3220e4dc0dce9af912dfb5880bc28816b33d298c40b52f84d6cda1258fb4e665

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-03-2023 00:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ryujinx.exe
Size

47.8MB
MD5

69625dc483aee7233bf6d575a67fc5b3
SHA1

89b864333053f8012b4c9f12279afa17eb630472
SHA256

3220e4dc0dce9af912dfb5880bc28816b33d298c40b52f84d6cda1258fb4e665
SHA512

3e832cddc932385188182ebfb5e220039e3ef23931ffe21a7074aab2f1575b975b9ead6db126a21a20f3b323d20bd7eb1912004a7a5dab1b6d9a09a409217b2b
SSDEEP

196608:yM/x+TLAB7JoyJ1GHLxbta8qi54+b7nsq2kTTYHpGuC9Kmg9WxpzNWA7VPvjQqZ1:F/WLABtAH6iIMlaQMstH/QTqj63DVw

Score

7^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Ryujinx.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4800	4164	WerFault.exe	84

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133222810888741723"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2288	vlc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe
4304	mspaint.exe
4304	mspaint.exe
5088	chrome.exe
5088	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2288	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	2772	chrome.exe
Token: SeCreatePagefilePrivilege	2772	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe
Token: SeShutdownPrivilege	5088	chrome.exe
Token: SeCreatePagefilePrivilege	5088	chrome.exe

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of SendNotifyMessage 57 IoCs

pid	Process
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2772	chrome.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe
5088	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4304	mspaint.exe
4304	mspaint.exe
4304	mspaint.exe
4304	mspaint.exe
2288	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 5116	2772	chrome.exe	99
PID 2772 wrote to memory of 5116	2772	chrome.exe	99
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 4068	2772	chrome.exe	100
PID 2772 wrote to memory of 5032	2772	chrome.exe	101
PID 2772 wrote to memory of 5032	2772	chrome.exe	101
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102
PID 2772 wrote to memory of 4344	2772	chrome.exe	102

C:\Users\Admin\AppData\Local\Temp\Ryujinx.exe
"C:\Users\Admin\AppData\Local\Temp\Ryujinx.exe"
1⤵
- Checks computer location settings
PID:4164
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4164 -s 1224
  2⤵
  - Program crash
  PID:4800

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 4164 -ip 4164
1⤵
PID:3244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe63129758,0x7ffe63129768,0x7ffe63129778
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1832,i,1924237059234330293,6528460421813965407,131072 /prefetch:2
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1832,i,1924237059234330293,6528460421813965407,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1416 --field-trial-handle=1832,i,1924237059234330293,6528460421813965407,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=1832,i,1924237059234330293,6528460421813965407,131072 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3252 --field-trial-handle=1832,i,1924237059234330293,6528460421813965407,131072 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4576 --field-trial-handle=1832,i,1924237059234330293,6528460421813965407,131072 /prefetch:1
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1832,i,1924237059234330293,6528460421813965407,131072 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1832,i,1924237059234330293,6528460421813965407,131072 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 --field-trial-handle=1832,i,1924237059234330293,6528460421813965407,131072 /prefetch:8
  2⤵
  PID:3904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1832,i,1924237059234330293,6528460421813965407,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1832,i,1924237059234330293,6528460421813965407,131072 /prefetch:8
  2⤵
  PID:692

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2780

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1116

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\ConvertOptimize.emf"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4304

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:2804

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnprotectWatch.wma"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe63129758,0x7ffe63129768,0x7ffe63129778
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1836,i,10995131967634404726,8686230993128950828,131072 /prefetch:2
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 --field-trial-handle=1836,i,10995131967634404726,8686230993128950828,131072 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3216 --field-trial-handle=1836,i,10995131967634404726,8686230993128950828,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3248 --field-trial-handle=1836,i,10995131967634404726,8686230993128950828,131072 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1836,i,10995131967634404726,8686230993128950828,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4636 --field-trial-handle=1836,i,10995131967634404726,8686230993128950828,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1836,i,10995131967634404726,8686230993128950828,131072 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1836,i,10995131967634404726,8686230993128950828,131072 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1836,i,10995131967634404726,8686230993128950828,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5176 --field-trial-handle=1836,i,10995131967634404726,8686230993128950828,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1836,i,10995131967634404726,8686230993128950828,131072 /prefetch:8
  2⤵
  PID:2736

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1696

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
d9a49a7d6d5ca840cf0f0e937007e278

SHA1
90197e483cc1bf8970cb6012997b1968f43d8e78

SHA256
183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876

SHA512
142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d5aa436f438bef1f8801fe7aea488da4

SHA1
fe3fccaeaee75c2addcb31ddb74a609fa9e47873

SHA256
53e51ffd114b6690845f9206d0584783c37637db83a91286d25703a725d25200

SHA512
f4d08c551c6ff43c7136199806da7d6db8d3aed894d81f60123ac9021cad165d03052ac5f5b6b1feb92f67f590d06e40ba9871daabeacc80c3be392992c4f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
e0f5e323e977c6715ecc8b3dca8bc358

SHA1
8dce12eadc14581c5fb46cbc7e44ec28c9ba73b5

SHA256
b47f78a9dced0aa511c65eed5fb56623b386095a4d48e27c34af8d42c9439799

SHA512
07c8f927c535751de276bc30f7b97b4a74d496c7f87c70ddf6675081ada1421c2cf881520d1579bd1c3f3f997556029049342d6f149f0e205f1d1b9ebc721c8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
efc392282d1e532dca4d74fc1100baf8

SHA1
af8585e8d06f41d0cc3ad15600b3238d11a1153a

SHA256
7fb90e9e02ca8a2de122a5b29723d78a293f0ce8618519ec9e245d498451379b

SHA512
596aebefaf8370300268142c5259cae4f09614ece3474d8df20a3b9671eb07ebb2e9a1e8a8e8b73a9cde1ee3b916006aeee3ecdf09c9429528e7ebe847ab72d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
d1e9dde785dae9385a1bc7326a7d390a

SHA1
724d63167b48f7c0672777c1f4d8c58d11e029f6

SHA256
2e48814ed065f0af633fccd33bc6282f31cc035a106a84bb627aaa8e92f7e340

SHA512
e2f88e003bb747e4e8599d0d7431d04c907d5d38a8d3641571ab3bed4cf470bee55fc9ccef81832a6f6700e5e367f3abcce350abad7f1e5424b5844b1496ef70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
cdf66c00cd0c553c58fedc99ef215194

SHA1
e5827a0d5a6150139e9e4ffa4ca2dca7888a2899

SHA256
d66cd2c943e98c4461eaf6540c816eee18eaf7785e825fc8d3c14249250a338d

SHA512
8df0ebdddd3e262f996ac94a71984ea039f721c599f336d02ddd6657c21c591ee19ad0d62b477821bd55fd063f2fb888099c88479fc46f39cee9cdbcfa531e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
47KB

MD5
48bdd000ecd2926a60a3d9b60c2cde50

SHA1
3e88cfd89b13402b18666aba0fe3b76020e19d34

SHA256
5ec3b828bbede2a523366db3b6f68bdfac360df69792537560b36a5f85191ad0

SHA512
f97722539cde0550fc1b4ea3d6a0331afb579d555f747ac1f54f1ba4b44090823c2433faf81d29841c06292ef9791e9a28adbbe7c7f9337aaf939c6737dfa74b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
d90cb261f4a509d886611473296e188e

SHA1
23551f9039c8b855b496f017c8f75b32f6e56671

SHA256
ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4

SHA512
1cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
fd849c9023205f727f674807147f6d52

SHA1
73b3a4e6e77f239bf35701b1fb5983beaf6e030a

SHA256
873fdd039a26e184bb23541b076e50595730a214d4c51b4598889d1f0a2265f4

SHA512
21853de8ae3da1d9c3bec87b54b6f3432b1ac1c9d59e1127a7b620d333c72e135457b6cd3a696bd0e0b43274c58653d80bc024f23a381b1b7e3f80878931fd02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
e6bbc5b8a7e87211507b1b7bef314812

SHA1
4a4154f8a1d0ea816b8cf861aed6d053617a1cc6

SHA256
a9ca3881856d1dc21660888b3c461635f3e2fcd779bbbf4e91777ed7797f66f6

SHA512
fafa0493b219cb10c2b20dfdddb5805420e07d45055c0ca1cfabb54bd37c4b4a1274d7dee9d7d29a15821ea0aa2fc1342e60110f024a0552cc6910428a044355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
ade1db73e10d2e887d84292b7573c5d9

SHA1
7b025a889087f7c403c51ce27181587df63b69e3

SHA256
8d431210ebc6ef680e641552500bc9b5d1ac5a8734190c9d499d4e7d75604abe

SHA512
5dd09312c195dc09406a6482c2c369abaa43fcb9bb63436a98bbe731f773ecd8a6339d907c4678395313cc33bf1f1d0a377510053b473ad4bdfb3533a0f2e180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c40f44d10e4d66f0ead20f87527d8a83

SHA1
f6f72b7c5dbe2dd2fbae868079ac0e6da0289e64

SHA256
94fbea9b3f6cd1ec38effed254b1d8be4ed2f86d6e78d0d3323b2f8b874c4a43

SHA512
b30e2e30c9c410b366382aa4f94de63b2de9c401fe6d0b56c35a0b0be3fa457c129ad28e9b9486ed5e046ddd094d04c9106189d1db0fc2bc1bd8dc02bef52850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c40f44d10e4d66f0ead20f87527d8a83

SHA1
f6f72b7c5dbe2dd2fbae868079ac0e6da0289e64

SHA256
94fbea9b3f6cd1ec38effed254b1d8be4ed2f86d6e78d0d3323b2f8b874c4a43

SHA512
b30e2e30c9c410b366382aa4f94de63b2de9c401fe6d0b56c35a0b0be3fa457c129ad28e9b9486ed5e046ddd094d04c9106189d1db0fc2bc1bd8dc02bef52850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
3f1e94187d9500cf6dd14fc60439f3d3

SHA1
6c19205e9e6041986643fa16f3d8eab7f74fd910

SHA256
0f465d42e1196620d05a33335f2f89f57a6e6cd29e5ba6c20532584c18f2115a

SHA512
f1e706c07da945bcba4d6489125b9bf54627df929416bb43c388c7c08b21d2f64fd7ea67f4b09275693b5d371d45bb7d1e9a6c95ce53e2dfa9f0267bd2f10b86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
8bffbac9e04b0f50d0559ee39dcc53c1

SHA1
974e4d5d80f486e0c5d321c2fc8e4a53223d16c0

SHA256
350ce6106cd69d3f11f1710d5f6dee89429fe64e4e5828b2a0ea9742259170c3

SHA512
d71c4593f87adb2a2261b6ba647900accaeacac5bc9f2de51a43cdbc22ba907ba0529a78edf7110210150392be3f9d2ee279fd9c914c89f2a743d1e9e1e33874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
8bffbac9e04b0f50d0559ee39dcc53c1

SHA1
974e4d5d80f486e0c5d321c2fc8e4a53223d16c0

SHA256
350ce6106cd69d3f11f1710d5f6dee89429fe64e4e5828b2a0ea9742259170c3

SHA512
d71c4593f87adb2a2261b6ba647900accaeacac5bc9f2de51a43cdbc22ba907ba0529a78edf7110210150392be3f9d2ee279fd9c914c89f2a743d1e9e1e33874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
12417b851abf16b2135aff95b696bffa

SHA1
79394de4ed075968da45dff90f2ed5d73c3d1f5a

SHA256
d288259b93501c5bf2805f7874893c54b353cc9399250691fbba0ebb85371d1e

SHA512
1c231c1e63200b58d7089979b80a0b51ac969d1eba7383198ae250e3bf8c40dfc9cebb1f0c34db2a8b20c4cecf53eeb9ed08e0f89f02d4f50b80f73494650be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
80ae6b6895c3a632d1c9da0120ce2434

SHA1
35205fbafb77583d2df62dced767299f6ce8601e

SHA256
bf4ec4f143262151e19b0f31d05d3b3dd9fa207b806a5cb004f5fb458c31e8e9

SHA512
11dc9587612b9c15f8c2b44873b2bc607d023e8c546a97682ef7ed42d8956e644de2783c7cbe35db9d9b55851838af815d0dae5090704b6338195e61253138f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
80ae6b6895c3a632d1c9da0120ce2434

SHA1
35205fbafb77583d2df62dced767299f6ce8601e

SHA256
bf4ec4f143262151e19b0f31d05d3b3dd9fa207b806a5cb004f5fb458c31e8e9

SHA512
11dc9587612b9c15f8c2b44873b2bc607d023e8c546a97682ef7ed42d8956e644de2783c7cbe35db9d9b55851838af815d0dae5090704b6338195e61253138f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9e78013afb112dc0d71bb8ba4b41e32d

SHA1
aea64c70f39337bad7f005d3ae7cd48b25593f8a

SHA256
08e595b97745dce8aa2747171495886d3c12f8fc37ba9dc8a6f1ffb44b29d8f0

SHA512
041c95d7efed3c3f12a4960a3293447d6b0ee3c5ade0fa4a969bc2a40ed072ccf78a9274771f67209809bd0a02e1634d3e84270954502d62a3088e73d8e6993f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d02c7a2bae92f0c47c45fd059e7d16df

SHA1
f78c273b92ce116be324f55a7093a21ff6b2e5e7

SHA256
540509c2ac4317bf6f090c760cb96ed3e7ea1116a2c2589907a0384365860ac4

SHA512
ca86721f0d0ca71389bd7a114c233201a171f46043d2e2880dcc302186be93be8c505fe8275fa099b3978b96b0429ca74af8cb396bcee14c49d4c9ccd6c39935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d02c7a2bae92f0c47c45fd059e7d16df

SHA1
f78c273b92ce116be324f55a7093a21ff6b2e5e7

SHA256
540509c2ac4317bf6f090c760cb96ed3e7ea1116a2c2589907a0384365860ac4

SHA512
ca86721f0d0ca71389bd7a114c233201a171f46043d2e2880dcc302186be93be8c505fe8275fa099b3978b96b0429ca74af8cb396bcee14c49d4c9ccd6c39935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
194B

MD5
d7d9437445aa960dcea52ffe772822dc

SHA1
c2bbf4ac0732d905d998c4f645fd60f95a675d02

SHA256
4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1

SHA512
335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
612569069a8130c9d6f6122a8fb85783

SHA1
73bfa9cd4628e20407b2c538436389296bbc2459

SHA256
8f06aa84584ea1d444d6c40150ae479524937b1fba1fc46899d492ff3c4260e1

SHA512
d6dc1db70d328ccb3154ab96004e4ab35bad71fd507cb4efbcc5d9c61604a68d12e41d4a85f1e5d5a8daeb8ebc970fee59d2bcc214399bfd8d851a85a0f1d82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13322281086652486

Filesize
4KB

MD5
60e321b87a40c8997d4de755300bfaea

SHA1
1ed00f9f1b713f5a78784c372fe9b8771876cad9

SHA256
1a7402cbc1446161d56989d7a633b74bf578d0da7781638cdf8eebee569598c8

SHA512
751e10cd1de4ccde02e75ecad4ea72b157f3ba9aec2b59e84d14db64d7d2444247052f52419440676b46637f8633a769c19a35e047c2a415925fe4b58ee83d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
5356176598f99498b1018672e59d8771

SHA1
35c02dba33010cd66402ffc382e6183a55a32d58

SHA256
ec9101f6b57c73db2f5f7b1ec3b10c90d6dfc68ca0e0ddf40d8b7d35ea85ea61

SHA512
ab98dac1ff7c0eea95c5708d03397c21b5466c6f465b3ee8316aeebd642d38c70aa6bed6fdd865cfc9ca4e775199da002e64efdae4f037bfce601e52728c485f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
6KB

MD5
59ebae77e7875ed161c74e1fda2e7cae

SHA1
6953ced007d90cf93905824a1fc0de4ed5fb6268

SHA256
bb315ab737e6c2937b2878d7ab460faf4702349f9850d4fceedbdddda30fc1a4

SHA512
4b140d7f6e735bc146debe1f4548138c2cac9f6387f68e02a4f42e56fe7da03ab153c56ab716edc760f79525491cba31210a72bba71cbf351bc410aa3cdcf885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
74e105772b0f82161102feac5f1ebe19

SHA1
c5fabb95f990d386bac8520bda04949242284c8d

SHA256
8bc55ea0c6592f863bdd45c1b248607156af432d7ece68c93ac1cad321d59512

SHA512
fc028850249aa12f00b8a9aacbb038df8edaef245608374d38a6668c946f715a50455b86c95d4e93a0aa39dc4a3ed30714172c3a73e79b9c29e1e68e98079afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
881B

MD5
0f86ed8063e0981ff3e7d90f5f9235e5

SHA1
08f304865c28339153150318929a389252d4a6b5

SHA256
73adfbbcd43d52ef25cf648b9a8cf6729bc2b01c9c231c4b6f022bf4604ca5fc

SHA512
46ca865369db7a9dd2ba70ceb87aefb5630441688b4de9ce45f66ad3c31dcc3abed3e56c46e64f39c09754d9ab28e601f9caebf799c4c1debcaca47082b2f3bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
0faed8be1d86b7784f06290c74cccf66

SHA1
e69ac0e2e80a5f067422d1c9835e667cb4cc969a

SHA256
d9a6d239d007adbbbaf6bff2bd3801fcc472b8d4434f114abf61489416e6a6ca

SHA512
b1808d567585e2a6b37239f4c5a00866a4da1818b32cb3c237401e3a9fc8880d14475626f8a9e5bcdd8019ab51633de822a840ee4a9c3095224a9c18fd17a142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
855B

MD5
8b87ba5e83d82a9507bd697cfd9ece6a

SHA1
5d22d612825acda22c66a1769f30a3f43ef0d8ab

SHA256
dc6860565e528d6b6e7c3d16fb38382d867f9183070a38950f1c72a7ec326020

SHA512
30245ecdcf1599592302d9f8cb2869555911716fa91793a2aa89355371af84ed98ad92980623a61297f28bae330d924cf9fcd59f67ba82e727fc40000b1916b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
3adf6232778b4284a464c9cc38552d3f

SHA1
abcbd3361bcc6b3f09064fbf1e0007537fda0c7a

SHA256
26bd4e8e81861f79a77588ca3a234a705310fd8a1ec8ba24905cd215c963a45a

SHA512
ac989577b5e9a8161865a1d85c106b37090edf0c611bf2abc20932c6f2430a63a73921894d3b144161f3aca0db4f69426d149b527189391d6a450b80ab46b61c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
39fe2adde1dd9af64a1d7c2b26bd5358

SHA1
4b1dc83c46907ed45eb789868e99416804f7c518

SHA256
b13a755330f538416cac5875f5933f87578f91f67f50b2816d52934f9f57b043

SHA512
28bfd69966e2a4e72aa20decfca9a59c91b7bf37c06feda8b11b5b646255bd0d9546c19871fc388663a4549a84983d0633e9e25e5ffef4fdb3a5864fac35bd7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
fd7d207212513727b2a057d08236ad6b

SHA1
70b87bf42de1266062b8252cb0f9415b476efb76

SHA256
52961c8899952d6c85cf7ef7828ede79814b6f2dca61cef288fc976875381937

SHA512
88720b97a8762084368b05d3d47d2d8e3b403662142cc6cc281f30599f31e3fa8f9c257993a44a6ce1338f49f1cb235160f67967a88ee001c6baea95358854f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
fd7d207212513727b2a057d08236ad6b

SHA1
70b87bf42de1266062b8252cb0f9415b476efb76

SHA256
52961c8899952d6c85cf7ef7828ede79814b6f2dca61cef288fc976875381937

SHA512
88720b97a8762084368b05d3d47d2d8e3b403662142cc6cc281f30599f31e3fa8f9c257993a44a6ce1338f49f1cb235160f67967a88ee001c6baea95358854f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
75KB

MD5
bc9c5e66a4b580fd60ec0b3918e8da70

SHA1
478ba638798b9ab7a9ed2f53013b59b2d7e57596

SHA256
faf6f8307277bd468f55f9d2378bbf103b83f2491eee253aaa69516a0fee3529

SHA512
f09e0baef73b0ce7f000842c30cc9412e5a361a2865ed5f3653d52d7bdbcad9c31d4ba1f61764d8fc16c327f10d4ed4e4513a1967c7a2b3753b16ccad9be0159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
6bb527ddcde6a3cd97bb5377b35623b1

SHA1
851c37a1fd52c8ed02f9643e8425c0c0a44f5e96

SHA256
9001df5f1f4d9b4cf5fba77200e263a4044aa8d89504563212490edb9d09e019

SHA512
2342d202ed6a21ea60785b4503e2b1438001bbc2afd617ae878de2f66d2227c9f0bbf7af126a0b8c9ce15acb79ba8cd2f2ee3a2635854f1020273cc1ccd27569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/2288-304-0x00007FFE62750000-0x00007FFE62768000-memory.dmp

Filesize
96KB

Download
memory/2288-313-0x00007FFE60480000-0x00007FFE604EF000-memory.dmp

Filesize
444KB

Download
memory/2288-329-0x00007FFE60270000-0x00007FFE60281000-memory.dmp

Filesize
68KB

Download
memory/2288-332-0x00007FFE5DDE0000-0x00007FFE5E011000-memory.dmp

Filesize
2.2MB

Download
memory/2288-333-0x00007FFE5DCC0000-0x00007FFE5DDD2000-memory.dmp

Filesize
1.1MB

Download
memory/2288-334-0x00007FFE5DC80000-0x00007FFE5DCB5000-memory.dmp

Filesize
212KB

Download
memory/2288-335-0x00007FFE5DC50000-0x00007FFE5DC75000-memory.dmp

Filesize
148KB

Download
memory/2288-337-0x00007FFE5DBC0000-0x00007FFE5DC21000-memory.dmp

Filesize
388KB

Download
memory/2288-339-0x00007FFE5DB80000-0x00007FFE5DB92000-memory.dmp

Filesize
72KB

Download
memory/2288-338-0x00007FFE5DBA0000-0x00007FFE5DBB1000-memory.dmp

Filesize
68KB

Download
memory/2288-336-0x00007FFE5DC30000-0x00007FFE5DC41000-memory.dmp

Filesize
68KB

Download
memory/2288-330-0x00007FFE5E040000-0x00007FFE5E0D7000-memory.dmp

Filesize
604KB

Download
memory/2288-328-0x00007FFE5E0E0000-0x00007FFE5E13C000-memory.dmp

Filesize
368KB

Download
memory/2288-327-0x00007FFE5E140000-0x00007FFE5E2F2000-memory.dmp

Filesize
1.7MB

Download
memory/2288-326-0x00007FFE60290000-0x00007FFE602BC000-memory.dmp

Filesize
176KB

Download
memory/2288-325-0x00007FFE5E300000-0x00007FFE5E43B000-memory.dmp

Filesize
1.2MB

Download
memory/2288-324-0x00007FFE602C0000-0x00007FFE602D2000-memory.dmp

Filesize
72KB

Download
memory/2288-323-0x00007FFE602E0000-0x00007FFE602F3000-memory.dmp

Filesize
76KB

Download
memory/2288-322-0x00007FFE60300000-0x00007FFE60321000-memory.dmp

Filesize
132KB

Download
memory/2288-321-0x00007FFE60330000-0x00007FFE60342000-memory.dmp

Filesize
72KB

Download
memory/2288-320-0x00007FFE60350000-0x00007FFE60361000-memory.dmp

Filesize
68KB

Download
memory/2288-318-0x00007FFE603A0000-0x00007FFE603B7000-memory.dmp

Filesize
92KB

Download
memory/2288-319-0x00007FFE60370000-0x00007FFE60393000-memory.dmp

Filesize
140KB

Download
memory/2288-317-0x00007FFE603C0000-0x00007FFE603E8000-memory.dmp

Filesize
160KB

Download
memory/2288-315-0x00007FFE60450000-0x00007FFE60474000-memory.dmp

Filesize
144KB

Download
memory/2288-316-0x00007FFE603F0000-0x00007FFE60446000-memory.dmp

Filesize
344KB

Download
memory/2288-314-0x00007FFE613B0000-0x00007FFE613C1000-memory.dmp

Filesize
68KB

Download
memory/2288-331-0x00007FFE5E020000-0x00007FFE5E032000-memory.dmp

Filesize
72KB

Download
memory/2288-312-0x00007FFE604F0000-0x00007FFE60557000-memory.dmp

Filesize
412KB

Download
memory/2288-311-0x00007FFE60560000-0x00007FFE60590000-memory.dmp

Filesize
192KB

Download
memory/2288-310-0x00007FFE613D0000-0x00007FFE613E8000-memory.dmp

Filesize
96KB

Download
memory/2288-309-0x00007FFE613F0000-0x00007FFE61401000-memory.dmp

Filesize
68KB

Download
memory/2288-308-0x00007FFE61410000-0x00007FFE6142B000-memory.dmp

Filesize
108KB

Download
memory/2288-307-0x00007FFE61EA0000-0x00007FFE61EB1000-memory.dmp

Filesize
68KB

Download
memory/2288-306-0x00007FFE61EC0000-0x00007FFE61ED1000-memory.dmp

Filesize
68KB

Download
memory/2288-305-0x00007FFE62690000-0x00007FFE626A1000-memory.dmp

Filesize
68KB

Download
memory/2288-303-0x00007FFE61EE0000-0x00007FFE61F01000-memory.dmp

Filesize
132KB

Download
memory/2288-302-0x00007FFE626B0000-0x00007FFE626EF000-memory.dmp

Filesize
252KB

Download
memory/2288-301-0x0000022AAC9F0000-0x0000022AADA9B000-memory.dmp

Filesize
16.7MB

Download
memory/2288-300-0x00007FFE60590000-0x00007FFE60790000-memory.dmp

Filesize
2.0MB

Download
memory/2288-298-0x00007FFE62BB0000-0x00007FFE62BCD000-memory.dmp

Filesize
116KB

Download
memory/2288-299-0x00007FFE62770000-0x00007FFE62781000-memory.dmp

Filesize
68KB

Download
memory/2288-297-0x00007FFE63240000-0x00007FFE63251000-memory.dmp

Filesize
68KB

Download
memory/2288-296-0x00007FFE632D0000-0x00007FFE632E7000-memory.dmp

Filesize
92KB

Download
memory/2288-295-0x00007FFE632F0000-0x00007FFE63301000-memory.dmp

Filesize
68KB

Download
memory/2288-294-0x00007FFE63D50000-0x00007FFE63D67000-memory.dmp

Filesize
92KB

Download
memory/2288-293-0x00007FFE63FB0000-0x00007FFE63FC8000-memory.dmp

Filesize
96KB

Download
memory/2288-292-0x00007FFE609A0000-0x00007FFE60C54000-memory.dmp

Filesize
2.7MB

Download
memory/2288-291-0x00007FFE63FF0000-0x00007FFE64024000-memory.dmp

Filesize
208KB

Download
memory/2288-290-0x00007FF7D54A0000-0x00007FF7D5598000-memory.dmp

Filesize
992KB

Download
memory/4068-142-0x00007FFE7FF40000-0x00007FFE7FF41000-memory.dmp

Filesize
4KB

Download
memory/5008-167-0x00007FFE80050000-0x00007FFE80051000-memory.dmp

Filesize
4KB

Download
memory/5008-165-0x00007FFE81410000-0x00007FFE81411000-memory.dmp

Filesize
4KB

Download