0f95b4a8b30adeea7c0a46d25e08bbe79869bc85a68433847d5eb007f14b7a0f

Analysis

max time kernel
494s
max time network
504s
platform
windows7_x64
resource
win7-20240220-de
resource tags

arch:x64arch:x86image:win7-20240220-delocale:de-deos:windows7-x64systemwindows
submitted
25/02/2024, 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

protections.lua
Size

8KB
MD5

af178972ea0138fbfe85a8ea330bc173
SHA1

3cdbe95ce44604013d0f98f78232adfde85bd235
SHA256

0f95b4a8b30adeea7c0a46d25e08bbe79869bc85a68433847d5eb007f14b7a0f
SHA512

0988e3cd119089527fd10efc97f433e54a1fbdbd81eb815b1296a7f1a67885879200b119b2a6c6f9c1dab0c0b2a85707765bf66e8b672bb3646bc1918a3854ba
SSDEEP

192:l5Pf3DLyVbxSr9JiMBqeTs1pGun5YACmssQEhRJS8jP07Gi7Imk7K0xuAeq01UJS:l9f3DLyVbxSr9JiMBqeTs1pGun5YAos0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2488	chrome.exe
2488	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe
1968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe
Token: SeShutdownPrivilege	2488	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe
2488	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2764	2080	cmd.exe	29
PID 2080 wrote to memory of 2764	2080	cmd.exe	29
PID 2080 wrote to memory of 2764	2080	cmd.exe	29
PID 2488 wrote to memory of 2508	2488	chrome.exe	36
PID 2488 wrote to memory of 2508	2488	chrome.exe	36
PID 2488 wrote to memory of 2508	2488	chrome.exe	36
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2348	2488	chrome.exe	38
PID 2488 wrote to memory of 2948	2488	chrome.exe	39
PID 2488 wrote to memory of 2948	2488	chrome.exe	39
PID 2488 wrote to memory of 2948	2488	chrome.exe	39
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40
PID 2488 wrote to memory of 1300	2488	chrome.exe	40

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\protections.lua
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\protections.lua
  2⤵
  - Modifies registry class
  PID:2764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5ee9758,0x7fef5ee9768,0x7fef5ee9778
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1892,i,3544358187657332024,6449136001258201945,131072 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1392 --field-trial-handle=1892,i,3544358187657332024,6449136001258201945,131072 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1500 --field-trial-handle=1892,i,3544358187657332024,6449136001258201945,131072 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1892,i,3544358187657332024,6449136001258201945,131072 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1844 --field-trial-handle=1892,i,3544358187657332024,6449136001258201945,131072 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2236 --field-trial-handle=1892,i,3544358187657332024,6449136001258201945,131072 /prefetch:2
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1244 --field-trial-handle=1892,i,3544358187657332024,6449136001258201945,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1892,i,3544358187657332024,6449136001258201945,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1692 --field-trial-handle=1892,i,3544358187657332024,6449136001258201945,131072 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3484 --field-trial-handle=1892,i,3544358187657332024,6449136001258201945,131072 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3472 --field-trial-handle=1892,i,3544358187657332024,6449136001258201945,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2324
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f757688,0x13f757698,0x13f7576a8
    3⤵
    PID:2380

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:540

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2280

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5ee9758,0x7fef5ee9768,0x7fef5ee9778
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1208,i,14995702911688723439,10430656131259589060,131072 /prefetch:2
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1208,i,14995702911688723439,10430656131259589060,131072 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1208,i,14995702911688723439,10430656131259589060,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1208,i,14995702911688723439,10430656131259589060,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1208,i,14995702911688723439,10430656131259589060,131072 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1176 --field-trial-handle=1208,i,14995702911688723439,10430656131259589060,131072 /prefetch:2
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1580 --field-trial-handle=1208,i,14995702911688723439,10430656131259589060,131072 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3684 --field-trial-handle=1208,i,14995702911688723439,10430656131259589060,131072 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2668 --field-trial-handle=1208,i,14995702911688723439,10430656131259589060,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2304 --field-trial-handle=1208,i,14995702911688723439,10430656131259589060,131072 /prefetch:1
  2⤵
  PID:852

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
39e40b362bdc1e121c6c6a234cf5a7d0

SHA1
e7d46c8386bad51ab8b775c828ece711ef320302

SHA256
e593936454d92cdc9ca94e2ab9a6ad6fcce1b336d57adeb62c2ab0a23a938192

SHA512
b4250429c50a73e4d72e6f54008bb29cdd7bdd016096d9de8e4a6ee79a9cc2b9b39125b004e5d588633510615724ca4a11a96d32b540433927acdbb58e26b8d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
88c2ccff06e23fac20143ff07cca9b02

SHA1
32e38a577ef4888ee3b0d05c836f19ba6134a3d1

SHA256
7e364b6495f1f27867d875ba4c7ceefd2925a77b3d226b5668f6b8412a005d74

SHA512
fe6f5e65e4c5579c169a6d173f06e577e900a592f96ea6133661b1789c147d353b1cdbc665aa0fff7aec5fa9b18a19655e622040bd3ae681d5e76d812cf72013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
6b50f5f2c927ca0ddce2276084aaf34f

SHA1
ce1b8c5bab897915eabf14368fc6a373fecf6916

SHA256
f9f6472c9bbd32ff7ae380ac8c6acd9b95b4285fd97911df9dd8ceace5629318

SHA512
91b864bb56a771e9609bf55b7c5f9d1e30f9739e28e3ae86e0901170fa0e674e2278def7d33eb04d27a4005d6065c9a608f257f33e0dc03685a280fe79c43f23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
4e344539a507e8677feab3e86165eed7

SHA1
7f8bea9e1f1f49180419cb6640eec6c9ecb678a2

SHA256
3f9f624aae388403dacc5ccc9f28664168cb4dcd3885566347e14abc11460699

SHA512
b03c43566bcbcb161c9477e2bb8bfc00469a98759d91863ab06b3d9da82d2936df2502b0095575ac10ba5065d8411ca9efc5e85b26b5ebba799485be8c8ef2c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
94b51017dca3cc43e6389fabf7d75bab

SHA1
969a9b0649fae16edc931cd6116840e47114bb88

SHA256
e168e0f86f96a2d0b478abe4db8f429df00562d538ec5fbe8be4f08dfe1b4530

SHA512
c98441a42dbf162f0b3e883e02922b8a58dbe1982c5da97454f5c430a3095251a6eeea19615fd1b85deac336d6af9db92ff8dff06f6d10da3a909654d857adfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
b314dd054bcfc22820b8d8858ad0b90e

SHA1
d2aa5c56e8d14977217801b3da0e46d684108b92

SHA256
dde87b2a7a86a2356af399ced0dfff89dbaea635e942b22e6ebbf99aa91494be

SHA512
067c25f50b26a4f2c3e3cb228f39edb0d92ae0b3ca40b2194a258da0e8cbcb8e208073909d126c26f10381eecd8e097074efc61f236364b4e496bbf2652fd58d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
238f9f55b951609cb83c35ef2846bd90

SHA1
869060325232391e7849269d68aaaddfee1a934a

SHA256
6f01608b2b3dc82c9bf6fca98ee4f80e702279dd2e5a943ae2883a42f334f008

SHA512
cd3c526f88d654bd4654e38f7925f71f94d4ebfe9b3c0fd3d9d5f2d70b68d1db581f819a5cb2b6c5d39813a385a681b1a64c9000261b9c769835cdcdcaabfc3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
1cfff698ff9f6329a5a7e2879f872d22

SHA1
5286a0495a2a19cf4a7cda686033a36978df126a

SHA256
1cee9be4400dc5658e5d723333c319872d65b3d4f40fef01b7da4b20b58ca925

SHA512
9d9d386174f57930818d72343dc5c88382d67efbb41dc70d5f15979ae93bb84e4f541b42433704a49c72c1ab6c6f99b11f66417cc4b336d3ed7118e785b72313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4d0b7b0e2cb7fedaf25388d214af3781

SHA1
319603bacf39523e539264aa974c575299007d6d

SHA256
29050f124e88643324b1a11858d492d8956350111cd07ae835cc7311aa2d1f62

SHA512
3c2f481c31c9bfed171a25df5e89ecdc67afa04b7f41a54782f2e2146f4d4e00ddd02eb23d9ac2a543f60206244d9ae747668810a9f742ddd33cdddf39695e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a7a365873006468fcab715d854ccf3d1

SHA1
cca2984ddfc467dea57a54c7589467123ffb2561

SHA256
c31a6d4c91e5b6f6d29691d8b2b6986183fea8eae78f487dd59242eae843b1c6

SHA512
a18ee74865cd757e71f89e69ef0e82810b55974c1fc000fccc5bd72a0ac0f5e698379f33e25324f64164192d4c62b4e413f013b49cc4c494ca039aeae955c2ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4e8a2d607a5462eddc90ae1332a9e22e

SHA1
4d27071aa91bf79b37483c6a4cd8a0e532096061

SHA256
ce6800e7f95758019127420ffc386ded0111fa3e1bbfc5e6d56ceea8e5dc3328

SHA512
85c417fa78f9f062549355bd0ebae3408e977d9db4d288a7cc004ad138f15b1873e6be60cbbcdcfb3b8bb9e60c9da2f87214ac1d1ad544a2ab3050751e0d0b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
2fa5d3fddfd4bb74ea04b2a235093333

SHA1
6fa99fea56e4a7283a5902694ba4a2655c677ee9

SHA256
ccef9cbe915ffa352fca17cde98e7a7885cb6d6d3b07e675fa05a1a42e4303e4

SHA512
1764d76395804549e3463123318d45423baf5f70d7155b81fd5a9e4fd020132fd21192036bcc1f966fee0dae88544b1a16ecb0306e13223073deec2b823cbc7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
0ea86f6a0e9136fd7f47f1423682ac2f

SHA1
a3b212c7cc53c78f82bb1ca9a87da93a1ee149fc

SHA256
c4d6b562115e97659814d11ed1207652385e014e474b55cf068d49867da415ce

SHA512
cef9d28f67de1b5908597f93a07d98d0f3f122ab5f90584e7afe6b665b605173a98c7c144567e5e525abf27208ac14bfdab463a25301fc51ebc02e6f3818af89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
7f6cfe5712e59a8d7ffa9923d33b6fe4

SHA1
f13324309b644e31da93ceb27d13434f027b1f0d

SHA256
368a98dad172dc82108701634a6bf81753bf73d4335b44217f3414a70327a7b2

SHA512
bf61d13ae74709b31d0380f13caa67c5d01a1037556206f5d6a3b1e9ff69385da227edac38dc91393266c203bb960f9ba3e26604b4878c06562ee23086231229

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f93e0ef45dcefeb7fafeccde7e754394

SHA1
ca3b13ee83d744762d83873c0ceda63465e79af1

SHA256
ae1a440d6dd7f0353949879d0caa2afb2765c94cea775eb8039b63cb5f95b32a

SHA512
73f71aac6873d8bae69d3cf88ebba32da1d9ecf0b329c7ddcbe9f06309d70a561d0a3cb74b0281bdb4e2c355666a391125b5852f54ffcb3488b13c4b61289537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7541ca85cb5e2e00e369bcc5bd5a259e

SHA1
dc1c2fe3908d8ff3b7d6fad205ef1aedf3af1c1b

SHA256
72d1e435e5e7c2fd18e8f1207e6f41f1c6dbeb737d8f3ef089bebfefddd85b45

SHA512
3c397509a7d90d9cd4bf095147234dd2f4edcac471723d4e61c843b56113f64a3b580aed8db5356f62f18f1849dc6cc86bbfeffc208303f719924761277e5f8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
36750ad5f4d0596999ca9ef8c7420f16

SHA1
3f10ad1579090ace76b8faca9db5d2f5f92d9b0a

SHA256
62dce2774e380365b51788cc5e83cab374bab9cb7cc26c6e43a95b4198313179

SHA512
480727399a9b5300335d2f1f47fc1f64307c5eb0e81e8c84de5d5bc2b2e6cf9719e7570e37e04406c3f6982c383d27763fbfebaf85fc78738619712e1155bf7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0132ea9265764df8216629a8d01725b2

SHA1
eb7c07a14c01bd3748361d275f7f6a39b28bf176

SHA256
ee5d5b40493a4e9821598ac9bfbd99c771ed4ee17587dba2e545407eb7f73573

SHA512
0acb3f6b131849755bb63bb0a20b1fc20964cf116f099a12e2ae54e36af8e8e61e637bcc350a2fb27fb929cf3d17195f064b2de323f8ffbd694f1cf7d3c7cd49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
6db7a2fc469e9aef6c69f6c4772a31e5

SHA1
95925181cdec398141b3f317bcea6aceb1e4ee53

SHA256
bd4c36b7cb6413981575be48927b52e33210b17c48f5103a5f6a46d00cf7667f

SHA512
a5f371225341f2c0d90e36ec5338ed2abc7792674eb57b2f523a7bbade7470cb1e83c9ad62601c23f81c5ba3f968a00b16084a5a48bf7ff5681cdad9574721dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
915f219895d5fd622f0ae49b0ef00a98

SHA1
bccae0168a85794e8603bdb35fdd2113586c8ef0

SHA256
292811b50e04084283811b566bd01ab330b500d4418439e306383750c309c97f

SHA512
74dc619b1731f8262f8e38c285b99f03cc58d1232b278069387807a729419c921279a65f0227594fb913c26c34135cc495a6d8fe526d0de3bb0f4fd13665899b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7df57ea4b42e699ad8465c55b5e17b23

SHA1
b9b9c508fb61de4346efe1a64cd4fcfdda986e21

SHA256
1f276f44df455901003f68c8b8a0f8df74c7025877472e331cae524431e72971

SHA512
5851eac656d355a8ca791522423a2f7267d904ac3ecacd624f118129af3d2605ab6e7e3a9a288418bebfa5384c3bbbab2ccd550191c0f5c8833d184d1e9db720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
210B

MD5
1effca3831cc4de6755c464b709adc1a

SHA1
741c88c6aa8febc6109ad66d131093b71b9340a0

SHA256
ace5f0bcdbe74fe99caf8d738572d9e346b5e71f9fba075fa72d1ef9f3c04156

SHA512
5684f135b477db0eb4c10f902a2b42c59722bd87c1fa9e249a3b35c993024208f62eeed927ddbb4424446dc411ed3e22ac85314857fcd422a58d4739a82045da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
351a3ce2c70bb5fd3a9a7fd81f999932

SHA1
678e78140a3951c40dc797f1d830b5bf3d1977ae

SHA256
3343b9ffb30c19e02be47c4816bae1002ab90464efb31155efc673b98ed609f1

SHA512
8bf172280cbdd679eb1b0b90e572d26d236b5d12a9c8dfb8a86b6e2e47e00d678b44a0a1670cb4069beef8f117bf0728186adae236759dc9953ded30058095b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13353336215470000

Filesize
2KB

MD5
a9fca210891afaa43b7305874549ff8d

SHA1
8073bf53ae81bd25f52f971cff86d77f0b78259d

SHA256
a72137506bf127a0812f55d380560c4811b9922ae66e8f2bdc559087aabe4ea8

SHA512
01c7260ee2796a8c2f52c3522794e76c795d6a5fc2c3370746c26b0e7f472c8015ab7bdd09495049a548d5579f9074576ec7f04a2c40223fa7908d0ec001da68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

Filesize
72B

MD5
781e72837236f4b7612193f1da40cffb

SHA1
3c0a01906b35f249a62f3f7769cf002e38aa71dc

SHA256
dfd4d0acaf4cd6eeb8aa82a3a6ec03dc6c7d261da4727081a9b18edeadd2670e

SHA512
3386e6a1d365f136763565131345f33c93fe45eb17714486c0d17281790ee231e6d73e38c4ba1c1820ae365ee0d28bac16f1d8ec767c8897c8556d02c4ea6269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
3394add99a4edc25e38eda382346095c

SHA1
10b25caf2d32450ba3e8a260fa31af5a0af87b93

SHA256
207abadbe180ca59df9eb799887707ac7d00eb00e3ffe0dd6df8a0d6492afdac

SHA512
559ab827d13e4d6931e997d5bfd48273f31b170515f5e6e1e9efed31e7272f5337a0c73feeb7b83d1f71ae6a10d0767b61ac07d9aa1bf0f4a917e60dde8d4dd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
4dec34801cfeaf13d24aa4643697417c

SHA1
c771c1048e9e815871990633503a708a7d3a5b6f

SHA256
969b54c5000fd1a720c3e396863c148e4e2dd44c9c9dce055c7a8707c7242600

SHA512
26b7fce7aa0c8999948b9964036928ee1a4928cef3603c839a9abfa5783da3b16026bd63631032af7bc6cd252bc691095f704f954cd235e9cde1dc1f57de36d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
03b1e4c3ca3b0287d44b755d83079047

SHA1
29af9fa4f79d4c08235ff1bda5e21fcec252cd14

SHA256
a1348e897b61ad3c6c0c906b6f133ee555bc32cace9d59ff3431735b7ff5d4e7

SHA512
9e00176d69058a9d7c2267b1f4158b983b59a7ff22fff1e024b0ba73941aa56fa3bfd2177d9f1dedaa1a697342bc125f08aee411ccf4545f8c049a40c00c7d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
9d6464dc466013ac4dcba323ccb4ccd7

SHA1
a7eea9e0ebe823e5c72924280b0f780889a40a59

SHA256
2b36e673219683bb5acb27e347c303e3c8f05401c1fe0fc367871608f684f078

SHA512
194b401fe3de93ecc09218b10366c7b0d881efbfa2b84e03ed8c549ca35f0b18e13573235f6714557a4e80d1724602901236d74b2ea0bbf45898539065bc5d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
17955c6a1bfe62d0dc5fef82ef990a13

SHA1
c4bc3f9ccf3fa9626c9279ecb1a4cbfbf4a0fcf5

SHA256
1cba135964cd409db09911c7cd4699112622596ff633cea868a83c54088c03a7

SHA512
5fb73bb4f7eb1c9e26f34e5d0f310783c7e629e717760ee38731a52a8e3fba6831d77abf0f37631fed820839a00c9242a582e59266de08d3c92c5c4f83c8e7a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
20ea3fe36eb27d05cf9dbbc406bcb416

SHA1
3ea7fdb6059fbca93a51129db22fecf9a37d99a4

SHA256
bcff52506d64d8d068e4d580710105acb71b1a33e078460162c2ffb79437ef55

SHA512
f8864735eb595a1884c9d964a024e49c6f9d9d51a2ae6d4c1cf8057ff4866301b128757650aa2c992a75c11303b4d3e696f8df25f2df128c21309471f973f3ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
485B

MD5
93798bf56b09b4ced82e56ff4dd3c173

SHA1
28671ef703615720856cb28edb36cf299b9b5158

SHA256
1dea4842c5bc7c019352bd32d2355532b461015437c354d48492505f7d0b155e

SHA512
82b5e53bb2217f72dbbc8f1a532f6a40fb51b549a2ce52c48fbe16f99a1549a552cb77ceff4af716e5e86277e882217beb498cbf1c584708015a457153004364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
123B

MD5
598a6c853c05294ccdfc13b6de6fc583

SHA1
45b61155b34e2ae447ce698675e1ee695e1f4d51

SHA256
1581023a08b2671698681bc6500bd2395fd178b0c620bc49a0f93636ae74e111

SHA512
9a11dfc577853c10e3895c70e294218ef029888a7332e3375508567a83e090dbb514f82c0b94b9b400160e7b9e1b2310bcd1f244f63a0c5060f373ddfe77147a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
9c5301aab2d66d3f9668160240a7c9f7

SHA1
765b433361218a9103fc871792cad93c77dd12e4

SHA256
39b00306dce10d5a5560c91d6b455c3f356245e03ec6be77fcf2067d076b74d0

SHA512
9f6cda7e9910f878ced41d920edcdc9a8a50be6f959215502880c8417ef5f5a935cfde7b0d61aee7b0ff18b63b4640f00bd97d4596eb66d026a522a8834ccd85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
1c0c23649f958fa25b0407c289db12da

SHA1
5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574

SHA256
d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf

SHA512
b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
318B

MD5
1b2c5e880187e9a16b35205761712401

SHA1
2032301e455c32b00cd9e5edee2bf9d893279e64

SHA256
ee079592e5a333bc8272aa0849903b8931deb14f8ce09b6f70e48c188661ad21

SHA512
e6291fbfd43585a7ab86d33942ad38e786db3d113efc6feabdac7d9955806b8e18df8659cbe11336a3aa945a4820392831161d26650a93e1d1e2607cc5cfbbf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
dc4e4b8e4eccac8cca580f5a578ea2df

SHA1
98623a19062aaffb636ce144d29d6c137056b204

SHA256
5f3eb4fd3336b7cc5aefe3d52946090828cee07421c8ebe0e3c919a945ed5978

SHA512
38c190a2aa5aa61bac043d6d51911a34df803c90e1ca62041ec94bd36b483244e7cd3346013a5701e67ae77799974625aa37b23a64b86ce8cfbdf1b5b63f0c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
d5842b6fb90a67708c353f0f3a33be85

SHA1
48a9e06c9bcf2791ac6376622d6dea179689255e

SHA256
c63523f14d423eee3b43947283056d5219edd0c63318007b1b876e24ab101d03

SHA512
1a5f288211bfdceedc802fe9de9cda4596d3db06222a742600a67262671f5084feb4ac797d39a10c02854590f680d47df39cd81bd41312a0807db597beabbaec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
6894cc6b92681689ae5a636e9c09745a

SHA1
65b47a7ebd141b588d8ad9548084b3aad1ef2f94

SHA256
e19e3f664b5aac9e11b1d378c5a2f6aefc8793f565d36fbee945920da211409e

SHA512
f91f93ab73bbfcc2d7e5209c997f17e0cfcebe07b52822497aed71da497af8571e0f84fb7ada56bd5d43ccc2f5e1842377c773a41e0ad09fcd36a81c9dbcd02a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
4367ba9ae42e9f537302b52343783112

SHA1
40f71e7a45ac705441c3e073dd9c6c68692b7008

SHA256
854fb7a8bfcbdd9d787ab219149e1a773eefae572816c8647f1f453dc20c07a9

SHA512
11e2b31aca0dc7118b147348f1df7f6892a725b6726db8b6fc7749d9f88007ae54022c26c920d5b9d2130777ec6ae54b3a0d6e77a7127554496a891423155814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f5e9d0ab7ffb252fa3026ac2e413f711

SHA1
05d1e64e0edadd627761dbf1b57f5129ff4d196a

SHA256
49d576ef635fe9c5bd3ea6a240ad1acbc5663a36698461cf3a3ef2a6b59677f8

SHA512
27b36c0a132369828b63e4342b793752a3f7045c00c3e796019db5fe0abf2569947190e39226f7fff56e1a9fb8c3b8290f66b5b2b9a8b1c917e6b0385a4d4894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b58fcc27-f905-4981-802c-e715ce9445d9.tmp

Filesize
257KB

MD5
445108f8bcc7d42537595b447d14894f

SHA1
039c5339a2dd411aef717bc6e9b140777f9ca67a

SHA256
54f50cbd419b3b5a8c0f6d4fb28c5efd61085f5213c8361f9d7359c8d869aa71

SHA512
97f59dc76d91a2f8d2be6e5d103c8363bee6ce06391e9c849417c177cbb3131ca4cad442795670663657502b1a561c12af263818fdae6476318f4af22fbe4a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit