strela | a8982034b8745ca1dc3b8816b16961bf4e996c911c6411bca8530d8aea7e0610

Analysis

max time kernel
47s
max time network
85s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02-08-2024 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Gross Beat 1.0.7/setup.exe
Size

11.7MB
MD5

1287223e90507c1ac0bc0b60f1b039e9
SHA1

7853f575349907eabb0dcd190fe746eb1c1c8d01
SHA256

b13ade9fa58f96d8f03e4e241455c1af226d6b654e2ad48a8ae7d3a61f7ad64d
SHA512

b90117cee136da27aefe612c73284a9977fe836ac364afc68d7bb78ca6828efd21b60b2c9ba866a6bcf0479db1c64eef6fe06b4ca0ccb0f2d8a3e3b333361d2e
SSDEEP

196608:uRRS34smUEH4IXhxpMzHQCMFGfDQ5jSajl3clBg3j/cWnoCfrR1:uq/fRI9MzaGf0nl3cli3J/

Score

10^/10

strela discovery stealer

Malware Config

Signatures

Detects Strela Stealer payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000500000001960a-26.dat	family_strela
behavioral1/memory/2268-27-0x0000000004E20000-0x00000000053ED000-memory.dmp	family_strela

Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela

Executes dropped EXE 1 IoCs

pid	Process
1704	shareddlls_install.exe

Loads dropped DLL 15 IoCs

pid	Process
2268	setup.exe
2268	setup.exe
2268	setup.exe
2268	setup.exe
2268	setup.exe
2268	setup.exe
2268	setup.exe
2268	setup.exe
2268	setup.exe
1704	shareddlls_install.exe
1704	shareddlls_install.exe
1704	shareddlls_install.exe
1704	shareddlls_install.exe
1704	shareddlls_install.exe
2268	setup.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\gdiplus.dll	setup.exe
File created	C:\Windows\SysWOW64\msvcr71.dll	setup.exe
File created	C:\Windows\SysWOW64\mfc71.dll	setup.exe

Drops file in Program Files directory 33 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Artwork\Back.bmp	setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\wavpackdll.dll	shareddlls_install.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Data\Maps\Env filter - asymmetry.fnv	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Presets\Pitch shifter.fst	setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\SG.dll	shareddlls_install.exe
File created	C:\Program Files (x86)\Image-Line\Shared\dsp_ipp.dll	shareddlls_install.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Artwork\TB Small.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\IL Gross Beat.dll	setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\REX Shared Library.dll	shareddlls_install.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\uninstall.exe	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Artwork\TB Btn.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Data\Maps\Env filter - flat.fnv	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Gross Beat.chm	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Presets\Default.fst	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Presets\Flanging.fst	setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Elastique.dll	shareddlls_install.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Uninstall.exe	shareddlls_install.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Artwork\Demo.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Artwork\TB WP.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Presets\Momentary.fst	setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\LAMEenc.dll	shareddlls_install.exe
File created	C:\Program Files (x86)\Image-Line\Shared\oggio.dll	shareddlls_install.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Artwork\About.png	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Artwork\TB PrevNextBtn.bmp	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Data\Maps\Env filter - default.fnv	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Data\Maps\Env filter - small knee.fnv	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Presets\Patterns.fst	setup.exe
File created	C:\Program Files (x86)\Image-Line\Shared\Reverb.dll	shareddlls_install.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Artwork\skin.ini	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Data\Maps\Default.fnv	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Gross Beat.chw	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Presets\Stutter.fst	setup.exe
File created	C:\Program Files (x86)\Steinberg\Vstplugins\Image-Line\Gross Beat\Presets\Turntablist.fst	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	shareddlls_install.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x000500000001a4bf-147.dat	nsis_installer_1
behavioral1/files/0x000500000001a4bf-147.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2292	chrome.exe
2292	chrome.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeRestorePrivilege	1704	shareddlls_install.exe
Token: SeBackupPrivilege	1704	shareddlls_install.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe
Token: SeShutdownPrivilege	2292	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe
2292	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2268	setup.exe
2268	setup.exe
2268	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 1704	2268	setup.exe	30
PID 2268 wrote to memory of 1704	2268	setup.exe	30
PID 2268 wrote to memory of 1704	2268	setup.exe	30
PID 2268 wrote to memory of 1704	2268	setup.exe	30
PID 2268 wrote to memory of 1704	2268	setup.exe	30
PID 2268 wrote to memory of 1704	2268	setup.exe	30
PID 2268 wrote to memory of 1704	2268	setup.exe	30
PID 2292 wrote to memory of 2476	2292	chrome.exe	32
PID 2292 wrote to memory of 2476	2292	chrome.exe	32
PID 2292 wrote to memory of 2476	2292	chrome.exe	32
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2960	2292	chrome.exe	34
PID 2292 wrote to memory of 2600	2292	chrome.exe	35
PID 2292 wrote to memory of 2600	2292	chrome.exe	35
PID 2292 wrote to memory of 2600	2292	chrome.exe	35
PID 2292 wrote to memory of 752	2292	chrome.exe	36
PID 2292 wrote to memory of 752	2292	chrome.exe	36
PID 2292 wrote to memory of 752	2292	chrome.exe	36
PID 2292 wrote to memory of 752	2292	chrome.exe	36
PID 2292 wrote to memory of 752	2292	chrome.exe	36
PID 2292 wrote to memory of 752	2292	chrome.exe	36
PID 2292 wrote to memory of 752	2292	chrome.exe	36
PID 2292 wrote to memory of 752	2292	chrome.exe	36
PID 2292 wrote to memory of 752	2292	chrome.exe	36
PID 2292 wrote to memory of 752	2292	chrome.exe	36
PID 2292 wrote to memory of 752	2292	chrome.exe	36
PID 2292 wrote to memory of 752	2292	chrome.exe	36

C:\Users\Admin\AppData\Local\Temp\Gross Beat 1.0.7\setup.exe
"C:\Users\Admin\AppData\Local\Temp\Gross Beat 1.0.7\setup.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\nso23C7.tmp\shareddlls_install.exe
  "C:\Users\Admin\AppData\Local\Temp\nso23C7.tmp\shareddlls_install.exe" /S
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8869758,0x7fef8869768,0x7fef8869778
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1168 --field-trial-handle=1248,i,17390255074532756593,4598175040683224024,131072 /prefetch:2
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1248,i,17390255074532756593,4598175040683224024,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1568 --field-trial-handle=1248,i,17390255074532756593,4598175040683224024,131072 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2096 --field-trial-handle=1248,i,17390255074532756593,4598175040683224024,131072 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2292 --field-trial-handle=1248,i,17390255074532756593,4598175040683224024,131072 /prefetch:1
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1336 --field-trial-handle=1248,i,17390255074532756593,4598175040683224024,131072 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2248 --field-trial-handle=1248,i,17390255074532756593,4598175040683224024,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3648 --field-trial-handle=1248,i,17390255074532756593,4598175040683224024,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4044 --field-trial-handle=1248,i,17390255074532756593,4598175040683224024,131072 /prefetch:8
  2⤵
  PID:3016

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1608

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SetRestore.mov"
1⤵
PID:1744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef8869758,0x7fef8869768,0x7fef8869778
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1232,i,4697078458067947690,11706324522256957984,131072 /prefetch:2
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1232,i,4697078458067947690,11706324522256957984,131072 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1232,i,4697078458067947690,11706324522256957984,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1232,i,4697078458067947690,11706324522256957984,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1232,i,4697078458067947690,11706324522256957984,131072 /prefetch:1
  2⤵
  PID:848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1400 --field-trial-handle=1232,i,4697078458067947690,11706324522256957984,131072 /prefetch:2
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3228 --field-trial-handle=1232,i,4697078458067947690,11706324522256957984,131072 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1232,i,4697078458067947690,11706324522256957984,131072 /prefetch:8
  2⤵
  PID:2236

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4af14b992d16a9097ddb4009c70b96b9

SHA1
2606b4a060c324c2048ea8d54374d4f2402886eb

SHA256
6ed45c34d54bb5f6e8b2a14aeb78406c243ca3d5eecd7a00089957e8c98dc7ce

SHA512
3d7642f60e8a54040b80872747cd6f37017c77ad3ec3f4370fe5641f8a0b76ffbf59f6592f9851d35ee192789b525e2e20d9cabb4c52f00cc08ea3bd94fa8987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
45330ebe44fe96c51a034df9418d12a8

SHA1
d4d0fc0ebd3eb46bd1df5323ff962bb52d64d7fa

SHA256
f05447b05337e1864274df06cbe7114c6316d72929ff83793c1f2bc4350ad4f0

SHA512
2939f74108dbc5bb14ac1254b3c8cd5c7bb1e31d7d5ffbf52acfff2e4005c389d9b128f6409f5cbafd5cae8c7dbf51f83b5e562fdefc26332eaf61d0213e568e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
37c5b0bc6c121a9f9153730817c19cae

SHA1
e0593c57b2841fd73ff35c0624fc5c5663f864f4

SHA256
9d60bbdd78227a0a70c2bc21374d40aa5dde13919bba8cb8c6d74b7ff3ea7d05

SHA512
94ae8d42fc3b0bc361588779a451e59535aa9fdd7264811f94f124922e033124c160620aad1bc965b22bcfec33cec3e85e95f534f93b33ee12dac4cb8dc38d27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
d5f038c21d5fcd09a9f4e4d7e1782b87

SHA1
9a2c0a30a20680b0c4bd3110a16e378a6c8fe8de

SHA256
adcdae9a9f2e4cdeae53eae119ac9df97a3fab7ad085c79f958c8fc5cd1a548c

SHA512
f6732e4ba509f911930d6d796dd22ae62334e3fe2b6fdeb1ac1f29b5dd281aca72aafe2c6a38693fa9a072718c1c5f31c2b1422c77052b879d0d228594fd2635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fe25ba1b4d7618b19676c02572192078

SHA1
62c08265e4e568f2d82621b471cca95474dbeacc

SHA256
cf454b44b946fdf96ed8bfc0bdda42aac5c77df41902b6ca2630496bf65e3ecf

SHA512
6d21c7d22f202ec7fb3307c897a5b237f22268f6e1d46feebf7a0d92448b93fe7ae5e76adae8351fe58ec7590c6e4aba9f4533bb5fc28e2d598bfdd91f4e99e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
65ab99f4ead63192ccd46049bd87a9f7

SHA1
9c002d3e634088f6f3168b86ba0cbbda2d5ef273

SHA256
abae8b9e3a864d053ef7cd9da25610afc8e5e3be30494500969de589114fc145

SHA512
6403b278d999ed7606f72a630739cd535130b05f5c14bdf3febfbd77af3710e76881505be47b8ad44f6a94e1e21587b28dc064c0b514ef3ea8fe5fdf874fc2ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13367091194516400

Filesize
3KB

MD5
bc4b3b1809f0841122fdd927b6d5f8a3

SHA1
8f972daaff421ff87ddd98b9c80effafccd6bfb5

SHA256
671f20ea50291f1d4de3a2d81f1ffc998c79ba0f1bd16d719a1912af7fee77f4

SHA512
f0ad06c0865a545b99a7b697284a8f4582d64d1acd0ebad05f82af1fca8bd2c99683d2d3f4e9261890d2b22e13acd19a009107110398bb65b98c138ffb7352b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

Filesize
72B

MD5
8fc75c4cfa772c2260037cdd40993511

SHA1
b4846596259b648ecee46290b78c2dd2481ac001

SHA256
bb62c5526acbfd253b158841640b2f642fd8ba2308512b8dd226cda300abe7ac

SHA512
acc3b8eb9337210ec784d9a8bca9a9059177aa6f24db611c0cdafd1bb6bda36cc71bf6f5573d2e9896b414a7f89666ebed7717272d3362b849b8f3a9a1038de9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
1c56ff72328c19cd6761f2296f37a171

SHA1
e2dfa67e5593b1b3a4b2230a819924eb0e6a20a2

SHA256
432f84fd59d615445fa287dc2c8be3c14fec42562dd0ef9d916564c771b1f15a

SHA512
a93909ec1bb2b560b46b973b4279a71abf8c5d4debb116aaea1970507e11b97d1203d76ce4cf9fafb38f8fe69e84eaf9ab2f9898ee0830afe3e28660b37b31a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
e6305367badace56469a80ee5699626a

SHA1
43c630767f2e7b53541f007d12fc152bb0dd6b42

SHA256
c6bb8753b375eb83740a84710049bc0bdf3c9a16aa79089976b97c8e844378fc

SHA512
368a6ffbbe92d1ae144e140f3e9202116905656d295e95fec8032861b4dd7618df29c9c520981078a9cee35e73f22a204f39e531abcb6bec5cbabb46c420d0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
90665348e754e2e24efebdb080703c9b

SHA1
0a212ea41a1453dee445bf3f9773711e0cbfe3ab

SHA256
cadbab74d5731b950589e2c1430f3c0bce3adaea5896690ff3457012a9de30c5

SHA512
9c724f4d0872d546eb9a4852297f669f0523bbce098343ee9dcc6bcb4507508d884d3343b06ac3ac53ba82c4d753899a63a7aa5a7b8f28d615f30cf71e5cb605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
371e8c30605fcf41993f869fe2dfa902

SHA1
9f08cad678de2d1862a13c7d5ae520698f765397

SHA256
d1826fa72f09c8edfa6f876cd471ca98dfec71eced6086859ac2e961ccd7d5ac

SHA512
9b941a600c602bcd8f1687fbe1baec94013d30f02ab386884f16b0603d366ac299c2017ffb5fffab7b835f8f5cf2b3d1d106963338a706d0f4dfab1be5c23cb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
03d881fc5a4ab4013bd1b30988abb179

SHA1
9ad861569715575d7b676e5683b14dd3cffec304

SHA256
5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8

SHA512
29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
3390511cb6ef0e91b9fbfcd97d539fc9

SHA1
9532161e0d8a7cb6d10e4d404a14e1db420fc459

SHA256
8cbf73d9cec3b7d2bcd987558025e47b1069cf93b6c8621360432a8ab01c324d

SHA512
ad452fc31c093932b8c745115df5f0e368990d74a0f06648add57d7d12c5b663b3fb0642aa90719817f49b7ace9f6a7152cd0848b8f1ccc9191f9885aea00913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
d3589f09a2d4ddeaaf4883b73e059538

SHA1
f3716f906add689d715ac6aba3cb87ae989099f7

SHA256
cb90bcca0b2e88593d4a0a8a51fd22ff060af07ad0ba00eebc15c75392c67d1f

SHA512
725438ec91a7c2ddbb6cc9425fc36a9b472db151e7d18da65b9b88924d9f137c859eea79d230522688645dba1352e9086200d5bac606f43c1a34aa41988379e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
487B

MD5
ce0ac7f28f8c2e482bf58aed8ce9b916

SHA1
5315d0aad1430198bfbaf14d4487c8f21ee2a22b

SHA256
4713dae1566fda90d310a20e6b5a0740cbf35224c9b9f6b0fd55bd4a87a84a5b

SHA512
8b78f49eefc5f98970342727787d52ffa918102fbc27b597f4c4e98fbe5d81031521e017ea3880ee9fb9a71cc7e5965fbb110021346a8b287e6f36165cf6feaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
189B

MD5
9c8f66ef4de6c5c27aa0c1f0360dd4f1

SHA1
3f0ccd03d483498ca8ee6bfc6b0b2ade57f1ced3

SHA256
a5e6642565b36daa9416013bccebc9584217b0813e77e4c07ba5dfb290ae53c9

SHA512
75dc0b11c1dbbaf6f42c1f183fa49f6f8343390de0f6f73d1dcae85c4227cdbc61952eb7bfb47ef94716eadf34171a2607e7ce590bc7d0099bd1f939b501531f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
2828867a64e08765209cf577eaa3e913

SHA1
55b9b73cf10b51617db4d3fcc0c0422eade53e6e

SHA256
1b1133c59de505ae325526dc1c3ca13cd1552c44de6078a7702fd983cab38cb8

SHA512
2ebff2c0b09682d0aa5a97d6314842bc4deb42560605d42df896e059ed9a18cc819e495dc9e9ad3456a742f612d190cda55a2e3c5d9f881f21544b1946ba93f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
61c22786fd625f0e68e668ce2f2f4069

SHA1
5e63f1ded1fbfcdb004da5f4bd9b9d3f41eeb0ce

SHA256
2c0248caa9603b6782ba43028b036445216782ceb6c3bc93f1105030f828e396

SHA512
7fd9cc680048d8e4730cd360836979d4f0f54666f9cea87018e0b6602ae707503a62b84bde1a701410694e434c26dc2faa85e7a2d54d989b6464f0161248febc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
318B

MD5
38a3f4d65b94c80f5e9ada91907fa647

SHA1
d9646067b605f70d7020f159f21b7c24ae12b8c1

SHA256
1533c63743b071587530c069649d6daa35d3d774d6f7299fd881b84849e22c1a

SHA512
903ed558a53b09f9a6653fd577cb5a7ca4884ffd1e67f9b09c2f132bdaabda285b0fcb4a120049cb9917074362b5c5a0c28e787521d6c945d6bc1db340a689a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
e2276d84736674dd22b1f1ed31fca2b2

SHA1
07aa6c024c36382f52d3776317e3cef32d240648

SHA256
ce7f40313215120ef8cc8fab84ccd71b855ec36d226f1c325bd6f288f0123fd6

SHA512
0e59d04b664049f8c25c4f64a3f446f22a0ac6a80246fca46625b76eedb3b62ae651e10847c3aa36c06b87a77ce8949b816461274b75274e07e59bda07aeb155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
692eb547eff3815879380aec4e97cd69

SHA1
c4c38df96d3351eb4f478fc7814ca7f66640fd97

SHA256
5352f17b5c102aaeb19e7a31a45968b2f102c1811a19fdd75edbb64945b0a12d

SHA512
34d59a298b833ef1971b835477d57494522af8e5e7c66a26a812a997c75e98e3e3674140f6906fb2914712a0649b6588d1f67fcb751057af219ceac7cf8692b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
317KB

MD5
e18f2610be00135a28400cb811938ee3

SHA1
bcfad7cd5ec3aab50ced728d3f5b5b1553360511

SHA256
62b3f2acde215a01fb605589acba1d46021242ff173181de1bb23774a8dfc06d

SHA512
21b61ba606ca6b8368c3b5feb61d68ba7529379f368b67b4049eccad4362ecbc3e8e7cf3bfd966c506e9d740d56ff03cee467fb68f55ff92243f5ddb5bb0a71a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\af041b01-4b49-4b24-88e9-b751867fb7a1.tmp

Filesize
317KB

MD5
c072f44acd41fc531dc4bf9a9e5db090

SHA1
73e2e3aff4288f2bc021e04ddce657c5728c5da7

SHA256
a9039071b42d84452bd9b5a4100d23995bda933abe7063948795dad8c450ef59

SHA512
00c401016000a502577bef8be8ce1a1b2f55908a20c7e06fca4f600ec28e65b2db2e630f60dc3f064bc97d301f1bc98a3938a17256cefa8e17c58ff0e087577a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso23C7.tmp\ioSpecial.ini

Filesize
564B

MD5
fb0315a4730d12510152f742ef87e68e

SHA1
7b023591583fa6e31833a121e9a91b23d0a7134f

SHA256
536aaa5f293b17c7ec99f223b06774ccd1d227e1970e30f8df72255677ef7664

SHA512
53c640ed880978056acc426061035b75e35e39b999a1bac9803ca61cfb00e0c7397394f7ab0cd96d2d5eac13f3899c6772090727b72ff80d69d662274f5601ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso23C7.tmp\ioSpecial.ini

Filesize
702B

MD5
964387b1a18209bbd903f5dd1566c7cd

SHA1
1b3736b044ef1bf28b19f671ec2353330a293d6c

SHA256
5d5d4180040f508c1c844a7a24f8067ac3b814aba402e54145243c69e2627b99

SHA512
9d7dce4dd1e7e15ab25fca01316335cac6cb6e31481fc4d38410ef1acbc8f56135c6f8c67e98966877ce8854cde93616e6f680ff5cbbe11d8180f774868c186b

Download Submit
\Users\Admin\AppData\Local\Temp\nso23C7.tmp\AdvSplash.dll

Filesize
6KB

MD5
13cc92f90a299f5b2b2f795d0d2e47dc

SHA1
aa69ead8520876d232c6ed96021a4825e79f542f

SHA256
eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb

SHA512
ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3

Download Submit
\Users\Admin\AppData\Local\Temp\nso23C7.tmp\Bass.dll

Filesize
101KB

MD5
a8af308ff01b4477657955fbf0cc8408

SHA1
0794c059f0326e4a71be8a3ee4ac17a657d90d88

SHA256
14a38f56be50a3829eb1eda2a908da2de5913f81d5cb01d8b668593d0fc36594

SHA512
9e221967db95d4b86bf311891193dfd1515806aa0d43198d3bc26a17d77f06f212ab9dba1ca8575f50d224380e8b109529faccf2f56daac834da83a83677a0fd

Download Submit
\Users\Admin\AppData\Local\Temp\nso23C7.tmp\GetVersion.dll

Filesize
8KB

MD5
e013b625f5ae1e2f0b442cf39c0069df

SHA1
9ec785b63279144c091366badda65278c4cdee20

SHA256
16dd6da98b7e53d374830cd4c644c01b112955f8487a285f34dc0353e9cfac15

SHA512
306f7e674d119d129db48012c43f825bffabd078fac8518aea9d514b0787752a2e876bda2ad15df7332bfc8cfba38a0d1be17ee7c58a27e09678fce9aec58418

Download Submit
\Users\Admin\AppData\Local\Temp\nso23C7.tmp\InstallOptions.dll

Filesize
14KB

MD5
325b008aec81e5aaa57096f05d4212b5

SHA1
27a2d89747a20305b6518438eff5b9f57f7df5c3

SHA256
c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

SHA512
18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

Download Submit
\Users\Admin\AppData\Local\Temp\nso23C7.tmp\NSIS_SkinCrafter_Plugin.dll

Filesize
5.8MB

MD5
028251654a4d65509aa8ccb5f2ee284a

SHA1
4a4ad468a86df6b903002be4f8919017fea0c152

SHA256
8b25cf3f7aa82fadccb2ce615ce0e40c5a8a3ea7bc51180a92173ee113a0ccfe

SHA512
f252670bca0da9e8e2c519a6ef4ad6dd0c4e548aeb7566693a7d203e73e63345fc58683072020ef771d836429bed1d7b4fdf105aa3e62a969e9c8d39556e1d2d

Download Submit
\Users\Admin\AppData\Local\Temp\nso23C7.tmp\SkinCrafter.dll

Filesize
792KB

MD5
8fea8fd177034b52e6a5886fb5e780bd

SHA1
99f511388a2420d53b8406baed48ba550842eaad

SHA256
546dddc7a31609b5bc3dc8ecef6f6782b77613853c54171fc32314c08a69e8de

SHA512
5d82a3b9cf9d69049e6278a6d835b8a9a386c97ae9a69cf658675b0a8751a344d0da1ee704e9bb9023dab7cd77fdca684bdc90837960b583eef0bb4324498696

Download Submit
\Users\Admin\AppData\Local\Temp\nso23C7.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nso23C7.tmp\shareddlls_install.exe

Filesize
2.8MB

MD5
4fe8ff7f02020ea655944db5541722f3

SHA1
b5ff619c215529a4531337eef36167051cded658

SHA256
599c63aa0d0496363c7c99217e6c3d941125907cc4ea4c7d5d73c9b54e3deaee

SHA512
f4802d00d46c59882a1e1d3b8c0a43fd2ba4b22819d5417ad81cf4522e796176a920f81a6753e8297d49b3b0e60f3e1c27e4fbff2a6cc100d01cd0a39a75b4e3

Download Submit
\Users\Admin\AppData\Local\Temp\nsz622F.tmp\AccessControl.dll

Filesize
10KB

MD5
055f4f9260e07fc83f71877cbb7f4fad

SHA1
a245131af1a182de99bd74af9ff1fab17977a72f

SHA256
4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc

SHA512
a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26

Download Submit
\Users\Admin\AppData\Local\Temp\nsz622F.tmp\ILInstallUtil.dll

Filesize
94KB

MD5
e331583b908a92193e0be215611c7309

SHA1
937106392134173fa3cd640c66ceea5152028e3a

SHA256
be44e27e8b1c78a2696451c8afa21412136bea12bc033ff9d0251922b4c97631

SHA512
35602924859dd83f23c728446b84e2c89fe4fa83a33842e50e96b7442ab16205ce634643185d13e086253e79685f0fbbb6c474c057b061f566ff763cbbc7d240

Download Submit
\Windows\SysWOW64\mfc71.dll

Filesize
1.0MB

MD5
1fd3f9722119bdf7b8cff0ecd1e84ea6

SHA1
9a4faa258b375e173feaca91a8bd920baf1091eb

SHA256
385ea2a454172e3f9b1b18778d4d29318a12be9f0c0c0602db72e2cce136e823

SHA512
109d7a80a5b10548200d05ab3d7deb9dc2ae8e40d84b468184895eb462211078ecdcb11f01eb50c91c65a924f8e592cd63b78e402dcaea144ff89c11f2ab07d6

Download Submit
\Windows\SysWOW64\msvcr71.dll

Filesize
340KB

MD5
ca2f560921b7b8be1cf555a5a18d54c3

SHA1
432dbcf54b6f1142058b413a9d52668a2bde011d

SHA256
c4d4339df314a27ff75a38967b7569d9962337b8d4cd4b0db3aba5ff72b2bfbb

SHA512
23e0bdd9458a5a8e0f9bbcb7f6ce4f87fcc9e47c1ee15f964c17ff9fe8d0f82dd3a0f90263daaf1ee87fad4a238aa0ee92a16b3e2c67f47c84d575768edba43e

Download Submit
memory/1704-161-0x0000000002670000-0x0000000002691000-memory.dmp

Filesize
132KB

Download
memory/1744-496-0x000007FEF66E0000-0x000007FEF66F1000-memory.dmp

Filesize
68KB

Download
memory/1744-506-0x000007FEF52E0000-0x000007FEF52F1000-memory.dmp

Filesize
68KB

Download
memory/1744-534-0x000007FEF6870000-0x000007FEF6B26000-memory.dmp

Filesize
2.7MB

Download
memory/1744-533-0x000007FEF6B30000-0x000007FEF6B64000-memory.dmp

Filesize
208KB

Download
memory/1744-527-0x000007FEF4FF0000-0x000007FEF5013000-memory.dmp

Filesize
140KB

Download
memory/1744-535-0x000007FEF55B0000-0x000007FEF6660000-memory.dmp

Filesize
16.7MB

Download
memory/1744-524-0x000007FEF5020000-0x000007FEF5038000-memory.dmp

Filesize
96KB

Download
memory/1744-515-0x000007FEF5120000-0x000007FEF519C000-memory.dmp

Filesize
496KB

Download
memory/1744-514-0x000007FEF51A0000-0x000007FEF5207000-memory.dmp

Filesize
412KB

Download
memory/1744-501-0x000007FEF55B0000-0x000007FEF6660000-memory.dmp

Filesize
16.7MB

Download
memory/1744-508-0x000007FEF52A0000-0x000007FEF52B1000-memory.dmp

Filesize
68KB

Download
memory/1744-507-0x000007FEF52C0000-0x000007FEF52D1000-memory.dmp

Filesize
68KB

Download
memory/1744-491-0x000000013FF40000-0x0000000140038000-memory.dmp

Filesize
992KB

Download
memory/1744-518-0x000007FEF5070000-0x000007FEF5098000-memory.dmp

Filesize
160KB

Download
memory/1744-523-0x000007FEF5040000-0x000007FEF5064000-memory.dmp

Filesize
144KB

Download
memory/1744-516-0x000007FEF5100000-0x000007FEF5111000-memory.dmp

Filesize
68KB

Download
memory/1744-517-0x000007FEF50A0000-0x000007FEF50F7000-memory.dmp

Filesize
348KB

Download
memory/1744-511-0x000007FEF5260000-0x000007FEF5271000-memory.dmp

Filesize
68KB

Download
memory/1744-512-0x000007FEF5240000-0x000007FEF5258000-memory.dmp

Filesize
96KB

Download
memory/1744-513-0x000007FEF5210000-0x000007FEF5240000-memory.dmp

Filesize
192KB

Download
memory/1744-510-0x000007FEF5280000-0x000007FEF529B000-memory.dmp

Filesize
108KB

Download
memory/1744-532-0x000000013FF40000-0x0000000140038000-memory.dmp

Filesize
992KB

Download
memory/1744-492-0x000007FEF6B30000-0x000007FEF6B64000-memory.dmp

Filesize
208KB

Download
memory/1744-505-0x000007FEF5300000-0x000007FEF5318000-memory.dmp

Filesize
96KB

Download
memory/1744-504-0x000007FEF5320000-0x000007FEF5341000-memory.dmp

Filesize
132KB

Download
memory/1744-503-0x000007FEF5350000-0x000007FEF5391000-memory.dmp

Filesize
260KB

Download
memory/1744-502-0x000007FEF53A0000-0x000007FEF55AB000-memory.dmp

Filesize
2.0MB

Download
memory/1744-497-0x000007FEF66C0000-0x000007FEF66D7000-memory.dmp

Filesize
92KB

Download
memory/1744-494-0x000007FEF6720000-0x000007FEF6738000-memory.dmp

Filesize
96KB

Download
memory/1744-493-0x000007FEF6870000-0x000007FEF6B26000-memory.dmp

Filesize
2.7MB

Download
memory/1744-495-0x000007FEF6700000-0x000007FEF6717000-memory.dmp

Filesize
92KB

Download
memory/1744-498-0x000007FEF66A0000-0x000007FEF66B1000-memory.dmp

Filesize
68KB

Download
memory/1744-499-0x000007FEF6680000-0x000007FEF669D000-memory.dmp

Filesize
116KB

Download
memory/1744-500-0x000007FEF6660000-0x000007FEF6671000-memory.dmp

Filesize
68KB

Download
memory/2268-122-0x0000000002620000-0x000000000266D000-memory.dmp

Filesize
308KB

Download
memory/2268-13-0x0000000002620000-0x000000000266D000-memory.dmp

Filesize
308KB

Download
memory/2268-27-0x0000000004E20000-0x00000000053ED000-memory.dmp

Filesize
5.8MB

Download
memory/2268-35-0x00000000053F0000-0x00000000054BC000-memory.dmp

Filesize
816KB

Download
memory/2268-119-0x0000000002620000-0x000000000266D000-memory.dmp

Filesize
308KB

Download
memory/2268-14-0x000000000266C000-0x000000000266D000-memory.dmp

Filesize
4KB

Download
memory/2268-257-0x0000000002620000-0x000000000266D000-memory.dmp

Filesize
308KB

Download