8e95865efd39220dfc4abebc27141d9eae288a11981e43f09cbee6bf90347fe0

Analysis

max time kernel
357s
max time network
359s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-11-2024 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bunifu.Licensing.dll
Size

1.3MB
MD5

2b2740e0c34a46de31cf9da8a75d77cf
SHA1

242324f1112e6387cda41686291b6e9a415eeb8c
SHA256

a9be91cae167702885a5ca74273db779e3e391e2e604cc03779ed403c53ebe43
SHA512

605eb300b159e6ed2ee872b6ee378eed7dde6541000221fcd94d52057be91cb3c7dd65c7203f05e0718303b157b6fb941498b5e653501f97f0417d459da6bc40
SSDEEP

24576:ebkurkdR5uuMeiPUf2lHmdpjrcbYdwcqMw5LTvBrq/WGs1xGUfGUCco:a1roD9MeiUDDjrW4bqD5LDBrqWG0GUfX

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
78	camo.githubusercontent.com
79	camo.githubusercontent.com
94	camo.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1308	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe
Token: SeShutdownPrivilege	1956	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1308	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe
1956	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 2780	1308	chrome.exe	32
PID 1308 wrote to memory of 2780	1308	chrome.exe	32
PID 1308 wrote to memory of 2780	1308	chrome.exe	32
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2964	1308	chrome.exe	34
PID 1308 wrote to memory of 2952	1308	chrome.exe	35
PID 1308 wrote to memory of 2952	1308	chrome.exe	35
PID 1308 wrote to memory of 2952	1308	chrome.exe	35
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36
PID 1308 wrote to memory of 2704	1308	chrome.exe	36

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Bunifu.Licensing.dll,#1
1⤵
PID:1952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68e9758,0x7fef68e9768,0x7fef68e9778
  2⤵
  PID:2780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1220,i,13203207886604140546,13717030643099709820,131072 /prefetch:2
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1220,i,13203207886604140546,13717030643099709820,131072 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1220,i,13203207886604140546,13717030643099709820,131072 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1220,i,13203207886604140546,13717030643099709820,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2320 --field-trial-handle=1220,i,13203207886604140546,13717030643099709820,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1152 --field-trial-handle=1220,i,13203207886604140546,13717030643099709820,131072 /prefetch:2
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1456 --field-trial-handle=1220,i,13203207886604140546,13717030643099709820,131072 /prefetch:1
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3112 --field-trial-handle=1220,i,13203207886604140546,13717030643099709820,131072 /prefetch:8
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3668 --field-trial-handle=1220,i,13203207886604140546,13717030643099709820,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 --field-trial-handle=1220,i,13203207886604140546,13717030643099709820,131072 /prefetch:8
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3796 --field-trial-handle=1220,i,13203207886604140546,13717030643099709820,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3792 --field-trial-handle=1220,i,13203207886604140546,13717030643099709820,131072 /prefetch:1
  2⤵
  PID:2368

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68e9758,0x7fef68e9768,0x7fef68e9778
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:2
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1456 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:8
  2⤵
  PID:308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1556 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:8
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2768 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:2
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2992 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3444 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3564 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2248 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2444 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2424 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3956 --field-trial-handle=1160,i,11542624032762836088,18098019639617228869,131072 /prefetch:1
  2⤵
  PID:2140

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a789f07fb017a087bb5bf17cf18f4bd7

SHA1
bae3d70a34c576841f4c25741998214ddcebf19b

SHA256
c42610c12c816382d7ac6280a2d34688b0101785e70fc7493e3f3c09a395a7a5

SHA512
6dfa7ecf8ab6f2a533e5c5cdd68b423d78586e9553261ee35a57d655d40387b9dff7701909dbb08ba5e20261de7999553fe0617bfabecad21b3ee38657170f9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad43b372f421b610b6161d0b3556469a

SHA1
6080bb1dda4fe0327b62cfc34ead3eb5d02a7741

SHA256
b04d76ab3a8431cba8cc5a3aec86cf9997bb80e03d002139523dfa5988b1ac75

SHA512
40cf6f0c490b10252587b45a84de32886bd4104e18beacbc8f10d3824780dd840bc98b9421b4461d7829b5cab598f3da4ba5a1d7ed50775c14374c09182f3e4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2db8678f5a37f9b3feb04a726250a138

SHA1
1a60821f1772a46480f025199e6a76dcce1f4252

SHA256
b9bbf13bc994d9d342b102383ed87fcf016e9182e36495385a0d458feadec407

SHA512
6ef45eb866595fdda5f2a1008e584c8daf5604df35ce16d107ada4961fb0e1254623593d1000b909e7baaba8a15c1d25058cabbcd39e293f6373d1d1146fde06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\23956889-6238-40ca-bfb6-1858a8ded0c7.tmp

Filesize
178KB

MD5
f5fb99bf88bcb2a5de3d2c0cc89120a0

SHA1
65dc1ca1b0f5a10c7d214d6bc2c701566821cc0b

SHA256
aaf5d48616f8bedbe5947ff793561c219b02f0e1f49ed3e7ea42562be9fe85c0

SHA512
32a15dd4963a3b957d47fe04b8e448f7fd99ea8ab6005e218e44833b6f20595f2b7f32fa9f29d0a10395d77482e6f6f20a39fd0aad975a64546d6e07a9ba75ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6440e5b4ea3156744e4a29d42c8a2bd7

SHA1
da7b625fdca100cadf355ded3e112a57f8d25866

SHA256
c06f6986514f9e2a2853949c3809aa06a2d39594470ed4ffc77b5a9552565fb7

SHA512
960de88d405bccc917ad98c1cc04b9a3cb2daddd7a53ab5934e27e3bb2b1638dfa81688239db0910b53af711521a998a788ffabcdcaecf36caa0df2a31582d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
f3f89c2f0f2abeff0d35c3b73bb692cd

SHA1
fe25c7593e4ca0ad1b89ae1b7e751633677d9394

SHA256
e48db7c3efe0b367d514004bb86661da7abe4c8355b5dbf9ccf71dd8d9716bb4

SHA512
c6627097452476bc28672a5f043249801e233c250a64766a6f8557fccad0f8822985605081ebc1b339dcfc081ca4573957b3222dc239cd88f3a37c181dcecd33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
24b164e2fa8c396d1a2b5b7b21c131e1

SHA1
f0440ab473402bae44c61d790d06a6e1273107b0

SHA256
f46b2162540815f3881e9428654571491022f5eb60acfa7cfa5a694d98d62c24

SHA512
c3f5aea2a20a4e1b552e41b3a38a413e8b681130a22da7655bf5017dfe9e402b664ec7605a984f1d9d3701a5ba4ff2d41572837bf6b7185dbcccb27850a0ea3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
b07d7528cd61a19169a71b9d6934d98e

SHA1
37e8540854d874f0d5fdddcf59687bb0925a68d0

SHA256
a4ae031f02bd8c218b8c014aa343737986ba8ea0d7df4b6a19794e8887819299

SHA512
e111d0534e637bc3029ad613af4a98852a7aacbd34c1ac685922a8224ef05967c1686132896b52e18de5b9bc2b926b8cf378d55674944f6a786bbb0661c5b593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
9fd8c9c77c831b882140eb2ec8d04656

SHA1
81511781d6c5f21d429bb2912dc870047c236cb9

SHA256
d845740745cccb65f6f699d4b5e19ae22ab495bef228a257e3c51995ebdc6748

SHA512
90329feda473aa2d3af9bf484bffd25353b1039764884c673a5b55980ab421d9f59a43a41b466d0d1f6581de116fb3677489f64a9fd56c8d717424aab1df8946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9654a9c72f2acd0e3d59d76b1b6c9b73

SHA1
6ceadbec9346767b982014c36ac4dc46193e3025

SHA256
6f437d7ca754008430736d3db99a3b6791c57b61031222a6fef53a9d05aefa5b

SHA512
8439e0e85701ee403cd8186805b78bbd140aa240173e85a6ba265759d2bf59f259825f6b7fdf4d4f9f4a9ebf035c9606abbd40648d625f3e00a5897ef7dacee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
7b68d22bec5c66e80e72743b54a8b944

SHA1
e4206d39de93897aad8c745d6e4f01ca5e8f1484

SHA256
8f0d44a6d8c364292fcdbfc941b0fc177be70fa4ae63fd1f1de1c95d7310c30e

SHA512
effea7d2bef783379a29bb7c34a3a1af4095d026c1a852265228cf8dd1d7fe0d54a972ed033fc1ba03977dd691160d3bcd336999e7d26d1802f98c2b431c1a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
81432d3a9de3b846ba2f5dffa926d346

SHA1
210bc6d91928eb3367573441c8baa16ff702ae49

SHA256
b8f5570c1544787c439a714e6c5ce08819c74426c5ad24228cfd5ad52839f87d

SHA512
f98e47114f0acd3de047a1079f97a28ecacd54197b4e0585a2c9aafc416d2642668e52cba4d2fad9b8ea0aa86b75a5d583ae259696675b462aa6d60137cdd3ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
170a14ed8740a74ce1428665ddfbe5c3

SHA1
392bf5adbf3987909420b64d5cb9453868890d55

SHA256
c515cea44935ae9714be33fd7c33306a9b6dcac0a65e9ab6d88670be0ccb3e0d

SHA512
7779a1f2c81ead31680bd576db148b720e88b65c3c17ef7b651650e9f4ebd82cb2eefe00b94b80c2616f826e621a43f163a435faabc3b32050976bde71d811fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7c36c1c03dd7a937cb01a46b2a5a2e41

SHA1
1a4fb1ddbdeb3aa479fc91d0d41e4fb8f4afa5df

SHA256
433caa29e545b1663f41699ea5c85879fabdaa5d120ae9254ca3464865cb1d22

SHA512
79f82e9a0b3978658b19235c118e1ce91f45fb8d9abb75ab1f2364b68a9de60fcebaa201719a6181f9fec4d10d6df7043ab1036afcb4021b38148a641b46df0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0bf7250a62870dce99b98333a9575bdf

SHA1
32754986f8c1bfe5a0202cbcbad925599209ae32

SHA256
746ec3c41cd977c56cc364adc7ed25f6c3c6dabaa52b2714877198de554b62c6

SHA512
6882301f4b285723c57e523c182a4d1dc691929f77eb3052b58ce0b9e2655d26ec075d64cb4fd1042a2ed907853d7c71eb860bc8bb8190878cc5689aa0fae9f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
fa2b464546aabf01564902a4c4c101a9

SHA1
4bcf5561fe76bc6167f42885110ac3946b22a0b0

SHA256
3da999fe4fe0b2eca08544609f84c5009a82389a89362b04bb338e165d421d54

SHA512
f2667bac77b48723a82366d434a1f912332108bf4c5f1baeba4ce5d029272fc2b98cd3ab7c26f0de1a0afc53e4b08b6953d5dea7a834efab6e0d79ca07f71078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
8202f7c039e77c993ff2d8270efd81ea

SHA1
a35713f2e9632a50e7df3ae13ade359db202cb46

SHA256
93cf8adbaef709b61c89fb4be3f87332dc6a540ac203ceafc9f457c701f3b406

SHA512
98503dd0c9f003944ebb1126eee94c6153aad7c61d3994f7589164b60864943821b5ed65c2ed04e9674f799df7674c2fcd265db6f00a55d821479f48bdc1fdab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
46ddf30e65985204fd2dfcc9e5445698

SHA1
099322c60e43830eb201f81a24e3c08517857935

SHA256
f61b5d2131d4133c27be79dd9eeacb56d8eae92521ff5b491f9564043d06a758

SHA512
1eb1639f32cfa0eafea33606afa2a222db704ad61fca7979527037c54039d056def0f73737278602dc49292a77a875510deea90c15e8c5de9e5df7d4a76100fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
a6ec1bc38318144516595a4731986f8e

SHA1
42606d217f5ea412e7e8789542cd455cf8fd4d3e

SHA256
00032108d1df1ebe407e99180c4e3b2eb0993b604d105adb3696102309ac3dc2

SHA512
d4ada0b7d4c3a1d3d7e185f9a98b2566c1d2abdd4b1cd57d6abdb7589f3219cf1a59b5a73a26e29148f58490eec3e64932eaa6505619c3602de5ab014aed28fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
05d75af5069a816ee3229f4e15e4b4be

SHA1
5759705388abfd522a3ee048213f9e3f61c02e15

SHA256
1f7edf3890a21274fcd64be4a0c4a83eecdd8758b81b818dff84a23adb6a46ff

SHA512
8714c2c96809da8fa7f261e36014ce5a29e30e5a67bafbd1377a6b13a9527430963aecfedc4b192838d12792c156dfd5f7d38983b8e13f8466f334751098f28e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e36747daa3cd4ee980595008bc58a6d2

SHA1
944fcc438fdbfc5e46de4c67f0f18ae8ad5c2a23

SHA256
60455a1a2f45e1f0dcb9377c4b4f66349245157734f70107c9f11b5713b4f106

SHA512
951da9ea419151a8cb11da68a528bef0a17eb9bad9960c1d8591edc7d704a5acac0b435cc872e5a3949eb265a5905b560d68c031d00756b137e63ce8c23054ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
3c5b39b37278e6e8fb6e0647dfbe0efa

SHA1
3bac3e0d975c9d12962d6bce88e55778b4ae5ec3

SHA256
3c9b59af9fa8eb31a577501dd9897c3dbebd49df40b56185dde06308ddd73d87

SHA512
c5362418cd06caf2d7f696693087b8056b540fe6814f3597118182c79452ef7aed777724c8a945e4a887d2e2f8ee12b42da2edd0c4cf6ad44c2b4cd636c543d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
180077b603722485f5fa05eb922fb8e6

SHA1
1d240d21c3d5d948e3de45395453b5b96a930d5a

SHA256
e48c96d19ad293b2ec6c7d5da405bb3bd9b23c93fb5616b8595210acef910e07

SHA512
8386afca8f3f8f6b9e24e2b967ad455d5e5500a82ccef3a7f327a6fd0f3330f64b808a94f59d81fca75023a0a3695205020a845c44a98e9d87ae2854941ab1bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c33927e9e2f53c4fd6bf4a1710158207

SHA1
672a9d25e78eaa92957866384132a6e9a6654854

SHA256
84cd20593d59cdd8496c0ed8e5b3c327d0eaffc5bef01ab1f1fc2d2aa98e060d

SHA512
abba269377c2f08e4b48208a5a688af64f2ac9fe4d069a7526267a2ddf5c3e713540451dc886519e154467cf161f413d0c6e8b14f3c85e8a6b02a71aa90e4ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2dc411b26ec8e3142ad8502d6569812d

SHA1
11365512c0fa9ec6b00b1df3ccfc9f13cd74a2db

SHA256
45c278434ac2a5a6c52943f078f2c76a69256ac194d899a5a5876dc7c099c20d

SHA512
ce4b0c85b1aa15db1829925d80de226fb197056308ce968f215925218794509f531849e423174fc1a17ab32cdd00c5cbb35dcdc3d2fc7cc434f07b9821539f77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
218B

MD5
f8d30475711a2e2e9bd909d00c90e727

SHA1
3599c5b4cf3493b44143b7c872534547c80eef6b

SHA256
daed24b2813cb4175c84a5c152bac53aac3c9c0eb9214fe04fda59fec8828aae

SHA512
e63fe1e8043fbef20030e525b014d096076bfdb4614d7c880aa10e24963b8bf1d0abbf6baf0eacfac20476528e062bee19771032fd7431e5c3f2961677a2fa33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
3659babae116958a994c7047d7facca2

SHA1
09d6e98925305f0dbb90af42916022a4889250d0

SHA256
b6ccc6cc3ebccc9944e101f7a29043e17ed5be99379807a5e21795e87116512d

SHA512
6ccf388eba1526517dcebb184f4d1cd44d95300f59f34f41ef9b6ba9cd3f1ad947fabaf506fbffae667a01aba43be220895cce21af9aa6030ada2c7fcfb0388a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13374992698476800

Filesize
2KB

MD5
d52e1a44b33b94fa9149fb6371188958

SHA1
99207735987f0aaea07bd1ace8a1d32643d15a8c

SHA256
3fa7a904279b6ca1a156b6ea625b7ace0fff44e153b9592c4b568b80c314617b

SHA512
9032ade4f6a11a688abd49774836abc84d30823b3fb0d288f737ef1406bab77612911afc044d4942f1b8b34de4e9f72b116e9c4e153179979e26c275a175a773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
f52d8b34d162d4d96b5a0ba0a3f984af

SHA1
8e571d04327665c309590198ceb68bf78a10c50b

SHA256
2d5078ff129a0cdb32b2c356e8f4cb9189f0bfb06722ca6d5a2c03bcb43cf863

SHA512
5a14e3d992be77e83753e909b0ed49afdd5d1eb76514f5f112ce7400e2339609827ff511ddfb4341fece61aa544dddbb07bc55434bdc1d52df8845ee6c9c4e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
136B

MD5
696a24c9175e36a6c488713e3c4e9b98

SHA1
366ad5aaccf673ecad102ad8b69693ebb00e537c

SHA256
225ae105845da348b20fee50549d90e7e5842eb942e55707762337d4f477b4c3

SHA512
10c5352396977fc7e4c7d67d1e1d21011908f4e92c78d76ae48475874527c91e333ab3d6addfa409c3370cf214ba4d222725000c10000b2105a3a792a63aa216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
117B

MD5
2ac0494b5c4c6d605281ee87339a0cc7

SHA1
6ea0fd5480bd086ed4110d0622388574f0222666

SHA256
53161ecf97484ce07e22fbed3f642f3c1daec51a22b84be407522e5d38d2afbd

SHA512
77c6a0422b17b90dcc84094e184020613bfc7f71f07bb6fe15a68f48330e7b374c5228d65606341248983e3ec17c9b30a61e31ebdfac73f7e6abeb9d2b5f8f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
485B

MD5
80371efd1a748da322a6ad93156a67fc

SHA1
a9e0d57a8fe1e9302832b5170e8b97f1b23273e6

SHA256
3da96dcf6e3ed38c1484ffa4dd78ac11b20825117ae01fb0a8c6b84d9d65e1df

SHA512
7368476f33d85c9271afb0031956c3b2b0dc8e96dfa9a187a35a72a42dfc86f96b1b17440d583ca3d065e3b905ed7942a6571a34f9ef8420d876584d32c6a30b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
187B

MD5
6ab101da0b0d4f5f13148e90877e9634

SHA1
c6822ca34161add02cbd10a92c3a72d4091655e6

SHA256
81509115823d65f00e410fabe185f2e7a88f8ee251e15d51c73f2f26fb529fd4

SHA512
bf007a07ce9491fda282671e016f3327b46ffb4a033bfced05051b2584261cd654485d44c959e31275081fa8d9a233bd9eab3356f2891e94389eedba20c13b6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
139ee5382e5e6418626fb225fe425351

SHA1
f30741efc54f315cca88aa96840c0fa8a209674f

SHA256
6a4e52ac854afa6ecc86cc49d73c4acdcf82c7fe90212da71f9f04e217976866

SHA512
1082ad769e68124ab5f3c9383578da34ad9a3bbcea1c4e91a6b81d00ec4731cdc33a0dc7cfa1f533cc401c3c3d3196ab939b0ad03dd7f0ebfd193c2aaf4b30f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
1c0c23649f958fa25b0407c289db12da

SHA1
5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574

SHA256
d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf

SHA512
b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
317B

MD5
5873570955c944538fccc8d9fa6a8132

SHA1
1fa6755957205b78b2661bd3551b5bf8cb648824

SHA256
18898db4f61f8c9720c5d427438fbaae669f33222b1c6d791296175222e3d1b7

SHA512
18c9e4f60471c4b4c08db9586db34e03615e0ceb2c813cba95081ad6b434191ea18521f67c85ba0aeaaba2ddde6c77ba085ed47fc6ec7e6f94ee6738927341f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
12275f46db968e27e4edb23a4517904d

SHA1
1bd41f5f55dc8532c45c5ed91bd0823deabe3d3a

SHA256
0b9769e63620205002586d7dbefa19d6c3573ffa65bc86eb49113ec271feea4a

SHA512
084364c331be5c6b8c537a6c56b732ccdbb45f0d74a1e0ed89ac195e9ae43e15f15c953e3ed188990f0abb7e0e6456fa4b6b34562a02c180f7c061a7728c8b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
42dd829a9893a6bebc252bd1347926bc

SHA1
2565be0fcd5f1d3ab27b0eb9081610b20cb3480b

SHA256
277fd56455f1d8775860c49e88708e29c0a8acbfb4aec1990dfe1639582c9266

SHA512
0b31094b5e9bfdbd4a1f5e5c9f170fb6b72f0bbea511f32d6c3af6f9a5517be0a48490b387a4270afafc71858f644c5da29b2ec787fdb9ca76f2fa5f3467eded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
799ec7fe3eea5adb74029f4b64b291e0

SHA1
aa50caa4f5631ee0d6f6ccbb3a6ed3e36482f11b

SHA256
a8f16494d87c4a3b9292d978a0a75d60c6672e96dba1d92d659b6b8267b89f13

SHA512
0e28235a8986a3722ab5b118f9c15773819cf71441abef7c36902da65a6662e31d061bedce9d8409eb63de33647a637aa9efb5660f97cb20574a584fb23ec797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
329KB

MD5
fa92bddb013ee7d69d6bbd83f1b7cfcd

SHA1
a5a656de84526200a6a0f61becca52d2965aca06

SHA256
54eeb5e658ec4f08e75855f6a69def263a22a696391eec4e3a80f552ec32b0c8

SHA512
c25cf0d4230f5edbd8f491c57d71a35790ad8b3d6d0058718b2196638a31c4f923c9fcf9a5df06995c4cdccf652c8491ae97f3f9172fb4cbbcdfd36aac92d8e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
178KB

MD5
2a4b5f9affd5b62feab2a9ec43631fc0

SHA1
9e3f6515f98fe887ccde5577a3edac474777830c

SHA256
b2f426e15a5cbcbfc6c0a655070ccc2fb1489a68401806e9f209ceaa4787862e

SHA512
f01e1619936782c0228d2e02e1e303d5d5f73973a3ddf9124458fcdeb28bfe6ca2fa275052aa296b41f671f1cd7effe1e5d4616f7e71664707507a56f5b5face

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
d96906684ebeb4d0a0cc8060b65ee9a6

SHA1
86c1a71f64474c20d3b61eab4eb5be029cf7e885

SHA256
5ef1e767f049f55e474db4e5707018fbca0a16905480ec8e519c137e3b135e7a

SHA512
4d7ab3dad3408031c3d4394dff9bce302ecf9ed147836b529bcd182d6c7531ec74b250ff1a1a6da429ecfc3c270cb8e4b1de6d47814c267e72c819028e1328aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fbe34a1e-208a-4dc1-b218-7f45710d3c6c.tmp

Filesize
329KB

MD5
0deb98ebb2655b3f4d149aa00d4f4b9b

SHA1
44092735394cec08fc6e4308ea4138014d0a6e6b

SHA256
5da5b5d871dfe9626959bd3a48758d951805ce0331640dfea2ee0194428e25c8

SHA512
ad630fec51ba3e1dcd78e5213dcda15cfa96ca8da19aaca7c98057c0a36350d45c114d5693cacb8461adb61ff8d4c65b4403e743f591df2e544ea60af6d3532e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD387.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD3C8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit