7fd5f221d46853cd48d3aa37cfa392125a094131f31d86183116e5c1adce2143

Analysis

max time kernel
26s
max time network
126s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01/07/2024, 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GTA 6.EXE.bat
Size

109B
MD5

2e0cd8b591af0057bd3b10939e2c358c
SHA1

75fd9ae540978843c1e586982f72922b28befd53
SHA256

7fd5f221d46853cd48d3aa37cfa392125a094131f31d86183116e5c1adce2143
SHA512

2c36c35bddc425e60c209a7192b639632f61d00bfaf5cb275c306c421f137b0652729b9074b935611efa99c2609589986afadcf6974e5af6f652ae328b417e1b

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 14 IoCs

flow	pid	Process
21	2520	chrome.exe
23	2520	chrome.exe
24	2520	chrome.exe
25	2520	chrome.exe
27	2520	chrome.exe
28	2520	chrome.exe
29	2520	chrome.exe
30	2520	chrome.exe
33	2520	chrome.exe
35	2520	chrome.exe
37	2520	chrome.exe
38	2520	chrome.exe
39	2520	chrome.exe
40	2520	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2824	2716	chrome.exe	30
PID 2716 wrote to memory of 2824	2716	chrome.exe	30
PID 2716 wrote to memory of 2824	2716	chrome.exe	30
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2480	2716	chrome.exe	32
PID 2716 wrote to memory of 2520	2716	chrome.exe	33
PID 2716 wrote to memory of 2520	2716	chrome.exe	33
PID 2716 wrote to memory of 2520	2716	chrome.exe	33
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34
PID 2716 wrote to memory of 2892	2716	chrome.exe	34

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\GTA 6.EXE.bat"
1⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7479758,0x7fef7479768,0x7fef7479778
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1080 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1476 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:8
  2⤵
  - Blocklisted process makes network request
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2232 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2268 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3212 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:2
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2164 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:8
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1984
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f977688,0x13f977698,0x13f9776a8
    3⤵
    PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3796 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2364 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2252 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=744 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1828 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4104 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4160 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4268 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3736 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4724 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2332 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2748 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4664 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1336,i,16665620414333403615,12771840604625938712,131072 /prefetch:8
  2⤵
  PID:2516

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1188

C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\Downloads\gta 6\GTA 6\GTA 6.EXE.bat" "
1⤵
PID:2840
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\scrips..VBS"
  2⤵
  PID:1884
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:1188
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:2296
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:3632
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:4172
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:5800
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:4896
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:7596
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:9160
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:8484
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:7196
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:10064
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:9460
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:10004
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:11120
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:5404
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:10680
- - C:\Windows\System32\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:11732
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
  2⤵
  PID:300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K imagnes.bat
  2⤵
  PID:1076
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:1044
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2304
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3000
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:1580
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2104
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:280
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:428
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2568
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:620
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2504
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3036
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:1588
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2020
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2392
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2328
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:1876
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:1220
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2232
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2228
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2120
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:1536
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3212
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3368
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3560
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3764
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3964
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2420
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3544
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3944
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3572
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:4080
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3532
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3296
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:4188
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:4436
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:4660
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:4848
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5092
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:1372
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3700
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:4012
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5060
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:4876
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:4768
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3168
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2520
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5112
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:4800
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5116
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3184
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2916
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5200
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5436
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5624
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5864
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6096
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3112
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5516
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5876
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5132
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:3304
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5852
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5240
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5356
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5524
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5808
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5360
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5508
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6316
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6520
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6740
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6984
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:7152
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6408
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6696
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6972
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6400
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6688
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:4364
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6712
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6268
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6620
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5788
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:4740
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:7304
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:7520
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:7748
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:7944
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8160
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:7396
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5104
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:7908
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5324
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:7132
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:7464
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:7588
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8008
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:7468
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6660
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:7808
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8216
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8468
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8672
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8880
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:9044
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6956
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8488
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8248
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:9016
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8328
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:9072
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8848
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:4056
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8584
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8296
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8996
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:9252
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:9468
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:9688
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:9924
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:10132
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8452
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:9672
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:9908
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:9244
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:10020
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:9728
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:5152
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:9952
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8712
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:10264
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:10444
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:10620
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:10816
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:11012
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:11236
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:10480
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:10776
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:11028
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:10884
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:10804
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:9224
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:8648
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:11140
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:2496
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:6224
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:11452
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:11696
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:11880
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs"
    3⤵
    PID:12108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K gtaarchives.bat
  2⤵
  PID:1248
- - C:\Windows\system32\shutdown.exe
    shutdown -s -t 45
    3⤵
    PID:2576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /K assesdt.bat
  2⤵
  PID:1788

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:11020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79a6661a584db5c9bf2f1230579ac0ec

SHA1
7e8b5653e9509ba0c383dfc52d11e26170873de1

SHA256
75f91d8bfc5b91bc488e4eab9899f7109727f5892880bf64f2cfeb275b1daac0

SHA512
d9f46fea5022423c2ed18b65e52c1cef639ecad07f8fbc0768202f4a1b8d9ac7baac4b252a14847004e12d976f911298424affda586699536835da3fcd568d94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbe26e79c7ec3e1410a4eaaba2f6a515

SHA1
7135800abb5f6c47f8d787576b0573434b043174

SHA256
4da57818da5d3cfc6563f61e334ebf59dbe191007a831e90aa66a49aaace9f8f

SHA512
634cc628d80434872c537ab0ef6948627bb8431bc7e468f378ea9c8e8cdc5b62f5858de1f4993b1dc021ca58c3224675b9a71e437572a7027a6322ce25c4e0db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad834e684707cd44e9709ad507395046

SHA1
acde82e26e1b7767f6d7422dc8704d517e65ab50

SHA256
8477bf1e32dc85864a5697039a14c3570ad1089095030b465bf64d55cce8a321

SHA512
0faec7a4fbdc5e4150404fe3e5250a31d578296322cb55b05b09e4a11d8eafb6dd1f7610cfc8d49a6cf3138e667435167c9c132a0bac18d51587925be59ead29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f9b0ff2d358eb2d3ee82ef9baa00107

SHA1
951c09fc1f9cf00b61d2c7d29133bc249f26f9f3

SHA256
637c5ae7da2e433e54f36ced20f8c4b1128014786ebffc4e984afa745293da5b

SHA512
0c7a977d1b2120605dfab247d3fef25e587a8493a458a7fbf57c77b4ea71059682d0757be970a276e165ea996cd8cf45a28c00fef4391cc81fc66d6ad4c0f221

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c2b5fd85dd5bc18c0c2459e31c63544

SHA1
d1d6fd85e0e3ca23476bb063313385f2232f684b

SHA256
401b7743ea1e790106b19b1642952cb93bca80e166b8c7773ebf31a63eb92856

SHA512
d664a73fbbc83c49abe424f117a9bfdbd3fc65991764ff81643dd3262eb7afc5de9aa69ac83eb62cbd0a3202dd00c86a21f4bf1d5a6a5cd57d2dd9115e1d346a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90a43a8993462e371eaebfc9dc99cc81

SHA1
4be804dc0b003ebcc84d4aff24f1c6aca211b87b

SHA256
7e9b2b21007b871a4885b627aa5cfc4043395e48696894c87983a0e005818637

SHA512
c1ab7ba32b569183abad5f745429e78c8337e9e6ace26a121deaf0c9b379c0ec350ebc3e3d80bf61cfd25a74ecd9d5ae1002ffb650505252d38a60b4d69aa816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
80KB

MD5
f412cf8c61765f05037927db20880879

SHA1
07cde7c8eafb60b1b63bd356d85b3b3f943b2183

SHA256
81de20f245ee696ea5468301f4fd3038a36227f8e5dd71593b6ff8d99fda8a3d

SHA512
e8856ae0ffc6cdc15f922cd7e4c5774af075bbd74a4674040a47b30358552431e2c0d9a8029df28666b32aab9656b90706dd2432a516689f0aee3c7133f13e4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
43KB

MD5
790c81db9bf945fc2a3a3912c2a5b6ae

SHA1
bcaeed70f5e969e369dd2303df53da089a81bb8b

SHA256
5dd15e15b2c3f3537c06e593e5700225dd28f13678e9649866c7d3c477efaba4

SHA512
7693db525ca06118bc1907e9962ba691f1973bf5639986cb303c03894440dfb9252a2e9633d5bfff58905f8b0fd9dd63d75b48991412ccc4f0277127a08365d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
50KB

MD5
258e004ecafda290f6007fbfcbefeac5

SHA1
ceb03d36597c7f77e68b4c85dc659678cebce4ac

SHA256
745bbee63267b68f0c10253ab0cb56e8e706ce1ad401e37ec0f198f0772211e8

SHA512
4af726fdc5a36e2f0a6b9ae30f54399e69051527a2a9732cd19115f08a5bb3db0d6473abcce2015bebcf2b3cc7e34585adc339a9b16de5d2f7abbbbac4aa9990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
92KB

MD5
c10b707bbca4cf00d465a9dcb301dddf

SHA1
cb652e595017e965d8aef2fa6d55bbb384d01997

SHA256
c136787068c7d0c02b2c14aff147a12e2a813d8ae71bbbf972ee9dcdd1a99932

SHA512
1e17ef8d19438c12cd7f89ca67dd9ae9f46c7ab4abdb1a4c4dbcaa91941bb8ee80222199916ad30def90539c1b22c944a3fafa73ad3b6d5e34f1d365eb2dfb86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
22KB

MD5
cae0a3bff6c55245d9c41f31ffb59d80

SHA1
ebd40dab223720af9a3f7f6fd8a1d979a50ffa92

SHA256
0373c3d6ccd255a22794c4d134d7072a5eec32cd132571889538389959075abe

SHA512
f0fd812b0c5db1655a224729c1d2f8bca5dbd797f333ddeb4c8779a0c7db7e142f02bbbb209971ba324613bd6c467f2dde4f940c246236752cf47e9c53fc73e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
22KB

MD5
8edeb5a220fe2ebde6e724ec46a47b01

SHA1
4cda11549a4866dda172d7e9eda415ce3f84fa3c

SHA256
25426e5097ffb53fe93f88b9e6fd457aece2c01ae06c9cc02aa6d0f59e04b7a3

SHA512
279187e4788378c7b27a7d606293622be31423a76a749d9ae03c2b359b91482f937c466b1288545f8d2251b8df306ada2c30ba5d1d186b63946aa42327000118

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
21KB

MD5
365139c81098a7d1a09be5ad35636cc9

SHA1
1ea3cc8cd2e4af315129ad24f4788e7b5ae48b74

SHA256
a8afb3784cafc474c077c92a5e640ad01bb8b8ddfec1db4908e9291fa3d48ba1

SHA512
1934dff330d81f0b576522350f655bfcfb10d4dea9b23b4a0c7581ade4044d7c8a81e62caf5c3ab1009fc1bf99d083ddfdd2c1a17f748a1566320868db1516eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055

Filesize
19KB

MD5
bb30ea3b46964f49ba85f475efd1fb6f

SHA1
1bb4aae7781af8b933e1dd4dee56879a3ef92d38

SHA256
7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6

SHA512
bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
0f7f40ee48099699c7821ab097389e1f

SHA1
c53003ee1ecd5a516c65c77e3736b514dd44ea42

SHA256
ab5e8f96f01da1d95e647d6c7f162869b819f776b567e3787d069b422328c990

SHA512
39e824e18db349301e948f252ca1912b5eb48467ef393f36d644e34056542441b722c9a4997b4c861d4aea69bea5d86a2257a87038a4df90131bcbb31e468d0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
851B

MD5
238cd3f3e503aa93e5c46a507425b708

SHA1
e3ba8ca1520b80f680d754adb5e066b9b59ff3ce

SHA256
4de46b4077d2c3fba0ad0e272887970395e9f15a45e6e0812d79cd414240845e

SHA512
30b7952fac29b1cfed26a77cbd32236e82164c3f28be680e2b6e5201d4407e81f80ced95052584ec8ac9f68009ffbc968fb0d59c26bae83cf28afdcb663d4a73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
822975ba7e6429c5ca44e896e52f826e

SHA1
2008d84a9ef36ec6371f3b6731871384e633cb44

SHA256
b75a816f7e79a550084329b59fa166754ed79af844e2c03c95b13f9fdad473f6

SHA512
7a17477a2e674913adaaee85218e02de4a8657b3dd1eb09e523d287ed83ea5a85f46e569466cd1af68548697aa2332c780f61b818b1e009ac47899180a049496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ac2f51a0bf7e69f601919e5678d1cde8

SHA1
14ce02ac9ae9ca0ad6ae7971c611b6e4341c71fb

SHA256
64a53b5eb9fa6ae8a9a0c6b1ff3624e02e6a923c9ac219c6a46ae1db9d802b26

SHA512
ca760642a8da56e8d2ca0ca8fb62ebfc19b890536767cd184a7fa3fccca43ae122d1b7d6c8cc3a5fb7698d51f32c79ca32ff42abb0fd0368bfbe176a1b61bf75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9c6ea8d70bd7ccdd2afeed7ea6d8ce3c

SHA1
43fe0c682790042e79752a010776103595a65efc

SHA256
b4389a41393c1a741697767f268f19251220ac396ac4e5352234d4e3bcfb8f0b

SHA512
1d79d43330fd9149e40d5bf3a121c7feb68baa6b5966158b6c6b36dfa0fa8d15fbe60b2aebf8a5c4c1d60c2ccc5e9fd90e0987d1a1647a0b0c1f536a4635a4ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
830074a088d373088a00cae52ecafc9e

SHA1
13342ca294cbc3833122f18e58aa169de391503e

SHA256
e0fa464e79a946f5a080dafd5b268848082245fb00731976c16bea48f0f94a81

SHA512
2b4f49a3e6d326bb1f86845b902afb1e1fbb9e85fc1fe2d67d05939712f300c0f46bbc3e647769cef81abd794f203d5d32f3b41b79906dff6b52634e570daff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
02ff2df05aeeba67c8654d33bf2526f1

SHA1
d8521daf88c7f148e9fbf382593f1bbb1f9f2a56

SHA256
3bb79115bb0c48e720a0641f5c339d3220856c79d5b2a19a2de119d04fe5431c

SHA512
40b7bf5a4e3ea329910431a285eaa5a4d3abffb3cd512c1422f95feb0e57d492a1b90d2f24fd0109976e2d52374ac4ea2643cdfc0912cf6ae74009b16632e7f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
299KB

MD5
5062d06e85a3910dc3e8ea990b9db38e

SHA1
28c685e147658de3c0ec494ac543d9a4ba229ac8

SHA256
0e033f7e73e6a528d3b78fb3a29f9b3e1eb5e4cccd73e866a7a06dc7bd93c73e

SHA512
12382969e96d3ef2e4280b6cdc557a0b7653901c81d856b38662c855a2b7084abf1b833c31825e0cbdd71e815b6d1816ed5a063dbebe25a502418f3b398bc7d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f4ce94b1-02ce-4618-91dd-4b7da4a64e93.tmp

Filesize
299KB

MD5
a5393c10ee828c807bf92de0bd582711

SHA1
0f8eab273e5bd48f2921e6c51822a1404a02ee09

SHA256
c9b8eae9737bcdd2a96fd3967e9166439ef70afeba24568cc6d81c3199374d2c

SHA512
d2d4ed7edb5840f0b9bd48e397a2505ef6a37693710598d3f9450ee8522e07f65ec6f95f31d20700dc72dcb6a28383d9cf300e78278cf6f165d5a7cfa6fef66e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC3BE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC4BB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\gta 6.zip

Filesize
104KB

MD5
f94823c43e1fb3189595a81f945e8af4

SHA1
16477645bb078f93f5e6053396e0621b20d3474c

SHA256
7f45713eeae793d9773764e89460f2eda5f1b9b3f8701f4d30343be51f197d02

SHA512
922a0851b035de62067727a8dbf3189c398457288d545f48c882d71978647e5c2586d3f1b49a96169a812edaa7d41faf77504eb529be630303b9a57d2811a7a7

Download Submit
C:\Users\Admin\Downloads\gta 6\GTA 6\sound.vbs

Filesize
211B

MD5
b729bd5009f5585fd8aa1033eb9063da

SHA1
5a5291474008e11e3effce7a826f23914128f530

SHA256
20e71b53362845b9fccdfe4a2da72a942f9b95d0218c6c48c3cf30f0ac095f51

SHA512
044cf9aa3681f5dac588b0c7887141fd7488e01f66e6feb32b83d7f3c382ce0a6ed9e7118c6a92b92596593acb58324d02bfffcdbd9d92a9ca40a12058d1d05f

Download Submit
memory/280-1642-0x0000000000550000-0x000000000055A000-memory.dmp

Filesize
40KB

Download
memory/280-1643-0x0000000000550000-0x000000000055A000-memory.dmp

Filesize
40KB

Download
memory/280-1537-0x0000000000550000-0x000000000055A000-memory.dmp

Filesize
40KB

Download
memory/280-1569-0x0000000000550000-0x000000000055A000-memory.dmp

Filesize
40KB

Download
memory/280-1568-0x0000000000550000-0x000000000055A000-memory.dmp

Filesize
40KB

Download
memory/280-1602-0x0000000000550000-0x000000000055A000-memory.dmp

Filesize
40KB

Download
memory/280-1601-0x0000000000550000-0x000000000055A000-memory.dmp

Filesize
40KB

Download
memory/428-1550-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/428-1607-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/428-1540-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/428-1513-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/620-1608-0x0000000001D00000-0x0000000001D0A000-memory.dmp

Filesize
40KB

Download
memory/620-1618-0x0000000001D00000-0x0000000001D0A000-memory.dmp

Filesize
40KB

Download
memory/620-1619-0x0000000001D00000-0x0000000001D0A000-memory.dmp

Filesize
40KB

Download
memory/620-1645-0x0000000001D00000-0x0000000001D0A000-memory.dmp

Filesize
40KB

Download
memory/620-1684-0x0000000001D00000-0x0000000001D0A000-memory.dmp

Filesize
40KB

Download
memory/620-1649-0x0000000001D00000-0x0000000001D0A000-memory.dmp

Filesize
40KB

Download
memory/620-1663-0x0000000001D00000-0x0000000001D0A000-memory.dmp

Filesize
40KB

Download
memory/620-1662-0x0000000001D00000-0x0000000001D0A000-memory.dmp

Filesize
40KB

Download
memory/620-1683-0x0000000001D00000-0x0000000001D0A000-memory.dmp

Filesize
40KB

Download
memory/620-1644-0x0000000001D00000-0x0000000001D0A000-memory.dmp

Filesize
40KB

Download
memory/1044-1336-0x00000000022C0000-0x00000000022CA000-memory.dmp

Filesize
40KB

Download
memory/1044-1530-0x00000000022C0000-0x00000000022CA000-memory.dmp

Filesize
40KB

Download
memory/1044-1532-0x00000000022C0000-0x00000000022CA000-memory.dmp

Filesize
40KB

Download
memory/1044-1338-0x00000000022C0000-0x00000000022CA000-memory.dmp

Filesize
40KB

Download
memory/1044-1337-0x00000000022C0000-0x00000000022CA000-memory.dmp

Filesize
40KB

Download
memory/1044-1531-0x00000000022C0000-0x00000000022CA000-memory.dmp

Filesize
40KB

Download
memory/1044-1533-0x00000000022C0000-0x00000000022CA000-memory.dmp

Filesize
40KB

Download
memory/1220-1688-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1220-1689-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1788-1166-0x00000000021F0000-0x0000000002200000-memory.dmp

Filesize
64KB

Download
memory/1876-1694-0x0000000001D70000-0x0000000001D7A000-memory.dmp

Filesize
40KB

Download
memory/1876-1685-0x0000000001D70000-0x0000000001D7A000-memory.dmp

Filesize
40KB

Download
memory/1876-1693-0x0000000001D70000-0x0000000001D7A000-memory.dmp

Filesize
40KB

Download
memory/1876-1666-0x0000000001D70000-0x0000000001D7A000-memory.dmp

Filesize
40KB

Download
memory/1876-1718-0x0000000001D70000-0x0000000001D7A000-memory.dmp

Filesize
40KB

Download
memory/2020-1567-0x00000000022C0000-0x00000000022CA000-memory.dmp

Filesize
40KB

Download
memory/2020-1515-0x00000000022C0000-0x00000000022CA000-memory.dmp

Filesize
40KB

Download
memory/2020-1514-0x00000000022C0000-0x00000000022CA000-memory.dmp

Filesize
40KB

Download
memory/2020-1551-0x00000000022C0000-0x00000000022CA000-memory.dmp

Filesize
40KB

Download
memory/2100-10-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/2104-1626-0x0000000000470000-0x000000000047A000-memory.dmp

Filesize
40KB

Download
memory/2104-1545-0x0000000000470000-0x000000000047A000-memory.dmp

Filesize
40KB

Download
memory/2104-1625-0x0000000000470000-0x000000000047A000-memory.dmp

Filesize
40KB

Download
memory/2104-1563-0x0000000000470000-0x000000000047A000-memory.dmp

Filesize
40KB

Download
memory/2104-1523-0x0000000000470000-0x000000000047A000-memory.dmp

Filesize
40KB

Download
memory/2228-1696-0x0000000000470000-0x000000000047A000-memory.dmp

Filesize
40KB

Download
memory/2228-1664-0x0000000000470000-0x000000000047A000-memory.dmp

Filesize
40KB

Download
memory/2228-1695-0x0000000000470000-0x000000000047A000-memory.dmp

Filesize
40KB

Download
memory/2228-1701-0x0000000000470000-0x000000000047A000-memory.dmp

Filesize
40KB

Download
memory/2232-1671-0x00000000023B0000-0x00000000023BA000-memory.dmp

Filesize
40KB

Download
memory/2232-1700-0x00000000023B0000-0x00000000023BA000-memory.dmp

Filesize
40KB

Download
memory/2232-1670-0x00000000023B0000-0x00000000023BA000-memory.dmp

Filesize
40KB

Download
memory/2232-1660-0x00000000023B0000-0x00000000023BA000-memory.dmp

Filesize
40KB

Download
memory/2328-1627-0x0000000001E00000-0x0000000001E0A000-memory.dmp

Filesize
40KB

Download
memory/2328-1654-0x0000000001E00000-0x0000000001E0A000-memory.dmp

Filesize
40KB

Download
memory/2328-1610-0x0000000001E00000-0x0000000001E0A000-memory.dmp

Filesize
40KB

Download
memory/2328-1668-0x0000000001E00000-0x0000000001E0A000-memory.dmp

Filesize
40KB

Download
memory/2328-1667-0x0000000001E00000-0x0000000001E0A000-memory.dmp

Filesize
40KB

Download
memory/2328-1611-0x0000000001E00000-0x0000000001E0A000-memory.dmp

Filesize
40KB

Download
memory/2328-1692-0x0000000001E00000-0x0000000001E0A000-memory.dmp

Filesize
40KB

Download
memory/2328-1655-0x0000000001E00000-0x0000000001E0A000-memory.dmp

Filesize
40KB

Download
memory/2328-1656-0x0000000001E00000-0x0000000001E0A000-memory.dmp

Filesize
40KB

Download
memory/2392-1609-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/2392-1686-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/2392-1650-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/2392-1653-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/2392-1652-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/2392-1651-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/2392-1687-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/2392-1623-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/2392-1622-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/2392-1665-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/2504-1534-0x00000000022B0000-0x00000000022BA000-memory.dmp

Filesize
40KB

Download
memory/2504-1546-0x00000000022B0000-0x00000000022BA000-memory.dmp

Filesize
40KB

Download
memory/2504-1629-0x00000000022B0000-0x00000000022BA000-memory.dmp

Filesize
40KB

Download
memory/2504-1564-0x00000000022B0000-0x00000000022BA000-memory.dmp

Filesize
40KB

Download
memory/2568-1475-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/2568-1543-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/2568-1547-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/2568-1489-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/2568-1477-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/2568-1488-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/2568-1542-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/2568-1473-0x0000000001C90000-0x0000000001C9A000-memory.dmp

Filesize
40KB

Download
memory/3000-1620-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/3000-1621-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/3000-1539-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/3000-1606-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/3000-1538-0x0000000001D60000-0x0000000001D6A000-memory.dmp

Filesize
40KB

Download
memory/3036-1614-0x0000000001DF0000-0x0000000001DFA000-memory.dmp

Filesize
40KB

Download
memory/3036-1646-0x0000000001DF0000-0x0000000001DFA000-memory.dmp

Filesize
40KB

Download
memory/3036-1630-0x0000000001DF0000-0x0000000001DFA000-memory.dmp

Filesize
40KB

Download
memory/3036-1631-0x0000000001DF0000-0x0000000001DFA000-memory.dmp

Filesize
40KB

Download
memory/3036-1613-0x0000000001DF0000-0x0000000001DFA000-memory.dmp

Filesize
40KB

Download
memory/3036-1669-0x0000000001DF0000-0x0000000001DFA000-memory.dmp

Filesize
40KB

Download
memory/3036-1658-0x0000000001DF0000-0x0000000001DFA000-memory.dmp

Filesize
40KB

Download