b4fb522c3ace596c6464955c11a33f2de2fbc23a1eba91cbdcf3b4ced7e16413

Analysis

max time kernel
102s
max time network
133s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

geode/resources/geode.loader/APISheet-uhd.xml
Size

16KB
MD5

e72d9375c4a2c72915c9ff3b980bf830
SHA1

7e905948bcbd52d2badd5654cf9fc7647bbc2710
SHA256

d97a1861a221542fadacdc2344f180e7da57a632b69fb1a67ff2ce0cdb1b8cd9
SHA512

d68c914b22a6fc35d5d5da79406910b2d92a5785f4a706eac2cc7b0ce1841767ec83abb77a0ba4e7144689f3b41e6aa0f4d44ba2a8b546d9a993cfaf1ecb230c
SSDEEP

96:CyQcJcwchccEEcjE8VcTAcucHckqYgcVYcBcJ0xgzcgcnuelScHcnYzD8cwcMmcV:XEEjEBUgu1BqGl1ThG4DApIf8g

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSOXMLED.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000fc1ba67fd00bee378e582710fca6a896dbd30c9f1b9ded7498ad3c746234c2c2000000000e8000000002000020000000ccd377c9ead411e2c82a21bdf75cb0df1647d7f74bc34ba904348aa0382ee8ed200000004f7e5db8beb4f9090455eb9126b9f957237d3d64089ec60bbb56210b253da84a4000000071198ac61eb334953bbe1344f562b68f8c4ea1fcdac77253547add12e95ca1558c897413161a7937145b8425cea381f34df97f3a4590d328bd8bde05a4a5588f	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438565912"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0fa8c64fe3ddb01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8FD08291-A9F1-11EF-B0B3-6E295C7D81A3} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000761ae84aea3f25fb95ab3a7f28805e01ac05973f5073d8cae4d48eccb08540df000000000e8000000002000020000000f28e7f3893b68c93bc2d1d57fa88ed80125780d4ba95b110a3d224b81e962d2c90000000b6122680857bf9301da262e88c729a509ff69a11bf706379657540e7bf73e312b3d382c69c5e204b9b60e210d34d674f7ebad2fd3a58a33a92d2c6975545f903d1c2b7ea763720f0e864bcba7b3fcacd0a6cd4df45078866e4f190febaaf50e2d7fff99ef7a8b55cf89134edbdc8f7f56390230c6d057baa2c846406a35901e7370d3be96f8ec2812318b495ddabc2d840000000eab51bbd6bbef9a3db6b71ceaabe13f12fd2b5c74537ea1462b7b926d964820d14d56d20f9e37ccbf88ec047deb75fbb9a4679285fbda23e4bcdbe014f6fcbac	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2700	chrome.exe
2700	chrome.exe

Suspicious use of AdjustPrivilegeToken 58 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe
Token: SeShutdownPrivilege	2700	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2744	IEXPLORE.EXE
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe
2700	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2816	IEXPLORE.EXE
2816	IEXPLORE.EXE
2816	IEXPLORE.EXE
2816	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 2692	2828	MSOXMLED.EXE	31
PID 2828 wrote to memory of 2692	2828	MSOXMLED.EXE	31
PID 2828 wrote to memory of 2692	2828	MSOXMLED.EXE	31
PID 2828 wrote to memory of 2692	2828	MSOXMLED.EXE	31
PID 2692 wrote to memory of 2744	2692	iexplore.exe	32
PID 2692 wrote to memory of 2744	2692	iexplore.exe	32
PID 2692 wrote to memory of 2744	2692	iexplore.exe	32
PID 2692 wrote to memory of 2744	2692	iexplore.exe	32
PID 2744 wrote to memory of 2816	2744	IEXPLORE.EXE	33
PID 2744 wrote to memory of 2816	2744	IEXPLORE.EXE	33
PID 2744 wrote to memory of 2816	2744	IEXPLORE.EXE	33
PID 2744 wrote to memory of 2816	2744	IEXPLORE.EXE	33
PID 2700 wrote to memory of 2820	2700	chrome.exe	36
PID 2700 wrote to memory of 2820	2700	chrome.exe	36
PID 2700 wrote to memory of 2820	2700	chrome.exe	36
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2184	2700	chrome.exe	38
PID 2700 wrote to memory of 2848	2700	chrome.exe	39
PID 2700 wrote to memory of 2848	2700	chrome.exe	39
PID 2700 wrote to memory of 2848	2700	chrome.exe	39
PID 2700 wrote to memory of 1856	2700	chrome.exe	40
PID 2700 wrote to memory of 1856	2700	chrome.exe	40
PID 2700 wrote to memory of 1856	2700	chrome.exe	40
PID 2700 wrote to memory of 1856	2700	chrome.exe	40
PID 2700 wrote to memory of 1856	2700	chrome.exe	40
PID 2700 wrote to memory of 1856	2700	chrome.exe	40
PID 2700 wrote to memory of 1856	2700	chrome.exe	40

C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\geode\resources\geode.loader\APISheet-uhd.xml"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2692
- - C:\Program Files\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d69758,0x7fef6d69768,0x7fef6d69778
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1296,i,4632835459047269932,5127434015711580679,131072 /prefetch:2
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1296,i,4632835459047269932,5127434015711580679,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1296,i,4632835459047269932,5127434015711580679,131072 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2160 --field-trial-handle=1296,i,4632835459047269932,5127434015711580679,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2168 --field-trial-handle=1296,i,4632835459047269932,5127434015711580679,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1392 --field-trial-handle=1296,i,4632835459047269932,5127434015711580679,131072 /prefetch:2
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3316 --field-trial-handle=1296,i,4632835459047269932,5127434015711580679,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3668 --field-trial-handle=1296,i,4632835459047269932,5127434015711580679,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3776 --field-trial-handle=1296,i,4632835459047269932,5127434015711580679,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2556 --field-trial-handle=1296,i,4632835459047269932,5127434015711580679,131072 /prefetch:1
  2⤵
  PID:1796

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-10-1.bdic

Filesize
441KB

MD5
4604e676a0a7d18770853919e24ec465

SHA1
415ef3b2ca0851e00ebaf0d6c9f6213c561ac98f

SHA256
a075b01d9b015c616511a9e87da77da3d9881621db32f584e4606ddabf1c1100

SHA512
3d89c21f20772a8bebdb70b29c42fca2f6bffcda49dff9d5644f3f3910b7c710a5c20154a7af5134c9c7a8624a1251b5e56ced9351d87463f31bed8188eb0774

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c23250207f52a8e2eea83a1c2c2b2f96

SHA1
4d0ed10157ab4aa02ba1886ab7022ae24b8c0b6c

SHA256
4f93a963d42a996b5d0eb76401cbdc7008788dbda7140a670b37a95329cc6da9

SHA512
441d3455c64a2b799a961ad6c251d43f4880c65a05cac07bf4b4fdd2c2d8ca860174a401a1c6ed1411519fce3c1aea81251820bf4809e3041c48fe1339f58998

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0da9b06587a9b5f688816c0ad71cb15f

SHA1
74bcad2bedf19fd6536e7cf1c9133d91159c1986

SHA256
8da8b261e57ad88f75fd560f5764a4db7b761d6bd303a3e4983f71cb375e85ee

SHA512
c9bd41a8cf14fca8a4bd827e2945763342ce6d1e759d253683785277e86b900514da614e3a7ae347e2933072fd50af7ee3eacc5ea78fdb8759aa7439d03b41a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5b032f88aa9ede5f6e72dda2a5c1e34

SHA1
d36dfadd43ca74ba6f096af57b41b0f0b6e16e1d

SHA256
b45d8a41cde764f3dbce699aa52c123205c3296d0eb27090f3f6dc836f7a5a86

SHA512
60a50dd089b5c4b9b2820e8455a5552881cb9e6c538b740e9ac43ec829dd4f46e9da76ab986438d465457ff841106b80a32e182b7ae9a0ec494b4af9564171a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f98c7e9af15f94a74344656e67ee6ae

SHA1
53c27277d89557effa2cc83a18a05bf274d4a67e

SHA256
2f64e8d7e50e8d816abb20f07643768249c8fec6468678e4dabc3868cba8e02d

SHA512
9cdab148b67d9b7b85e6399b2b074b726ca7792284531ec787b59b2dde1c083cc1dc6dd797534e6492a89049903667f0af3feb72544f50ff474db6174815f663

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
075c02d72fb96ee16d362c8e7dc97ffa

SHA1
0c8e1abdc6d1798ef9d339eecefb7bfa2bb9a75e

SHA256
760fdec61404eedc43e38e5b509e41b57c37e344fceca271acf491887d968eb1

SHA512
e0fcb9981252e5d8788932e9491a4c69549278111e1e04e27fa3415c78ee19606cd594eea95dc5025ed7b3385502e7c27737acc17556702cb47a4a8bb4d870c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39ef00e6b60bb96e9f3447441e51ce76

SHA1
1d87af2c21a6f14456d5cc2de0c85846363c40f9

SHA256
5fb2425e42a0701367c2c70db8ff771655028340bff04aa6764804b2d957222a

SHA512
2c578153758ef3bdf03840eff8b786644b6621d1d7ae9d1153ab5e3cbce783ce3df96fff5c28ee31ebb7fbc32be119239274851b47830712f5e6e9adb3ea7e14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad2acc0858cb0414eed48805cfc68f5f

SHA1
5734063a315657b1237161dc4266245af54671fb

SHA256
5cdda7a8cd03c82a4da0d7fc1ec77273319450f7ebe7c3344512437a15a38cb7

SHA512
6b0d02c2f3c0190dcf3b7efd658fe1676932d998fc859d44673410f75090d768f8b31907375f515b56995efde8bf3bd8b63a79a50251210c43ee6d09a3bafabd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa9db04e9016aa4c091142e0c92fca17

SHA1
905f6f2c3452b2342116fff7ee18d4cddcc7f7e1

SHA256
7ea1920e9823be84db47df1e1e0d0ad29bd0706ac57404cbcdac9c8332562fcf

SHA512
c103b11c72e38932228c24e4ea76222cf089bce4f1300b5201eef54a083e0e481fcc9acc1f31e4e5b5bf73e93784d37ffbc2703165aa5d42c5a2267464ce2193

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
784ca48e5131fdde2dd0d5df9b4b6152

SHA1
8a1f27ebbc0d60c215af0e9563ffa6e83715234f

SHA256
98941423f98f2aa0f837a4d2023cfb66dfb6cc81acdfe8c81a064a4353707619

SHA512
1fc20fa30dc78abd07eb1eb67405e53b4d9b1a64d3d6d3e0913e949b893881c316c036fc04e7d7ac805db992fe8cc73678b8e90f9be6aab968557b4227e27669

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
925c86bfea0e81e602505a27e753327a

SHA1
9d810e81e2414c8c62774b5c56ac70acc498e744

SHA256
a7afb38ba5a214567f60834a9e36d20f8c5544b25b98dadd3c8a5dc86ce1c079

SHA512
9ec026ebfe531d8dfb2b3a68416804db2569cba63347d9426546907b53927ea518014949877fdf9492579adbda37a392804a1ba9ae9726bfa2b4d4a7f6495994

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
644f75ef1a3f75c74f8b4032d089f042

SHA1
47d741d8ca46e44a664e3b2c63a9326cdb869a51

SHA256
51c45de137ca2792d28a10078c670dfb6cb94d16a52efb4c0a8d9c1f78e58926

SHA512
3bda83708273c81113e5d3ae14504877abf6ec373bba31c342e821513223aecbac9ea68c851b98181607a24dea3fb9e2ed7fb55d54ffb9e56c06bdeb525dc95e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d15b19285f32e5d01b3d521e45f7a201

SHA1
b214b88b1244195614a230238cd10683b3698825

SHA256
78ea48563ea6e233e2aa928a3b2bcfc1e1869d5cdcda2df964a58587db2f6b16

SHA512
b53c2196b9454e9efa7efc16c7981b08e3805a32a32453c51981d66cbee983657f101aa36dc0a83ba606cf316172dbfad3a4fab27168c78980d01dab1f3562c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d390f7eda59b6caaf10fd70c55572b9

SHA1
2abfd40cf8a835e8d5532771cd42ee740c5632c7

SHA256
f6b9f039fc5b434eb3caac9bdbcaf4fac23a3759843c121f4ca8e5696431eb61

SHA512
371d760bf02f39f5cb916e536eb097c54ed100001fd0b92f29028ed748b24a4b649c56b32c3d163b76416f6d79d73dc229426f1d9ddee45b0d821e5853342879

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66ee3e21822ddf9303aaf81b2ecfed31

SHA1
ec8f6b19ede1f6374315a4a1c0ed8e39fea5a432

SHA256
87abd9271ad1e27db168e67ecb4502552a472a6c5a0a4ed95a401bf04ce7d8de

SHA512
830a75ee84567fe7608fb06bcd6a683dc4cd0b9048432449bdb7ad692239e25feaa08621286fee8bcc0a405507017e2ef6fde5707c0b0a63d201c32d2860f534

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
476316fa4e4cac20e9d458eb934e8b89

SHA1
c20f52b0619348445033de7b45b7646b48b33e68

SHA256
7b0f9ae27cfed79c7533152d42210ef8244e6768dbf6b70bce5f952fb562223f

SHA512
7be919e88b13c141f3ac6ac9cf26cebfd50355228612f91196fababbc5ee16666c1e7e8a3184a1de5ed442ddb9acf4d139c711e9814277dc7d2ef11cd1c1249c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7aa9c06922d8bd0ae093ab61bedb2661

SHA1
056d8e0d24ad5069b8f83f72ed62e8fb668a08f0

SHA256
5b53e807f9cf95702befacf46d9aa8fdfbb8bf624a1b7c04c39cbb652f96e230

SHA512
0880b3ea8b8a103ce7c3ad2c89dd997cc5079ca791956fac110318bb7015e2594a939374349975262d5565866f95c273e3a230fceb8431ad8f1713f020c9ddc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7f6395390d7b91159d024f6760d0e79

SHA1
8156e1abe97ee7d79376e85f9a0ecb981bc7307d

SHA256
8f35c53e8ad000aadd0ac9b0d2ad9aacddd4993e2d4f7145fbbd9f439f176121

SHA512
95b17c690b0400b4c8c7d3cd79d72a7f125088d4d804351efe94089046b1f6b64b7c40aee8477e5091cb0bbbb01dd35112ca34b83d4813d40fb9d10fdb9b9c6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69aba1d2414cb541ed0145afb9f58747

SHA1
64083db416e6d739de0f4dbe2976158c72549d15

SHA256
3d81feaaaec1c13c865f91102b767b019890e81342c021c87cc5b20529a531c8

SHA512
e9c0542ef83c6abb3b97e066cf82d2ff52bd898f50785f5b9829f4368b69e8d805fc0b50b118cdde5463c9dc394432e9b7d9342a5fcfc338c7b9104a46bff9ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5523762f8e90d2425adafb8a6bfce548

SHA1
43e7535170da252d8ce5f13788755e20198dc353

SHA256
38493f4233198cfe8cce3c985c2751fea3364983413a1c9d7db3c6ab1886dc75

SHA512
d12fd07795ae917b8363cca720a1a930a2d5a96617db66830876db4ec9a0bd146b25971e62408b697aab2d4be5bb33c00fb30cc5b92294e1660fe5923b4980e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24c8de0937b79dbe262751dd40a62491

SHA1
19177ce86b10f5ef2d3077e75685ca18486ed69a

SHA256
14a0c069824c7a4fc765bcff7f7c4f144229838d960ad24ad26767b105624d2e

SHA512
a1501e042121db71077c8268dd349196d3468a4831f2aff00b4fe5e7ff2f64553872450907facbc3cf781ed40f44ea95b61624797bdaea2d07ff0b472202da73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9a1a75e6-33ae-4ad2-854c-75b6f82b7302.tmp

Filesize
347KB

MD5
ca6fed57dfd82c756144a9536a36898f

SHA1
b3a2a85a3052b9efeb176251ce3aca44de9950e8

SHA256
e91092a703e0f76594ddffac4d79085ce9652275c84bdd0a2adcd79a89fe2bfa

SHA512
718888eb5d0bd4af20aac6848513c3056d150983b464f6f8f4ad7245e319d0079265b9e067b625cfc2bd7d9c3c18cfd1d8143b430130f6561442bc0ed924c21c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7f921d9e-4c56-42dd-91bd-67e9bc35e294.tmp

Filesize
6KB

MD5
c9607b69e0a483e2555711fb70c8797c

SHA1
299ac6f14494b62a4ae29f91a56de0c6e5384cd6

SHA256
c4d95c09378d5d6acb59502857bda36847467adaea053b9c401df5ffc505245b

SHA512
2aedb1be943e28c020265efac3b01c629a6d78d9742feafc0c0280db83733d9e597f6bd5413e8dddf35c51edc3ce786d9fbf0de88ba42eb0f0e98ddbd1da06e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
685B

MD5
5f35af5fca6b18a4c62d0e23c44fe42c

SHA1
18d27f4e1edcf1769168108073666f5a2ea32363

SHA256
9228edf58027e5352c4564bb448e2991abbe5dfac1dfe2dcb528354f8c842711

SHA512
9beee843c002aad25015251cdb218b626cc5ac14e48c7246e45bee0b3ce8e5e2bacbceda7dac7f04353b2baae867e9c4a894aff7ce49cdfa09c99d4489a1b830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
359B

MD5
17be4a27e8b597309560b04f92b7d625

SHA1
105ef939149c7ba51fa324661a14dc6b1be266cc

SHA256
608acea3586e88f9272ca0ebda7abc31f7a52e7381ada3eaed46211daae424a4

SHA512
13888788182f345314dbf871447581fe94acbc2b5593a3ba6f5479623cdc87c6d21302a35ae098f924bdbbbcf60e337df10d4adfbcd16c2477239c8faed91911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d5aed237239fc818e0a7e45038ab6416

SHA1
baae8db27048b656187f02d7f2ba77c70a682e77

SHA256
20e8706556e98bf6db44dc65030261202051a206b87f4c07c9b9459bf45e2278

SHA512
43fe43a530d5a9a7506e0321fd6a8396836cb7e8cfd45bf1aa89dcfd2ade0a22737db187cceba98d26909fbaf177fba01c57d2d9ffc0e1486db73b554d92e57a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
347KB

MD5
2d854b199140a9569b28f26bb6671fe0

SHA1
f348d5e1de014ab86600425cf1b867de669f444d

SHA256
52ed372bdb427090449b38b65f228fb57d679735ee6382f39914557011c5a40a

SHA512
8fe6b9ecfd9cb5e821809535a1b29fb90d9ae0d592a103180d759153d502dccc56a283dd63c72fb47d5f7c462890fae746f26df57081a6223a7b8f842fddcdee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1317.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1377.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit