86d04cd48601528014a0781d1d491e033f88c7ef30d016103d5a8c4c04b07d3f

Resubmissions

15/06/2023, 13:43

230615-q1ntcshd91 10

15/06/2023, 13:40

230615-qy1edahe32 10

15/06/2023, 12:34

230615-pr2s7agg72 10

Analysis

max time kernel
187s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2023, 13:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Release-x64 (1).zip
Size

22.1MB
MD5

02308f5d3fd4d0dca0b1b84409124693
SHA1

35f50b2cb9fe936037c8ddf9533d25598e1568ad
SHA256

86d04cd48601528014a0781d1d491e033f88c7ef30d016103d5a8c4c04b07d3f
SHA512

bb4e486e88deab530ef0109821b428166e7c6c444a76fe89ef4e5473c2766918ded17683600c68b5844e889b53fbe2d5c17ad0e505c1dc988854003f23cde547
SSDEEP

393216:uve5n24qm5ASHAep8IBz15m5l5ObLC4u54hXl87Vy4QO5X4Lfut6jA66k:uW124n5ASHAedBRkQLC4u54mVy4QO5XO

Score

10^/10

evasion persistence themida

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 4720 created 3152	4720	injector.exe	46

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	GenshinImpact.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	GenshinImpact.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	GenshinImpact.exe

Themida packer 3 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/1848-956-0x00007FFBB38E0000-0x00007FFBB61AE000-memory.dmp	themida
behavioral1/memory/1848-978-0x00007FFBB38E0000-0x00007FFBB61AE000-memory.dmp	themida
behavioral1/memory/1848-980-0x00007FFBB38E0000-0x00007FFBB61AE000-memory.dmp	themida

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1848	GenshinImpact.exe
1848	GenshinImpact.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
980	1848	WerFault.exe	144

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133313102714863340"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 34 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	injector.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	injector.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic"	injector.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg	injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	injector.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	injector.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	injector.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	injector.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4238149048-355649189-894321705-1000\{28857DD8-4C6D-46AB-9874-B30C9CFE828D}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	injector.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	injector.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	injector.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2	injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\MRUListEx = ffffffff	injector.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	injector.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 020000000100000000000000ffffffff	injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\2\NodeSlot = "9"	injector.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	injector.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	injector.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	injector.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	injector.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4752	chrome.exe
4752	chrome.exe
4720	injector.exe
4720	injector.exe
1848	GenshinImpact.exe
1848	GenshinImpact.exe
1848	GenshinImpact.exe
1848	GenshinImpact.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4496	chrome.exe
Token: SeCreatePagefilePrivilege	4496	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe
Token: SeShutdownPrivilege	4752	chrome.exe
Token: SeCreatePagefilePrivilege	4752	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe
4752	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4720	injector.exe
4720	injector.exe
1848	GenshinImpact.exe
972	UnityCrashHandler64.exe
1888	UnityCrashHandler64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 684	4496	chrome.exe	88
PID 4496 wrote to memory of 684	4496	chrome.exe	88
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 816	4496	chrome.exe	89
PID 4496 wrote to memory of 3804	4496	chrome.exe	90
PID 4496 wrote to memory of 3804	4496	chrome.exe	90
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91
PID 4496 wrote to memory of 2880	4496	chrome.exe	91

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3152
- C:\Windows\Explorer.exe
  C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Release-x64 (1).zip"
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbf1b9758,0x7ffbbf1b9768,0x7ffbbf1b9778
    3⤵
    PID:684
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1716,i,14706848145431991309,5201250699683196549,131072 /prefetch:2
    3⤵
    PID:816
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1716,i,14706848145431991309,5201250699683196549,131072 /prefetch:8
    3⤵
    PID:3804
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1716,i,14706848145431991309,5201250699683196549,131072 /prefetch:8
    3⤵
    PID:2880
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=1716,i,14706848145431991309,5201250699683196549,131072 /prefetch:1
    3⤵
    PID:4984
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3280 --field-trial-handle=1716,i,14706848145431991309,5201250699683196549,131072 /prefetch:1
    3⤵
    PID:2924
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1716,i,14706848145431991309,5201250699683196549,131072 /prefetch:1
    3⤵
    PID:4620
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1716,i,14706848145431991309,5201250699683196549,131072 /prefetch:8
    3⤵
    PID:2816
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4808 --field-trial-handle=1716,i,14706848145431991309,5201250699683196549,131072 /prefetch:8
    3⤵
    PID:1284
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1716,i,14706848145431991309,5201250699683196549,131072 /prefetch:8
    3⤵
    PID:3052
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1716,i,14706848145431991309,5201250699683196549,131072 /prefetch:8
    3⤵
    PID:2152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5048 --field-trial-handle=1716,i,14706848145431991309,5201250699683196549,131072 /prefetch:1
    3⤵
    PID:2128
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3296 --field-trial-handle=1716,i,14706848145431991309,5201250699683196549,131072 /prefetch:8
    3⤵
    PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4752
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbf1b9758,0x7ffbbf1b9768,0x7ffbbf1b9778
    3⤵
    PID:3876
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:2
    3⤵
    PID:3196
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:8
    3⤵
    PID:4548
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:8
    3⤵
    PID:2964
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:1
    3⤵
    PID:820
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:1
    3⤵
    PID:1544
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4600 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:1
    3⤵
    PID:2568
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:8
    3⤵
    PID:1480
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:8
    3⤵
    PID:3608
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:8
    3⤵
    PID:2692
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:8
    3⤵
    PID:2844
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5148 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:1
    3⤵
    PID:3464
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:8
    3⤵
    PID:4304
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3272 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:1
    3⤵
    PID:1656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:8
    3⤵
    - Modifies registry class
    PID:60
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3264 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:8
    3⤵
    PID:3324
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5372 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:1
    3⤵
    PID:2172
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5432 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:1
    3⤵
    PID:4208
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5204 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:1
    3⤵
    PID:1332
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5116 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:1
    3⤵
    PID:4336
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:8
    3⤵
    PID:2812
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6100 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:1
    3⤵
    PID:1328
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5684 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:1
    3⤵
    PID:4192
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:8
    3⤵
    PID:696
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2720 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:8
    3⤵
    PID:1656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 --field-trial-handle=1804,i,4474971586248383078,595729570970902923,131072 /prefetch:8
    3⤵
    PID:1892
- C:\Users\Admin\Desktop\injector.exe
  "C:\Users\Admin\Desktop\injector.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4720
- C:\Users\Admin\Desktop\GenshinImpact.exe
  "C:\Users\Admin\Desktop\GenshinImpact.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1848
- - C:\Users\Admin\Desktop\UnityCrashHandler64.exe
    "C:\Users\Admin\Desktop\UnityCrashHandler64.exe" --attach 1848 2162967515136
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:972
  - - C:\Users\Admin\Desktop\UnityCrashHandler64.exe
      "C:\Users\Admin\Desktop\UnityCrashHandler64.exe" "1848" "2162967515136"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1888
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 1848 -s 1304
    3⤵
    - Program crash
    PID:980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3776

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4680

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1388

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 420 -p 1848 -ip 1848
1⤵
PID:4648

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\6c2724ee-b949-477b-b75b-a614aef6f613.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bab948aab646d615b0fbbb90b55433ab

SHA1
0ee46cc7db939e55dcc3a5cd17e2fb893ece7a34

SHA256
e02daa351bf7a75dc1b7e9b11c5d716b89f108058e70326f0a8b7b8ba489ce0e

SHA512
a1f82c1aba6d15216d2313673a200d1fd24f99577b06245f4e326df99ab0bd4c3c509b2ddab14753225b47f4c973ce5ac0e08c90c75430bc65c61c48a5969fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
be7415bd568122840e1b12223ad0cd9b

SHA1
aafe8e2289ef681f91dfb4b4f1625a2efcb1db07

SHA256
de71b2046ffcfc7133404e01e0586c3eb3c9847ea96e2e8e85eef7838a053ec9

SHA512
b59d0a2fc075bedade8fb5f0a0b03f6e364c6e5eeb3a6c5cfe31465905995f01867b4a28b97df4c0a95f798cf9b524d233bde431ec27ba14d41b61550f420a9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
45ecdebc576006c11d0803436190a027

SHA1
56232cd87cf495cc585777e2b4db19c2cfeaabd9

SHA256
2d11a5d92a85ab39fabf1189ecb3efe6daa3fbbedc5589d2ee80bbe0ebba80e4

SHA512
27c56540217ca90f7a4ccb8a3333140f06001848cf9c8404ee0ec84223b81c12367015cd4431b18424aeace4e63f96fc6562c647b8a80f70271c6960349f56cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
336b458328dc52bd57eafc600912b097

SHA1
e15a78a7dff2fc7c885e26c9d795135fe76b8051

SHA256
e5bb7a0ed388d0e57feb92944ef12d2460d532dacf7a380c7bcc03355c3bd6ea

SHA512
a62b9b28a4f80bfc6d6fc3df95c6086538de6fd47fc0f5255ceaee65aa68274c28f35a6729f9e1db9f68afa45a2d3dd2c54365a1c7de56b2d9feb7f7c82eabf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
0983fedbeb53ed6dc7893a92db6634d2

SHA1
b9505c977ac2687d3b8aaf6263642a49fbb8f6a6

SHA256
45b511affca0b2561cc993330142845f1fb3f52bf4606e6af946cdece23a9f48

SHA512
26105c39bfeeb2951b5c3673fed76b05d168e1951aedfd49f6d44854905cf122fe43f6c5f2c87545e4e742ba32c11a7e77ddb78083f3a2022f53e2c1d6d189d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
36KB

MD5
9a11b21f5b8b5569a7d72fb92a854268

SHA1
a8b24b55a27b6251fb2d71c80e0f7a2b60cd1d9f

SHA256
dcaee5926f4547e34971ffda5b32dfda7eb2265b824713913bccc141e6d7801d

SHA512
493c581da0d594e94a8ad75445161306dda168a608bf2ffb868421b73672cf90f90ffd405d6615086f73e1950c24f7ce3c002f11f750d694e72438e4cfb5e0cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
49KB

MD5
e753dcc2ceac54c6c5b0619a7126f04d

SHA1
b4a85d46ac70dbaef2bf98e8fad3033777f00510

SHA256
2567f11fd0788cbea9ee96dde5b7b27fc77242a97a90c960a947aaa9a9f38e0c

SHA512
1ff65d9653e5372860f4f27c2baeaa5de15c1dff9fdec5e595c7b165a0923a90615ccb85c16034fc8ac02650773e2567dbf1d6ff2fbac94724018f00f13b5cbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
5b0c0d429185ff30e04c93f67116d98f

SHA1
8eb3286fe16a5bee5a0164b131bc534fd131f250

SHA256
f1a0b957050b529afc0e94c436976326124ed8968183859c413986487623294d

SHA512
6295bcd662325172b15c476d26f23c8794c4f1454e0e8cfd43bca79b45aa03e1ae721ebdada1c52fe7699027fa97699156280ff259ce3cc476e322ccc0337902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
31KB

MD5
419bfafef40ff630f2315867d5b22606

SHA1
910376894f99baac6cabfb56c4819af46c09dd62

SHA256
5dee4a5f7e98e31709133bdc215427a727a7d9216a2d58c5b7a470e09c79bf9e

SHA512
4d770cabb59761d190012966cd7195298a4806c4201fcaf54c67aba1e6e9737932c199354f378dd3ec65d994f9700e2fa1e2ce17a17eb7c2dc27bf4c3b4de4b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
38KB

MD5
108105ff75d146293630c177969bca4b

SHA1
cfc09f09edfc8d3c40bc8823ce1e80ab3d94269e

SHA256
9cd91db68f1db282b8b2fbfa5f3497f55f1071ed00b0f6f0fa9c87bbfb1f5a9f

SHA512
05e038ed8769a728cc03112619149c217c4de6147dfaf2460784bc658032f9c7b337d35e77236fdbdaef0e56585458682445088541db3ed43632931df304cff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
41KB

MD5
8086da6ce98693937e009d49fb6ff906

SHA1
c61ca9845d80aa8eaacb832daaf97b0a19b4e108

SHA256
dc46cf01d8b8d40a07e6fc02aeed61152c9b2912639b15b1f14aa38c4fb94237

SHA512
3f230d51768a9c13da122978483880cd9f59deb197a56a315235bc3560c24fe2e379db1f1e31ec99f2f0723dc740adc43864ea3068fce3390ca9292ea811a6c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
32KB

MD5
cc142929610c9566056608cacfd10dff

SHA1
8f81e07474f669ebedad97101ee5669d08e06543

SHA256
d5913eeeef59b1054a0e8bcd7440a5beed60995897652f9e2aede8d435701435

SHA512
d97dfc088766e8b868044d6cf8596107b7bb9c299ac28887ff5bd43317f3d84f59d2c677a4e5e11c1bca92c6516778a704c155fa4233a9d2fa4056d91e6ce196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
21KB

MD5
190642ad084706d7fc913069eab17c1f

SHA1
ec696e73108ee7f5774387764e23060012d7c281

SHA256
8d86def069e22578e7e912aa0f1610a589d5fd894f9fa7e69f77fa55bf51c79d

SHA512
1a62fb6319076af5c6d3b8224d751e36bdf89c9fa60375de7af68ff8f64b4881e7f2186b9e772b0a1ba1300af74cc7345e289361f605f9012f690a01fa2ebe3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
19KB

MD5
39b3153aec1389748d7aea7b1ecbffd4

SHA1
f9840264c67a5d7db64b4beb7f3adab18bf4171f

SHA256
dcfe833b312be0b1af66e043b3e165f399a70c435200d0bca4f7cd95d7999531

SHA512
72aa2325b03f7f0ceab345cb300b672382cfeb6b10d1cacaf98d8c9704ce4993d14538fef5d0691e10e95562246d6de6d82c73781a120f7d19e9a1ff201c867e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
27KB

MD5
b3651e618098746c8784d8f2feb975da

SHA1
f84dc5e2231456a8eb6741f0a7d3d737d64abc14

SHA256
78faf57d9f3ab2ef0a7acf46fac725982c6fc12602464119adcc8a13d8374c13

SHA512
ae540878b51a58b19c50ec17f1a80cb9ad242e9fda9ce8cba67c7f5f982ffd9a3befba651c45bd2efa99a78811c3ed850ec3ef27846457099ab043a48454f682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
19KB

MD5
96aa8d0f3dfce6199c6e46aa9b3f78ed

SHA1
2447b08159239b891f8cce2c3d40d9099f92426d

SHA256
d6fe32b89122c51714e0f927ffc1aacb833689e73bf9e0f612b868dd088e4ef2

SHA512
a3a3d7a7727b30c3f97ffbe8c63ffaabd567f600d08484b0b81b215108210c3fd3f1c3ab4dcb39cccd7696b197b03735b5182da04e4f93a99f73e6f99f190955

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
59KB

MD5
f9859995e0372f88ed9e760551e904d2

SHA1
f702b68e0fce459fb11e7659acff7b28244cb2ea

SHA256
ae7c587f7ec40c4c6ce3237d43d718d8965104695c1d83121c3e85c6a59f07e7

SHA512
0e69ec0407e46aea4a07d80688fef27c1b55bdf8f129e4f86e687fec958e4abdc5caeb6edf789fec20bc11887fbcb30798cd7daf8018fd76f5cfbf746accad8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
22.5MB

MD5
c3b1e6eb7d718eb127d4bf9b629c4d94

SHA1
3fc8bc41587e4e3ea5a3c7d0147254bfa6864a1d

SHA256
83e85024ca3dbf26f3fa1131599e7c324f43500e1a6d906d31e1c78ca9280dec

SHA512
570817b6f12266c3733889a597987e03db7618f989dba5061a3ee5976e823f916826a956cce2b37583ec4eb76062df7f1ff63db9899a78170e9595ab1c5d02b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
31415f59c90ab12b54912be069a54b32

SHA1
7ff06bd06edef967df337bc846a1d4d00012503b

SHA256
ad5483d9e9703d298d0c2bbc42184bba8f7fdcf598c0eaf9b0335f72b0eba311

SHA512
f4f2f8846d1693acbf20af76ecc2c233d5277e99d305671131de5762057726b9a921d16fc23cc4f9cd68e69a9230e196d1e34e5e83c27db01d0cb033e664c85d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
31415f59c90ab12b54912be069a54b32

SHA1
7ff06bd06edef967df337bc846a1d4d00012503b

SHA256
ad5483d9e9703d298d0c2bbc42184bba8f7fdcf598c0eaf9b0335f72b0eba311

SHA512
f4f2f8846d1693acbf20af76ecc2c233d5277e99d305671131de5762057726b9a921d16fc23cc4f9cd68e69a9230e196d1e34e5e83c27db01d0cb033e664c85d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f83a1c5280c34928939171f8c8daca69

SHA1
fc715ebe5520cbb778b6f1370b8f2ecd3a0b8270

SHA256
2a456faf2b91352f45a666cb17d772d570b91aca624c3dfa16d336ed243cb170

SHA512
b40872a7dfc2f2c0f74cd2f6a2f8280afcba8d897a3f5144c7b63fe6074b7a127cff14e6539f17f9decbfa82c1b8a43f06572d358646e1bacf0d9cef97432127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
74ec9938067268ed470547503ae48c86

SHA1
3c5dda04c33dbc0e6ae95cb3a4570466f4e93b7e

SHA256
d1186d312df33b6d04b43183663eb17fbb871eb76fb508823864b790562edc53

SHA512
2555191e1c83e2c67b6ba5412e784ea3eece998af9620ff0abb4189532e82fbbe9567490d3a0357dbd666e24e186704faee35bb1c67c87ca300381283cc1a9ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
ee003c35ab9976ea0ae4aca8c80566f8

SHA1
07c3d90a6339a9c4772db73429d1701025c1ce2d

SHA256
da25e969f4d4b67ce46e22c54ad6c992ed1719019541409b647127123b4f2757

SHA512
77231f04201a1b374a8850d502a98ef142047a80b807aa469e5356efd6ead2a47cd2b1f68585c76fba28e1aa1c18dc4b3169f0f4c82167ef4c954826bf71ded8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
0da935c0f4c2d3d1fdd6990095bc482f

SHA1
7a310adb62defe5fc22408029679c70c912d9cf2

SHA256
230396e716a34dc3e407d95a8cbf45a53d68a1299eccf82cdcad1ffb64c5ec86

SHA512
5147e208476cf7f7c4f0217c35069bb2bab19056eeca46c6adf72e376c78ffe113d8d0f250b14760637cc0d3599e50bb91b76503eca113f5438e5d5d221db1d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
8KB

MD5
f9703d973caaf7eed7c67a160514a8a5

SHA1
e4bd1e37e51759d7d667b11933314975521a1fe1

SHA256
796091e93056b2f84884f4a5c3bf34a342b0a1e0593afc7b54a78c38719516eb

SHA512
98dafbce5fc1cead1a89ff37c837c2ed6a50d7bca6f5b4e94942280449cd302176374a79e302850184a73dcb819741ade0c4755a02a0267c6aa9c325af604131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
844cf50ab745c9bfcafa4fa0a1609bb9

SHA1
fe9588a79ea7e38b31f9bb86b613c25f6114eb24

SHA256
f24b14f068486e9e83e6ca4138bb1ad038267f9bc4ba6c67d03caed324c8686b

SHA512
24239d6239b82370609bc6b0e2414e29f97fd491f20c840bfb7d616db94b0d82f8920d574db85b6ecce92c62ae4a5538d1be89f86c5a4d7f3f06e53818f32d15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
df6dae6e14b1a054894cc6a3eee68ce0

SHA1
0b2c404f2331f81c1654fc6661120ddc7663f447

SHA256
a61d98fdef7d61b9d375d2cbd0b79a86c66ad18afcd4d2f830444ced454fc095

SHA512
8d51c7323a847f15ae5b48e04e88ea8fe34777dc0e17b2c198bbce8f4a6e17564db3a72538da7381ea917c07bcf5ea5e0f39d2cd0542d5036993ec88d547e671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2b9a9f14d125409f5c5be045732c62f0

SHA1
df366431226bb7aacfc79d538cdce6e539baa209

SHA256
129153000889b4bba6382ec1d35d52ac1e59cda394464bdbf575c5664fbd3123

SHA512
e8a7551a6f136cf9f0138c285d9e2c288e679ca320a06774e544c848438bb9d282182c828764b5a14b8b6a3adedce4c31a4c58d971ad45f47c2a1cf04fa9a058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2b9a9f14d125409f5c5be045732c62f0

SHA1
df366431226bb7aacfc79d538cdce6e539baa209

SHA256
129153000889b4bba6382ec1d35d52ac1e59cda394464bdbf575c5664fbd3123

SHA512
e8a7551a6f136cf9f0138c285d9e2c288e679ca320a06774e544c848438bb9d282182c828764b5a14b8b6a3adedce4c31a4c58d971ad45f47c2a1cf04fa9a058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
42143ef3f8d40f6b8af97dc979e6d7f1

SHA1
2747d948c17ef1fc53aedc9b82996995c952c2d8

SHA256
b6433e67642ef293208e74e7d1be95a207857c6008f45e8f0823a98e3b227484

SHA512
8bdceab4d67b44bf7d7f9af798f0a30ea0bb296d4a694a8d4e8dfd4bbdde01c315f6e246e6fcde48135de0b31a0e83ccf44d45506294314fb805416d67a5f84b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
32d6fd2210f20e8e8a27e9c131d246f2

SHA1
99c5348c697c0158f20b8af8de45df1b81cf6579

SHA256
bbe510a42ce47a17bc997b7533de514ff04bbb9e6c7217904da4047fe48a44ac

SHA512
d2af51cf48cfac373f282787a1189692971a4a205e91003517094d54673f4fae524e3cf7ee8fada39e961c336314096171afef665fa1a9144a1cd2c62ede8d2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
55d3bd105d4aff54882e1f31e9426002

SHA1
c72c3c7d36aec8e859014af101248354b2675a37

SHA256
d909ec5faa1602a48dbf8fc540add1ba778f759b89eb8dc8d6053120c136e8ba

SHA512
eaad352b63bfead3fc03e3332dd7440c7cf15c8545f2f0947d77f534531964e9ca94867fd84dca9c8d74c7a5e9479ebf0d35638ccebd8246fb7bdd8a75c181f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
1e1fa11a14ca010a6da69e26e503f2a4

SHA1
8aebfb2640e6df73e14b28d3c7ffa88be89abe84

SHA256
ade806018da3f8156953ce044dafdd6dad53af315edc058c17644ee520b40832

SHA512
a6425c965f6d0e7a84a86593fa10f8ee8e4692bc3ecfe6fafc60fe1e4431ee34f91fcc0a5bee459ec92a6d1e79da2e95d460f7afe1ee0707f278c36319a644be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
30cac38b0b8aafc909b2968dce286aa1

SHA1
f6ffe1e5de0719cd11ddcc9409050c929a17d758

SHA256
b93b4937f25455084d65a275c39f2f18414376f85b569e98d9d465cbb3e6ffcc

SHA512
aadf97233bcce37938ed76716c8f76c8d5b85c1c633920fac7a3c55058a907ee47a48fcd7d5b627998949d223692f8a5ec008f4b71a6df3d9bfd28c18012a108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ed00b7e07a90430f701a769bbf249a3b

SHA1
3f2c06988aecc2ddf3e266668ec3d6b1ab2064f1

SHA256
5c230eb72df14975dbadc1744588463ae62ccb55e15064384dccc42f1de72830

SHA512
121b241ff2a50670ce6e92c680abb39f39dc496a313913d87e9e0f6f60a28321f47c59102ade46131bd32047ef8e3d7210622b115daa142dd416f3bd0c35c141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eebd0cada07293c0efa9512944635e08

SHA1
995bcc3e308e15fa69907232ebd6104d9ae16e56

SHA256
50e1a6f30fdd9337c19fad3f8357ade0a3db1713398f7df8db2b520ae5a631ab

SHA512
ddae2e3f6e644b9d35718de40fb769e8da152db70b61ae250fec7f18f28cef4b67d6dee315965e9ba9e2732e635f9f0d5116407a922559e136ff07e8b3237487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eebd0cada07293c0efa9512944635e08

SHA1
995bcc3e308e15fa69907232ebd6104d9ae16e56

SHA256
50e1a6f30fdd9337c19fad3f8357ade0a3db1713398f7df8db2b520ae5a631ab

SHA512
ddae2e3f6e644b9d35718de40fb769e8da152db70b61ae250fec7f18f28cef4b67d6dee315965e9ba9e2732e635f9f0d5116407a922559e136ff07e8b3237487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
622c1211666321f3d1ff770dc71e24d3

SHA1
b1a2ff9dea0088f36451be90212f4120dbcf8721

SHA256
50abbbb7baf6b170e14b5238ed7c2b704e79bd7a7fe67923b3428ea693007799

SHA512
70049d2b50fde64cb740b16b253ec5d66d4d40b9d55ff213006bca342d142c1982dbe9288d3ea3acaca1ba4e4adabd65bec7d284e643a862cba663ccb8c15159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
acdca2ca319758ad1741bb25f04ae2c3

SHA1
f42c83a59f66435fc875634fa5ccaaa32b347abd

SHA256
52e4c50806d2fdb96f58bbb3313b6cacdba7465e628cfc5e9070379c4b0d20b7

SHA512
ea71643b2360498813231a3d838ae3d279b1baf66634136324a791647a71125fc0d57004e312d9e133fd14123c03973f9333debececaeda711ed8ab261dec8f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
f28ba34566e0c07c96ee794c6d4440b5

SHA1
9a1addb05ddd8310cc5960db1b3f9c25f418b5b4

SHA256
cad70df3d5e5980ba9ecd5d69851ca2f1bf918bb4578a6ad182b261b2cda353a

SHA512
f7502e4ec0dbed67247ff64b5489e2c911b0b449dfd85f58e00b60a625fa7b3028fda21312f3d77f3cb964a7f4da52a655f2b1ec062a0d369a26eafc7c91f25c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
7a24932ffb30945f8dcb781767d8cf3a

SHA1
4707b8f1d4d953486d0d92505d99a28ef28c1f20

SHA256
0bca1ce6995c84e4907d19b67e6ac836cb4177baf87799666d9988e654b4425d

SHA512
502f6275f99a4d854455a7900cabcfacad4974e5e21f7df3b02df1a9b8d1d1626b8f9ce55521ae02e42097a72d0901b6fbc0b74cf237c677cd96cf80290aa9d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9385f4e1422f4afec3e622395d3eb590

SHA1
ff08552398a3e05e7bd4da7348f6b090f6c222c4

SHA256
45121328a5ed6286c16446cc857ecbc3f69e506bbff07870439d5743c4e5f3bb

SHA512
0354a260e48d97ac0ad883944f0fc6b0c21cb13c12b3a6823b5616842a775f0092677c336e4bf486936553cf3842539e4a42a63ea4239069f0e5ed6494d677d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9385f4e1422f4afec3e622395d3eb590

SHA1
ff08552398a3e05e7bd4da7348f6b090f6c222c4

SHA256
45121328a5ed6286c16446cc857ecbc3f69e506bbff07870439d5743c4e5f3bb

SHA512
0354a260e48d97ac0ad883944f0fc6b0c21cb13c12b3a6823b5616842a775f0092677c336e4bf486936553cf3842539e4a42a63ea4239069f0e5ed6494d677d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d0ab0ecd9d15f865fa73edbf7f247ea4

SHA1
39e242fe2cdf845185e1bfdd208ba4f5e28f1d6c

SHA256
3549139fea1970b4839f0e818eca6fd4b838a228b2dea2e7e12dcd2feecb5246

SHA512
f27bd239ffebf1df138b2aba9d4d8a7dde60856b710bd6e89d5997313f1cc8591e0a03528343f97390b64c3316c5ad4bdcf4065940e758be1666ccfad0e9e79c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7e59a8a78246d7e1f5562da111768585

SHA1
5b6d5b0e32c8301e24700c88a673a1520621def9

SHA256
9e4ed50131bf205289a3a097a7c0ddcd463a71784effa5b041aa6e8a92be759f

SHA512
cd8185205cae55463f6e040b4fe9c303caa168c859c8e3f0967e35ae00cafe8a05b36f5292df6666f289f27e35214c614430fb6224d76e58104c369070d08a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4289eac0e58329c0f168b0f1cd9fae82

SHA1
792b18f895f7ee29395d91a36f1ddd144b7da278

SHA256
b517879074270854b63708bdcca167c97919f411ac7b012c0a9759d9c3577f4f

SHA512
6b00cc14fe64a9dc8bf3a53066379e85fec7afd7d1c69c1864f0b0e04cea867c200bbfc3526d0add382ffd5baaa5f9cdacbe2e87493e98a80bd2db93d396f812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e974317080308dc11c7f704606862318

SHA1
2c32d1760b0d6bbc4ce872d413c710499884fbb4

SHA256
80a6f6d5045c565b1afcf2d1c6a454db43c26eedc98b429855b57f91c6373542

SHA512
a5e38a3a6650d6bc71ae90432818ea303afc18b22392d21be1e528ac446eb8b0604c27bb7a76925f22b733578e3e16a69a42871b4b22ea6fd428f0d6073f3b94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58266f.TMP

Filesize
120B

MD5
4cf6eb3510626a8bbf9aa851e9d4dbd6

SHA1
205399ae30e64443b6815f845392b2c5dbafdde5

SHA256
e3db8a210e7ea90aadc97c9575261423b3ecc43254d204cb13aea912736b7f92

SHA512
5b15f9cef45a89f253752a2beffe3c9d935b58c048dd3d954f5a721de4925010474f9c38fbf7a9b3ec45e8123f2b324ffa949139466beab68def8cf7d7961ada

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13331310291052171

Filesize
4KB

MD5
eb90244db73c905e23886606d2103f95

SHA1
bb0dc4b405b726902d5ddcedfc0427a54fb85ccc

SHA256
47becbf31d1292d567c95ff15dac6e75461b32864465bea644a681e3d0253269

SHA512
46cd40d24f8b3ea7e51e4dbba49585be7c4c3849f92fda8b3f8fc55d97f1e24dde3f3a1d5074f00181c3d3a40f648a29f4b3eb7a28bde8e117ce2e5f41c906a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
a6ad8b37b991bc51286b91d631c9c9ea

SHA1
8e1d0a638f0f3e43045742f1adff8aa2d952b41e

SHA256
1a21a6b3b63a5d6d530f86e58ec553beea43eb6edd811d35633601b4074a2fbc

SHA512
ac991456ec01a7007564e926c7dfda5b6b0b1dbcfac0009d7dfdb079da8aee31312835ba8fb6c25ae46d82d8df2bc73486d82263e60c599553130724a8ff8716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
4e47029c852814d7c1c892429c5b80b3

SHA1
4f17441a4dee222805f109e91479bb3db4f5a875

SHA256
4a431538fd5185312b2191fb318bd717073f9fd30a2799cc2fef52970f7dc702

SHA512
fc6e01774ccfd61859176e24b3419ccae95261ee51639cc899b60d6b4ed51506452f5bb9488be47152623ce23964d30fb8fc68ad2f5676dc452c66e88e995d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
2c2ebe6cb2b9f7a52597b395a12412c0

SHA1
fd29b2d15b0558890e55b32c7df6e801de1ee549

SHA256
05e8e8d36c80147aecb79787d49178f5b7e124f49c9425bdb9cc5049cf6c72df

SHA512
3e3bb1ab7d92a7e66e785d6dbfff5c8bcf75598fed62c6cd938eb911f82ef02b62d7e3a4b3fc2c5445a7022dd6dc9511654e642e561021ab13d854ddea01a256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
f905e384b1884122600ade43188eb67e

SHA1
2a9ae109cf460a1139f18a475665668d8c4006f0

SHA256
b100ee84bcd74310866adc17a5cd602ea6658e252fe7693d3463930f0b628f87

SHA512
bfec37a646484070e2b026327ce63e91c9efcc1f4b95c104fade372f6062c0e18a3c4fcdc4f50f500c823d038096b80f3156dc1215d85f2f5cab9b746be9a003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
64cb9af312f9182312253f3b803de305

SHA1
99981b166c2a21034b1f435f5665ad615eec225a

SHA256
bfabebf4b93ec9f1ccf5cc1674f921971150120badb5f45616dc139f7c479f03

SHA512
a2cb140a8b1cd9d35ac913cf003be23642566c6d4e3b0dac007cdd413735bff075f18aeddaa19ac93f9b50bb9d9bd5eba3425dff5df95dd296401e457a752246

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
afd6b8d08e0d9da0a0bbe4aed9c41455

SHA1
656e23320eea965a5d54b7ef1bc4b67e5c317bcf

SHA256
f9824d6b273ea9d1a3819ecbcec78f8d159bcded62a1e33b0c9ca7d520dba5eb

SHA512
4f05d89acae033f164e97ac6ca5e2f2a74c57859e073934543c394662c1c264142fc9db417ffa88c8536d45b9dcb736db4401f97ca97723d8ab2cb5d002a2be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
855B

MD5
31fecf9f6c5c5e30f7766f0ce818e001

SHA1
3471662c279cdfa81ccbdd2b71ffafff97999e88

SHA256
703453e436b3d4cb5c6867e8cab815de5e5b21d50751d213c51ee69c6be8e3ce

SHA512
7881e0bc167c218e0d9179834c1743ae72a03d973d8943123febabe4057417149d5309f337b0928a3eb116536cac2bce44f29c49f48bb3e0e72b56a4b57853e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
caad74e36e6f7ce83987aef1f11a71d9

SHA1
033698b01cc5c093d7d75bb51144abb08fdda534

SHA256
0d1b55b277e341461bbdba3dc23b675178638935ab8204fee65897dd19b4f947

SHA512
8b10a32b50f0df3d77b9b3d579e2ad2bee0a88ae74cd75d3f9bd3d48681b452eb9f2833dd40712d757911754f82392499bd67cd00456fa11fa6364accff9b9d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
5bd6c75e9969095d46f601c5c73f154e

SHA1
0593ea60695c3fc782b1775ce60cef0d7aee6a16

SHA256
04b0ddae0b47faf66a0a0cc10863b2a1260be3e66bf93604c539d99759a0fdff

SHA512
730b5c545ab97f8536ed0ff70e0275e1678150d628fa7716ce8147d0c297df4565919c686158783509ce0c919f7c5a5217ad6302958dfc51eea4a58d1b712e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
54574b1cb75dfd4bc3e1dd508babfa8d

SHA1
f455fb5bc481c4441a65b2eeac88a177e03bf9d9

SHA256
cda33e02e37acd225fae43096d4b16309b51fa4a1b124ee2839e3a00cc13862c

SHA512
df13f4d43aa4e5ad5042599ece86413ed8fde86088aa0517a717c74ecf3cbcffe28cdfe6352af4dbd93ce25df6494e3c41e1e93d55a2d891a21e8b28e3abae32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
5bd6c75e9969095d46f601c5c73f154e

SHA1
0593ea60695c3fc782b1775ce60cef0d7aee6a16

SHA256
04b0ddae0b47faf66a0a0cc10863b2a1260be3e66bf93604c539d99759a0fdff

SHA512
730b5c545ab97f8536ed0ff70e0275e1678150d628fa7716ce8147d0c297df4565919c686158783509ce0c919f7c5a5217ad6302958dfc51eea4a58d1b712e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
e45ed1f50f42eeac064b5a7c62a12627

SHA1
2e3b3e0faab450042a3883768761d3bbfcfd22d4

SHA256
29269e378bb8a2f12c166ca52f979f7de14b3e8997740e20f8b2bf797d30740d

SHA512
7845221931cf23a808802cb0346805f4d2557f0423329eb004dd8289be97767b3d2ae88d956e05849213dcf96a3885c2578afff0c50ef3f281a06fc54c8962c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
0e40856dd38d5f1236e4a5cb441a3b00

SHA1
80e3dcc9091078a6ae24ee53dd9c917bd3b9449f

SHA256
3785f09588f14a187e24c3fbfbb4511826e2875cbe2414d3af06f6c3c0733a1e

SHA512
960750bf4b20ec931361561fcebc3c274aedffe2e65fa0bfc527c6ab288e8201f73c8396cbf97342d12e422ac90dfa47c28929c4b00567ff02fd09eb27ee6036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
e1e7a7216be8aeae9fdc4e928debb33c

SHA1
2e1084ad953719494a7a7b9f2b72fbb42420abde

SHA256
a938452912da97c658ee6c1531f5f5c724a58dba8379b0e8745e91d51ff1993a

SHA512
fff01b9ffb2fb46a2b0776f2c149bec87000ebca83052c8b867763224844aa768b5f9014dd860322c960254978d5997e934d1b0a74b69a439aafdf8860967f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
1b2bc6718bad34b867867fb70f5874c9

SHA1
c9545c0da1e4f6bc9057c36113875a571fd43378

SHA256
6c9c459a93d51312f636bd73acf5300e0977c9c82fc66c4425652358c206d83d

SHA512
5b4a80dc7cf27998f658d1ce12261386ae8ddbf550356001be916abc7244261a100490c12e05d2fdab529673b06ee24fabad0156ab3f3391c39ee4a474df5fca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\ELEVATE.zip.crdownload

Filesize
22.5MB

MD5
c3b1e6eb7d718eb127d4bf9b629c4d94

SHA1
3fc8bc41587e4e3ea5a3c7d0147254bfa6864a1d

SHA256
83e85024ca3dbf26f3fa1131599e7c324f43500e1a6d906d31e1c78ca9280dec

SHA512
570817b6f12266c3733889a597987e03db7618f989dba5061a3ee5976e823f916826a956cce2b37583ec4eb76062df7f1ff63db9899a78170e9595ab1c5d02b0

Download Submit
C:\Users\Admin\Downloads\Incident at Grove Lake.zip

Filesize
229.8MB

MD5
2b539f2d359adb0c2dce24a2495bfa24

SHA1
874f5eb6648964a03dfefdd741c8a60dbda6a2e2

SHA256
24485ca438d436b7291cc5b0fcbd893862efdb7da045a864e4beac9fb3bc8757

SHA512
72f09fd376933e09f9546657905733f222288714b6f58986376bd7a3382a4c30f866da0e0984b9a3fb6c954608351f57b3cf0c5fd58bde837a6f7502bdb75127

Download Submit
memory/1848-956-0x00007FFBB38E0000-0x00007FFBB61AE000-memory.dmp

Filesize
40.8MB

Download
memory/1848-978-0x00007FFBB38E0000-0x00007FFBB61AE000-memory.dmp

Filesize
40.8MB

Download
memory/1848-980-0x00007FFBB38E0000-0x00007FFBB61AE000-memory.dmp

Filesize
40.8MB

Download