960285f8070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
272KB

MD5
9e71fb240205d630f6c5fdffcb009769

SHA1
78ba4965d5563663e1d1bed6f046d1e5b6b05641

SHA256
ba6ac306f530553670513c47b789a9e2456f1440b5fb9d44ff8a6804444cae85

SHA512
25532ad6559d2ac49ec38c39b6af69549d9113f8b1376a267ba368a173ec7b894a97c4c058e6d573cde6ea85ca42ddeb266ca49acd97d3f3f2378939e555c9ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
96KB

MD5
5342bd401e54b7b98a58fb615bd732b0

SHA1
4fa794849498a770127550d1b2df8807c1eba471

SHA256
1b8e43f2da06f27078c969d1b6283ff774d1e1dbfc87c51d946d551a0dbe3920

SHA512
4977c973a61c4e9adf51340cc446a9172a8ed5131dff9d80d349359fe0bc84215d251cfece07c79003975728a05ed8aa1c170414d1cf1a839384d4a7eccd350d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe583fe2.TMP
Filesize
90KB

MD5
d00dd2cfb1af0ffa8f1a49eb6471f39b

SHA1
358bceacd401905dfe6ba87b4c429956947947e6

SHA256
2c7d31532e735732605301ac33b63ebaebef1a99d31c38e0333f50ecb846b967

SHA512
9f5a9a39ff1f4aa3304127d7221eeb63deabf55b0516a2c4dbdc341155b1e926358d17f4a1b1f01e6618664a8cb502feeff7da8a68363ce90d0cab989d6f422e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
ba4327c5e2d0027b7abe018f96059714

SHA1
f9aaf66a44d8c25298db5f146f8c0c14308d1367

SHA256
f489bbe60beba1d9520a53fe00d553b90169ec16b12532c6b8caebdac3e9dce8

SHA512
917b0a7a884650b972488012252ff16361feefabeb1d0643cdd7e4705bf320abd8123a71bc8d0872cb994c2ecf6ecf997e5704dfaca08c4bc335a84774d3c486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
409B

MD5
19c290b347488e53b95ce3784454079f

SHA1
1555f572aca7019916950464f7d43f9b4168bacb

SHA256
ec5b7b06b05cd11383ecb8b8ca7d37ab608bc4756b02aece913d2d8f60c0e4c7

SHA512
0704088983a0121c7dc7be6167d5ca651d03ce73a521d8f4b1199c1378ebd3f2171837a55b1bdf1493faa8269c6c83cc7fa0b68313da245a08e282a2932b3f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
9fe94b95870cb5e593ee6a012e15d5df

SHA1
a21ad1bb15f317125c8ad27218cce896bb1faa90

SHA256
27e4887b21356aafd07b238cad78184ad2f25c3400e449e2ba0cedeb135e0ac0

SHA512
8aa31359c713634edcc40b28a539ffd1b6fd7d05546a6219ad13e6381566e666c2c6b7c9b7d2df1c6964eb3293b84afc7cdf5daff7989508ca4de49d7111bc30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
cb88d806f9ac5799badf60ed20ac755c

SHA1
972f495a6786270fea06f4d37c6fe50ad46d0438

SHA256
482a1529bc9a9c9c15aed5f4db9c99bf7b5b2e4d691ed59a686e69eba8c118e0

SHA512
b5540c282e56647eebbb866b9dfddbcd1616ac44c9fdc821bbc25b63a30f8125afa160bd5c640306c74fb4393121bace66c92c7a58b3c01ffb9d15fa617f57e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
88daa86e9c030ee111e3afdaa05a2599

SHA1
67dbdf3cf4d2370ae3949ae00dc21fea3e52c091

SHA256
ba19716055f77152b6000537bd5c391cc07cf7587878785fdb01e4dccfdf7d47

SHA512
5c22ea76115fe90cbc92fd96d679d7a0fc176b5805aea2a6fcba01d84dc36d8b324fef949695dd30ecb8c3aebe5ea8b42914e73ba2628a469dbe2c98cc5be2e7

Download Submit
\??\pipe\LOCAL\crashpad_2168_ZBHNWGBJNZZHKNNB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit