0651bd702bdd0a856e6690a8b46322d7008b27390c9a6658dde5d0974b2e6b53

Analysis

max time kernel
64s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 18:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Gamesense.exe
Size

18.4MB
MD5

bcd2906b00f86fd920a147dae43d7dad
SHA1

6b582dbe0dfe349054d2b21beb8a8ab54d4873b0
SHA256

0651bd702bdd0a856e6690a8b46322d7008b27390c9a6658dde5d0974b2e6b53
SHA512

0a56785242804f56cce06c25a31c08497df58a3f9e70b1ad1b444471ef59cd80692a8d1de6b17ee4fe08a88d254629245409d64afae7de0b42721b91c2eb1783
SSDEEP

393216:bSwXCg6VhB65LGLGT2p4S7xh/yCZUWFMVJPTpr8uCM2+ovxIe:b8pVf69FT2p77xh/yJWFaP9r8hM2+ovF

Score

9^/10

bootkit evasion persistence themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Gamesense.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Gamesense.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Gamesense.exe

Themida packer 9 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/2736-0-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp	themida
behavioral2/memory/2736-1-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp	themida
behavioral2/memory/2736-2-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp	themida
behavioral2/memory/2736-3-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp	themida
behavioral2/memory/2736-4-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp	themida
behavioral2/memory/2736-5-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp	themida
behavioral2/memory/2736-6-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp	themida
behavioral2/memory/2736-7-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp	themida
behavioral2/memory/2736-8-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Gamesense.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Gamesense.exe

Checks SCSI registry key(s) 3 TTPs 16 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	Gamesense.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	Gamesense.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	Gamesense.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	Gamesense.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	Gamesense.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	Gamesense.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	Gamesense.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	Gamesense.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	Gamesense.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	Gamesense.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	Gamesense.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	Gamesense.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	Gamesense.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Gamesense.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Gamesense.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	Gamesense.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612219062935626"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	4908	chrome.exe
Token: SeCreatePagefilePrivilege	4908	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 3312	4908	chrome.exe	98
PID 4908 wrote to memory of 3312	4908	chrome.exe	98
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2388	4908	chrome.exe	99
PID 4908 wrote to memory of 2544	4908	chrome.exe	100
PID 4908 wrote to memory of 2544	4908	chrome.exe	100
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101
PID 4908 wrote to memory of 1128	4908	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\Gamesense.exe
"C:\Users\Admin\AppData\Local\Temp\Gamesense.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Checks SCSI registry key(s)
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffadf79ab58,0x7ffadf79ab68,0x7ffadf79ab78
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1968,i,2719142700821374700,17388553934363732068,131072 /prefetch:2
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1968,i,2719142700821374700,17388553934363732068,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1968,i,2719142700821374700,17388553934363732068,131072 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3132 --field-trial-handle=1968,i,2719142700821374700,17388553934363732068,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1968,i,2719142700821374700,17388553934363732068,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4464 --field-trial-handle=1968,i,2719142700821374700,17388553934363732068,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1968,i,2719142700821374700,17388553934363732068,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1968,i,2719142700821374700,17388553934363732068,131072 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1968,i,2719142700821374700,17388553934363732068,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1968,i,2719142700821374700,17388553934363732068,131072 /prefetch:8
  2⤵
  PID:928

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffadf79ab58,0x7ffadf79ab68,0x7ffadf79ab78
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:2
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4596 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:8
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:8
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4468 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4328 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3092 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4184 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3992 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:8
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5396 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 --field-trial-handle=1872,i,5474264852989288655,2884801894335052608,131072 /prefetch:8
  2⤵
  PID:5008

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
d9a49a7d6d5ca840cf0f0e937007e278

SHA1
90197e483cc1bf8970cb6012997b1968f43d8e78

SHA256
183acf4a52e283da352ac2e3d51d43dbdd1534325f4585b6763a4ef38151b876

SHA512
142acbf150500db5f703b3e56c42895cb4374927f6e26adb02f090cf18e9797b8f4e34b7e621de6daf03093cc0a7df73cb4328525ac7a1a4f36e2b61dfde0642

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
772424160a740ab46f10d75ee3f72e87

SHA1
ce1d08ca4145f6a14ce3727642af5a997f73d1e5

SHA256
00ee43ab7fd127a5e0b86cb4db053f67544834eac165db5b54f4b1d406952b84

SHA512
920600c6e67f96b735a40de5e0c4bc1c585f49dc7e92bb07295bc0fed6b1ec3814f5813690d169d574b7184a6cad67cbf97718c224b0cd95cf7df239ab536d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
8072ebd93b3fe722b1ee702a8843429d

SHA1
16c35cdeadad187a768687dcb4060e063047e480

SHA256
7a335c98081f7d74d925b9a2056ce14d8f6a36a85b70913f681eca02eeed0a99

SHA512
70b6f4ecc1cc9d245dd342d2fbc101f89360bc8156245905eb513fd2b0c3ac58f3ecc168ffddc43cf1036a8349afbc6e812f850b2d532f85bdcd12b74c8e283c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
2023700acac7cb23355ccaef0198f9d8

SHA1
4f89b1caff7910ae87e9b15c33dda39d4d723ee2

SHA256
4877079b94c3ad51ed007439a953828a30ef7fe1228b28c7d6e6b760f6fb6b90

SHA512
d3049aa6b293170756d397ba4290edb0860f632ec4dd90cb49d17ca40781283dd200f3a2837d70938e10cd485730958ed3e8932e36c80c755a10e109099dd297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
e7cf8e5bf891e9b195b7572ec828fa63

SHA1
b7566d3ab2333fbc588ef1dbeaa4a87524842f60

SHA256
bf93c91e462dd6ccb32b7271b7b87136bde3f0edafab8e885253166e0547bb2e

SHA512
6bd41054feec727024aecc51a136605919e6fcad3ce0a212de391e9c16ee93ec2b08b15483546f92e1ce31605d511ea51495199ee907f3b7adeb7a7d26f7a5bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
34KB

MD5
ccaca87a0196c109bc80304416cc989e

SHA1
e9ba75d19f83ed4c2623e866ee7eccc693f826c7

SHA256
0325c6eeabd9c3d5f5e05d55759e03c6161161eb70dae1fbbff0b3234bf9b8b1

SHA512
6c3191d5e68a6bcf7ccfc946d566e0bcf99517202b7b680c2191d7ab63b3edcbd7618e7fc642cb93950f3c45b33f50bfdb6cddc77e4681887efdbc15b6dc7c63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
59KB

MD5
7626aade5004330bfb65f1e1f790df0c

SHA1
97dca3e04f19cfe55b010c13f10a81ffe8b8374b

SHA256
cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e

SHA512
f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
69KB

MD5
0ed8278b11742681d994e5f5b44b8d3d

SHA1
28711624d01da8dbd0aa4aad8629d5b0f703441e

SHA256
354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2

SHA512
d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
326KB

MD5
56fcce1e196bca8531644cca3bd7f9bf

SHA1
8de29eb2ba703cf628c5664e0ad9bdd677f7c586

SHA256
be620254eac5e0c239e88a0372ab2428a9a6322cbe3843edfdffdcf382ce1c32

SHA512
93a4923341b99810a5d6700e26a99a525f18554380714afc3feaf9244bbe23fd4a060468899dd1d8575a6cc2c542566c2912fecf1d4f67c62cdcb77789eabed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
133KB

MD5
4874fb82da9e619ba014c987a9d29f4e

SHA1
496a06b6bb1551f79ad40d25b06cc63c4754a5ff

SHA256
d24e3cbe3927d6225fb5aa27b745caf8b079266e9387c1b755fabc33b48c60f4

SHA512
488b6aa4ed0e810311b9a40d82707008fb01036aec8abede9e947ab9c6495b9455691caa7398b4f597546237aa3f34cfc10c7687889952b1db706c4bbe542efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
6f85fd4159eca2fd1ccc59eada1bf5e0

SHA1
fa2286f9ed3882777cde1d41db538255f3560955

SHA256
3caab1993292635a94542f8f6d9d223ec5231af102987716bdf57b6b9ec377e0

SHA512
72c769557f967e1439b7f707662aeaf69d0245e59cceea8eb0752059f7880609eceb5961367cc3d6041707a7eaf4d2c13d58d1545fc02f3ba7c055165843c317

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
330B

MD5
368be3275f1dfa55f257c6691df6c84d

SHA1
6e6b8f8028ca8a5027e3dcfa12a393e7860b289e

SHA256
01ee6bedcc48bf00c7ccc1bfa62904e09b46d231ef77892e30ddfd9fa8ed0609

SHA512
0ee69d68dd34d3f4859de5eb65167e2e1cf71ff41eeb40da10b51557b4d8b2e52f44883cb4ebd7da9d9ee617ca54474413aeb0438b4e95157c7a6922e6eb2577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
b64453bd51ea53fe3762f3f1416ccd27

SHA1
44d7264bac0ee77f66072c28543e98948d4d840f

SHA256
8ade25c682ddbd51b49b150c25d8d9cd26384cffac2e5ebda45e3723a37821d4

SHA512
95b20aea848ceedcac438c57a667168553380d931c012fd718e62cab49f5e0226a45669d09c47f348eeea8e155ac224d14f5ac15b73cba59d3a7e000b22d4fc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dcf04821c0dbad901f8f326861d1d099

SHA1
d43d57e379f5536fff49154c57b470a8d7b391d8

SHA256
da37321b91e35ecf48f2ad362517f409055fe7a24724a29adecaf4d1efbcc2aa

SHA512
a231a2804cf2798fd3bb0cbdbad7a8f4f17e3908fed656ea0c824a62fe8c3871a44520c3a5b6f4d7b4c6e587cf3a05beb62f66935ca57ebf7b20d6c4f43f449e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
b3fdd528e60089682048cc9099284fa7

SHA1
b60b78d9e2084d10a31c93dd167fe6741a6d1a50

SHA256
ac3d13bd8973f725816d39563ee3aac4254a71880aabffea1be35925db316338

SHA512
4ca1c726912781e3b77b28e60c0d8cd172ba4a6df996a8e07a7a9de352d4a0bc0dbfac4260fa50b544d4cf8a159f40cce47ce489a22ac9587982703c1747d4de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
516B

MD5
d1182930f8a22eae2f286d368edfb3bd

SHA1
3e1310c37a90581e7e75ef906276a5ee5b4756db

SHA256
93cac5b488185086f17265f5093681a2f989552fee8910cbcc8125408e7468ed

SHA512
711131f0fdd21280bb84bc6df0c14d7b032df51c5832d731ceb804c0f29bb7d6690527e03d0fb36e8efc971e515165e0fa0c62975dc269d4de203b9ab438c850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d26881055d1be1ff691ddece5f9fc498

SHA1
a267a8a4b2331a2e5ba9f437a3ee3d4de821d8e7

SHA256
a0b79d06715b4ce8dabf75a5b8549a0cded60aa25999856047cc146ddde1ff02

SHA512
d65c255a6b6fee7d4836085df136bd7c8745d385d285f3d4f31cdf01ef8cfa09dc4c4c4898fcdc2cee2e14f37af6e0ead6af2119a718787437cd9a958b75cd89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
516B

MD5
270ca99fa95acac9b2ed3a0da5708f0f

SHA1
d6d5b6353707fe1758dece40846079ca3c6ec62c

SHA256
b9fd71c481c836acab673fd912fd14b85f5ea13778d3c937f1f306e8f7d6b62a

SHA512
b9feebefcd471887fe458583469a97e5d6c9460104bd294a5e47eacfd02aaad1bc871b1b7ea0fb3e644c7d421d1006737e1042c6a39b617980cc11036a3182f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
516B

MD5
294efb2f14fa4a3e25034bda46294065

SHA1
edd888ca608ad3c95b6b09646bd6b669bd68f478

SHA256
9c0704dd78f576acd94818a8b8360baabb839833036c7777dc1ca90020aa18a4

SHA512
3a46b45701c34116b4ed778e6cace78748ba2615f283aba2f3f351dfdb64cd1d56cfddec1ca98b7014327de5a77ba42719d70b03eeb084efd61f72474f05a01a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

Filesize
331B

MD5
1f17e75e806af6d2a310bb584073f647

SHA1
166373690fed9c84df959dcda6ade48c3181dea6

SHA256
042e8c065c5b8a224974431c2cd789de303a6a9495da869be79072c4313c2eb3

SHA512
675e31355ccd5ad1686f5d4010c875292733c95fc10ed57ea72f8f26bd7b3a9db6bb9d934280616fbfa6281bd162dda5038ea879a3ef71d61d780b191bf2f603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
75c42c697913782f3d9ca61d6757aa92

SHA1
c4797df37c580cb03dd3e70d77e05064268e268f

SHA256
f71666aaa96aee4bdfb96645a453ad1b1948e5ab0c5730a1d4bdb890d0068f46

SHA512
38ef390af560bfa16e2b7d8707d8f3965e8e9ef4bcfe96568aff088d6a021c8367cb18545717903736423c74add196716ba09f00d3d8731cf970ce6230f7514c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
568359f1ca6bb86d9e85d6e6eff13301

SHA1
108af8c12a3dac5a267586c75e97bf31b7d6b17d

SHA256
2fec83fea0b4510fc8e6e75fd5c596e75e95fb451d6c5000e01e28c63c9221fd

SHA512
d588a2296dfd77ca010ba7f2bda9ec13f01ca655c56affe01a788ebaad135ab82f2eae4cc994715f1d04b62ba6043344831023eaa4a8a138ae63e060953bd84c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
5c4ef3e8f7db8d1c847c1f02a2830970

SHA1
d6ae2d27aeee2328946fd131eb2d9659fd900f06

SHA256
ead7a58aed9da561e44e6a7e379592012db9606f5a8a5d618a17eb6573f93e2f

SHA512
6d79a0e373158c5d99ae4b92fa48d2c1eacfb01b235fe5ace1b441ea47dda793deb061f4e9cfaf25d5a0af249cdb73710baa933268ec9b3ba668549bc8e11506

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe581dd4.TMP

Filesize
120B

MD5
c7f50a33c679eee4aa38a330d11af02e

SHA1
a6ec07e743a71c68abdd93e65dfc583a810a7622

SHA256
65f15741c2f6121406870f11f72b5053e26287bdd90d7607261fcc506d7f6cc6

SHA512
f560430dbc1f3f77d69ac6c39fcddb31c65b46bbc2c639fb8224cda9e765d6e7f18e26bcad14d1e0d5c093948b11d2a9cceb491449a35219b79be71c560f1ab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
2KB

MD5
fb408a637c86b2c94cb490cdd9700174

SHA1
f3588c6aa691a757a913dab5ef82aff3800e372e

SHA256
1678990e37c47a3f4ca5f918bd86cd451e7b805bd4e67dfc5f13501f16b0fb2c

SHA512
bd578fb7d63d199975d0feaea4b4ec962cd8ec4f6e343ce93d95397489b76c80e3a41c4c8f190d3358a9a6e7db632c82dff2fd012efa3b2163c4ce8b162629b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
59a58c61b146bb7d611b5c945bb2d19a

SHA1
553b997fcbe08b6668996845504afbe87c6321bc

SHA256
33235c6d2f554b2bda5f7f71914416164043a3d985f3209782431192ceebb778

SHA512
6184a9c8adccaf010caaf752ca0534d09ede163b9e32144c964a7a360fa96d6214b3b35edf9137509a2071028b0262de70adadf2ca2c20120bf378cbf03b33d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
213B

MD5
046cc08d163fc4578cd1b77a5d0965ac

SHA1
92f503e605c30974baf385f1619f1269b81dec57

SHA256
693a60684aa9ff4f01cb6027e9c938f4701c0c898afc224a0776cb1e18e87166

SHA512
e8b1df36a237bcbbad897146ca247edf75466b2a4030fec620c46932b5c31137f2931cd2758534e4308aed3fb9cc40edf2d7646a38530bcc5e6d7069c19a3b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
d42dedf22079f73b7221602f9480bf60

SHA1
0cadf5f51bd8b0109b5c967bf2c40bc5b2ea25cb

SHA256
03ebc968e2a11b99aec598b2f02d791df5b040dac2bd46a007b451a8b4aa3e98

SHA512
eb3c96fe73595329d87156bd9ff33e834b2aec88e768fa9352149a5d80c2c3fdb7a98af5e05c895b3e6ad9a1a0e3a1d87cfa863c706ab410b493f846e9d58be7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13361221905293426

Filesize
2KB

MD5
5bb937cb11e7020b8872fd10ca6159eb

SHA1
24c8166e0a6a90220d5db3d0c354ad16abfa4912

SHA256
a02a239265a9c3268fe8ceea7d59e372a3738e1f195c2a82513800b9979b43ec

SHA512
09a0a482c58cfa9ad67f4a614d2d9d4952f5f4bf01d1fbddf1c9ab9e46c0b318066cc810403e758abf2194ad02a4406696782f8358ca1426366d391330cd7b5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
d4847894f1b72bd0fe7885bd90ea4f17

SHA1
b2818425207e8fb754fdc664088ce7cf86ad7d58

SHA256
5847bb8993eb851d9c3aafaa872a5488a77cf51352cebe10e18df4b86778b466

SHA512
9d21c3110ac69f0a269fcfb163fc48ce1f69092744c80d294fc79151d4636aed03bb19f25ece0fb6397bbd41e77d1af38f9c0a7f65171c0f5c29761a6a422bf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
14bc767f279792048ed22cd63efefbca

SHA1
ec083c4294edec9da7a8e6bcc2d30de3b213445e

SHA256
85e66cc9854b3fc728ab313e9a26169af166dd5090359c62c4124b28798a425d

SHA512
32fedf788e737ed9b301348198d5c5469133ed5d70842953d18d38ada5d4d899cb6ffa2044110ea1aa37af1e91930f0af44adc4bf5627a7d98eba899c74b3e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
a2933a13cd49fde1af74e90588dccdfe

SHA1
123dda99a12690b3836b23457f60c5ffa1b6cd23

SHA256
d15843138ad3c62fe61e758cd5ff3fa6e66c4fd9c064f497235011f777c52602

SHA512
d73c9cd61988d945028f8d1d9983daa741c8f97716077c0ba35cae0d231266ae802467243c6e16d8820779e5d75aaeea05b573971fd0951797559555bbd5806e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
44KB

MD5
89bf92cc9f0416a5bf62d4dd30daf9b5

SHA1
9e46034d0ea11f9147c13a626ff1bb53442011a3

SHA256
d11c27f6c3b1c38a935ab96d45d6d8ce67928a820a4289b8ae2c7c92c1c6cea0

SHA512
f205299258175e4bfdf71980e0f830b3ff01c5bf93a71452e0c1b4a07cab15dc41c6778120ea6b6f3187e805b22a5956504dc177bd752932c07751622513dd84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
703ec0aba75dd1fd5efb03cc4db4d509

SHA1
bffabd1e6a29f047954f4df67d62e6896f12abdb

SHA256
4dc2d0d09ef33c7d90567ef0f15101bedc01a289a549479ab4ed04ba76de1366

SHA512
262dbd09f4ea0f89d29ce57cc5fbbc9dc552b22e5b88c99e7403c19a5c6e29df7532736ff73faedf4ed18c9536b7588c682ca88f3303dd61d5c872180babd44f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a18822e8-24bd-4f1f-8c88-7e57c68594ac.tmp

Filesize
7KB

MD5
144318c12487adae121f5976d76dc531

SHA1
b441943e1df66bf1541b44068f7585bad37d4f8d

SHA256
745259866d3d4601f51cc31b9be7daf6e7a3a5b72a4f66573946e0eef8f8e946

SHA512
5f2325c30ee5417d76e583a33244cb8a6689c065ec7fdae7038a043e71b858c988ee0248ff27d80aef590718bba6063debe3cacd66ca6e82c85bf48e69c9cad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
6dd8f5a5d1de8b10a050cc2b9c574c92

SHA1
f2f3dd985278580ed6de8557b6ec7901e946a7ad

SHA256
9b7967d44f98a4e1dcb6658aa32b51da8175c1e56004783838fa199a90b5b205

SHA512
17e50b00d14750b374b39a6d1ff9a0bfbd9d98c0970d573b96ddea81c4b5787b8a4fac4f61de79d5ddfe15752e2c0adaa7c601329f7ac27f33e59aa1c717ac5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
617493037a27d87d7e29b20e4615d684

SHA1
205455f6a3e26a6358c2c8bfc57630d304d8461c

SHA256
964516195fe9f63b02a9fe52afbebcef322c9a419405f5d8918defde982eccc3

SHA512
0d98c5572b61715f78a90873c79829bb858845a7a1fb4fc6b86ee30a9690641cb3717e91be0dc91b74bed1e7068be823a3d5cc5de47371b0f10b22f52139309a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
6d93f6e5ce10aa2ccb977e0987380d2a

SHA1
c9819644dfbf00e097aa54956919c418922b0489

SHA256
c6755daa468f9964fe73e9cf02f0c40a5c23ea3c7876997187fa4f034a39d86a

SHA512
25c63447d098127223d922788dc44554f4b1e591cf02ef6763b61c033c498a79483357a9373089b6c74a9299bd60d3bf73a670a2591ad6c4e3ed01f3e662cda0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
36ddba638c3c1a95cc5fa29fffc4d56f

SHA1
2fdda4c57b14f1dd7c8f13d996b73c2dba1b82a9

SHA256
249503b22277e74317fa4848f5b8cf5a382e522d261931d078e6567de0a9e689

SHA512
9dfc348212a50c00ec1db2caf350b14e2c872a9c5543213a708a04fb03d0d32dc3db23dd7d2fe22be9a032d30b9fc94e787f1a2376f90fbf0aa3a30632e1510d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
26bfbed5a6031f1d4f3da6b244d68fda

SHA1
078ae46e571a736a7dc82af1399ff981357f4365

SHA256
eb92f8dd7f7a86dca83f657be3b8f11b4766b8f5cf82a4c44664324f0f467ee5

SHA512
ca9e127062126cf2e40d1f67fd204f3aa5dbf8876d88245762a97c31be56be7a6baf4df753d60f2cbaa6a886f8fd68611e786563f986b24f1372bbd0281e206f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
fa971a4d1f58e0a474c65dfc9c16c2cf

SHA1
aea5260eac2de5ee4e3be9c0cc1944b046bbe67a

SHA256
3f2da8ebe27875d803b72a3137ab54f5ec21c1b3b845129d869da426504c49fd

SHA512
3a15a920d653057e56facefa9a45aefde28db56fc33ee4dbc6b022998ebc9144a9f3585562ad9771a44bd1819505f2836d2af0cea89c7b9e9670e5362542017f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
e6b11422aa7e83ef7dddd72d8b8a5ad2

SHA1
c4fba8f524856e9968e07acee5e01fb5d5c7cfb1

SHA256
f03d9874e8acc1114604e79f14b56a909f33dba8acafb794ae6cc41014c942a9

SHA512
8d2b4ab727365a6241fd5e4478e3331cd5045703175181c8e5163f3eab3901707f6f55acdcc9634de86229270a94c65d039967871db51c04ee3f484471a81d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
6cecf761999b80a456e43814dd0a6470

SHA1
f4b6d77e495b29e4e1165817af727829cfe040f9

SHA256
a0a22403ff36cfe5eac4d591e64d01903f897e082fd9d4017ef2a4e0bb3a813f

SHA512
570f16660feb35b6a1d58e3decf5ab9c5cd65dbefe4e0946fa40d49ff908fd979f149e71d73f231551fbf961643440307ea27bfa3064020c5035ee649c37009a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
5bf6474fde15d35ba3cfbf3fc77e9233

SHA1
054d3391c176d3627676763c3126c8a44f079a2d

SHA256
6cb28d65fce740c000631d7c59e77d2f656aafef5139a70377b3480dc71e4bde

SHA512
9639f34e12a17c750c57c547f2bb7ef9133348b27d5db7bf75261f9912ceab6a21e79ffbbc6070695bc55ae34b5c94dcb87ce6a668f840e4927e0eed920bcac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
4c2e89215698ece44319e857e72aa665

SHA1
6947f9cfae0d867544162b80c1e3fa12510638b4

SHA256
7a978cc4670ea77cd54284ba7baa94fa0d589df6b20c55236bdcf69b9ac600df

SHA512
460482abab65db594f474acf7969691e02f59ff9c130c40e2ba98f42a18316e6268aabde61b188b62e0f429c1aa562031f580a0e553cdf52ff46955f970fdf7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
768dbf2623c1cfdb105bd5aa82f68f4b

SHA1
373e329d80479b3540598765945621165e2c99f6

SHA256
c680f2910026169a8c2ef446b10e7bf9eb7137950ba137cd5a97549523a182a9

SHA512
ca86fcaf5d02f73c25312f065bd4a97714c22f1535f63ef46b89f9eab5e553762ce7bc0ccbe4c7fbe539d37bb25996ffd5cb9843daedf70d81ded8ca9ea5912a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
60bb6268824fc5b71e33c0090f65726c

SHA1
ea47f392afb796d5328d41562a26a8df9dba8a1a

SHA256
0d98daf3244d6d2c2a56530bf86da3b30c8d807b25de2579178620bee43ab6c7

SHA512
989cc59335b070b9cb8920c78738feb063258ef4034c97a4c58bd719f43851cde6a14de0c152fb148920e0feeefc1674606993641a60f7300c2d7ce6ccc5b8d8

Download Submit
memory/2736-8-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp

Filesize
49.5MB

Download
memory/2736-7-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp

Filesize
49.5MB

Download
memory/2736-6-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp

Filesize
49.5MB

Download
memory/2736-5-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp

Filesize
49.5MB

Download
memory/2736-4-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp

Filesize
49.5MB

Download
memory/2736-3-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp

Filesize
49.5MB

Download
memory/2736-2-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp

Filesize
49.5MB

Download
memory/2736-0-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp

Filesize
49.5MB

Download
memory/2736-1-0x00007FF6D72D0000-0x00007FF6DA44A000-memory.dmp

Filesize
49.5MB

Download