hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa3Vfc1YxdjNxSnN4UFQ3Z0FXVlo2ZWpVMWpMUXxBQ3Jtc0trZ19pZzBybVR1TjcxQUl6MUNfYU9pSGFhYU02VWdxY1U2UVhRV2NnN29lUm8xYW40WF9aeTUtdGdZQ3dxSHBXaVZoSUNFbkhXSl81bXFCWF96MzA1MEJFaEdTTnVOUGoxRGc3M0xONDliZVVWN0tDNA&q=https%3A%2F%2Fdl[.]malwarewatch[.]org%2Fsoftware%2FUserOverflow[.]zip&v=1UVjQap4z38

Analysis

max time kernel
226s
max time network
243s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
17/05/2023, 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3Vfc1YxdjNxSnN4UFQ3Z0FXVlo2ZWpVMWpMUXxBQ3Jtc0trZ19pZzBybVR1TjcxQUl6MUNfYU9pSGFhYU02VWdxY1U2UVhRV2NnN29lUm8xYW40WF9aeTUtdGdZQ3dxSHBXaVZoSUNFbkhXSl81bXFCWF96MzA1MEJFaEdTTnVOUGoxRGc3M0xONDliZVVWN0tDNA&q=https%3A%2F%2Fdl.malwarewatch.org%2Fsoftware%2FUserOverflow.zip&v=1UVjQap4z38

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2004	chrome.exe
2004	chrome.exe
592	chrome.exe
592	chrome.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: SeShutdownPrivilege	2004	chrome.exe
Token: 33	2788	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2788	AUDIODG.EXE
Token: 33	2788	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2788	AUDIODG.EXE
Token: SeRestorePrivilege	3064	7zG.exe
Token: 35	3064	7zG.exe
Token: SeSecurityPrivilege	3064	7zG.exe
Token: SeSecurityPrivilege	3064	7zG.exe
Token: SeRestorePrivilege	2252	7zG.exe
Token: 35	2252	7zG.exe
Token: SeSecurityPrivilege	2252	7zG.exe
Token: SeSecurityPrivilege	2252	7zG.exe
Token: SeShutdownPrivilege	592	chrome.exe
Token: SeShutdownPrivilege	592	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
3064	7zG.exe
2252	7zG.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
2004	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe
592	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2020	2004	chrome.exe	27
PID 2004 wrote to memory of 2020	2004	chrome.exe	27
PID 2004 wrote to memory of 2020	2004	chrome.exe	27
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 1032	2004	chrome.exe	29
PID 2004 wrote to memory of 880	2004	chrome.exe	30
PID 2004 wrote to memory of 880	2004	chrome.exe	30
PID 2004 wrote to memory of 880	2004	chrome.exe	30
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31
PID 2004 wrote to memory of 1220	2004	chrome.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3Vfc1YxdjNxSnN4UFQ3Z0FXVlo2ZWpVMWpMUXxBQ3Jtc0trZ19pZzBybVR1TjcxQUl6MUNfYU9pSGFhYU02VWdxY1U2UVhRV2NnN29lUm8xYW40WF9aeTUtdGdZQ3dxSHBXaVZoSUNFbkhXSl81bXFCWF96MzA1MEJFaEdTTnVOUGoxRGc3M0xONDliZVVWN0tDNA&q=https%3A%2F%2Fdl.malwarewatch.org%2Fsoftware%2FUserOverflow.zip&v=1UVjQap4z38
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefaab9758,0x7fefaab9768,0x7fefaab9778
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1232 --field-trial-handle=1144,i,14886428911326834633,15427170377492948583,131072 /prefetch:2
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1556 --field-trial-handle=1144,i,14886428911326834633,15427170377492948583,131072 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1700 --field-trial-handle=1144,i,14886428911326834633,15427170377492948583,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1144,i,14886428911326834633,15427170377492948583,131072 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2236 --field-trial-handle=1144,i,14886428911326834633,15427170377492948583,131072 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1304 --field-trial-handle=1144,i,14886428911326834633,15427170377492948583,131072 /prefetch:2
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2596 --field-trial-handle=1144,i,14886428911326834633,15427170377492948583,131072 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=1144,i,14886428911326834633,15427170377492948583,131072 /prefetch:8
  2⤵
  PID:2196

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:112

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x464
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2788

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap14848:86:7zEvent2852
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3064

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap13382:86:7zEvent7828
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefaab9758,0x7fefaab9768,0x7fefaab9778
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1372,i,10256693806116130764,17003438774955432429,131072 /prefetch:2
  2⤵
  PID:708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1372,i,10256693806116130764,17003438774955432429,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1372,i,10256693806116130764,17003438774955432429,131072 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1372,i,10256693806116130764,17003438774955432429,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2264 --field-trial-handle=1372,i,10256693806116130764,17003438774955432429,131072 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1576 --field-trial-handle=1372,i,10256693806116130764,17003438774955432429,131072 /prefetch:2
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1380 --field-trial-handle=1372,i,10256693806116130764,17003438774955432429,131072 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3976 --field-trial-handle=1372,i,10256693806116130764,17003438774955432429,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3940 --field-trial-handle=1372,i,10256693806116130764,17003438774955432429,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4144 --field-trial-handle=1372,i,10256693806116130764,17003438774955432429,131072 /prefetch:1
  2⤵
  PID:2068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2732

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\8d1ace93-c8de-4b75-9f49-e12f0a058270.tmp

Filesize
151KB

MD5
7a59d0a57aac02d97d7f80d3132783f7

SHA1
dc04f82f35426020deae7dd2a03873b8e966d953

SHA256
010caa93348b753d3f7e757f1986960f5dad580e2d4364855d951ee31e7e0322

SHA512
f42e33d76f8d714c5a87a98ba143d6e834c3a15ab94e2b602e270091249dd83ebe520ae42c804bde2946d6ff153c1c29ac695189101d9174f061eea9f8170f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4e466fd85d75f2dbe028b3928e8d778f

SHA1
ec495673585b78f478cb124657160be66a6bad31

SHA256
0f540d79e6b6ba7c07aa6390d7f3e0f9a1484ed30e9ca5c092b954468fbeb3d6

SHA512
501c696ce4e26a74e7bb0ae863e068df41db65148d2ef6502a8427ccb8305dd68976713519bc4472cc023f792c1543c47be8bdd3dfbec9cfbd34fefa7f1ed964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4e466fd85d75f2dbe028b3928e8d778f

SHA1
ec495673585b78f478cb124657160be66a6bad31

SHA256
0f540d79e6b6ba7c07aa6390d7f3e0f9a1484ed30e9ca5c092b954468fbeb3d6

SHA512
501c696ce4e26a74e7bb0ae863e068df41db65148d2ef6502a8427ccb8305dd68976713519bc4472cc023f792c1543c47be8bdd3dfbec9cfbd34fefa7f1ed964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
e6ec63fbf7f0f1bcb00bbd5d9b18b8f8

SHA1
f136afaedec383def0bd81c93053c6b4018ce374

SHA256
098fb3a3e2f48d5112db6f85b71dc167554abf5769562d0aaa4e834783afdd94

SHA512
efb431a181718cda06b5a61393f9fc2a38658ac308f322846350eb88429fcdb4be57189f7a53b7fb920c5b012c97d22c94809fe98059ab4dacf96f6933bc213d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
fdae134d1c8714f968f70aa3eec612e8

SHA1
9b868ac3d3cbd5d5323e7485a90c83f21e364141

SHA256
c78d6dac3f0b12b84cd86bdd01d797cc48d2d629a684a4c19ddae52732d9c77b

SHA512
415deb22ac035c21d507ab44d35c202ad06b2af6a8683c8cfbbff13087a5c89b77bd7dac11a3c685f9ad0cef817c22954b91a1164a94a2653d20d920b8f440dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
5247cba1d332215a6b7d66d60133999c

SHA1
b1b3445ecf6cc487e0ab09d88011cd4228650aa9

SHA256
ef702f78fe15f6657295a549085c4ad1d34ecd057605e7023660678a045ddfaf

SHA512
b864b14942e7c7523e28b49d1e1fc864cb4abc544c5ba427304e894c226d4031fb0d4c698362d2174b38117843f4fb56a9716c51854f7497d566a0c54fd5423f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
f7c6280c303510094c9c02d6f17b6cda

SHA1
bf51051b15e706a01ec6fb164e1b30f7dc131e07

SHA256
f55d396a3568dd27198088bd833a5c57b53461917641ff266f98f7af01ba66fe

SHA512
360e4306b6dae9d1fa719c96af0a448f8059a4dbf3c412bada28491af9c0115fcf4acec77cdfa576b8f278b19249eb18d48ae9fa312e865eb3ca9164c674c80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
247B

MD5
b01ebb37a33fad60c73383280f03ab56

SHA1
0b7f93bae67276cd9e8adcdc8ab7c061f0c1835b

SHA256
c80ee5f91b03eb90a29402f8b86a8f2ffdfd6e0de3c5a54698ae7e5d3ff991ad

SHA512
d9ed873de3de300d1ccbd3df9a9876e60e608f79253d82b12815c0aa54f216b8c980651314641aa12e7d30516f1af22de29da4f8900787393a768842f2022866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000004

Filesize
50B

MD5
494e626a5079642efed0f0c7f38bd4ef

SHA1
0cbead74a33ad551eae3b25c213d3b080535589b

SHA256
9ce8bd68fe0b86c0bf2067d549e7b93bc1c24f12bdfd227aba521e9d7e704436

SHA512
659bc9699799757dec5b257d78949d378caf03001890f7ae24d28055cff7175d85f8ea14393048aab1c0ba460082f568e5f4bfacdb8921f006f98989293fe78d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
ef27b181a68bc656893adfba367d899b

SHA1
842c0847ed64ecf123054039f5b02b54f4583627

SHA256
0d6e233285cff5ef7a72ec44af0f17c772e90f351fe1a1c29ee9b0156480cf40

SHA512
fe758d479e2290d2c76818a2967fbfcc35f7a8c8c635a3bcb7b2b8345b55cd6937bb7330c84fae6c12a1d90cc88033c264129e4f7132a59df3fc593b22a4a5b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
a4fa627ac933c7f39d3000010e593682

SHA1
96ed39351e4e063b98e3b80b3d948dc85bbea4cc

SHA256
d3f9613bb398e824f7e88949b880d00474c2ee3facd75d516d91985f84e7937c

SHA512
0b9352bf9da18394687888fc04d678d863f0e2b4a6e0ea32ffdc19697b33bf23551d6efcf49cb24c63118ae45c6f84ff4bc59fd6c8729e9454ea0237d707e996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
9acf411c15507040e285d47fd0ff500c

SHA1
4a45ef1efc937726070fe2be2b7c7ce7beca54f1

SHA256
f6318ebc7cc4e76b6edfd64ddafcc9bf0446ef74cc7c46a917fe957644369b6f

SHA512
e5f1a0d54aecf48cba5829c805f691f2e68f071d795332d354af5f71b4e4e7b6660cf13cc2d1ea10c6b7642988dabd54d399a0e96c1ad6ae823d58fb4a459d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
397afba5e38a73a16c9b94939d013e7b

SHA1
aa2e8492ebc02f0fd4bd7815bd230f71d64d3ebf

SHA256
42afd1422c0b76daf2221d118dced5959efcae632ad99ce8f92718ea96cbf9e1

SHA512
a4a5d75c7eef8ba3221f6bf147356d74c4c3928462c50634a1fbdbc9d55714dc5ebc2055cd71ab962516b7ed67ea5699ab76d042a59c46a484c7f9d96649594c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c703f2387ae38efd141a5a18b47da52e

SHA1
73ab1e81f7286702e5153940c71a48a611736f01

SHA256
790d6db5ba01bff98b39c438198b7dd330cdd03ac8292def0393ecddd5ac4a8b

SHA512
df16ee6b615d0c8a70ee4cfafb4f8788bff080496967fcd1bcd864599d3ec0fd2cc8b18f2a0a30a1d91030b60207a1a6a6998492645e24db1950ca6725644d15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
51e1ddd9308f64a17f7e1ed8329c276e

SHA1
c1ecbe68c0d3bed5df5eb56162b764116b18e723

SHA256
944a6245a53906265be4bfe9166bc18c3faeeec4162abbdb492e48acd6690a12

SHA512
eab32db5095cfcb7c92c585a0fbe2d8e601d6124817f7413efb4bf4e788a19ab1f0fc9ef01c980a7c35731b8b31b84751898fcffe73ffa89ca198f5abf361668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b3d6be3de11d004395908f1f90fc0717

SHA1
6775cb617945a0ef210a6b3672701fa901595c1c

SHA256
b90a6bebd768dac11b1e5f0ff89ee973cb261afbecf790085ac55aff3415c6ab

SHA512
9c3a20f6b44078365e2a6d46779c6c49ce7086221103996d595cf5680a0c8e8e54871c7b0b9e21d4f21e6cd98409b006667bbcb9d67ecc0067b2ea8be3f5e7a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2e9cf154ee481117eeb005d74f953470

SHA1
e7f818fe12a9121c23bf15d80ca10a848f98b4a4

SHA256
ef2dea4308337dcf9f79bd7de0ce91203efc1fb464501fc4738b2709ede63301

SHA512
54035b827fe9120c31ba694009343f3a9e6f5265e1b4c4f2d242c779f31fbc7f01e0eafa3ef7adb317d83ffb1236e6e0bbe3fde54638c71cf60ad3a8beab8dae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
2846c6f28ba1b24a981d78505c3a5500

SHA1
4f6dc7a99035592beb7c2b29eb908a5451e0f29c

SHA256
2723b707a8c854d9cd1cd6cfdd704383e8062e6ad770ddeb5285fd615b4fc9e3

SHA512
0c45940c2236082d441356df2b3732d273446d44df590f458dfb6e2a829bcd0adfb9e07706182c0ffdc11ff3df7318b4aa0e952f6c53fc333d9bccdda116fde2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000005.ldb

Filesize
141B

MD5
38fc535a8f11d7e955ef58cc63158eff

SHA1
c45ad3ee106dbfb65dce7c09b53140f34454cd0e

SHA256
085c44dfa11e65ac3548c4d0fe1ae641570f90c7caaa2881c3990efcf555e6a8

SHA512
26e70000f77c1b6388dd470f9d7ec6bedc4fc3c43e48efcc853812eb076108bcdd9f50f7a89265e431d33df96e71755ca242dfd0aac16a51d99dea50a5a1e505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000006.log

Filesize
220B

MD5
461450ff329a48a4bf85650a4f3be901

SHA1
5375a88e1736bb028a8b361aa553ce41f22372a3

SHA256
f9861b6c735ca02824c035e461836d15a595745187fb0426cee71f277e893074

SHA512
4da84558c4f4597db08648d45d440f9353f66d58c677de31c7dee15eaf2c327d64ba01860247be5df7cdfba6ad4e71e812c9299ef489d138cb0c01896b7f92ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
249B

MD5
ea2b2869b4a057a15d71acc97f4a7344

SHA1
3f223c3cfac916fba32b9b6d8938f40293e27bf7

SHA256
8f79fd73c5f2809d4854f17757bfeff76aac9444f2fe9ec9f045d25296096236

SHA512
d289b040e8b2160102fa34ec881ca0ee1bb27eb7aa8bbce6e1fc72a2a271796109b6eb1b8d7551a9a70eedec039d3b831eddcbff8d71e246c0f0b18fba7b21a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000004

Filesize
90B

MD5
ac5ca65c3ca57b518ed4b2967d8bb535

SHA1
2a120e38f4d5b88eef5003739731e3244b9e104d

SHA256
736bbc68d3228bcee4e4acfb6719cf67aac09f05745a957123658b8740071790

SHA512
aabb0beaab621117d70e29804b611d5296ffa799bdcb85ce8165ee28e87eadad975382c46d2a4a3d1bfd7843a20c19a9bd8bdd47ab691a86677dd55a56a45cd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13328811548570800

Filesize
2KB

MD5
0688253a98f20707351d45415ba21bc0

SHA1
64971048e5bfb2a8c002d65c9f2285e7985058c4

SHA256
e196a3f1097af938e69099c72a24f7b86c4e59cdc782de504e6209c2070f6971

SHA512
1109d115ee90297600922b32e5f9ec1b920b57861b7747d8396caf44ff919c996ecd6562e2df2c0472c8f149993fe679c88175d06ffbba0560fb05e368fb0436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13328811569770800

Filesize
2KB

MD5
79bfd4bfc7a74a38e56a52f9fa550b1e

SHA1
d70dc0b049bbfdb79998de5f7923d77731143603

SHA256
52e92ae76f60b0ae0b14784c1c4028c79bb6e567579b884ef4c3cb6542ada2c3

SHA512
cfcd28dd626774daca9eed7af1c7cc21071957006a5dd90c60f5bff015061f28ee6ce1d35069860a62151e53c8de30a6296787610e4b75491584130d8c6da426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000005.ldb

Filesize
130B

MD5
0d30bb8b60f3c477b7f5bee76de87a5e

SHA1
754db054cc38503c0a7b261489b25208749dce50

SHA256
7d66803b525484d42d0699ed1a2370028b7aa21ce173ea3cb9331cb80d01b695

SHA512
fb43e45b6676ea12643127731a1d3fcd783c16b4b6aba0d31ea93af19020248d766ea877a7abfdfe484e70bd4c2ed8d66f44ac2c3da38885b3edbad41ef68c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000006.log

Filesize
72B

MD5
995b65c8261729aed29cb0aa50f5774b

SHA1
4871ecf34b1d3a56ed802340236ca519bc33f8be

SHA256
c550919b546681d866f25de7889c301730303b0b0661fc10265fd35db80090b4

SHA512
99556ae569bff5c4c40a56ddd1dd99f48a0275424e8b9c5b9f2cf7e7f77c0bd116e6b1df74440e39497453c76b4c284c1029b6816ef67c8b7bd88bd2a35e3a13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
249B

MD5
6eecdf49626566a3579b6db1487c5f9f

SHA1
b46a5b4c6a0a68c2d65d38aa65f7c27748048714

SHA256
4dd10340048d03d7900c4ae2643f60326c9e2bb6eca3936c2f345c81d2091c01

SHA512
6c6df2a4ba8f97b9c50b4210005c34f155393f6fe3b557df733829e4161bdfae0ec8f0a044a0517e8f2bc2ec983bae32639f6490929bef870201faa86c1c0aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000004

Filesize
107B

MD5
f3a604cc1687a04eaabc91b49ed90eac

SHA1
507d0c1334e11f23da43bb9c8702652511893d03

SHA256
628a12f2ebfd6d19731a8a362956c95803f1d909293f6936542fb458d8be1a39

SHA512
a49c1632af45f2a938c2752aeb67e254e92a04bff91affe95952ba7960a60ec143639565790898d55a5ac4d5eb34c2dab1b93e295840d4e30cf3b16d913a7806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb

Filesize
136B

MD5
fe382e791274914bee5950777e4f1fd3

SHA1
53b523b5fc87e66f2520a0b5f9ea080072668f4d

SHA256
935d36c021d0e08a5648c622f3f6fde376e3310013680ae598c0e22dc943d132

SHA512
a5f608fb4f0a1dbc4c5d1b739b1a5b6f50cac1d6a61312b19abf9f601882a291d73524ac55bbe183e4e64db8dcc203d4bf3cedc734fd04bd448cb825d98d1e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
249B

MD5
55da908d2dace0b141143643a2c3f8e0

SHA1
bee99b7f85621548b0370ac30f33c74f6f46956c

SHA256
c1903410c049521e94efb09313f77ae7cce44cec1941bbe07795a4604d86ecfc

SHA512
16f4919ce0b0692dea28c1a8d3e8755107ec36a33f20317cf379ec39a6078fef80adaec24a6d933fccedbc9d0826f1324095c0139033036e2f503fb1a79590d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000004

Filesize
117B

MD5
63d832bd47d6e550eaef754596d8fdaa

SHA1
3b11fd4048f84fe5143057e7e90a42c4220e1807

SHA256
4dd9ab33b9f8a5aa6b190ee3a88133be4d10b5dfdeff0c3ca060b825ff6420dd

SHA512
586287b26249591e5ae5ba0847bfcb3c3c4bbfb0cef433ecfb2052bbf0f37527bb72ddc57447c37c6879f50a28c96575b911fd121c3f145a061ff57ccacf479c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
9a8ee92821176ec8715d285b07062b84

SHA1
a532915f0a1fcc9d87ad32c3cc2e240101697dd3

SHA256
421c2c34e8b39e80b60592df8a4f4db4ef9ac0b7a9361548cbb2d983918acddc

SHA512
0604c271b57223f9cf9a50f00f3e1c4742dccbb03e235ee5971ab7fcd09d3450c049ac2b7baba2bfa4fd91e98af5806da7b91646b573d9dc678b15e91a5e8b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000006.log

Filesize
2KB

MD5
3c52111eb0b4e020aba5d2946ecd8a47

SHA1
616fe96cddd47016e34e8b75bfc11b7cb40a3de7

SHA256
eb54b1091541a90c704433f9333266e366ffc9fcea2af35bf37a6b7344770866

SHA512
b3ac89c9b4afe527ae8b87039509c523efbff8684f59777baa00e814ce575a416902dc68a57d417bda6e0a3d4c601cd30709d873827467b0bde2873448d6a3fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
247B

MD5
bafed8236e6c7d26a7f15932d08065b9

SHA1
49ce4af0bd99fb449ac53ef5762fe258736d6542

SHA256
0907a0d41833efafdfeb8ab163dc7550a30b4405e97a9da5a5b7b39dfa689dff

SHA512
982105d169a2e4f3b61321e20e1b684e5e5a33f57a23d9510fa74ba05de75908b1139ad36651f2fb7d66a702c6359590cbd59a6dc564b05b91b1f70e764d7573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000004

Filesize
50B

MD5
494e626a5079642efed0f0c7f38bd4ef

SHA1
0cbead74a33ad551eae3b25c213d3b080535589b

SHA256
9ce8bd68fe0b86c0bf2067d549e7b93bc1c24f12bdfd227aba521e9d7e704436

SHA512
659bc9699799757dec5b257d78949d378caf03001890f7ae24d28055cff7175d85f8ea14393048aab1c0ba460082f568e5f4bfacdb8921f006f98989293fe78d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000005.ldb

Filesize
172B

MD5
fc496fa0be2ef759d8f66ad47c4e8aa3

SHA1
68b12df8934513df301f12586a6bb59d5f7acdda

SHA256
22e9bf1e2d01ec2b6b809206dce898fcfb5d25adf821535c48285ff55c63b41c

SHA512
082c33facbe89998d8ecea89fd11c76c68cbaff7da0449fd64bf2df57ec08629bca2efa0da006e8483dd985292b8df3f5c46cd15cb95db83233999f92449a27c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000006.log

Filesize
92B

MD5
bbe4e609a3636ce7d71d9de9cc157b9d

SHA1
d10da59275bdc3a729d18c618de8646ef8c997dd

SHA256
51e80dfa3755f483b7ac7a7948d65b153f6a9f72f99fb7c531a06e7e5ac4db16

SHA512
6f9ff8d2bf634b9c4f2f076bb30a78e96837bb63b62f621b07595f6bc38c5f39401225e0bc4cc208173c83af196621736a557404fe17883f44745a8812aee87a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
1ce4a083b8934e6bdc7de553c062f14f

SHA1
da3224329d7e025b522aaf6873055ecd47d117ff

SHA256
3c84fd5b1d6780e2288f64d7bf5fa4c26556faf9109898439f80e5bafc1c5db1

SHA512
f88e36e4423e48b36e9a0bed2a4a79d304ddef748024fea241c568d277d3ca6f950a7de4dd54101322b850574004084a0f19ef8245d4a9fe6df023fb8e5e210b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000004

Filesize
84B

MD5
be2a12b06745bb5de6254b2592d8ab20

SHA1
19a3dc035140689628e54095af6c4b4dae44b55d

SHA256
29e140732c7fc2d81fb1f506cc94386ce55f27446f9277e66236080cdf6f5944

SHA512
fad84027f46c0d4e4fb0357c15d77f7a86c941042ce538e0e89e5b8c477ed3cb46e262e3a3da186eadbb266c9288965c7299b4dc2a7ae1b346230dc48a7ecdba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
625f3b48341c98ff9e9d13a4f7d60cf9

SHA1
60eee6022b39418d735369bdc15bbf47030bea2a

SHA256
79c418e28c4b01d1fd9142dfee8795a4d72283b1d20b52e07a14d483185861f4

SHA512
9e1c013b277a42d016b62638246ef7b9e365834d3211ea3dfe6cca83847abfe114c3206c454792ad9457efcb2a6f8920b20a96dee3b24ac3188c7f1757ca335f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
7a59d0a57aac02d97d7f80d3132783f7

SHA1
dc04f82f35426020deae7dd2a03873b8e966d953

SHA256
010caa93348b753d3f7e757f1986960f5dad580e2d4364855d951ee31e7e0322

SHA512
f42e33d76f8d714c5a87a98ba143d6e834c3a15ab94e2b602e270091249dd83ebe520ae42c804bde2946d6ff153c1c29ac695189101d9174f061eea9f8170f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\Downloads\UserOverflow.zip

Filesize
564KB

MD5
446dbf296f7c50a1265bc2a8e4e32550

SHA1
adb7031d1be0b7aa47dc94caec5b42a1a3c5ae1a

SHA256
e3c14b354e671f489b6b5efb67b13b8d5c8acc09a4bf440a8f87e026e576ccf4

SHA512
c2b5f0aaaa8901d7d418877823bffd20aed4fc0267609a8c3598bb8b2400649a256214ca86da446c17bf648362caa6e2dd13b44366f8eac9bcd6da9ccb8ae536

Download Submit