Analysis

  • max time kernel
    299s
  • max time network
    301s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07-07-2024 14:07

General

  • Target

    sample.html

  • Size

    19KB

  • MD5

    a65b103f4183d5006848ce6a1095a001

  • SHA1

    92477b7241d9648080f1731405b5107a796ce50a

  • SHA256

    be4b1f18e4ac79c4768f01cac488759bdc3d9267c20419e0d897cfadf2fa8e00

  • SHA512

    eec554258172a09316883eb3d8369cac4947ca79021e5e77f68cc51cd7adfe9bd6cc72288b1045824df27d74e1eb909792bd0d7a393c144cc6d63a2e5f97b09f

  • SSDEEP

    384:jvIspY1ocy4d4lbGaosvhpNnv1hR1S2m0i3Y06Ib3Mfp1xCejiw:jvk1ocy4OEa3JpNv1n3i3Y06O363xPiw

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 3 IoCs
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 2 IoCs
  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\sample.html"
    1⤵
      PID:3020
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4692
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:2564
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3292
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff841c49758,0x7ff841c49768,0x7ff841c49778
        2⤵
          PID:2940
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:2
          2⤵
            PID:60
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
            2⤵
              PID:4756
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1816 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
              2⤵
                PID:3100
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                2⤵
                  PID:2536
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                  2⤵
                    PID:1128
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                    2⤵
                      PID:3780
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
                      2⤵
                        PID:2644
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
                        2⤵
                          PID:3856
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
                          2⤵
                            PID:2408
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4956 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                            2⤵
                              PID:3572
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
                              2⤵
                                PID:3684
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2952 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                                2⤵
                                  PID:4732
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5472 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                                  2⤵
                                    PID:1596
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=960 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:200
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3344 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                                    2⤵
                                      PID:1516
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5776 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                                      2⤵
                                        PID:1036
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
                                        2⤵
                                          PID:432
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5716 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                                          2⤵
                                            PID:2476
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3692 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                                            2⤵
                                              PID:4576
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:8
                                              2⤵
                                                PID:4692
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3624 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                                                2⤵
                                                  PID:3628
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3136 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                                                  2⤵
                                                    PID:2896
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5080 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                                                    2⤵
                                                      PID:1744
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4412 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                                                      2⤵
                                                        PID:4564
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4904 --field-trial-handle=2156,i,2196100685247780159,3116876765909754702,131072 /prefetch:1
                                                        2⤵
                                                          PID:880
                                                      • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                        "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                        1⤵
                                                          PID:3416
                                                        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                          1⤵
                                                          • Modifies registry class
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:772
                                                        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                                                          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                                                          1⤵
                                                          • Modifies registry class
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:4912
                                                        • C:\Windows\System32\rundll32.exe
                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                          1⤵
                                                            PID:1928
                                                          • C:\Program Files\7-Zip\7zG.exe
                                                            "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Gotham\" -ad -an -ai#7zMap8449:74:7zEvent2618
                                                            1⤵
                                                            • Suspicious use of FindShellTrayWindow
                                                            PID:4296
                                                          • C:\Users\Admin\Downloads\Gotham\6atManV1.exe
                                                            "C:\Users\Admin\Downloads\Gotham\6atManV1.exe"
                                                            1⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Suspicious use of SetThreadContext
                                                            PID:4664
                                                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                              2⤵
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:1584
                                                          • C:\Users\Admin\Downloads\Gotham\6atManV2.exe
                                                            "C:\Users\Admin\Downloads\Gotham\6atManV2.exe"
                                                            1⤵
                                                            • Executes dropped EXE
                                                            PID:4732
                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 992
                                                              2⤵
                                                              • Program crash
                                                              PID:3680
                                                          • C:\Users\Admin\Downloads\Gotham\6atManV1.exe
                                                            "C:\Users\Admin\Downloads\Gotham\6atManV1.exe"
                                                            1⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Suspicious use of SetThreadContext
                                                            PID:400
                                                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                              2⤵
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:1268
                                                          • C:\Users\Admin\Downloads\Gotham\6atManV2.exe
                                                            "C:\Users\Admin\Downloads\Gotham\6atManV2.exe"
                                                            1⤵
                                                            • Executes dropped EXE
                                                            PID:4356
                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 964
                                                              2⤵
                                                              • Program crash
                                                              PID:4836
                                                          • C:\Users\Admin\Downloads\Gotham\6atManV2.exe
                                                            "C:\Users\Admin\Downloads\Gotham\6atManV2.exe"
                                                            1⤵
                                                            • Executes dropped EXE
                                                            • Loads dropped DLL
                                                            • Suspicious use of SetThreadContext
                                                            PID:1536
                                                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                                              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                                              2⤵
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:4044
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                            1⤵
                                                            • Enumerates system info in registry
                                                            • Modifies data under HKEY_USERS
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                            • Suspicious use of FindShellTrayWindow
                                                            • Suspicious use of SendNotifyMessage
                                                            PID:2636
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff841c49758,0x7ff841c49768,0x7ff841c49778
                                                              2⤵
                                                                PID:728
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:2
                                                                2⤵
                                                                  PID:3628
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:3096
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:4592
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:2064
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:4208
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4444 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:1
                                                                          2⤵
                                                                            PID:3532
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:3364
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1852,i,13754004970137599584,5556673592543755779,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:3960
                                                                            • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                              "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                              1⤵
                                                                                PID:1580

                                                                              Network

                                                                              MITRE ATT&CK Enterprise v15

                                                                              Replay Monitor

                                                                              Loading Replay Monitor...

                                                                              Downloads

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                Filesize

                                                                                40B

                                                                                MD5

                                                                                c64929d71f8769929406b672778db163

                                                                                SHA1

                                                                                9dcbf05f8029ec6263ec43b6958a54626adb62d1

                                                                                SHA256

                                                                                b8d3e55babd999d4d2ada4cdae8d09b2b34321266395960c07ec811d08b91a0a

                                                                                SHA512

                                                                                9ce6eaea812713c9dc9de55875f5899b21b34e2fd09666590f0a4b3a4c6b3dcce382c5c1e73e01f4066c4b99024cda816ddb324701deabf2756c76e6f5977332

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                a33fa1ed260249eb0721f12c3bbf4bcf

                                                                                SHA1

                                                                                52daaaef80a4747d5f619b87e9bcec53b166a342

                                                                                SHA256

                                                                                24d5e3c0b9a50fae173b3ed44ec92e4f9104adb91145f838c9b025b9b1ce6c3c

                                                                                SHA512

                                                                                5eb4fba00dddcf6599fe5467f0432847f8d6737e175635ab2f1323afcac010ec8cb219b7a1cc64b8755babba2b5b1ab0e2140e7e5a27ee5bbebf995b50208db2

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                Filesize

                                                                                216B

                                                                                MD5

                                                                                ce5a99b7101febb29a9b50b8fa19e4ac

                                                                                SHA1

                                                                                28ab2a2cb013b4c2ca8011c220d8146c4295d6b0

                                                                                SHA256

                                                                                9a3ef5746f35752779ae8db3d5eca629744bbf433a210d708f7087deeef1d918

                                                                                SHA512

                                                                                df2c8ed7260e4b2778037f8387826ccb74fa8aa288dd140739f9b3bebe2f94d7625f6ba166a469d328925b2134083476857a6827d54db4cd33f42820817b9fb4

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

                                                                                Filesize

                                                                                52KB

                                                                                MD5

                                                                                18895874cd1cdfb91dd6d776c1ab33da

                                                                                SHA1

                                                                                10703e36fe51fafc4c617a74d8463dbf5af86b91

                                                                                SHA256

                                                                                1ab235ef75059a429f226db64ebc46af96496415635b792dae47036a850dac04

                                                                                SHA512

                                                                                81a9235af64807215ce68d2db7c0a21f6f3a9ede5142c2780bf3cb7c52131f73e5435f0a95ce23c24a979a16be2b6c461a6b1fb897cdacaadd3eab8739de766f

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                                                Filesize

                                                                                264KB

                                                                                MD5

                                                                                a15e58f9f2a8cf46f18a42abcfa7455b

                                                                                SHA1

                                                                                79e2788a326ec6b5bfe08fcb6dedb90f209a1407

                                                                                SHA256

                                                                                a4e95024689eb9bc42c055a09e9c8f95f8973e9983841c0a8f768891d4e51f84

                                                                                SHA512

                                                                                108bd845fd6b48670723f8ad72b057e9a387ad9c80472ddffafe7b1daa5fb0305768c7da3ca20ac7116eedfc7547fa74135396c85491d079a045483e7b42e2bb

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

                                                                                Filesize

                                                                                192KB

                                                                                MD5

                                                                                e4fd7d882019d4d17469b6dec52c1e16

                                                                                SHA1

                                                                                634d4af6b0812f79f085fd6599336c598bcbcad0

                                                                                SHA256

                                                                                574062cd506542944ddabd8362a55ae33286551d8489addbfda34d62d84b6222

                                                                                SHA512

                                                                                2b50e1c9dd287e2e21c8cf74f5eab4a4a784f2211c0eba95f69d51227e201d8097191faa6836eb79e1926b396ac0a6db52edef052af5c9d3c09cca0b84a7475a

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\330b9486-6807-4099-a738-768535fceeb7.tmp

                                                                                Filesize

                                                                                751B

                                                                                MD5

                                                                                4345442b4ed6c412597835ec7ea5e7d5

                                                                                SHA1

                                                                                8b297ebd4cbf36468c61b7800e4d34d27e4786ce

                                                                                SHA256

                                                                                24bbdd79fdc4c546d1e20b034ab9ea8826c278f2e8b718ff266b0a1a41387205

                                                                                SHA512

                                                                                4daf6702fade085638974ec38ad48ea63ff54e4cb68838c577f351ee8203429b52d0eec333cbdb185884b4190b05d5ba4565e62fec83bb641a5d50a244576bea

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                                                                Filesize

                                                                                36KB

                                                                                MD5

                                                                                04a323b4cd8c8ef50c5f3f30cea415b5

                                                                                SHA1

                                                                                e469bda23a4098002a1e3a11c38d87bacb883465

                                                                                SHA256

                                                                                1680f09fe8e64d1409a954c334783aeb0fa3b419b8f9303d48abe0a05e28458a

                                                                                SHA512

                                                                                5ffc5890eaab05d1d42a7a1fd10d8b8ef308e6996e6c80a8be4091da53a297f34fc7e574d48fe4794ab7a08bb898f22f12892ae7fce1ceca3ceb1b3f2393cc6a

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                0548a63cd7c58a32e97be292d7802079

                                                                                SHA1

                                                                                03de6178304821188306cfcff767a6d5055cc60e

                                                                                SHA256

                                                                                0e0833d52afa8cef769a220fff0919a12a2383246f086ed2e9f4bea0e27b01d9

                                                                                SHA512

                                                                                3fcd8b6dd634cdeda839aab3ebc9ef266b7463ff2fe989dbb32880831a1bf920ab4c07887af6a15184cdceb3e20851e008a95b2391dad69cbf4a7f4c1feb2e1f

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                Filesize

                                                                                12KB

                                                                                MD5

                                                                                a14536881d1589b88030abf50275ab2c

                                                                                SHA1

                                                                                d991e321c895484da5ec360f38f60295fefda0f1

                                                                                SHA256

                                                                                e190a53053671e9a05d80a868714cc74a3f17ba7f0ea2cfa4c708a2d6c115c7f

                                                                                SHA512

                                                                                c62f78eed030ad0cbf0e3ea046f78452e0fbb134c762e01c52c4e8e3e551c4d929b540c114d780d2c5206889b9a44d211d7a35390b53600e01ddc5d8c655d55c

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                Filesize

                                                                                1KB

                                                                                MD5

                                                                                3c36753c675fd0ab88ecfb9cca335520

                                                                                SHA1

                                                                                3ed7f26940f39c846afd3a353cb84233960a30d1

                                                                                SHA256

                                                                                cad3c8721307505bd8ce3b8093338e66c6bc662c08154f85cb0d9ed7e7e418a1

                                                                                SHA512

                                                                                26c4875b3a1a840759f636698204a744e37cff50bb6fa2ceb8ffd8b93a80ece6afcd8744691058159defb5f88e148b0942b47142b718285e76560cc8e071b5b5

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                Filesize

                                                                                369B

                                                                                MD5

                                                                                a48bad75dcf4c4fddca361728c0c4903

                                                                                SHA1

                                                                                2d1b74f4bef9128fbf82d57893e9203ce8101819

                                                                                SHA256

                                                                                b01eaa734519ceab594f1919fecb654f42dcfdbe9e5f447197f75cfe80f3d6d5

                                                                                SHA512

                                                                                1d52187903f760acc29f17f44217c2aa67fce3dbdc1975da38e2bad2386de116450f701ee567e8e726f751e25f559f9ad4cb7586b94f38c1ed4cae244c046264

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                Filesize

                                                                                539B

                                                                                MD5

                                                                                adf81777aa8b82e69c7c628ab36c065b

                                                                                SHA1

                                                                                3413f00aecbdba5202e307b94a4d39d073427708

                                                                                SHA256

                                                                                3f18c4434ac20027e18e311f3111233e9a29408118c2a27af593d910b6123c94

                                                                                SHA512

                                                                                8e70ff5382ff09b93a8ac0f603c5f392ceab3544f22773adc79a5429c062fc725fdad2345c7e4a80dc893ef71d5f3d00f5db3771cbb4952b49337176d1f455dd

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                Filesize

                                                                                3KB

                                                                                MD5

                                                                                0c41e1485224d350428e88f49a51fdf4

                                                                                SHA1

                                                                                81c73eee9b0bc4064ee904ace7c3961615d2942f

                                                                                SHA256

                                                                                121e9a8d09d4894f5ddd67d5652f6f0ec18988592fb23fd819c153aac400fcef

                                                                                SHA512

                                                                                00559e0ce8bd902171e599a52020fb1e2dc5884bca0cd1847699b20a5e2da13e2681e62761ab9317b5bc349371ec96413d35ccfc4f7d131914cbe6c092c1e5c4

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                Filesize

                                                                                3KB

                                                                                MD5

                                                                                b4ca888f75a6a9f37a6bd1127591823e

                                                                                SHA1

                                                                                b992e9f4ccfec70193f71d081efcd5f213f3d552

                                                                                SHA256

                                                                                7c80c9d2aa963e8436f0281b921a9506d0b2626fbc056da9c5089735804b030f

                                                                                SHA512

                                                                                0128e7ce16154f886c4894baac338432a52cf8044089004f0e649ccd2ea1007803f20ab86928b93fff49b705beb71349df00b311aebba11d17e16f484795ccf6

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                5bd0f265cc14af43e7480b38717a434d

                                                                                SHA1

                                                                                61e2cbd13d1a27d98dfb66eaf29f8062228e35b5

                                                                                SHA256

                                                                                c86286e1dea9bf32b887ad851adddd707d121e035c8f4e5a7b6bff6bbe6bba44

                                                                                SHA512

                                                                                33e199548b906ec22430475d9e674f053ed83bdaf964e82097882bc82cf878408abf88d6e5c34eb6d51669d18536c4c16bdd4d8273c3a9f6e5bc4a254911e349

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                b6a6ebde9b97bd9622be4311ea0b0f8e

                                                                                SHA1

                                                                                231c33226c4e25d7af999b6afb2d5767e545c0f7

                                                                                SHA256

                                                                                272403e2e1741629f73f5c60ce7a4f6ba23b7d804a05ab499f8795566a1b4eeb

                                                                                SHA512

                                                                                6244594f9755dac6d637a67db62426123de18123cd7becfc25948ec30f9ba073a67a39493c34db9912288a7597526b906d670ca5b99df61a83bde3498f1c0d7c

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                e4e795ef3ec7a6897f83b8ef1f8274b1

                                                                                SHA1

                                                                                56e60743433fe8d4129e5977b5933a5e23a8446c

                                                                                SHA256

                                                                                a3b3bfcd0bbf90ad9fb329f389c2c02db229a00be7a8fa3c52b3f7717bb44468

                                                                                SHA512

                                                                                a1a00b1b4e0ae3e48131ee0274ae5c103999981721d8d476d66c0993e054bbd5f7d979cdd7988395f91363d786da786c167c598be882634a736e028959d94882

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                8bd88bd624dea2d6108b47bccb123246

                                                                                SHA1

                                                                                72e5069ca0bdbc207912d3ed62df83999550e44a

                                                                                SHA256

                                                                                fc7051cd043ad08389f51bc9b41e2e5c2b4dac54eb569b53694e39d0610fe8c7

                                                                                SHA512

                                                                                f5bf6229d093f9a53637888dbdc963aab6a60454fba2f085588ae903ab24f8a64d9652d97edb4ba296e537d92123561ae288beeee546ebf33c217d10621e0087

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                9b27a62df6638d1826a4ec9ade160ff0

                                                                                SHA1

                                                                                daa230c7d3f8595a9bc3ac6e8ad24529369ece0c

                                                                                SHA256

                                                                                6e6e22916b88f74b9309562a97b87ded5883972fbf4e2525bd3d1cd219b5e414

                                                                                SHA512

                                                                                6c9bf0f9e25e1986d8b0be2d8571f4e0f9a0c3488f0a709970d0b1aa49cde0b53f4360448af1ba6192a2b76f61ffbbf5990e2434120e4dad872832934f7a1987

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                a90c73b206dbceed288b620db5c368fc

                                                                                SHA1

                                                                                84d1b49431cee59b4922618fc575f207b997af30

                                                                                SHA256

                                                                                3da3780f8b5651042a7ac8e27c75f45436a03fb8f3a77355f46dd7dd9176aeab

                                                                                SHA512

                                                                                8830d235624bfd975466f0999ae5dfe4f310f5eced0d3eef892268ebb5c8faa5840f5ecd53989288204895cebed0706a3954fe81eb96cf6674f5656b1c78f4c2

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                225da863db240e47c8fb21bb3e20360c

                                                                                SHA1

                                                                                45eca2392a1779aedf4425f13f677ffbd252627a

                                                                                SHA256

                                                                                f6a94032e86175292035fcc87b7ab2931fc4b7b6115b0a2caff197330d567999

                                                                                SHA512

                                                                                6c69a15fc90ed71834097a81c47c961b74c1b02e16e8ddf686f5b6ecc8fec6ced954823cdfc0141a7fa3f13c8c192a1bfc97544fbf80439da34e056d7d87d1c7

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                Filesize

                                                                                12KB

                                                                                MD5

                                                                                30ea8197fcc38b64ab1ef04b4f8e9ffa

                                                                                SHA1

                                                                                87729323e4b8046ae6f320219c9009befd62b866

                                                                                SHA256

                                                                                e12782c2ec3dd8b336b017fa8e12a4cec9aea81106dce751a8cf4722b9466cfa

                                                                                SHA512

                                                                                b7bbcde34bab8988505589ed0adf48e957d2d2cefb22c59b5fa0689141cbd4391a89c18b4b6043b665550ef9ba1516a0909b045ee2c5786ac83c4eba14a0e7bf

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13364834971005262

                                                                                Filesize

                                                                                43KB

                                                                                MD5

                                                                                8f80d912d0fb70ff702d79eac11613fb

                                                                                SHA1

                                                                                6bb488f8fbab3c3652c48d1198e4a50ad69bbaaf

                                                                                SHA256

                                                                                5f8d4ce8a1bf7a798c17f6fcd46c94b146c04aaa432480c68208814fefd21bc6

                                                                                SHA512

                                                                                d464e952a0dd159ed7157348e2c1b04cb6608e1725bfd358791c6a360506500f1e43665e9f272eb2b5705fd4f5768173c8d4aa32fc6c51a4f9de4c8882c7d3e1

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

                                                                                Filesize

                                                                                184B

                                                                                MD5

                                                                                d71395806a2ce6466686ccec852139e8

                                                                                SHA1

                                                                                ecad84a2d56c902d63cf57b9a75b8d941738c78e

                                                                                SHA256

                                                                                15750386611fe8f0448b6e00858597e92fce726554099151727db99dd7ed677b

                                                                                SHA512

                                                                                770030658685dab3d5e09b99546ee22787ba5b9dfe68e32a127b45769961f0c5f144dbaf027c04fd7f6fe0b2b871f88ef9d7e0607968184f815585c67ca794c0

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

                                                                                Filesize

                                                                                348B

                                                                                MD5

                                                                                12f30db6ad721162063d1f0d923dff79

                                                                                SHA1

                                                                                9cfe9db2aa990a6e03b43d05adb522db2732ba10

                                                                                SHA256

                                                                                41ce85887c17784d5a17c187aea408dfc60289e8fc7a8261a4ecb44decedb6ef

                                                                                SHA512

                                                                                2db7ff81608e520ad10423f563d1e74a5d7bc5509cf3c1ae841b92bcc4cb5a7a48953a366f8b2e71021eb9dbe48e7b4660b695228b66f0990238f82ab43b1772

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                Filesize

                                                                                8KB

                                                                                MD5

                                                                                9079226d2b1b999d16a7e7ea4b7136e9

                                                                                SHA1

                                                                                5d85b3c13516105cafc722d320c6ecd30a414a61

                                                                                SHA256

                                                                                b7064b22366097213c47a7b7f758378d927025442eff43b7dcfcbb0988a5f30b

                                                                                SHA512

                                                                                e6ae8772a7b8ce3cafba9e36bab93283589c49aa2ef6d7363de58f7d263c72d96f1f14440eff9be0ffb4829829a04deb8b4e491b9136efa05eff65202b17aa7e

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

                                                                                Filesize

                                                                                324B

                                                                                MD5

                                                                                eb1222e4c7a5825f438dc6bc7d3cf598

                                                                                SHA1

                                                                                8de0bae107450a3d72eeaec1ee5b11ab0d0cda5d

                                                                                SHA256

                                                                                aef7c2bcc6ade175c0454a4dbd0c73dbe32a0c3688807aba89156f8a6316d383

                                                                                SHA512

                                                                                ab23fa7649b33ae5c8c59362a4f813d6806057b86a098aa2326bdd7b72954c6039047ed344bf4232350fda6b31ebc5160cb2507c8b99286eb735ebb164b16409

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

                                                                                Filesize

                                                                                128KB

                                                                                MD5

                                                                                3df4e2a913df8e1a21f20bc7e2a1b0e2

                                                                                SHA1

                                                                                c6e5a8930122f463bdd54b9ecdf2e5168359bc9a

                                                                                SHA256

                                                                                59591893110458595be6a9d8802fafb5ce09c502f140c378538fe7386673b190

                                                                                SHA512

                                                                                3c1b01bd1c2a9ce8891c98211b67bdadd5028639ab6fe9c6bb6adb75870bf0914227113149a845864224e5c9bc17e7ac3bf7b4993926860977928612abc37b19

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

                                                                                Filesize

                                                                                14B

                                                                                MD5

                                                                                9eae63c7a967fc314dd311d9f46a45b7

                                                                                SHA1

                                                                                caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

                                                                                SHA256

                                                                                4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

                                                                                SHA512

                                                                                bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                Filesize

                                                                                287KB

                                                                                MD5

                                                                                f409b5adf51ce566304a13b3369aef77

                                                                                SHA1

                                                                                f524b5e36aa169b205b1d02ad34b1f7747e55b0d

                                                                                SHA256

                                                                                170abb7bdbd7311bfe4e392e1a7636871833620d563647a9459168554e4a5088

                                                                                SHA512

                                                                                7355e94a401a351373a4c6a145d8433893627b0fda59e04eebeb75d79611345b26aab102a461c9a4c3c6c25bf2e232982c5c1ded8b609f3e13fa454a2f678062

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                Filesize

                                                                                155KB

                                                                                MD5

                                                                                aa70919ae225ac755096061d84bd4585

                                                                                SHA1

                                                                                139fb1ea6878d3b449c01704554497fc8739dc88

                                                                                SHA256

                                                                                e8fbb46c1e0e487eec6c2db551aab3f1aedb982e508255bcb23d5ab30207e883

                                                                                SHA512

                                                                                553a3d77873c2b81f3aef4a80b4a8daee3dadf0506805c92983ba02c19757e0e50808da987bd61b6eb8c07a77811e67eb3ba794c2ba5c3b59310095447408d09

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                Filesize

                                                                                287KB

                                                                                MD5

                                                                                7154c3e126b2b2429f860869ceb712fc

                                                                                SHA1

                                                                                a71a6fa5162060cd6767b563b3e937140c00a058

                                                                                SHA256

                                                                                4a8bb16d5f68f1b4f71eeb6550306a3eadd48b02adbc8340f53d81bc0ea2bd1e

                                                                                SHA512

                                                                                e0fb0e8fc9faaab30e1efea330b0c11ffd224476707ea408c650f3e07b2bea17a4f67eecc0067671e193bc81bf0475b44ba4a1f681ea687be947e150a6f24bd0

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                Filesize

                                                                                287KB

                                                                                MD5

                                                                                394bed75b62fde45100a5a16505d826b

                                                                                SHA1

                                                                                aa049644a98f80b0d442898c8f5faec08d07af4b

                                                                                SHA256

                                                                                ff7b8eb93db78f1527938208ac562ed9a08418a0dfbc16e791d30c8a8ddd2967

                                                                                SHA512

                                                                                c53ef8b00c915edbf6425958da63a896b00af7d951cfaa6fd042ac33414ba11900985b4e253082f8f74e8dfad2fa96f1279d0e712e6252dc61a52e2bd6d1161a

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                Filesize

                                                                                287KB

                                                                                MD5

                                                                                abf4c530a3a047b138c04b2bf40811de

                                                                                SHA1

                                                                                1019e465fcc1d0e7250d02fd270114c9d01cf315

                                                                                SHA256

                                                                                943bc6c6b7c26907d5b60c93d9b87faccbc1f1854cf0a207e818c011bd412a24

                                                                                SHA512

                                                                                a93bcdc18a5e544ef0bec22784c9b695b2fa4d5094dd34f34f9daf1d85b453513ddf25f646e94a6ca724a9a618329e10a62286cf260f3fedbff98b01d18265dc

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                Filesize

                                                                                107KB

                                                                                MD5

                                                                                b975a143211c939025c9fb232791682f

                                                                                SHA1

                                                                                ff8ba34f1cf493ddc7f3555f05df67266baa1bae

                                                                                SHA256

                                                                                02f5ad1c90dc424aa61da1dca9911f34f587ec947883382944590af93da6a178

                                                                                SHA512

                                                                                f781649b5f56cbc7024c64ee89cb76a05ca12c1ccc9818a29b82fc2b6898fd20900f0472900b493c36ba7f5dfe263392ad31d625655efa71146b3ab61d75089c

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                Filesize

                                                                                100KB

                                                                                MD5

                                                                                db7701e338d33851e431f620fb2628e9

                                                                                SHA1

                                                                                a621b190bb713bf0ba96e01ec7831dea5bf4a077

                                                                                SHA256

                                                                                90a458fe497044ea98ba980a60c427f1d27e350e57dec7eaca89952cf0ae2914

                                                                                SHA512

                                                                                8491a9e04d4a92c656029a070e32c8845357910b11551d61a049312e3e5c180d15d99ed80139a2b94e4249aefa9490d95c517370e4d38a1440e89b3ea2868a14

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c994.TMP

                                                                                Filesize

                                                                                93KB

                                                                                MD5

                                                                                e3cb0a3774bb184de297d1b4e30e097b

                                                                                SHA1

                                                                                c9fc23c2e47ec89c7471ac63eef223475b087f9b

                                                                                SHA256

                                                                                7517af59ebc17f23a1c368553780c8448372d2e6a66eaa1e716d155cd9af520b

                                                                                SHA512

                                                                                1cf16c9e7ba9a7b84bd9fdc0b1c79c97d106eb316996300d0ca3b501e28fbc1ac5900e50c9d8c7eeab7c862c0831009593ef56fd575bc51d0912b8112698ad37

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                                                Filesize

                                                                                264KB

                                                                                MD5

                                                                                d8f4a4dc797a23c5c19ceafd1af19c85

                                                                                SHA1

                                                                                35141cd76addefa372573c726b6b3db402e42b41

                                                                                SHA256

                                                                                d05e40565911fc8218798ea2a8cc7fec054801eaf10e6e4572e1e926b84f8419

                                                                                SHA512

                                                                                407b2cc3f97cd8e076f4c20b6b14ca3059f65bb2e09277b2ed63292f02e9c0c22930ea17bb04ff558baa69c19a713fb1c044b02188e57693d711bca13ad9c02b

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                                                                Filesize

                                                                                86B

                                                                                MD5

                                                                                961e3604f228b0d10541ebf921500c86

                                                                                SHA1

                                                                                6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                                                SHA256

                                                                                f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                                                SHA512

                                                                                535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                Filesize

                                                                                2B

                                                                                MD5

                                                                                99914b932bd37a50b983c5e7c90ae93b

                                                                                SHA1

                                                                                bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                SHA256

                                                                                44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                SHA512

                                                                                27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\6atManV1.exe.log

                                                                                Filesize

                                                                                42B

                                                                                MD5

                                                                                84cfdb4b995b1dbf543b26b86c863adc

                                                                                SHA1

                                                                                d2f47764908bf30036cf8248b9ff5541e2711fa2

                                                                                SHA256

                                                                                d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

                                                                                SHA512

                                                                                485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSBuild.exe.log

                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                7f38048a5b4bb647a43e93df970417c3

                                                                                SHA1

                                                                                f7022125ba74f50d0d4515ca0b47ccc88c2f47e1

                                                                                SHA256

                                                                                81d8c4d06be3654f64a49a2effb3606bb48a37556f4db38a524033d9949915bc

                                                                                SHA512

                                                                                06adc7711a98548c94954546a4a547b2547d63d1f26351a58e17d38b73c02e54823daf99d9aae8311225c02bf9e2f40bbb903ff6707c3ddaa64b1caafbbe342f

                                                                              • C:\Users\Admin\Downloads\Gotham.zip

                                                                                Filesize

                                                                                5.3MB

                                                                                MD5

                                                                                b194d508d1ed553f7dbe01c16504e591

                                                                                SHA1

                                                                                7b8f9865e84ce2fae5f94b905f6f5ac70a9cb8cf

                                                                                SHA256

                                                                                776bd2ff315fc076de7a39a08b3e214887ad7aacdfaeff717bf7a70b46698b81

                                                                                SHA512

                                                                                59fb5b839b8ef210e2f7b76b01a271d022d86a316b1774bb4257d1c97d2eac7fb2479d3db715830b3f125f1322f10281eddb1b33c61b6d52f0e13a16c3b40099

                                                                              • C:\Users\Admin\Downloads\Gotham\6atManV1.exe

                                                                                Filesize

                                                                                660KB

                                                                                MD5

                                                                                ecfe3ce61735a65165a9d4cbfa1e3836

                                                                                SHA1

                                                                                7e39cb0f45e0f5e59f70f63375c2f67ebf64ba98

                                                                                SHA256

                                                                                8d939f5956930a6b0d4700a4cb1f47c8255588964dd09ad9c640c50634d187c5

                                                                                SHA512

                                                                                d878c55fd9108b62f24841cd587a70fa5efe9e640d88d227025132c5e75fb86dd73de490d924015c5c52f6fbc7d174a506df97668e314ed9f9a7c06b067a7131

                                                                              • C:\Users\Admin\Downloads\Gotham\6atManV2.exe

                                                                                Filesize

                                                                                574KB

                                                                                MD5

                                                                                a4c55c4d409ebe8ae7cf21d5ac49bc6f

                                                                                SHA1

                                                                                1ea88c261838f65c52b600ce5a1dd745f3646d3f

                                                                                SHA256

                                                                                df670585dba3923567610e24a5cf9b2d047f568adb24d3217e5993d69b949ec1

                                                                                SHA512

                                                                                0865ad047b4e974d43f714b965736d817ad350d58366aade0f66a24612db0ee167389dd6bcec8b3fe742208dbad0274a1c3c8914d573120d68773217cf2abf8d

                                                                              • \Users\Admin\AppData\Roaming\d3d9.dll

                                                                                Filesize

                                                                                584KB

                                                                                MD5

                                                                                02e781dec432bc79ed9ea859f88fc55f

                                                                                SHA1

                                                                                29092d756b3900b3084b74692aedc89c28661a66

                                                                                SHA256

                                                                                5b127cbc52c1f449ab4a861a653e199f77af5aaa337bf4c660d7cceaffdf0894

                                                                                SHA512

                                                                                863dcb40e16bd90c2288a661e760c25569ed8f79bef472a45ec98a3a1a1398195c20a62d7dba1830e8e2ffb09eed717676eb731ecea09f8fad43bd97970ea82f

                                                                              • \Users\Admin\AppData\Roaming\d3d9.dll

                                                                                Filesize

                                                                                437KB

                                                                                MD5

                                                                                b5db471287b28710acea74838ad7eb5e

                                                                                SHA1

                                                                                9daf5a065aa0bf9679807157486f8ffd689b28bc

                                                                                SHA256

                                                                                52e35ab2960c262e2cd70e6d94a02bda86223d08699d268ad872067e9eea0c67

                                                                                SHA512

                                                                                6b0f2cee9a15c2c2e9d02f638173c45b18a1bb74bc0ca5660d3874c0ed305810af51527ba1b41d06b4823904d2bb897c104606041cff9dfc6afb9f4af8b3aca8

                                                                              • memory/1584-1083-0x0000000009DA0000-0x0000000009F62000-memory.dmp

                                                                                Filesize

                                                                                1.8MB

                                                                              • memory/1584-1077-0x00000000081C0000-0x00000000081FE000-memory.dmp

                                                                                Filesize

                                                                                248KB

                                                                              • memory/1584-1080-0x00000000091A0000-0x0000000009216000-memory.dmp

                                                                                Filesize

                                                                                472KB

                                                                              • memory/1584-1081-0x0000000009220000-0x000000000923E000-memory.dmp

                                                                                Filesize

                                                                                120KB

                                                                              • memory/1584-1079-0x0000000008650000-0x00000000086B6000-memory.dmp

                                                                                Filesize

                                                                                408KB

                                                                              • memory/1584-1084-0x000000000A4A0000-0x000000000A9CC000-memory.dmp

                                                                                Filesize

                                                                                5.2MB

                                                                              • memory/1584-1078-0x0000000008350000-0x000000000839B000-memory.dmp

                                                                                Filesize

                                                                                300KB

                                                                              • memory/1584-1067-0x0000000005510000-0x00000000055A2000-memory.dmp

                                                                                Filesize

                                                                                584KB

                                                                              • memory/1584-1076-0x0000000008160000-0x0000000008172000-memory.dmp

                                                                                Filesize

                                                                                72KB

                                                                              • memory/1584-1068-0x00000000055D0000-0x00000000055DA000-memory.dmp

                                                                                Filesize

                                                                                40KB

                                                                              • memory/1584-1075-0x0000000008240000-0x000000000834A000-memory.dmp

                                                                                Filesize

                                                                                1.0MB

                                                                              • memory/1584-1066-0x0000000005B10000-0x000000000600E000-memory.dmp

                                                                                Filesize

                                                                                5.0MB

                                                                              • memory/1584-1074-0x0000000008700000-0x0000000008D06000-memory.dmp

                                                                                Filesize

                                                                                6.0MB

                                                                              • memory/1584-1064-0x0000000000400000-0x0000000000474000-memory.dmp

                                                                                Filesize

                                                                                464KB

                                                                              • memory/4044-1106-0x0000000006540000-0x0000000006590000-memory.dmp

                                                                                Filesize

                                                                                320KB

                                                                              • memory/4044-1103-0x0000000000520000-0x0000000000570000-memory.dmp

                                                                                Filesize

                                                                                320KB

                                                                              • memory/4664-1057-0x0000000002C90000-0x0000000002C96000-memory.dmp

                                                                                Filesize

                                                                                24KB

                                                                              • memory/4664-1056-0x00000000008F0000-0x000000000099E000-memory.dmp

                                                                                Filesize

                                                                                696KB

                                                                              • memory/4692-16-0x000001B8BAC20000-0x000001B8BAC30000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                              • memory/4692-57-0x000001B8B80C0000-0x000001B8B80C1000-memory.dmp

                                                                                Filesize

                                                                                4KB

                                                                              • memory/4692-53-0x000001B8B81B0000-0x000001B8B81B1000-memory.dmp

                                                                                Filesize

                                                                                4KB

                                                                              • memory/4692-50-0x000001B8B9C60000-0x000001B8B9C62000-memory.dmp

                                                                                Filesize

                                                                                8KB

                                                                              • memory/4692-35-0x000001B8B80D0000-0x000001B8B80D2000-memory.dmp

                                                                                Filesize

                                                                                8KB

                                                                              • memory/4692-0-0x000001B8BAB20000-0x000001B8BAB30000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                              • memory/4732-1071-0x00000000000F0000-0x0000000000188000-memory.dmp

                                                                                Filesize

                                                                                608KB

                                                                              • memory/4732-1072-0x0000000000AA0000-0x0000000000AA6000-memory.dmp

                                                                                Filesize

                                                                                24KB