cbd06603e2969af667aca05c7eacd89c8206447dac979a2817e5731079731b65

Analysis

max time kernel
20s
max time network
154s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/04/2024, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GenshinImpact_install_ua_6e5bfc323218.exe
Size

141.1MB
MD5

33efe69a2ef40cffef7781c58d09fe24
SHA1

438d407abaf1bae466fd1378cd2fa63e634c7a72
SHA256

cbd06603e2969af667aca05c7eacd89c8206447dac979a2817e5731079731b65
SHA512

12337eb3d14ed55a1323df4936424ab603dc495415ab5a3bd845775937d3009323d3a2680d0fac519aaf5ba20b871ca7a5b3a76838afdaf8118e3af96b247867
SSDEEP

3145728:9lb/uyMBKKU5FQr7HODgH6dmpnVEZuoTj03zMgRdPlgA2c+Z:zXGKfFRo6d2V0TjuMWdPea+Z

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GenshinImpact_install_ua_6e5bfc323218.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GenshinImpact_install_ua_6e5bfc323218.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	GenshinImpact_install_ua_6e5bfc323218.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GenshinImpact_install_ua_6e5bfc323218.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2032	GenshinImpact_install_ua_6e5bfc323218.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2380	chrome.exe
2380	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2032	GenshinImpact_install_ua_6e5bfc323218.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe
Token: SeShutdownPrivilege	2380	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe
2380	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2032	GenshinImpact_install_ua_6e5bfc323218.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2400	2380	chrome.exe	29
PID 2380 wrote to memory of 2400	2380	chrome.exe	29
PID 2380 wrote to memory of 2400	2380	chrome.exe	29
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2488	2380	chrome.exe	31
PID 2380 wrote to memory of 2868	2380	chrome.exe	32
PID 2380 wrote to memory of 2868	2380	chrome.exe	32
PID 2380 wrote to memory of 2868	2380	chrome.exe	32
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33
PID 2380 wrote to memory of 2056	2380	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\GenshinImpact_install_ua_6e5bfc323218.exe
"C:\Users\Admin\AppData\Local\Temp\GenshinImpact_install_ua_6e5bfc323218.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5929758,0x7fef5929768,0x7fef5929778
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:2
  2⤵
  PID:2488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1460 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:8
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:1
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1596 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:2
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1256 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:1
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3504 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3784 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3944 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4100 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2540 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:1
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3888 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4128 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2284 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4008 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2100 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4128 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1084 --field-trial-handle=1372,i,3530105771574799152,17361012302529310586,131072 /prefetch:1
  2⤵
  PID:1248

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5929758,0x7fef5929768,0x7fef5929778
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1296,i,8919469242048915513,11048290172773163143,131072 /prefetch:2
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1356 --field-trial-handle=1296,i,8919469242048915513,11048290172773163143,131072 /prefetch:8
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1296,i,8919469242048915513,11048290172773163143,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1296,i,8919469242048915513,11048290172773163143,131072 /prefetch:1
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1296,i,8919469242048915513,11048290172773163143,131072 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1600 --field-trial-handle=1296,i,8919469242048915513,11048290172773163143,131072 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3188 --field-trial-handle=1296,i,8919469242048915513,11048290172773163143,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3360 --field-trial-handle=1296,i,8919469242048915513,11048290172773163143,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3412 --field-trial-handle=1296,i,8919469242048915513,11048290172773163143,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2780 --field-trial-handle=1296,i,8919469242048915513,11048290172773163143,131072 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3912 --field-trial-handle=1296,i,8919469242048915513,11048290172773163143,131072 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3696 --field-trial-handle=1296,i,8919469242048915513,11048290172773163143,131072 /prefetch:1
  2⤵
  PID:848

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
562b8e1d5dc8e3f27fde1b259593f4e8

SHA1
ea06931f6ccf8eb4776ddbf787fc8e7bb985b3bd

SHA256
92c7753bddc302b8ba51f6d0d5eee8a6f7ca85dcda62b7b16960798998504ff8

SHA512
57071ce24f1c12bedb3208a6a893cb612ceadb3c985d759e88237118bcdbaf61c175e65419d1a36786a61c3d027a944022b849f7355c97aa4a3f82dd7a87c13c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
733b9cada3d91da05548d0e9f734aa03

SHA1
0e3c7ce9e7263d0d37c162b8251163ccc637a958

SHA256
3462c95f9e43c61ac9a18dccf95b4738bf43645e457343e8d0e46c95e02ccc85

SHA512
1e378fbb0c0f9843fcc2667e4ab3ad9e060bebfa9571263e549fd3bd029766ddd726ade2d878f04f02f0e3fa3e06c95fc30e1be3d55b37a4b6d06439eac573ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
097b84b691f034c6ef71930df18d939f

SHA1
532533678f11295b499015463d0779ff81e5318e

SHA256
7ae604e14ddd62b5dc42412f0afd8a4e278a341bc45dcbd02dfe55cccf920ad5

SHA512
18ab8319a43f9df5369f9ae639b50e431546188d6b8feae69eef14972dd76171e9a77961c6c2a11428a5df6093bd55f73a929c8cc4f2f6e6fcc1943b2c1096c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5d8c7021-4aaa-4c0e-bc95-9430586d5e88.tmp

Filesize
140KB

MD5
8fa424a71130221545a71edb4d264fa4

SHA1
1f8239c0f3568817a6ebf97448f89c5f24e3d7fa

SHA256
99bc6bdc2050e1e4608d4205f8c4ac166f2cb4a212995c823100776fd965af35

SHA512
42f49d57da773cbac45e59c78696599da47de8f063d6c824fa04105e47b27a8f1953894f02c5c42cc0bd00bd546d15a059554a0e07c64b42e74b3008ed19730d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
cc224701d3988dd5549f5d4adbf10fe4

SHA1
bf7837f102c82b785f087208d907c86f3de96bb4

SHA256
ab4b477c15da3d33fd048de6a07bc97f38cb55f647a7cbb9c39ccbe56e18cb21

SHA512
da48b8a59c7a8434d277f18dff52557066aea503d889b4c06a840e0412afc0732ad8958a95f5d14d92b7cbf503ae0d1a32c5da87027c5df69591e85a973724d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\28a846fc-eb9b-46ed-b5aa-6905a5f878d0.tmp

Filesize
8KB

MD5
fd2f31488a64618c2818aa430bab7547

SHA1
b2932e15a7fefb6e756acc64e1e9b9756bce548a

SHA256
8c79d8fc470c0c4ae83f240cade70e63a658acb4bd5c2a16d01b51796c21b4f0

SHA512
c595840c8b6a6db32e562b22ad4edd383169c026b05ad19e4ba0d0acc0cc49c7f9c7dc4e0c9c1759c6a57a0ce1a1193e25703fdbc9efbd51a9f006dd6d7a26bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
1024KB

MD5
6c1284b3860ba6930d7307cf81731979

SHA1
b4551c519bbbe4160c39140523072304f9725610

SHA256
bf2d03a5ed63547fa6686741b6ffc1c01b0ae55545909bc32c09ba51802a1425

SHA512
16c7c0f7be64e6aac973f531d11ce169ff02bcd8655b185fb0ac311761f7c863f7df021ec948afa159a69a74e2aea816666f33127bf6a6c9ff5f08b58e3ff3d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
d35cb77194d5cc55588e6c78de11f3fe

SHA1
575c2c75f97ae8b0c5e35e197cbbdfc72427a7f5

SHA256
cd3f2e61af7b7f1fb5e219b502f4597a41eb13d5783cbe4b109e3d0d1fa56315

SHA512
bd0230e4b51730d72f3a6031174e75618f0ee1dbbb327c00d055baf94d4ebb843404cc6bf935ae3b836dd593b59c11acd5a406964cbde27097bac4277d394635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
d862ac44546680b3dcfa6f1555721034

SHA1
e1fe2de0970445065e4267db17f5d65cf48bfc3c

SHA256
9ee7409c3b1979cbb7883f6b2d3133ad65418f0d465ec6161ecdbc70df9bc003

SHA512
33dca4c9a7ec323c740f2b8657809f9718217e6ff85c333a5a435edbdd70a3bba051f4e54a2c4cfc29f1ac6c67d350b448fe5c5abf877f9f56810a91af8568b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
d98f194894cce524071733c91c43edac

SHA1
3f98440449fd1511c5968c68b4b111a0c0037233

SHA256
f7e43153baab6ab8bc02ccc5ce5e3adbeaa26f1df168f8bb8ebc7d92e9325820

SHA512
3c7cba943d6420910d371d6b91e4d19c4d90fa75f027eac6d06f9071d3e0c49bd7063521e640c991cf8ea3875f04a12802a4fa2e81a747259c6fa6a9d08cad68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
7ee69995c73ac0b4d787f5ad44bbd262

SHA1
aaa3dd76dd600f6da24afa83d2c9a4ad15d25c55

SHA256
4c4fc3254ef922df4e82296f3076ec6564241ab1266c1f4ddd91b9a1b454a5ea

SHA512
819c85da0790e9b7661596cd5361c3a2ad8cd8a1bbbaa80971c9326a8f43b75740a8c36a76c1d24be13b98652aab6a2e4574c28d59a2449d9e645a1955c6e075

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
fe41f1bcd843490b5ee9025a515c110b

SHA1
2bce8eb48c90cdc99a9dfd0cc58357b8094fcf82

SHA256
52149dbc20ce84a0ce4de14af426c3f44551dae10d475ff58b40fd79473a7d1c

SHA512
9d40e4af958dff204db41653a4422749ea8a296e80c65431b269c745051be96447a4a97fb1de918a6c9e69e8179d4cdef2a4722ba793d85ffa7decad6131ff38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
803ef5370c8f228501ad2c0295ac669c

SHA1
190dc3966687655961132f397f17d44c37abe11e

SHA256
eeebb8309de9262b7bf2b16e88865128c4f31fe97da0dcb72605687f344d70f5

SHA512
a9c2326fb20c5b090cf54a43bb347991e7a9cd387a4acb59a3660cfdb50eed079957c58b5cf1cbaa0d49cfec6e61b1dfc55b8b3008c116112a2185a9a11172a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
052015c4a5f995b21df60d1075032e7f

SHA1
04ec742e1cafdd8d087f46cc80a838fbd3c602be

SHA256
591da01b377791b88fc1c66832b6c6ab131a52b4ad279bdd35ead0b2c4129892

SHA512
5cbd51da25262b2e92cfcfd18ccc51f2112217a1e2c83a6fb8d62540710c98fb52009663eb3178553156fb3bf78b1318ece7e8848f13030248eea5d102d6fb1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
364B

MD5
ee14b0aee7ee6d98574e4fef27011a50

SHA1
c0e698ce251c1dcda1d640dade1c142d4f22c6aa

SHA256
85aa1e8488a28a6e494085bcb2f55c41815ee85d5fb625d344782567bac47bc9

SHA512
378d31f830887ca2e852e3e3c5ea7af5f477964151dd9fce5d310cdac29d57f9d142811977e9f164d17c92528a0242db287544c43d5fc576d1a18ead77013296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
56164c6149d42eb9cfbb19213f3adb6a

SHA1
1f4fef7baeecad8b20d2c62beb377d18828f46ea

SHA256
231d07183005a8cb0cd146d1e7ad067c9c55224ae44d2153dcbdfd307c08920a

SHA512
ef386cfd9028d6effb1ca3509a112c924aff770e09f0aa5af670bbf7ae7e8244a6b9be023798fb561d0442ef3715647548288097c6ffe1970f1796c1deb46412

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bb87e6230ffbdf3e8ef9f326737cd777

SHA1
3d979dd96556722ef9d4efa84ae17a2bc716a2f1

SHA256
93a03c4dbdb309823b48c163331d2dd9f7c63d395bb577949f68cae72fc17b47

SHA512
4d0943fa848008631576eed768a09548c6d7172d08b101cc16b4e61ddd938fc8210bbed2dc7a79d8bc5a4dc1e2fb7b8a90d9f0b164cee0b929c4533af36f097c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
9ac4df338d06e99acbda842091b25022

SHA1
1d4de8e03e5deb271468f81722c5b789f407605a

SHA256
80316b4c9c9c830c8ff3b6a7af232065a677630df535b23e579e457375d5206d

SHA512
acefd08b6f4465edc06abe9bba311be1da93618adab235f18de9e82900abb3b0a742b4f04bf41dc0e5e28e28a29778b33b57173f35c279ed1ec1872fae9147cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13358638439604400

Filesize
14KB

MD5
2857f88309756cbcff48f4470dfbcd4f

SHA1
9e22301f4defa0565859eaf426541c8f4ab4b22d

SHA256
ef6cec27a66f3d930b8c7380ac6f5449347cae3fa71ebe2ac62eb4b7c27eeffc

SHA512
5b1719dde41f57f970da0b49725b69d6c0aa2c7906707a30323495c0687c2ef460a4bbbc4b1097978a206a498985cc867ad8332c337feb2c26d50007d7d6fcae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

Filesize
72B

MD5
d60b9de46412d239e390fe778e50f375

SHA1
f3ce85dc976ed368c23206c84847d5476e206b74

SHA256
8340444581056022c5bbc721424f3bcaa8b1b6a86e37c04a7619c7be53189110

SHA512
f81fe9bc8b0e27b9fc6af5c283670eb6ce6e71f3a6f1ffdf956a4befe4673a851ac88b772fc15e6c8973da63b23f77ddc2be2857bf9a64630579f637e9f3b0e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
1122f622c9937e76cd5b9e44a57f38b4

SHA1
13e3e9575db2e89d8f36000c3ce111dbaaa7350a

SHA256
d93aa917bfa9088db26f27319a942f2f5fe083b23812237f3477f04308c1d96b

SHA512
d0af0bae6b18e6d60810dcce8df465bf089e0293e089f5fab82ae65da64cd637f4d2f9d691507130b600d1c74036725a93b3122270d2e9d4fbe22859c1694190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
1a4ca9070765cb8eb3320588d6b0b6bd

SHA1
dfa85e85c97ec3fbebf9348ce66dfa79f28574dc

SHA256
92682e86819a76399c791eb4a6f66bc4aa51ee1e044178459406e9a97618c0f7

SHA512
905bc0730aa625d7227ae7a8a3b99cb058039b8d9a1c602eaad9091b642ef9a6c012bb14a255001651d3a56e8ff50cdffd500a317a0455c8b50109c53f9ac599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
894a6f85ffb1ffe2efa3a71252b41dd2

SHA1
004c8c7ef0edadba5020eaea2a59234493fb39ba

SHA256
1a11fa443a9c5276f83ffb7498a8731b48448ddad02dd5bf2857ac46616c0510

SHA512
311ce543e4829a598d6f6e92f9692bc0ccb291279d78d753e36db110efdeb6f5e6680d1558ccc23ac890f844585bc008e9c7d15fb3b35c69e97eb03638c2a63a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
1f43b100d1fd3074126d48d3b2927df5

SHA1
4b865735d4a73226f2baf0a699192a383a45e64e

SHA256
f6df475c24867deee6b6b0eb61c436b25796d9a227414a491d49301bdfd9620b

SHA512
2ec0cc0059146397413d2c543269b4fca4707dd978b3a807c99d822eb1e87368696246ea7d75026451d95b6fcfdbc30856df30b54e160b6338dee75085f138ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
f9b398adaa849beec315e5f6f0bee834

SHA1
e24fb84ed0adccb30cc05c0129115d582e5e98e5

SHA256
1e6c50f9e61028b66f8c19f8fd6f2d60c40fee3602397f1f47188ce9813d6257

SHA512
b37ff594d12159f36368f1529f1069e9b61b820fa94ae567084a9944abcc4c5eaa4c037eb236f3198b649ba989a628571caceda98404aa05b8cfaebe45d5758f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
49ffa72d34a2468dc360186de2483837

SHA1
4359f44245eaea893b50a236224c9506f3388996

SHA256
217b1fc939dc810d4355d950a58ff2839ff568035af5c23ecb9a0d2a7bac1182

SHA512
71fc234b79d42f5591efa7b851046e399935d3eaeb12cc92542bbb3d119df789c8605fbda7eb00ae2601d6f568213e45c778f7aaccc1047a98f93123e58a81c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bdeeb409-3506-495a-86e9-890cc978b1dd.tmp

Filesize
8KB

MD5
8088327830188a0f9d38b4870d7e5fb9

SHA1
d48a12d7b30f77fb6db9e6b38835b3dde8cac133

SHA256
218f469184ec0b4ecf4ab4328c41a4a09a9796dbc761dc4468c8f54cee339f78

SHA512
8ce54fb865067a12405b504abf6fb595a3fc7e94d3ddd485f02f6a0f9c066fb75b529b7311abb09c53d25b45b65814d62fcd5f62c6ba7ef06a0ce04df5b6dae9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
490B

MD5
3d5eadbaba945cb5ef0edeaec340810f

SHA1
1b50556962887f60459e9064fd0da8cf9449f80c

SHA256
a31778f28b6e8b5e53fc116386f88a9e234ed98618f0b269129f9cafad9a1b22

SHA512
b2fbe5bc3dcf9ccc7e559ec69cfbd987ce3fbed4d91eae4cb4172513d8d9121569f49533ceeaf8be9eccc1025d2ae202a4894e41cb7ea3fec0389ab642145e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
236B

MD5
2424725a30625cf9850cc1ac5f6e72e7

SHA1
f4dd6caddc3ccf49fe3736a9c450940589e98fe0

SHA256
7f4cc84b582efae796b163a22e7e7be325983efddec570cf4485c418b8757bd5

SHA512
76664f95157e410815ca97ced2a14a9a7b37081d91eab8bfe41d4155fe1f73276a13df4e98628a50347705a5b394e92ba24699934c51c864d00c8d1ad946b996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
497b927a4c829b4f33cbec3ad682251f

SHA1
c7c6acb3df6c9e65a1bb525e88dee08f9d2d5d19

SHA256
36d8849b80b35f64f347bc8ef9251f6403bdb8354cbe8a663de756177016c3ff

SHA512
87ea378a909561d5f96a476617995ead0fd4faaf036bd1bbee0d2170a8919926bad2236b8a530c6bff000b573fbb2d0866a7c9681581e904735a16cf9f0e8663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
975b3c5265382a037d55911149eec8ea

SHA1
1e3d42c04d9094936c3143c9db29246ad3f1c954

SHA256
d603b3c5ed3340f8e2002882784bdb2f1af0b5508d32f30a854e9658c69801b4

SHA512
97e0f5e34666eafd974f00a86bc560748d0b871cec7f515309e10aa1117f992c9d43b3b93a565eaf08ea681de67d64980b01aad998be84f12fd362039423bd1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
315B

MD5
8c1fb36d3c7ee91e0c233f1b200c9cd7

SHA1
061f19745082eb9005d6b3bee4fb24e9430e4eb2

SHA256
c20299a010be1fccb035e7c148b89ee651236b1088111d541f8236cfc5e3e73f

SHA512
ccb5d38d04af52ea49cc666a646e5532005bee3a40fcfe0b8fae840d1749f7a617fbe7dbed5b0b2b91cfd9d26fa847418511d20dc6a444ca8ec5c7c4bb2ea305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
12275f46db968e27e4edb23a4517904d

SHA1
1bd41f5f55dc8532c45c5ed91bd0823deabe3d3a

SHA256
0b9769e63620205002586d7dbefa19d6c3573ffa65bc86eb49113ec271feea4a

SHA512
084364c331be5c6b8c537a6c56b732ccdbb45f0d74a1e0ed89ac195e9ae43e15f15c953e3ed188990f0abb7e0e6456fa4b6b34562a02c180f7c061a7728c8b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
e969dce48fdd27c12cb6ab575254b052

SHA1
e78fd832ebae9fb3510584d2df4311fe19a3f66b

SHA256
79edaf969fd6e78105fe35620216d3f9ce9a44680e55190d7ca4a69d7be61c2e

SHA512
41b95e145a6a35754476207a1a64495e634f62f2c9e539a722415095146b481c3900ffba6046bfbd2ba78252a8d0058472cb978b3e7323b8947cd35c8ddb29cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
1c2107d4e3c80dadb6b349e42a419049

SHA1
b38b68088655a66e4b2111ca3728182fa63f9d04

SHA256
6c8a27990ff1de53260117dd8a16297f7412a238b2e508336745f3c051daedbe

SHA512
66d8dcce40e3dc33ef7a9a5d79ecd299ad598bf411a038425a1ab526742d154cc48285bd530e99a6b79ed9fe4f296a1c829891992bb350161642d40d3f6ddde5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
9f142249351a6186af9fe0b881e6a4bd

SHA1
a6072b12f8a3ab3c890e8d6d3d8c01bc021d96cf

SHA256
4582dd3eaa4c5c451d71a5ef86ca73add9936f1f2b0a40a80ead0e3181ab9c4a

SHA512
8cd92ca20951adf118df587b625cd60c491d3e52b7bce30b1676921bd542f6e483a6c73e7fcbce37db6f7538029fd9eaee2f20d56bb45a8f7dbd677b6d71d5d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
b0c0d2581fceca04d6e654fea9e2c487

SHA1
334cc1e7a7b3d7b0e4614a9637b6f411f4d3b4b9

SHA256
73af163b6e495a7c35d7e6d07efb55b5404b4ceb7016b0bb5b19d29cfbaabcd9

SHA512
d963e3d29c0474e45b0dbd94b01781b15103fd14c93c9e3f8a2308c286bafd857ee492a171d329fdbcb54464d601fcb53d0364246789ca4f09a3a5ab0605c89d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b0546eb4f763b8327ae26a0201f93b93

SHA1
ae22716e7bfac0d836f043835d04185437c07d9d

SHA256
82a8ba46d5585b78c63b644aeb791236c423f238d7c6116d66121e0d99f2bd0c

SHA512
4b3795bb4e6cc2873d7d79c53f8efb8bef029f15f98040bc72a573239139ef3366c8637a097ac5a999d9911c602ea038bf61bef98582f9eac94ed08fa8555827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB550.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
memory/2032-99-0x0000000000320000-0x000000000032A000-memory.dmp

Filesize
40KB

Download
memory/2032-98-0x0000000000320000-0x000000000032A000-memory.dmp

Filesize
40KB

Download
memory/2032-0-0x0000000000320000-0x000000000032A000-memory.dmp

Filesize
40KB

Download
memory/2032-637-0x0000000000320000-0x0000000000322000-memory.dmp

Filesize
8KB

Download
memory/2032-1-0x0000000000320000-0x000000000032A000-memory.dmp

Filesize
40KB

Download