30eab1c8fa55a43b2d3a8a6007e20081d707fcae01c50d6fa39cae97dd0af49a

Analysis

max time kernel
1625s
max time network
1631s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13/05/2023, 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xbox.webp
Size

22KB
MD5

14c65769fb2f9167c4ec8a9a7bed0d41
SHA1

b38b9b2b2329de0d5ec2e707ff8002312e46f664
SHA256

30eab1c8fa55a43b2d3a8a6007e20081d707fcae01c50d6fa39cae97dd0af49a
SHA512

5b008df97075e7bc47e217917c7420b6e5e0581b82c9bfe1a617986ae547b92b50f128d8bee0a42538b78be68cdc8458dde03a4fdb824771166b206ae3dda87c
SSDEEP

384:77BCofF/1l959vh0403L929hf43pBogG4YgImOn9a4kz+F2GRKuuH:7dCm9a4f+cjbLntsCKug

Score

9^/10

persistence

Malware Config

Signatures

Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.

Account Manipulation
T1098

Executes dropped EXE 1 IoCs

pid	Process
1992	cmd.exe

Loads dropped DLL 17 IoCs

pid	Process
1224	Process not Found
1224	Process not Found
1224	Process not Found
1980	chrome.exe
2348	chrome.exe
1884	chrome.exe
692	chrome.exe
2680	chrome.exe
2620	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found
1224	Process not Found

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
520	chrome.exe
520	chrome.exe
2680	chrome.exe
2680	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	520	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe
Token: SeShutdownPrivilege	2680	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
520	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe
2680	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 520	1456	cmd.exe	29
PID 1456 wrote to memory of 520	1456	cmd.exe	29
PID 1456 wrote to memory of 520	1456	cmd.exe	29
PID 520 wrote to memory of 1396	520	chrome.exe	30
PID 520 wrote to memory of 1396	520	chrome.exe	30
PID 520 wrote to memory of 1396	520	chrome.exe	30
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 2044	520	chrome.exe	32
PID 520 wrote to memory of 1320	520	chrome.exe	33
PID 520 wrote to memory of 1320	520	chrome.exe	33
PID 520 wrote to memory of 1320	520	chrome.exe	33
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34
PID 520 wrote to memory of 1000	520	chrome.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\xbox.webp
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\xbox.webp
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f39758,0x7fef6f39768,0x7fef6f39778
    3⤵
    PID:1396
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1144 --field-trial-handle=1252,i,16864252346565712983,11502122644024325825,131072 /prefetch:2
    3⤵
    PID:2044
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1252,i,16864252346565712983,11502122644024325825,131072 /prefetch:8
    3⤵
    PID:1320
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1252,i,16864252346565712983,11502122644024325825,131072 /prefetch:8
    3⤵
    PID:1000
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2284 --field-trial-handle=1252,i,16864252346565712983,11502122644024325825,131072 /prefetch:1
    3⤵
    PID:928
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1252,i,16864252346565712983,11502122644024325825,131072 /prefetch:1
    3⤵
    PID:1744
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1352 --field-trial-handle=1252,i,16864252346565712983,11502122644024325825,131072 /prefetch:2
    3⤵
    PID:2128

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1796

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:2564
- C:\Windows\system32\replace.exe
  replace C:\Windows\System32\sethc.exe C:\Users\Admin\Desktop\cmd.exe
  2⤵
  PID:2668
- C:\Windows\system32\net.exe
  net user localgroup Admin
  2⤵
  PID:2316
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 user localgroup Admin
    3⤵
    PID:1724
- C:\Windows\system32\net.exe
  net localgroup
  2⤵
  PID:3060
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 localgroup
    3⤵
    PID:1804
- C:\Windows\system32\net.exe
  net localgroup Admin
  2⤵
  PID:2336
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 localgroup Admin
    3⤵
    PID:2104
- C:\Windows\system32\net.exe
  net localgroup administrators admin /add
  2⤵
  PID:2092
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 localgroup administrators admin /add
    3⤵
    PID:2476
- C:\Windows\explorer.exe
  explorer
  2⤵
  PID:1548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6f39758,0x7fef6f39768,0x7fef6f39778
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:2
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1564 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2084 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2092 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:2
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1316 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3780 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3908 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3808 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1028 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4496 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3464 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3304 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3852 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2812 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2800 --field-trial-handle=1224,i,8553316593024067448,15762584312437092999,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:1884
- C:\Users\Admin\Downloads\cmd.exe
  "C:\Users\Admin\Downloads\cmd.exe"
  2⤵
  - Executes dropped EXE
  PID:1992

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2332

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x574
1⤵
PID:940

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Account Manipulation

T1098

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Account Manipulation

T1098

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8348509a-ecae-4e44-b3aa-9f8fa7d01a0f.tmp

Filesize
150KB

MD5
c064acfdaf2cd84f414fd6c835c6b032

SHA1
af470b026eb2892ed70c32bc7eba7a6098e7ab43

SHA256
3fc8995cd01c211a40510f99805f3d2d43842e14a145c70b2b6f7642d10b8347

SHA512
7300665388e47c7e9c27c50d55027ab16751fd067e7a65c72ea1bfe37534a669203d856cc590250f508d170e4462a2282f009f7c97c4b69d8d80217d27e11305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1b07b7753f3c944754b1790fd9694beb

SHA1
5c9036d395fc83e80f302e311b4f5e9c9ca0ea83

SHA256
b2f762c1c9be27df51ffa896115174ad0bddac04e5777e94a2fce03cf1c97c46

SHA512
b00e8158fc07f07db5e5e569e5a21b1bb269abac91f0bd25676d73b71e718978e1090d3263a12fe8a065e2f8ce9e74748c1165587a11640d9e0dc54fa540df44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1b07b7753f3c944754b1790fd9694beb

SHA1
5c9036d395fc83e80f302e311b4f5e9c9ca0ea83

SHA256
b2f762c1c9be27df51ffa896115174ad0bddac04e5777e94a2fce03cf1c97c46

SHA512
b00e8158fc07f07db5e5e569e5a21b1bb269abac91f0bd25676d73b71e718978e1090d3263a12fe8a065e2f8ce9e74748c1165587a11640d9e0dc54fa540df44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
cb615d92447508b6ca2734f197add675

SHA1
dd308df1e7ac41926f079f21760d0fe3884e42d7

SHA256
fd86ec7c0859cb00b21628a1c0ecf4f95d8984c0e8456b8086f1727054b2bbe7

SHA512
c4e93222ea98e4c684be0e2f5181e9f5cdf5a3f4ccc1cdd68fb2a8b4f84b0fd9a08e88b21683c799d9db98f310c3578057a04986b86cdc15441437b9409b1a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
247B

MD5
6b0438764207fa774d17066a754ce85b

SHA1
10d01799d6508912a38cfaf6bee13a00b0f2c558

SHA256
acaf46c11721d904f828cd765253a16dfcba135286ff27da28b9217392585520

SHA512
44c324913531f42513b810024614824cf391b2797f817acca7187292ea679475a36f8e8a2cbfb6dcd811c69fad532e15fb6ca92273be87bf24b5f562e2e8960a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000004

Filesize
50B

MD5
494e626a5079642efed0f0c7f38bd4ef

SHA1
0cbead74a33ad551eae3b25c213d3b080535589b

SHA256
9ce8bd68fe0b86c0bf2067d549e7b93bc1c24f12bdfd227aba521e9d7e704436

SHA512
659bc9699799757dec5b257d78949d378caf03001890f7ae24d28055cff7175d85f8ea14393048aab1c0ba460082f568e5f4bfacdb8921f006f98989293fe78d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF6ec2d3.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
1fb7c5a270bb6ee94dc63dfd56046fd0

SHA1
36943b7555076d02b7aae0eb27c563216457ec66

SHA256
927ac066894df1e49e9de0884f3803e4087e51c46ac4c23d273ea9d60ee491a8

SHA512
add4eed070486dbd5b44dcd1637160a9a2af47a9005cea1b5a7a5c98677479743beaadf351a04cec4cca97dc04705bdddb7e96d6968d69d8908b4f9986fca130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
70b384ced580b52dd7608ef61a1abdf9

SHA1
865d659c0a775ac9bab64ecd3d728b6bcc591121

SHA256
8845087ab8d0257d92ca51b1c7b0ddafa5caee7660652dc4bf2fa5af8c8597e1

SHA512
d846ad9ef15c3a98961e49ecfa061317a675783fef58c83604f220646b62f72e4c7690d043df144962fb1c393694d53a595ff54d031963671c2caad8cf769dbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
570B

MD5
fdd14e53bb85ff4dedcff7b396dd5957

SHA1
482ab457e35eba75534a87f65167ea7683786a2a

SHA256
78a83e4ba43b1d1f140227dd7edac7b97f528218c825fc8aab96334b286006b7

SHA512
96dc2e30882cf862a89e7493bf247cc966d8c0c8ea8bf2fe53594332d04393f9be172d8b03a750e3728f539da493262a84eb85f114e76d26ef7d5077ec0a183e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
a99ea7e3bddec6f5bbc564ac6cf1ad9f

SHA1
b687c13827f46562268f3dc66a34332485750a72

SHA256
6a02221a42bba67ea1ea95c8edaccc561b6490f86ad40ce2918951332864bb5f

SHA512
00e5acb187db886e2c63c2fda2ca4cf3023ece7dd4bb2f3df855c932fc8650a023241bb8dba147b0ff99b5e665190d34adf362028194b60740fe171f8cfe1805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b8b79e9768aa732ed90b36b2bba1ea4c

SHA1
f179eea73902fefc6510b61cb91b166534011a37

SHA256
d67ea543f7269aefce2eba637bc121fa085bd63babbf9b774a9785942c393066

SHA512
608d5c42f186b813ba3bc716c45f1679edf07d5e656856a13c19e478c6f0495e09fc0c023553811ee08d9776002d982a7596d7f350c1a51474ef9deab49ef750

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
279196d7a0af5479f613553e4b4d2952

SHA1
b1ede5baef00ff04c5468f0df946a837fad61b53

SHA256
71ca512141145fa1f9abfc3930a16be9e7615e356a3cc3f2114833aacccdd124

SHA512
492095b7d889c6e0677db27e7585ae27eed6f773fa375b81bf73bb0e485e61f6e8aa65439798bbb66539a48100f27432e7202ee46fdc5f97503e42bb4c8733b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF6c4c8b.TMP

Filesize
4KB

MD5
d3b6cd672b03969a198c77c92411fda3

SHA1
f80b45fa30c58511e4cfbfe0a8fb60da880873c5

SHA256
5eafba33f371910050114df26bfef95bb97a2ae7a12b3b79a29a30aee488bca3

SHA512
7436f514e8e25089b8693b4799380bcfa288573596c5504545369217bf072eec5357a63119b4b99dc82c3f473e3896fb8fec2d63add2904477b8a5b19ce4cadd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000005.ldb

Filesize
141B

MD5
38fc535a8f11d7e955ef58cc63158eff

SHA1
c45ad3ee106dbfb65dce7c09b53140f34454cd0e

SHA256
085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8

SHA512
26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000006.log

Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
249B

MD5
91f0945ff8b2cf7eff70723bec6567c2

SHA1
7b5f17523376284f5d720fb779624da61f021ace

SHA256
a726346825ade5708de36798cbb0d815aed5df73e3cbaf5efb8e6788d7f4307d

SHA512
0746d91ca3068fb877754f579712b1e9941862ce552b78cb34e401ae8406d67531ad53c307721e6701bc36dec301c6e1a1cecebf44aaf6b4d801a7a692f8285f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000004

Filesize
90B

MD5
ac5ca65c3ca57b518ed4b2967d8bb535

SHA1
2a120e38f4d5b88eef5003739731e3244b9e104d

SHA256
736bbc68d3228bcee4e4acfb6719cf67aac09f05745a957123658b8740071790

SHA512
aabb0beaab621117d70e29804b611d5296ffa799bdcb85ce8165ee28e87eadad975382c46d2a4a3d1bfd7843a20c19a9bd8bdd47ab691a86677dd55a56a45cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13328476227604000

Filesize
1KB

MD5
0bce4f8618fbe0a1e263be629f420c18

SHA1
8fa5b7eaa03fc16a7fc76449de1c9a544bbcfa5f

SHA256
d1e1d95a02287dbb6dfbcbadcf0090f391557395d3001e724088672e2c99c4bb

SHA512
4825c23c64bc505f255309cafed3d62796014bf56f5eaf1c6a43640f89a70111d75264cdbf788266cc5dd982324a1ec919b2c1765d811568783c5b714820728c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13328476242613000

Filesize
937B

MD5
ffa0a03c633891e64d8874574bcf0bd0

SHA1
0b2c174046eae85ba5f4641c0263e41e5c8c9c10

SHA256
24d58a4ca814e8e9c17078a06bc68b6e0f5dc1dc7aa82ff17b3e63940337b3d9

SHA512
80763fb11b21bd6f621798be9f437f1300bef5d5aa1b6766d475baeadbb9de9e44a6ce27593bf1ec5a4ef88fa54b631398ac51e17a6d96c5e5b2a8438604e784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000005.ldb

Filesize
130B

MD5
0d30bb8b60f3c477b7f5bee76de87a5e

SHA1
754db054cc38503c0a7b261489b25208749dce50

SHA256
7d66803b525484d42d0699ed1a2370028b7aa21ce173ea3cb9331cb80d01b695

SHA512
fb43e45b6676ea12643127731a1d3fcd783c16b4b6aba0d31ea93af19020248d766ea877a7abfdfe484e70bd4c2ed8d66f44ac2c3da38885b3edbad41ef68c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
249B

MD5
eadf5e6d4c43d8322e0fb198553e657e

SHA1
e7252819737773765e0300f82b8c2f9cd823d058

SHA256
ac29a7a612f3a6d817e78a86f4f2da89b4846f1bba95f9f00490c2393ec4922d

SHA512
85bdf42b3245f19eb628b92473f5181faf0d0e23ab223c2e0e50c1c15cf258c20ac121f109ffc8fd1d6ef82e2e7609c4034c61d2137ca7f9fee3d41fc661ad8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000004

Filesize
107B

MD5
f3a604cc1687a04eaabc91b49ed90eac

SHA1
507d0c1334e11f23da43bb9c8702652511893d03

SHA256
628a12f2ebfd6d19731a8a362956c95803f1d909293f6936542fb458d8be1a39

SHA512
a49c1632af45f2a938c2752aeb67e254e92a04bff91affe95952ba7960a60ec143639565790898d55a5ac4d5eb34c2dab1b93e295840d4e30cf3b16d913a7806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb

Filesize
136B

MD5
fe382e791274914bee5950777e4f1fd3

SHA1
53b523b5fc87e66f2520a0b5f9ea080072668f4d

SHA256
935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132

SHA512
a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
249B

MD5
6d38a0c442b577d28b29cac4b3c59380

SHA1
5900a2249ef11f8507e544d711fe167e879ff545

SHA256
ac75f5d0e69e87681126175e6aaafdb055a49bd5d61aec56fdec1a0e3fe866d7

SHA512
058a407c295e5597b4532042b758ab4da572fe609edf87b4d85fd9b67028311b3b4b8dfd35483150c921b4de83872cedd834762a025dea95eda53047d0c287d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000004

Filesize
117B

MD5
63d832bd47d6e550eaef754596d8fdaa

SHA1
3b11fd4048f84fe5143057e7e90a42c4220e1807

SHA256
4dd9ab33b9f8a5aa6b190ee3a88133be4d10b5dfdeff0c3ca060b825ff6420dd

SHA512
586287b26249591e5ae5ba0847bfcb3c3c4bbfb0cef433ecfb2052bbf0f37527bb72ddc57447c37c6879f50a28c96575b911fd121c3f145a061ff57ccacf479c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
36c9bade0f0f36e0bdf45b3c4eecf05d

SHA1
10ebdc192acdb09c078a51437e1de10b153d8fcc

SHA256
84d3d580f006f89186541736ac73eb6d5136336b93a337d2dc88d1b92452837e

SHA512
eba8521ea125d1acf11036d02ef17c3a0ad9d9822e8c2d1904b38d264361885b4ac106f065665ced114dd2d7d7de93b2e82e202c8dbb511e1fdb677b72371707

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f05dc4ce-8658-4eab-abec-4364333b847a.tmp

Filesize
4KB

MD5
cb7d72a58e5a4370d4bbc22cec9faf17

SHA1
a8854e5da9fc96b4a6bff56b6a028a1c36bf9acd

SHA256
6193185655f185bacb68d5858abfdd88f17ea5c97bef6d5f9356b901ef93433c

SHA512
cb87833a83ab77b6cde9cea5698e025d246143324a823aef52b8cab74702b84528522051348e92e825603cf12a2ec1816844d70453d21c10a58451ecb6218863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000006.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
247B

MD5
952da2c0bceb091e4ecda2eeb6d8853c

SHA1
8515cb6f2c2cd60381c3947b7fdf49729889279b

SHA256
16d46533c01cc4c216f56ea480baef0b7548c630482ebf0050809bb6d9d42d39

SHA512
c1f50a4d7827a50fea84a1c3e0f68bece75225cc4d3b645f1c3e77f5cbcefb9ac8c5d0505987d75ea6b310da78de752ac81f519f360ba9992da48fb552bd47a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000004

Filesize
50B

MD5
494e626a5079642efed0f0c7f38bd4ef

SHA1
0cbead74a33ad551eae3b25c213d3b080535589b

SHA256
9ce8bd68fe0b86c0bf2067d549e7b93bc1c24f12bdfd227aba521e9d7e704436

SHA512
659bc9699799757dec5b257d78949d378caf03001890f7ae24d28055cff7175d85f8ea14393048aab1c0ba460082f568e5f4bfacdb8921f006f98989293fe78d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000005.ldb

Filesize
172B

MD5
fc496fa0be2ef759d8f66ad47c4e8aa3

SHA1
68b12df8934513df301f12586a6bb59d5f7acdda

SHA256
22e9bf1e2d01ec2b6b809206dce898fcfb5d25adf821535c48285ff55c63b41c

SHA512
082c33facbe89998d8ecea89fd11c76c68cbaff7da0449fd64bf2df57ec08629bca2efa0da006e8483dd985292b8df3f5c46cd15cb95db83233999f92449a27c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000006.log

Filesize
34B

MD5
e6cb57d5ff2bf19c00df08192817ef6b

SHA1
bd8c86bec20eaa0915605e7d850cb5805854a19c

SHA256
bebe07ffe315ac15b01f6c6e696ab83075a13918d37f860e7b0a8f91a5d9667c

SHA512
0f6b83a5ac94854550b02dcf705a6f65745311c10335585a761896aa95a3498725be27bd3067a1ad455e56533317cb4559d3c39fe6ec38063102ec9d64076745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
47cc8d1d621a514d6f6c4f45bc1ecc92

SHA1
3788f840e051eefa72229339eca57770fb302d28

SHA256
0f0079c26cb1e72878c5f6f79697e321e37d94b74479d499c9d12a92d745d589

SHA512
43d32db23952f3ea478d217a31a464257984d1c581d9c8ab8b84740d0643b18103e7fedff18e133b78b1748fadc58d4fe6b1ea71c6a75c7e3f46c7bdf2928dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000004

Filesize
84B

MD5
be2a12b06745bb5de6254b2592d8ab20

SHA1
19a3dc035140689628e54095af6c4b4dae44b55d

SHA256
29e140732c7fc2d81fb1f506cc94386ce55f27446f9277e66236080cdf6f5944

SHA512
fad84027f46c0d4e4fb0357c15d77f7a86c941042ce538e0e89e5b8c477ed3cb46e262e3a3da186eadbb266c9288965c7299b4dc2a7ae1b346230dc48a7ecdba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
735c5ee910f2a6c115630fcaf8cd86da

SHA1
47f80a20a9a1918ee6d9449f1a13262c3b143c3d

SHA256
6c27bc28e537e26a36486a0f17ff9c44d6605950a598edcf1b1b9448c46d7317

SHA512
6f1bd16358fe12c20d54b4c229edc0db7900d4091838d38666e8411514aa240c52487b6fc6496cf94f01ab233d22ebc3208ca5cfe353b51a7499d52846e7cacb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
82KB

MD5
5c4d75c8fe8f5a7d6f0a86b1ec77e1db

SHA1
8ecf57fe7dc1496210be1387eca7deb0a2979bfc

SHA256
51fd675fcffdb0bd359578dfd5d0b19c0eb0f2ae0e0f648ddd3dc6d68608bd53

SHA512
4f835d1ef55e5bc2e8012f0c5a3ef52c1ce598abd637059b28c0b43cf55bc66e46d06ffe098741673bc481bdd0e0fe736ee0755ba526859c45c8073f41745f81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
c064acfdaf2cd84f414fd6c835c6b032

SHA1
af470b026eb2892ed70c32bc7eba7a6098e7ab43

SHA256
3fc8995cd01c211a40510f99805f3d2d43842e14a145c70b2b6f7642d10b8347

SHA512
7300665388e47c7e9c27c50d55027ab16751fd067e7a65c72ea1bfe37534a669203d856cc590250f508d170e4462a2282f009f7c97c4b69d8d80217d27e11305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\acf75def-8a3d-449d-9edb-06c10c7a185a.tmp

Filesize
82KB

MD5
3fdde9aa08f492bb197ce19958b2861b

SHA1
6a0051139818d0c2886576ada82e70537ce082fc

SHA256
2e74e226cd0e189cf93a3fb83377b2b84a7273e3aef3491b915dece3d7482604

SHA512
e8e0a9602bf4c882e70f9e0b30541f16ff0744c1bf7e2ccbdc3ccdc65e71bae1308abb99c6317eeb7a07d3205b7120f0328241475e213ac8867c15e1221e1b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
5B

MD5
f6c027fb6bd8ea6c62b6ecf432c1b219

SHA1
37d5e2a26003c56bbb87d45ca07021454f584813

SHA256
f5158ee5c55228b1caa39e16a1194bc9a42d8982aaf2df8ef7faccfd23d1ec94

SHA512
625641c2be0ece0ba9d608ad27148f53d6d30b2223f038114e569506093c58c2117523a76fb31c9d91e238a0add3c598382eb8d86f754b0b6be9582d29fe0db3

Download Submit
C:\Users\Admin\Downloads\cmd.exe

Filesize
337KB

MD5
5746bd7e255dd6a8afa06f7c42c1ba41

SHA1
0f3c4ff28f354aede202d54e9d1c5529a3bf87d8

SHA256
db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386

SHA512
3a968356d7b94cc014f78ca37a3c03f354c3970c9e027ed4ccb8e59f0f9f2a32bfa22e7d6b127d44631d715ea41bf8ace91f0b4d69d1714d55552b064ffeb69e

Download Submit
\Users\Admin\Desktop\cmd.exe

Filesize
337KB

MD5
5746bd7e255dd6a8afa06f7c42c1ba41

SHA1
0f3c4ff28f354aede202d54e9d1c5529a3bf87d8

SHA256
db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386

SHA512
3a968356d7b94cc014f78ca37a3c03f354c3970c9e027ed4ccb8e59f0f9f2a32bfa22e7d6b127d44631d715ea41bf8ace91f0b4d69d1714d55552b064ffeb69e

Download Submit
\Users\Admin\Desktop\cmd.exe

Filesize
337KB

MD5
5746bd7e255dd6a8afa06f7c42c1ba41

SHA1
0f3c4ff28f354aede202d54e9d1c5529a3bf87d8

SHA256
db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386

SHA512
3a968356d7b94cc014f78ca37a3c03f354c3970c9e027ed4ccb8e59f0f9f2a32bfa22e7d6b127d44631d715ea41bf8ace91f0b4d69d1714d55552b064ffeb69e

Download Submit
\Users\Admin\Desktop\cmd.exe

Filesize
337KB

MD5
5746bd7e255dd6a8afa06f7c42c1ba41

SHA1
0f3c4ff28f354aede202d54e9d1c5529a3bf87d8

SHA256
db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386

SHA512
3a968356d7b94cc014f78ca37a3c03f354c3970c9e027ed4ccb8e59f0f9f2a32bfa22e7d6b127d44631d715ea41bf8ace91f0b4d69d1714d55552b064ffeb69e

Download Submit