dc0826657a005009f43bdc3a0933d08352f8b22b2b9b961697a2db6e9913e871

Analysis

max time kernel
149s
max time network
148s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
22-05-2024 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VencordInstaller.exe
Size

9.9MB
MD5

1b8ee61ddcfd1d425821d76ea54ca829
SHA1

f8daf2bea3d4a6bfc99455d69c3754054de3baa5
SHA256

dc0826657a005009f43bdc3a0933d08352f8b22b2b9b961697a2db6e9913e871
SHA512

75ba16ddc75564e84f5d248326908065942ad50631ec30d7952069caee15b8c5411a8802d25d38e9d80e042f1dde97a0326f4ab4f1c90f8e4b81396ca69c229a
SSDEEP

98304:jmPUf5A91QP5oToUsbeRwcyHekFeSpc12EKw+KVktWHBLmpTN5huJd3kMerGpNTt:SqqQP5oKswpLi3gOW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608148021903610"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

4060 vlc.exe
Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

chrome.exechrome.exe

pid process

4212 chrome.exe
4212 chrome.exe
4116 chrome.exe
4116 chrome.exe
4116 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

4060 vlc.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exechrome.exe

pid process

4212 chrome.exe
4212 chrome.exe
4212 chrome.exe
4116 chrome.exe
4116 chrome.exe
4116 chrome.exe
4116 chrome.exe
4116 chrome.exe
4116 chrome.exe

pid	process
4060	vlc.exe

pid	process
4060	vlc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exechrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4212	chrome.exe
Token: SeCreatePagefilePrivilege	4212	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: 33	392	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	392	AUDIODG.EXE
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe
Token: SeShutdownPrivilege	4116	chrome.exe
Token: SeCreatePagefilePrivilege	4116	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

Processes:

chrome.exevlc.exechrome.exe

pid	process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4060	vlc.exe
4060	vlc.exe
4060	vlc.exe
4060	vlc.exe
4060	vlc.exe
4060	vlc.exe
4060	vlc.exe
4060	vlc.exe
4060	vlc.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

Processes:

chrome.exevlc.exechrome.exe

pid	process
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4212	chrome.exe
4060	vlc.exe
4060	vlc.exe
4060	vlc.exe
4060	vlc.exe
4060	vlc.exe
4060	vlc.exe
4060	vlc.exe
4060	vlc.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe
4116	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

VencordInstaller.exevlc.exe

pid process

824 VencordInstaller.exe
4060 vlc.exe

pid	process
824	VencordInstaller.exe
4060	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 200	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4660	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4228	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 4228	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe
PID 4212 wrote to memory of 640	4212	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\VencordInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\VencordInstaller.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffca6519758,0x7ffca6519768,0x7ffca6519778
2⤵
PID:200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1764,i,8726004985492525263,8531232570068529003,131072 /prefetch:2
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1988 --field-trial-handle=1764,i,8726004985492525263,8531232570068529003,131072 /prefetch:8
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1764,i,8726004985492525263,8531232570068529003,131072 /prefetch:8
2⤵
PID:640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1764,i,8726004985492525263,8531232570068529003,131072 /prefetch:1
2⤵
PID:3812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1764,i,8726004985492525263,8531232570068529003,131072 /prefetch:1
2⤵
PID:2788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3552 --field-trial-handle=1764,i,8726004985492525263,8531232570068529003,131072 /prefetch:1
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1764,i,8726004985492525263,8531232570068529003,131072 /prefetch:8
2⤵
PID:1044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1764,i,8726004985492525263,8531232570068529003,131072 /prefetch:8
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4352

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GrantRequest.m4a"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ffca6519758,0x7ffca6519768,0x7ffca6519778
2⤵
PID:1324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:2
2⤵
PID:784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:8
2⤵
PID:1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:8
2⤵
PID:1908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2880 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:1
2⤵
PID:3616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2888 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:1
2⤵
PID:396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:1
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:8
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:8
2⤵
PID:4004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:8
2⤵
PID:4628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:8
2⤵
PID:5072

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:3124

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x254,0x258,0x25c,0x228,0x260,0x7ff691aa7688,0x7ff691aa7698,0x7ff691aa76a8
3⤵
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:8
2⤵
PID:3468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4952 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:1
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3064 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:1
2⤵
PID:3456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2956 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:8
2⤵
PID:2284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5196 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:8
2⤵
PID:704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:8
2⤵
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4724 --field-trial-handle=1864,i,15374619801455779975,775378151658782331,131072 /prefetch:1
2⤵
PID:1792

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2168

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c86640aaa33658aa24db5a9e946108b5

SHA1
42a8819c961a6db7e165a84bab0781ef72e71d81

SHA256
bad1ea3662cf7bbc1c20e838088b1b20eb1cdc6060eff54f7513c67a6bfd0717

SHA512
5fea5255ffee9a38d99ff112b0ccadccc5c08458ba90d91655a92bbfdb83d921188bd1952893c934467d211b10e6b9f89ae8b4a5fe1a3db1124641f86897fc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
f2adb074a87aa7e5c8b627ad6b0af076

SHA1
bfdaff538da47c45ff02747d9db301eab65d28ba

SHA256
939f9d1fb5f27344e12bd834fdd4c75062047f02cd75bc82627c938236bcb7a2

SHA512
2795bd08c3e0212be190dc8721ecc3000321b2e356020447da3d060592877cea72c827b5935ea2d51a8bfd30a56cb65a31c2fe41365a53df34e1717451eee9d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
9d5652a05b375909d3b58f4a0aa5eb71

SHA1
6398b12eee41b03780d9364ee0d60fedb6998065

SHA256
7b2d8862eb59aed8bf295174ee155cffbf3f75d056a7deebb6fe4e829bb38872

SHA512
1d22e36e30c90a9574a84b127d1e3d6d596ac192f6e0796ae25bc56391dba1491050eaa6a71d70336fe1c9a100f5e091bb3986f52c6f32c14a8571a92fd38fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
cae2d8e1569462c3e1d57a2ae9d5b3ed

SHA1
101a3ffe40112510ed5feee7329e3a3b0c67c2f1

SHA256
f5fa7e5d903821deb3bd474eb8f8598682f7f52494a3f40686492e292989df68

SHA512
9bbab6395880787b02ab5ab9453861c1aae2396aaf434e323ad252c8c18d301c11b9952ede33c2f74bd974030ea4133af3b2cd7d31e366f06e8c4067c0a9c093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
34KB

MD5
1a87bfb0d5828f374efe094c6e5e12fe

SHA1
285216603e9c1ff9a0cc5506032913a79b0f2ce7

SHA256
e506717323ce42a540ba788a9accd0b165fff140e3a2ab571df896f74a1ca081

SHA512
abc8c691531343af63e3003dcbac723d1696c991ea5618a35b02fdbb9e572b36019b7980179735a8d36d9b22593f95e0de4cf44d846554501d8234daa75d946c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
59KB

MD5
7626aade5004330bfb65f1e1f790df0c

SHA1
97dca3e04f19cfe55b010c13f10a81ffe8b8374b

SHA256
cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e

SHA512
f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
221KB

MD5
cd7add502747d5cd71191c40bdc89818

SHA1
625657ac245bf1ba2c39ecec869a656ad012a43d

SHA256
79345cc558c36444a7d93dbfab7c46af623725961af81b00dc24d225bd102523

SHA512
d024f58c7cb45dcc378dfe2975b66be3cd0069be0e30e4ca96ea01a4b8cb10dc3a817844f98bf21e66b14085902e5ed01e6c510c7c0295d926952b36050e1fc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
20KB

MD5
f218c31d967d7d050e360b26b39df4c3

SHA1
3a03e2ae75080ef0755bf1a1131640e3ed773d1d

SHA256
791410a89899725c497f590cb9138f238713dcf1b318340c18cf0682d52b63aa

SHA512
f97d6fa798fbfa27b3578777d938c327a0b1ea1379c4e0d50d640e4682fdd88dc210d30432320140d5ebdfb6ef721f0b844801a81305c877cba1d3e05d0097c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
46KB

MD5
77e80163afc68a70c09233f24c52f560

SHA1
03cfd9726d36b43c3b139ebcbe95c5a28ba5a953

SHA256
acd729fdd132db79dc7a270cd50e19f5b7504b880936c2e77c20e5caeaec06a5

SHA512
fe3456727a5d66fe47c89532141af464a14b3c0985c843c33018a2cde9b81bc1debd5cc201ce4dfaeaeb754236a258f45d666d9c905479c8f30df45b286462d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
32KB

MD5
34ed8f9efeb4520fbd44096b423220f2

SHA1
eb5d978ce2d5211bc64b3f81312cb3214a175401

SHA256
65c30cc1a3bc06aad9b5b2d98d456e9161b137624597cefc10c64695fe9b63be

SHA512
c8d4ffc31eb9aa5c84b154c789c0ac9b2f04144b2b9f08f648beea7e48a51e57c75cb05c6ab85fc8a3915832526eed19de5f5b5914282a8ddbb1d8d5147110dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
32KB

MD5
871805aa009751bf56fcb5ba760d6a5e

SHA1
f3e7b13552ad9bd55b4f0a6555c681340a7a4ba9

SHA256
75e9859b2dff4408ac01081c83a2dd4c721bc49b87a949448261d6006fd72733

SHA512
6389e9dd9837d6ab20e1f6fb76dd6ba6474c1cb3ee29526b7e4582ee0d316b10fe983a0cb71df52e6a7f05536a35bd694fe4c3df84c9ea25bb112602e13f6109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
cd8b3be1c438f06b681314ffb3268078

SHA1
cbff789c093f74c4e9d70bc40a0887c6bf74c6ab

SHA256
b83ee882b0bc4260ede4b5bf677d08ba9350c8a8a58c901f32c47d22559ea049

SHA512
260956262c8cd32c713486a1c4784ed427e79b8a9ab9c590f00bc342f43ec07430857997dfd1f5b1add1029d31e549287ea24bb540623d3d63b15b0d1ded4107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
fa551f86904a914b3e8caa2a1c454d82

SHA1
3b9dc7dfa82dbcd183c16029688b813d7a66a11c

SHA256
3c63165a686e84e23ff3e5946f428e9496fd47d13a79703b641dc4524dd255dc

SHA512
3bfbe1a457fa0765a76c0a4c80528e29c64c43440bd8439953ae544c7d2f078361fa72bee85b1d1fc852167a255ff83cf0ef4d2893d2dca4399627476c9798dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
20206c3cebb877d33f9fcc3f63665477

SHA1
323175644a22d4b4913f3d1636230004e6a03b5e

SHA256
a8212e2da07c6f6ea93924362c3171b7904964140ed18278bb354fbbaa3e83c1

SHA512
df42fc6258c13c84b0c495edc2d3329a5e261a588910bd9c9de4cd1fb956d56cac1247d54dd2825a4ec9a06f420b63afe6bd5e92bc191dd5bef6724a060c92cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2149a6b32ab43222bd90412bbb9c6b3e

SHA1
d544a54c41b1d3ea46d700e7d9757d4c4ab6fbf7

SHA256
ca9a2b5a05e2d2b4827f39560eeff0caf7bc250d2a424f63517e002522dd07f2

SHA512
ef028c1291636d1e607b23732d25e2dab6e048ee35e365913b6d5f144187e9ee458c0f9fac78ea9d1a26cd4211110ea13a32352063a385621fba7a3756ccab25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
65d8110af32a982ece0315af3197c9fc

SHA1
09c18f3dbe8bf02cd5513321b6d249f14c239f3f

SHA256
ce2ae4b46ae2723bcf884a97db59afa50716ae7f8bceb45d645c39e9ba604955

SHA512
5edc3817e93d96ccc561884c4fdf2925126484e3d5f404abbfd57a698434906745eb1b6bb4f6051da21187616d42edb2b8ffc13cbd8f259d2066caf1410fec0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL-journal

Filesize
8KB

MD5
89c5f5c4ff7dbf1ee053d5badbeb090f

SHA1
2e12c6114de22a9248016b684c2e79f3da47978e

SHA256
b9efa8fef065ef18d42d4e1879e58fa7b47dececb0d8d84807d01b5ea442e80b

SHA512
cacefd3b894761056a35af5807be97374abcfad8ebb7bbefa3b6c124ebea6b02d407b541641a92f59ce1de574fdabb4f3afa2600ce554ca13f59d64470b53fe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
c47cccd575288121b443ab55bf0b54df

SHA1
bf73b893cfe7df5127223f749798663d688e4e9d

SHA256
a2b58ad62e1b7bbb2b636d7fe232d7655ecaf840709b3e83d441aaa38c4695f0

SHA512
86d678513f43b24a05f457dadd2e6ea5acd4f06c23cd0b75dad7ee6722944f7a02b5926f2db9aa285587e64bdfb4c39effb23836b1bdc51461dd80ae6ec5782c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
308fd50548cb4c6aecacd16bdb771815

SHA1
b880c89aea370d9444ae5b4692bf3a5bf1c985e7

SHA256
cde045f66eae9ba17a29a80a461484039255017af6d64fd48d2328e9d13c53cd

SHA512
2cbe41df275f2c562e0f5e96570ef35cf5e278bc55ea5e2c4a38f6f3f51d3023ce971209e45f9ead6949dca9d3d6b43ae554cab5229be6dce2c95c85c822952f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
3039134992b19ef53a389ce1af19e939

SHA1
61be86e9019cd5d01de0dad011ead528f7b7110b

SHA256
e8535120387f300969843884fe621e5874485f3a4f7c2cb27e08b22d3fee8776

SHA512
31508ac36d28c93598120e1b7b7a9ae2cd967a62712ca1c5716c3bdc6721b08e4b45e2f8cb81b46a52367ed62014b232497f2a03caa498d39e44d0be10374534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
08743e06fb7c3f4224c1432a63dcdc4b

SHA1
fe881f56b8b1206cf4d78a601a8a3c1c29dbe9db

SHA256
866a992c0f2675f08717a526884eaf3028de848918612f62fd9457bafb3b8121

SHA512
46265aad7fed45766a287adc0268bb95daaca90bd7a7914cbb57c6930c0499abca4b8cf54d2cdc046d57999707bd23e487c117ec051f1c4eebd14b84a59f60c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
83bb409e75b01811ae0de9e54037da3d

SHA1
3d4f432cd80667197f66edb8c3081052321667d4

SHA256
f25e1f20ef0350004c037c8feeeab44b60cd5a452a03657fd4e7eecc2ff13b04

SHA512
55d799605e18922468dee91e4de5dcee122a024dbf1b49a957c2581394fc4fa11254e7c8e617d7d879e70f87adda0ff61a9a339ef679d96b2de8c7e60915bdfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4c1f19a35bf63c6c4370ea81824abb12

SHA1
c90a9523defe804c91067da377bc71f28034d701

SHA256
0359eadbca28f5f6dffbc13f47b36f5604d77c525d447a4159a018464acfc1d1

SHA512
eaf6edf26147da7a4e50d6d6a0a8e141a65fe36c1e56180de074010b815272777ab3aaa0074b7d18ac2bc0fac5f9036f051235bc44982b8299591416a6c94754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
656462ad17c7604ef94a8ada77d6d6a2

SHA1
1f733f243598cd568f7b7c4436c9b16034a96184

SHA256
7d2be76440716fafc65df30f2e00f2a5d5e68060c2e55386c8fdf441c578cc26

SHA512
51eaae2773ca35cdf081b27a494d9a55c79ed8e6c234240896caf8a1db56feaf2c82e880d351252b47e96e57d87e3255a87c2225b3cea33331896f4d6dd91d65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
135d13d67039a01b27bca6a9e0bdf741

SHA1
92584d7c262b87cde3226d4e16e99252d0d15679

SHA256
3f79b7a5e147c8f409351c8e568ddf327b11a87147ba9ab234b5994c836bce47

SHA512
7ffcd4ab16908a15d23978a0bea9d2487eee293547266a4239bdf253611d5b018720b15a03620678a35f6ee30022d81634490ff1094bff5cd7bf74171b8e1297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
86d97c11a188877ad04c20bf07a4b047

SHA1
e220555050ebca1a98bc78125fefe156e9a32489

SHA256
680126f06fdaac74541a40a6d1ef559d20a3353d24af83502d9ae7228c6d80c9

SHA512
713552b0a75ec8db475bb3a19a57e1f8b332f46930f4b79c675b15b3980d91727f10239cbd00376d0562249b52c8f1aa61a6de476f2dd1cdb8fceb41c46d07db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\65b71a05-4bc8-49bd-a3d5-6d4096111ffc\index-dir\the-real-index

Filesize
2KB

MD5
3e1f3451ea77ac1e0ffa4b4d8eff2e82

SHA1
c6833972f5f5613d02326b5ecbc6fe657f8d388c

SHA256
c0cc4f8a4ee735fc14289f9c48000c6f0970d4524ec4e9baf3bde41ef803655c

SHA512
d905348012c20c45bf37b6a16bfeca108d9ef210ad50ca06b540c6330dbabb0028d02637f532f24b7e8a4b08139c148a4c9a105b66c4791baaa00029f5e8aa12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\65b71a05-4bc8-49bd-a3d5-6d4096111ffc\index-dir\the-real-index~RFe597a18.TMP

Filesize
48B

MD5
d130aad0fac0e69c83b3dd4cfc128f0a

SHA1
6417985a8a329ee2d1283ef93eeaa1969ec5ed6e

SHA256
5283bf4cabe6b515dbe5971ce06f5579cf9d82356935323b8a86b585d0643e03

SHA512
64e08f1a1849a2537f538fa35d432e2d482076027fb31cb6706a8bb0497deed25414a8e029802fc05283afdc23eed87e938d6add7e44223588dd32cd73ac3926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a5b5a794-faa5-482a-8ab7-587de57e3774\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
316083d45748ea8b9d5dc6d2d5c7df01

SHA1
c964f0710885c22d62683c9759607572c12a667c

SHA256
2bc27f4cf7ae1b0a21e1b71ba048420fe28d7229074f3867b5ce134af81d1b0c

SHA512
e43bcbf72797e29288465c8a2fa574fd2777c1a7752244ab47cc15a84442c639b0f02a47200ca12fb31f606ae3557231f65867df1c26317b21ca8f5af242dfd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
20f56693c55965de606be84e120c23a3

SHA1
3fe45ba83abb125cab875e080d9cb97337e5dd36

SHA256
cb9e3a4c306126f8115c5db3cde8f602f516be144e5357198d5b28034735ef4e

SHA512
773672025b1e66b8690430d53bc61f6f34e0e3bd5814fb8c78f68f2ea03ccbf0dc92541c4a1c635c01f518efd462b8ccd7d85b042a192561cd39a4674a52008b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
8462a6e316e1e94a4a2be8da5af6e661

SHA1
c6ab34320f89c31148bbbc924116917516088090

SHA256
4c924136be3d2f587222b3402ad332f8a41f00ef5c1e6b02155dc44ab5cea125

SHA512
22bdfbac6ca0d93c2df416054a4a32753cf15a8fc350d9b5156482a89a1e12d2f3bcc8788e6bcf7b465459968069f94b0b4b4feca171b3d3802538e993eda529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
444ea7d24296e8d3ab834c9b744cc084

SHA1
644e2e32f02179a2a414e890c5237b112c0b7de1

SHA256
57bccb15cffc91ff67f874417d032b4e3cf0e4ea9549645480ef06d8f3426ce1

SHA512
a2a86c6faa69b66d26a79de9e833c08f2941b615413ef016dbd41d791b60e6091ebbc1bd41d948afb1e84eab9b25f297555d8321703d8156e6440d7a811ba0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
ec4162f2077f085529181b57d397221a

SHA1
4981ca0ae9ac5d53013131c865c0741bbaa980f8

SHA256
389091f85e2b15029dedaff507a64839db8eb7b327b78203f2ea93d0352b2387

SHA512
222778943c273530582cab643e9790427848d6633af7c5813206c1b8378dc85373043345e5f3162b965d9fac3bfbbce6ed4f66fd71b73214e3048371373e67b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5925ce.TMP

Filesize
119B

MD5
72a9272fbce87e2f759a1491bf6b9792

SHA1
f59f38e37255cd5ad7a22dcd25fb8db9bd8c7eb4

SHA256
9e7144dea92c960a8e26c5636477d74873f98c717536fbee0db6dce24b79b875

SHA512
6a75038d2cb6c67472f603faf08dc464c786f42815ba789445be405bd7bdf048fc1b266a724cc469b721f7958d3eab9f86d77418c090810b89cf0ac8baee790a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
74bae1dbdde9aff1e38527ac325e49ba

SHA1
f07ce23e38e64df92cc6c21c31d057da85070706

SHA256
f0770c8194c2d7084127d9c7ff85d4c0a2d0555a12280d6929236e8bba032e17

SHA512
5d4f2c3c75a76317766fc77e326a2bbeef7bf1f0e0e22520e0b02e6bc6b05b8d6772f8ad87445f810c9f4105c764ab9ee6ed636cf37dc969d3bab2907b31d129

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59747a.TMP

Filesize
48B

MD5
3ff8d8bea8c943133bcd8e8b47c009a6

SHA1
a6a1121c3169c9b17583d15ba4b8a71c6985710a

SHA256
ba376efae27128e29412f0d6db7f255398413c7cb5f9cb69190d21777b9c2c9a

SHA512
1dd6d5c00ae23aa2b7618bc053c034373594f8dd5fb21ec4d6df5d5bc0a01375ecf4ea927ee194a69b994a427a0065c5ed6635c21f3adc37941bd18d03d3ec57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
213B

MD5
046cc08d163fc4578cd1b77a5d0965ac

SHA1
92f503e605c30974baf385f1619f1269b81dec57

SHA256
693a60684aa9ff4f01cb6027e9c938f4701c0c898afc224a0776cb1e18e87166

SHA512
e8b1df36a237bcbbad897146ca247edf75466b2a4030fec620c46932b5c31137f2931cd2758534e4308aed3fb9cc40edf2d7646a38530bcc5e6d7069c19a3b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
2aee28651f53218bec14fd5d5523f76a

SHA1
23ecea8a4a8e6e050aa9fe13b5cd6daef6271000

SHA256
eee725fe9abb76ad649066fa7826805f89f5fd3d9d34bd132232fb0c3b73db8c

SHA512
a70b012063ed04ad39140ec30d3aa451f24681f95ad6cc86b67e6900b96cf83c932255f42df5961566d8031b253a3176db4c828be50095d1ba67c7f8553cabf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13360814705513086

Filesize
2KB

MD5
588d3d84821bc9604ee3e00e8143cfdf

SHA1
d3f26678feeae77fdbb9220282b1702f44212a89

SHA256
e87b25b4306e0e3d25905bdae426c9be5e48c619ed4058c35398d76b4aea14a3

SHA512
f9158d72662af7c99962fed3c4193fb57944480e4cb2e71fc967a4ed483e83910c26386254ec1dfc3843c9aa07dcb3ce4fe6791914d1dbfb68e7d6e72ed49f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
8f76f8c036529f59e722ffb89f82e73d

SHA1
2a76d0c0c5a660f95a93ed7a9cb669211968d30c

SHA256
f9b45579f0a1ad66eeafe677293d7be899af02ffca64b0948d1ca2c5985be424

SHA512
b693ea67972a2b9c602ae3f935ed7d93e470011b66d33de1480c4ecc595c6ed9c347d3b88c5414b5d7c0e521f936e9d4a8912ef509a0703ea7ac7a96a8345b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
01cce3c4a6173ba0a340f031eac2274b

SHA1
7f52f918ac215da34e41f92abaed4ed4ad635818

SHA256
f4053840ad7b1b525c9c7e60531c7874417024966ddec849e36c5eb6861d107a

SHA512
fee07f1c83ddcdbb7d49491119d8e332d8b60109775cef2ad4caf88c7373189ec4588ec64139db5535b69307a23ef4877398ead44efc5fcc6236ee121c995630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4116_1069767738\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
805B

MD5
a9694a45e92751371d67fff3a1ce2841

SHA1
35a59b28a55e3d676349438962b95cfba6ef0967

SHA256
618c4bac33370d018e827b8d6eb10f91fe2c4d10d90ba368294aab308b669d7f

SHA512
d7a2485e9a2c6781fb97ed2b9b19613df2c220da6fa9cb8dd3c968cbe0f39a6491d19fd13c911b6d32aa6fc7e0d933afb66bf788eaf1112cb49f67934a26d3da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
b1fdbb8d97d8e11de07751edb5b3b15a

SHA1
f39a7e1d7871c3276047316b20f07f4a42aeadb1

SHA256
f48ab65c0337c70fb7f1a233f39ff07769ee42562263de2aa68f5d5a951be787

SHA512
00ad127213bbe0c971b80793dc5ce069d92e875b3ea3168d026c8b00ca68709882008c257558ec1843ea74a0a92467dbedf0c20f63ce1eca4f96cc2a1245f821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
860B

MD5
ee7e5715400d77ee74f9051f06e395b4

SHA1
09e90396bd36c59188baef8e52e66c997f69035a

SHA256
273dc4ac2ba19ffb32b4360b6c2e9bda9cf50030b0b8af539aa5883977cf80d9

SHA512
b74d6b86c3779731befeeb95e57949a55c66faadd0a6871091ef6f2aad0b80b1d34edf5049a4e9b6a06a2be99f0a17ab4118c65681b955bc374bbb293668475f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
1c88270acf5f721a0fe6a266d07737c5

SHA1
1f5815a35cae67b8cc9f4ea3b6654e8d952ac19d

SHA256
03df8ace1f2b45039691b048b826199eeae431eb0f889d411218140f2aa0da19

SHA512
87e69e4a8cff5b5920e0c4be84cbaac7d880efca85c6ebfe4900fafa68ea195e538bdce790e9b6e845e517e439f466510830a0ca1a2e43e51505080160593ba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
6fa152c9e965fcf9afe366ce8aa787b0

SHA1
d8623bb25f49ce4bfe9c4c8867b4e2775031d9b8

SHA256
07b40dfb55fd374817581327f3ce7da928a07bc06ad606f38246a2a6edfe725c

SHA512
bf58e4ec54fcad34a0f169e841103be2c5a7bd6ab9e3f7e983413574e4e565b5e837471f2e23eca6239a06df30869e03eab42e1bf1f94fa68212632928c9823c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
c24832d69fb542c776b0124737eb857e

SHA1
1678a97c809b44d62e5a305c57dcff2a4a65b81e

SHA256
eb06dcd53961e199915619390d18cda5625a065867b95eadc7cefc111a493fde

SHA512
4933ef3d68857844e0413daa6178536941c2f06b5475a7c08797090a44607d43c98cb36ac1c7d12cab76ee242f7934a8b4347e59dee27a3c8ac90b457272fb1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
70f90807ddeddebccb7f21da488ef2c2

SHA1
0672a4869cf1a4fa943432dd1d3b4e59b92fdd95

SHA256
da0bb4d64a2b9df276f5089e52304925cf178c0a0133b3650160d7ed66799fe5

SHA512
ebc739fe26ee8248c8930d57039d41ea3a3afe97918fdb2de7dd88cf9cead390ba19c69b87707caa33579cdda16d8b432ba0f5185c3fc3c98b6b2c46c222b11e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
276KB

MD5
39ad7bb06a331153a5967a045418c572

SHA1
f0bc58641430d752df2c0516c08c31cdbb8466e3

SHA256
9f3fd08d64ffbeb694ade32b6df5e52e67850d0bc06e4138a04763b0e69ecc8a

SHA512
cbff109434dfdfe11a2537426b76608e78fe53633e3b0600317b40112e14e5b9670caf31ca6a24ba9268a764b79694a4a09d8bdea3a8cca2d48f76b56441d79a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
eca4d1998134924dc9eba4c147b1b49f

SHA1
b270db65654d55688bda9640afee09ee75fbeadc

SHA256
8d068b10a00ca1bee4dfdb79b2a88166095901c491f0ef936adb5851e53f9385

SHA512
f49863162115d6518189be605e77211b818296f8e3e1f59a1af3357c5ae5ee26dc8d79891615817940e8c34bbab19033c1bb42401a20b78ab0fb4cf81b266e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
d87a48f6b335cee0ba7eefc98ca59ca1

SHA1
de1ab839219bdffc41c0faf2d79a9cd8a066d65f

SHA256
6411c65c46e6019d997caa7af9d31cffabcff8ba6cd5aea599a6c6723d53323b

SHA512
ba91286801123746eab5bb88a686fdaee9dd34800c8e5fc2448a1c5cdd4486980cdd6a2994ef84cd8e1efd4842ee6a6f0720396305d98a2694974c60c7478ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4212_GXVNOSHJFKPUYVNT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/824-0-0x00007FF6B9BA0000-0x00007FF6BAE19000-memory.dmp

Filesize
18.5MB

Download
memory/4060-122-0x00007FFC8F1A0000-0x00007FFC90250000-memory.dmp

Filesize
16.7MB

Download
memory/4060-121-0x00007FFC91340000-0x00007FFC915F6000-memory.dmp

Filesize
2.7MB

Download
memory/4060-120-0x00007FFC91600000-0x00007FFC91634000-memory.dmp

Filesize
208KB

Download
memory/4060-119-0x00007FF72B040000-0x00007FF72B138000-memory.dmp

Filesize
992KB

Download