47579603f29f74bf9fc676df0e7e12202831d0610c2b9594eb3fd5633a64998f

Analysis

max time kernel
197s
max time network
208s
platform
windows7_x64
resource
win7-20230703-es
resource tags

arch:x64arch:x86image:win7-20230703-eslocale:es-esos:windows7-x64systemwindows
submitted
06-07-2023 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf4.exe
Size

17.4MB
MD5

ded83cb9bb9334f1442a0099096632c9
SHA1

a32e1b7c5a72efad842d0a4d1edb0d8435ebc848
SHA256

47579603f29f74bf9fc676df0e7e12202831d0610c2b9594eb3fd5633a64998f
SHA512

b525872d2838341a98df24181a58ae2c3c82569ea16fd0d1e755585cd06ad73e501d6ea407b102236e46013f0c32e61e78cd4460f5ef9bd8afbba7e5797d4c49
SSDEEP

393216:r/3NnU+oBtFv4Nk/H1fWifHcIWL+gHn1+eGYwLpwCksXBM7FT:L3NnyCS1fLfH7WLPnJCq2M7FT

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1305762978-1813183296-1799492538-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	bf4.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	bf4.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2380	bf4.exe
2284	chrome.exe
2284	chrome.exe
480	chrome.exe
480	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	2380	bf4.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2380	bf4.exe
2380	bf4.exe
2728	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 2860	2284	chrome.exe	30
PID 2284 wrote to memory of 2860	2284	chrome.exe	30
PID 2284 wrote to memory of 2860	2284	chrome.exe	30
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 480	2284	chrome.exe	32
PID 2284 wrote to memory of 2160	2284	chrome.exe	33
PID 2284 wrote to memory of 2160	2284	chrome.exe	33
PID 2284 wrote to memory of 2160	2284	chrome.exe	33
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34
PID 2284 wrote to memory of 1232	2284	chrome.exe	34

C:\Users\Admin\AppData\Local\Temp\bf4.exe
"C:\Users\Admin\AppData\Local\Temp\bf4.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73d9758,0x7fef73d9768,0x7fef73d9778
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1340,i,7080045656607800529,2905476290396222503,131072 /prefetch:2
  2⤵
  PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1340,i,7080045656607800529,2905476290396222503,131072 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1340,i,7080045656607800529,2905476290396222503,131072 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1340,i,7080045656607800529,2905476290396222503,131072 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1340,i,7080045656607800529,2905476290396222503,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1424 --field-trial-handle=1340,i,7080045656607800529,2905476290396222503,131072 /prefetch:2
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1312 --field-trial-handle=1340,i,7080045656607800529,2905476290396222503,131072 /prefetch:1
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3932 --field-trial-handle=1340,i,7080045656607800529,2905476290396222503,131072 /prefetch:8
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3704 --field-trial-handle=1340,i,7080045656607800529,2905476290396222503,131072 /prefetch:8
  2⤵
  PID:1556

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef73d9758,0x7fef73d9768,0x7fef73d9778
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:2
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:8
  2⤵
  PID:588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2128 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:1
  2⤵
  PID:568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2116 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1520 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:2
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3732 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3956 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4072 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1868 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2224 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2764 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 --field-trial-handle=1228,i,15175382239097431796,5755423187304868898,131072 /prefetch:8
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4ec7cd6c-99c2-4e26-967f-faf9793f3f4e.tmp

Filesize
171KB

MD5
c5ec167f1331971e26714eaf9bfd8bf1

SHA1
bfd1f4fec22891b858bea36e88075a0f5f311ca8

SHA256
fc9c1d677094ca2ed273997d5b8f0ebd4df8130688317bde7e71a7a9fd417425

SHA512
2ee9f3d8bf447548426706f753549e15f6c9130727697303206dcc54a985bba71a4f4cd7dccd01bd004a383b5f856ce431b378a46fa4764a32c272c1c56f3236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
244707de7788042dadf4c401aa316a95

SHA1
d75694ca564a82fb9ee4aafc85448b6793eb1701

SHA256
d92cddd1c01c483dc1982be19b7e14b5547c0700bafecdf5632a1b952c30066f

SHA512
38357a84fe03b3bf55afca8b5e0320ed9a7fa88e82fd4ac77b1805c06c4e72b75ee4e1e1106aaf0e0ab50814a60122d26966580952650b0556ed37ce9067d051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
244707de7788042dadf4c401aa316a95

SHA1
d75694ca564a82fb9ee4aafc85448b6793eb1701

SHA256
d92cddd1c01c483dc1982be19b7e14b5547c0700bafecdf5632a1b952c30066f

SHA512
38357a84fe03b3bf55afca8b5e0320ed9a7fa88e82fd4ac77b1805c06c4e72b75ee4e1e1106aaf0e0ab50814a60122d26966580952650b0556ed37ce9067d051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
0bacab45d19c2e775639d73efcd360b2

SHA1
550a8a4ec9944e534e4a7870f8afb9a2063e7135

SHA256
11c98b587caae73172348a324e13247452945527b89cca4656e5c0621b10c51d

SHA512
5e0265317b6b00c9ae079f87f1b1658b443850b7404b2e54f526390ce691c7ee7258ad0055dbe14188bda4d88d7ebda94a3079d90f4f4942c71d2bd50b283147

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
ca992ed98f29cfd9a7fdafa99d5cf7a0

SHA1
0fb8b53fdab876b8c8d523ffef19ec069a835458

SHA256
0c07e9249f17ef993f6fb7387dce819bc2a9e1dc21af7a3fd0b511101154b747

SHA512
5ede20a6505a0e8d47f9d14f795e81cef0c72b27985a16045fb46854efcaeca6c5cedb23b90ac3750df379d3da2a009b00b1a4e16de1046ca4353fb58c2b9e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
e93de9f32481fdd4d434a14b45a8e6c5

SHA1
fa5c5d472142592813e7448d135f4d1f65e4c7eb

SHA256
1241b02d2fbdd33814d24691abfb504cc455849c213411080bee663552c56d70

SHA512
0cc80104b6257ca97699a3109ae4a6608d43217fa410629fa12c77c73ca25d654220d615f7931364af63dacfe050b3fef4d2ea2ea5096cd742d94428c0f09aa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
37KB

MD5
116a883433133600fa559712b3c5bf6e

SHA1
d7e81efcbc6de322561ec3754a84f5bc0478344e

SHA256
88302c6f7d6cedb274ca0e410a8ca843f91ddaef6700ccc16079039d08a577ff

SHA512
2336e93b9b1ac513f1e861daa10cb51d41c63c8c623c95013a874e9b676979b5ad6ed083b35dd553766e452c3f76aeee76889f44f416f564e62b1c6189d88361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
53KB

MD5
7466910f622cefd2d8f9dc3987067733

SHA1
3afd364e034749293cb1403ef754429e485ac331

SHA256
560483695ed326f8d73998faee2b42102da65732d4e19200883ed5a8d6fb996c

SHA512
5fae9059234b13d9819a0ac44490ce2c3e6bf64e31fb0254beb5f8a5102bd576fb64875ac4fb5865844d193d3668e17d84db927a93c73e0f0b51b128faaf7c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
171KB

MD5
7a88e1edbba1ad7bd345eb14f1377a59

SHA1
b299cf2eacc2d17d1f2fbda9391079b6f05fb022

SHA256
3f6aa29738172f431b8e2af2e39cba0c2f91583d7bc23f988c7b7b35975bef2c

SHA512
48870540a5e7aedf4513610e23dad5d37ff48dde92909345771f7235d4526893e65d11915b46191e62dbe6e9bed4626215703fc90932bdebed356568c1557f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
a0f78894b7b38285c4599b6d56593da3

SHA1
cf7c465317618986c97d41467d1c410e9df45cd9

SHA256
62b8a868e17384c3ccb1f568368fe7e2cd313f6a071adc5cea454edc40f992a4

SHA512
429d3d4bbb89ec20752ce2b198d8bce40c7d037d902f07b97dcb01d85bcd9ab3de4b33ddb56bdb776178c015b54427b9814be0417632e8e2a71001d4ec6c5603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
bf26ae14b1cfcec9199b773717818efa

SHA1
7a1586e0b5ab5a23710a621dec762d5cfe67b3d8

SHA256
c56544f5376b9c4eaa73f1addef03fcbb5813c6ca2b59598f31c0a15b7688d94

SHA512
172a962041d8d8913215d1b76922eeeb46b1fd73d83ca71ea45704a0d4f3166cb1c94be2671d38e2353a306ed305b54a7e1f0edcbc9701d8e12fb59dc966c7d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
25fc70628f4b8cfc80b52c734d8d9558

SHA1
385e34271ae054f6f482b8756eb76299a541bed2

SHA256
8be8cc74d6a4d0d9353d968ce59ff1b5cbe948fbc317559872ffa15517ac16d8

SHA512
6ad9efe5a62b46e69941a410b80314be4270709778ff65d2b674838d51740d294622e09c8d4d108334db3bd9563b7315a86aeea1d4ab89e25421136466221495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
8d79ebd151b070644a7bce3a5beb4503

SHA1
1297ad66c91fc69a887330eff0f5bbe91d86c700

SHA256
4f54b41f7783349c1a0c4bc057c4c309c71a33486af6f1503589f296724c2081

SHA512
9d5b89a0a5fddf968a0263b2489f889e0aaf39d9a2a0bdd9144b000ecf0825a3878933156f16aac223bf4531ffb54180146d1a29eaf9aa511933e55c343a0a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL-journal

Filesize
20KB

MD5
09540a61c85aeba307a3a200716c7d69

SHA1
65aac7a37a4bc885051c6abc83ee8a18b7133912

SHA256
6ccd5693a7cd6b4b3fafa94805497351bcf6d1b93b1df026a5ca9ebb6fcbe780

SHA512
767cb95b02b2cc4ffbb56f0e66214b843a11126ba34939490f7c35b549255fca39a208b9b40dcf3d4a9b807eea33fcde878bc7d117a30273cc022a75604ba2e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
8f46b60384af9ec92e7daa8bd5f6256c

SHA1
6f1b7b6d8deb782aba7d8f04ba69d5de1d30293f

SHA256
e19b42755ae9c093304c6f767f49a4348c020cf299dd1403a3da2adc6d0de488

SHA512
b448c7dbe7275e0d3d591db4c531a9137f43cccab666d3d61d1d49bc48de05147a03b3c7acc4e3426c80d9e6a23a26f7d8cd186ec4a439760c6dd06849b447f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
ca8d447c63d4fef0c24abdb22c66dea0

SHA1
e30cae2281e307a2380657fedf97bed2125878c3

SHA256
51b5d2c7dde72c9c85ade4c952a5db6a2e6d3259d3881e5f509ef3fa27d7e574

SHA512
1e39738fc9f8612ab9ff73a69c954e6f5fd0737b25b2ae076ff6db9a61a41a237ede56382b9464f8fca7cb0669864c8bdf342c208e5db34e27ac96cf35a732bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
ab5b4dc8f107d28011c713c60c7ea323

SHA1
516ff89080ebb80b045696c719d9d69a27303772

SHA256
7f5ce43b07d3cafe2be462f7da8049da5f0b943b7b769550d025cc08a41c4a07

SHA512
8bf20e7653687f8e10b0eae39933351d449e3035155e260f79e644eb7a824ad178fb3d99e5c526510567102a0cd5f1bb3d249bffdb40809c907c0e4aa96b334f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9f01828ee14725e59c313c4d40a0d6e7

SHA1
0c9d697c71647a394e102293d3d46e9c84f7e327

SHA256
36601905961390c5abb5530463800c3971146dfdf4aa72a120bf56b7a8a093cd

SHA512
627b14983f71e8ee2315cc254fb1cc5e84174ee07b1f6965923ef9b7f389c702bc1e4bcff18dd580b2c5e23317b7bb61f9467e73e1753b6aa35561d159880ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
df1f6a94b3fefb177b3b904954d02af5

SHA1
1512b215d4f6e6458aeab26c1dc27a41bcecbe56

SHA256
631ef3f0b83caf0895c64952801162b8d6b7692b8ad263a553e242e81470e7b0

SHA512
0c92558b4ed2b840e6d94e47e2fec1203a02a276ea92dbcef206ad84ecabe9c2eeef48dde55e9598076c5ea8723014451917efb1481ed66acc3a093f4f6df4d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ec10e9c09566687539258bc7d8b83383

SHA1
80093b91d41a02157a70fab95d3368000af08a59

SHA256
59ec0d1c26b5139c6e78abe504a8143d508ed565043f3c14bf3f6e8acba75edd

SHA512
7cd4e1a709ac5942c11e13e6679771fee83f22ec8c28f72fca207a276a4b94269180ab5e3a695497aec6d8c293f0861bec46e15069abc7a2abac80cb0a19cead

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
823315599e0764b93d313ac3769e691f

SHA1
827f390492be72a0564225aaf41e090f7dc0c228

SHA256
261ab639425f0a6e27fb2375f2f1d4baec8e2df5b9b34d9de6c4267aa6e9ca25

SHA512
27d6a2bc6dd21de1c13af8478034a7bc3169bbd2fa52ff60f54fc82ff4080e5f3536fac7776e6d2cc8e999dfa2745ec1abf33da5ab69ddb2a0485d79286db858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
99c1c62397377ff7d5096b4ae71013c3

SHA1
ae56b665ae2a1bb57cda8d7bf5aee5ca39412c83

SHA256
c7cd9fa4acfba0fa2fe4a09070deee0d64caf60b2ba53cc3f30693ce046e63a2

SHA512
8e8fab6f5a627ecfa82505c9c6047b2deb1219d53055675d7f1930972549d134b7d430e27968a3648063a925e886b6980af5ee1ca305860144c81db2de522cb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
38B

MD5
e9c694b34731bf91073cf432768a9c44

SHA1
861f5a99ad9ef017106ca6826efe42413cda1a0e

SHA256
01c766e2c0228436212045fa98d970a0ad1f1f73abaa6a26e97c6639a4950d85

SHA512
2a359571c4326559459c881cba4ff4fa9f312f6a7c2955b120b907430b700ea6fd42a48fbb3cc9f0ca2950d114df036d1bb3b0618d137a36ebaaa17092fe5f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
b5a6c7a836eed62f03cb5d89116074a0

SHA1
5c109c061059f3b28de36f890d51f84124a0dfd9

SHA256
c0b31469427a4fb184d5f4afd266e33029ea326a9c632e53065815f0b70b66b4

SHA512
fb2ce7b8fd9d30627945f78ac703ab7671f28dfabbc938b32019a930232648eb635b1db72c0b7e67245ac223d8dc2bf5977d69c3ea48b39f94988629f0b61e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13333096091061800

Filesize
2KB

MD5
9bd72c859b1484e59c48df63a12a0d4f

SHA1
69a3af61c376eacde4622f0326d13caec262b225

SHA256
8e34535c02a62820ec16e8e513ec5506203ed18cbf3b8c03ce497e991a9f1343

SHA512
2134fcfd7ce175061abb77537a83a4b951d0b572b766357d99c5cef644472b4d5fdcacace508a5a7392634b5ab546b86e8b9358b40009b0face35c12727a27ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
532a1a5e88e6ab625a118fec079e233c

SHA1
c0a9ec7b7f06c50013ff04d9728654623554dc66

SHA256
b6a51e58b22fe8765a9a0aae60a055494fac69a6bcae787ce00adf6a241954a9

SHA512
fd9cebc96851889e5c09270286fc4e677a9e10504f0625a78e12d34571353979df536c5f72eba142a27c17131b2a242e77aa526e625190cde42d4c032d7bd270

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
136B

MD5
1e6e7f6854cbbb29646586b445fb0940

SHA1
c3c4a1ddf148cce2c1b11eb9987e03678e9d9516

SHA256
bce6125a5c4259138f6922a1a8cbeabae42d7df372fb246f6f6411209c1bcdf6

SHA512
b7aaff7fe3c80054107eba7a7d798b1ce57ca40bcdc7343dacc01f21429a7670ed39a077314c3bbc3ce13f0fc68b584219b2afdc101e4bdf7d1d0d5688ef33e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
117B

MD5
2ac0494b5c4c6d605281ee87339a0cc7

SHA1
6ea0fd5480bd086ed4110d0622388574f0222666

SHA256
53161ecf97484ce07e22fbed3f642f3c1daec51a22b84be407522e5d38d2afbd

SHA512
77c6a0422b17b90dcc84094e184020613bfc7f71f07bb6fe15a68f48330e7b374c5228d65606341248983e3ec17c9b30a61e31ebdfac73f7e6abeb9d2b5f8f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
247B

MD5
cb455c38e10df19e5d6aeb1e9a74f579

SHA1
a54c308dd6e7a762706dcf7097640b51c4e0eeee

SHA256
e1700ecacf2b8ca71621d94bb17b7b0b89dbe20e1c88ace93b9ee8c6a1d022ae

SHA512
bef5f38a24e25c0c1558af73ddbd2d8c06a1e9db11ddf62d36abfbe539b3258b4599b49313b2270d9067d91b7ec7c7d796ffd06c0a447a162ec6acc9fec25f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
50B

MD5
bfccbb8c67a46427316a18e958db02aa

SHA1
57b9cb0808c84fcdd6b4ed2d44783ed77c401970

SHA256
556a515b30c9d4b40da30e301e545241d980dbc3a5c77cdb65ec4cc83edcd84a

SHA512
38fcebc67a3efcba9462676ca234dd871ccbc1dcb5c0aaed5222dcb6df0936bbf1bf605a3fc27bd0fea1a70f638e5baa86b044844ec4ce52e017b63dbb1a41f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
a370b91b5e8a80e737d24fce26fbae3d

SHA1
fbd0a541402d49011481996cf15f4b70908277a1

SHA256
287bca494553b2a9fbaab0a975a85c0e66f3187dfb4130239bc49740520a6bdb

SHA512
d4d911a3a9cd7f3ef5f3bab11d4c03f07c15885d40a5f2cea801e7e419aef60c569e984028aa7e0e190929a48e60de4c6a10d5f6c6a7813d5c8fb67012596f19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
c595b2f0a23dc612f79675174fb0eeea

SHA1
dbeed87e05b68957cdf0ba3b00dbb62545bacc02

SHA256
c9819509bea548d31a7bc9a7bb88d607f39e62ae0680f98a53d806ed38fa710e

SHA512
e36ffe6e405d8dee7efdd76117b95c3de686b6d74b4fa41578f1e255510ed5180cd9bcf121ca625f53a108ad48ace1dc3e4bc909852a64553aeeb45b79c2cdae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
122B

MD5
1bb8ec2f1f6067eea333cc9e11a57618

SHA1
f7977ea970387f361a3deda9eed2170117086091

SHA256
9a3dab97d8af1fe7861c4c014a68add2b54a820ecd3ffb1acffc30be1ffd0ac4

SHA512
c256484fadcb53f06ca811996daf0b9af020ee483c660a94cc01ee15e892420b66ea795db76bdea26d68345e1f426587f3a536e16b1a18ef988b999454ada988

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
5021ba5d88f89ef864ad0e80fb06a3f5

SHA1
6c2852f37340ac5c5660457461e7ed6f8fc9805e

SHA256
5e9055a39ef9125b9fef27c1a993c75d4e363e83162111a0cecc45c177ce23c4

SHA512
540bbc341ad7872561b09aac30a7155713ebbc0788b3560d13838f0de7ac942f3c3f52b2b1727ce107b3a9750e893ffc90326f116ea4c9f828cfd7215e0dec76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
171KB

MD5
c5ec167f1331971e26714eaf9bfd8bf1

SHA1
bfd1f4fec22891b858bea36e88075a0f5f311ca8

SHA256
fc9c1d677094ca2ed273997d5b8f0ebd4df8130688317bde7e71a7a9fd417425

SHA512
2ee9f3d8bf447548426706f753549e15f6c9130727697303206dcc54a985bba71a4f4cd7dccd01bd004a383b5f856ce431b378a46fa4764a32c272c1c56f3236

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
88KB

MD5
575485917672111719cf4f41ccd42592

SHA1
9ab287a47c712652a4f69f7b694258f7eb5a12ae

SHA256
3755ba69fda31c1e6de53979adac8ba4a21886d451940b34ed21db8bbea48d84

SHA512
a5191ad14903fd9b01dada32f1c46f4fd347cd521411b2d4d6737105313b0c059fa2b893d3a45f343a1bcee73e24bb6cbf7bd913750a3578b3a60c6b03c13ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
5B

MD5
260f1e2da6de7dcd2f5dd8277cfaa301

SHA1
02f1833c120229f31480019ad71873be6f9691c8

SHA256
375846dbec3529040e481a8e2aa122dd205729fc1a1436ba52f8879dd3da5f32

SHA512
3042e5bb37efbcf406fa2bbed7c880e680d152dd0493506e460addead94833d149518cd0ad547bacc268bf7dc16a596f3aacada181b66d9d32741ae966fe0805

Download Submit
memory/2380-54-0x0000000077B90000-0x0000000077B91000-memory.dmp

Filesize
4KB

Download
memory/2380-66-0x0000000077B90000-0x0000000077B91000-memory.dmp

Filesize
4KB

Download
memory/2380-62-0x0000000140000000-0x0000000143CEA000-memory.dmp

Filesize
60.9MB

Download
memory/2380-61-0x000007FEFDA20000-0x000007FEFDA21000-memory.dmp

Filesize
4KB

Download
memory/2380-60-0x000007FEFDA20000-0x000007FEFDA21000-memory.dmp

Filesize
4KB

Download
memory/2380-59-0x000007FEFDA20000-0x000007FEFDA21000-memory.dmp

Filesize
4KB

Download
memory/2380-58-0x000007FEFDA20000-0x000007FEFDA21000-memory.dmp

Filesize
4KB

Download
memory/2380-57-0x0000000077B90000-0x0000000077B91000-memory.dmp

Filesize
4KB

Download
memory/2380-56-0x0000000077B90000-0x0000000077B91000-memory.dmp

Filesize
4KB

Download
memory/2380-55-0x0000000077B90000-0x0000000077B91000-memory.dmp

Filesize
4KB

Download