22abdd10ff3c59e964da9dad771af09be87ac85719b0702ff63ddd5f2fbc3b94

Resubmissions

18/10/2022, 18:09

221018-wrfz2sghbn 8

17/10/2022, 19:36

221017-ybehdsdafk 8

14/10/2022, 20:42

221014-zhfvgaedb6 8

14/10/2022, 20:26

221014-y729bsech2 8

Analysis

max time kernel
599s
max time network
602s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2022, 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JsSample.js
Size

67KB
MD5

c98cc414b7864a85adbc80ba22fb4a6e
SHA1

5bd51af7cb17ace046cd550ebab510edeec1c7e6
SHA256

22abdd10ff3c59e964da9dad771af09be87ac85719b0702ff63ddd5f2fbc3b94
SHA512

0924c3751c1955423b41ed8c5ce5d149dc247d2ed03860e39d5ca10c6ca1319cba93ddafb83a5b1b2fc0cf8d51cecea4c886317b31e6277dec86bf7fac3e00e8
SSDEEP

1536:n4YlV2fwId2Nte9W2ZtrUNvTJnCv13TuAP1J9EnAwaUX:mfwId2eW2ZCdNCX8aUX

Score

8^/10

persistence

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
172	1492	wscript.exe
174	1492	wscript.exe
176	1492	wscript.exe

Executes dropped EXE 1 IoCs

pid	Process
4156	ChromeRecovery.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Drops file in Program Files directory 9 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6100_1593465442\ChromeRecoveryCRX.crx	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6100_1593465442\ChromeRecovery.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6100_1593465442\manifest.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6100_1593465442\_metadata\verified_contents.json	elevation_service.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20221014224415.pma	setup.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6100_1593465442\ChromeRecovery.exe	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6100_1593465442\manifest.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6100_1593465442\_metadata\verified_contents.json	elevation_service.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\5ac46a18-8a93-46ee-a6c9-1264644605ea.tmp	setup.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Script User-Agent 3 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	172	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	174	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	176	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
4772	chrome.exe
4772	chrome.exe
3612	msedge.exe
3612	msedge.exe
4732	chrome.exe
4732	chrome.exe
2304	msedge.exe
2304	msedge.exe
4904	identity_helper.exe
4904	identity_helper.exe
5176	chrome.exe
5176	chrome.exe
5132	chrome.exe
5132	chrome.exe
6040	chrome.exe
6040	chrome.exe
5488	chrome.exe
5488	chrome.exe
448	chrome.exe
448	chrome.exe
2540	chrome.exe
2540	chrome.exe
3208	chrome.exe
3208	chrome.exe
808	chrome.exe
808	chrome.exe
4556	chrome.exe
4556	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
4732	chrome.exe
4732	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
448	chrome.exe
448	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
2304	msedge.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe
448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 3820	2304	msedge.exe	90
PID 2304 wrote to memory of 3820	2304	msedge.exe	90
PID 4732 wrote to memory of 424	4732	chrome.exe	95
PID 4732 wrote to memory of 424	4732	chrome.exe	95
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4476	4732	chrome.exe	96
PID 4732 wrote to memory of 4772	4732	chrome.exe	97
PID 4732 wrote to memory of 4772	4732	chrome.exe	97
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98
PID 2304 wrote to memory of 3560	2304	msedge.exe	98

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\JsSample.js
1⤵
- Blocklisted process makes network request
PID:1492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffaaed746f8,0x7ffaaed74708,0x7ffaaed74718
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13789970953180538262,15336048217002548454,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,13789970953180538262,15336048217002548454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2692 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,13789970953180538262,15336048217002548454,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13789970953180538262,15336048217002548454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13789970953180538262,15336048217002548454,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13789970953180538262,15336048217002548454,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,13789970953180538262,15336048217002548454,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,13789970953180538262,15336048217002548454,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13789970953180538262,15336048217002548454,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13789970953180538262,15336048217002548454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:5896
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1bc,0x22c,0x7ff63cc65460,0x7ff63cc65470,0x7ff63cc65480
    3⤵
    PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13789970953180538262,15336048217002548454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13789970953180538262,15336048217002548454,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:5408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaaeab4f50,0x7ffaaeab4f60,0x7ffaaeab4f70
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1616 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4344 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4524 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4360 /prefetch:8
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4436 /prefetch:8
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4544 /prefetch:8
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,1364268479360508995,6922778160373869976,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:5148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaaeab4f50,0x7ffaaeab4f60,0x7ffaaeab4f70
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1652 /prefetch:2
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2372 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2740 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4324 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4508 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4404 /prefetch:8
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3288 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,3999055507754230441,9839809001960197344,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1384 /prefetch:8
  2⤵
  PID:4072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5396

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
1⤵
- Drops file in Program Files directory
PID:6100
- C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6100_1593465442\ChromeRecovery.exe
  "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6100_1593465442\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={40bf1a07-43c5-40f0-890b-e4ca990e4b6a} --system
  2⤵
  - Executes dropped EXE
  PID:4156

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
60cd6e50a74c45f9514c2ec70fe16a0d

SHA1
4d09cb4351688681c28912f89869703fc3a98c0a

SHA256
32fc80412bdafb44620e9694a7a9e1328c6067977021068d93061ee7753522d1

SHA512
cbab6f727cfedfeddd32fb9763479530530b79df262d09f319fecac9f89d9e08a5f38331f85f26930a35bf6e5bac01821b8edea4bd2b3abec5db55ff4468857e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0

Filesize
44KB

MD5
4a9f46f4d5b2c46ba881a071ab8abc9c

SHA1
ee38d6d90adac262478630f9eb760c1d95cb19e6

SHA256
83287be33b1a648ed0212a55c0c8f252e172e76095a845aa9e9c39b0a63513c7

SHA512
23c936bbcd5a5fdf5fe961a473a695658acd1cd7d3c45328210288fd444a31fbf5e26d3bc785fe2889101c48955701f3825f7a4fa67ce14532a1e7b3cb075fca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies

Filesize
20KB

MD5
92c561f023aedc91bdd86e32c0d77c79

SHA1
c9a2782d875eff0fcb0223e82d27d64dc4085dc9

SHA256
996e5ee49f9ef056f640794ffb4a2c1b6c0c9922862ce79dd0a39eaf978f563c

SHA512
5292eceea24fb98d9df0a5a7ceded538305ee996e95eea96b1e62d7add78b1a24c4167ab75b1c541aa2a7a5abfa90d31e5fd012e2301217ba4fa4ad3e278802c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json

Filesize
10KB

MD5
90f880064a42b29ccff51fe5425bf1a3

SHA1
6a3cae3996e9fff653a1ddf731ced32b2be2acbf

SHA256
965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268

SHA512
d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.json

Filesize
7KB

MD5
0834821960cb5c6e9d477aef649cb2e4

SHA1
7d25f027d7cee9e94e9cbdee1f9220c8d20a1588

SHA256
52a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69

SHA512
9aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
792a92b0becf1f57d9602a5ed7f7494d

SHA1
2aadc37bf0841349f93aacf05de58780b0413c5c

SHA256
494465f0fc3d977397ab86365b39da22ef764b18199b81f9e4ecad014b3bd14d

SHA512
047f566a84863f306d24247e717d39dbc87540058a0439cad4303eb9825d56178ae1de0f3344e247cd3829cb5e98f439864d47bf5545e64a09483bb21c700173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d8b7840b8ce6df52e7147de5e705c725

SHA1
078ed988c3bd8a8d52f97d8639a8e38caf2a3e2c

SHA256
0087b54491ba61a9db2cd8d32a4ea67143c2fc95ba055e02a4588850ce51cb87

SHA512
4cd37d9ba87e8ead3a527bbd616401d03775c8226f2dcd357a57a0e4480bca33b7e48e9c2b37f26ac2ebd4815ca01a9cf58abaaa29887be7fd32cfd3c4276960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
116KB

MD5
230f07cfbd26e085d9918bfad2290552

SHA1
b735a82ce8501e5e56ebb40e8bad82e906454940

SHA256
881ba3ddd440008e18386c9ef5707e3808cd24fedb07c556d2a53806e3f1ab5f

SHA512
652fe73b3c523413baf1b630bbc2aa20328fd9a61ef5464886594b461636c7b029ede71eea2babe81196bb41b1b071ac92dfc8382e910720cdad50d6f9841ea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
0e625f9ee347cd4883b11cafcef00920

SHA1
7cb756c81d683c095ab5664c6a7b5eef846f051d

SHA256
1a4035bbeb83db8621a2e5ebbe07fc8c5a31f2aecf2069e314e8811ea9a32461

SHA512
589d3a73ed7e6b69dd08a7ad4efbbfff584a9907876fa3349b4b3729dac306aa4256be205e5d21c56f650a8e9616ed6af9a92be7bb87207a726dac3b987636a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

Filesize
331B

MD5
f15c3b443f71cbb32323c7ed435af686

SHA1
2cd11b0ac98db3c174b9864242e3100fed145f1b

SHA256
94ae0040117afa1c43eaa87180063127dfd7baaf29a534a2581af1e1bccca34f

SHA512
16b2000dd8c36cc7f8daf3fa9c52a25da7fcaa3e455a3e1f02a2e59cd97ef4b21ce6c264418d7b8321db7e6946a687956dccf781367d7a20101f28675a5f3e2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dda37f070d78fd7be25b46a6aaf9e71c

SHA1
b7d8780918ca6528e98883d733175d60f7083c36

SHA256
f11306f24683128325c6e153919b93c2c804afaeabff02065b65bcf700551249

SHA512
aa8c124304eb4cadaa46f4328965d62a873a051cf0dae5e60078689184e73df91d8a0a54db66c4fdc9ef5e8d0c88de3addda19208aedc2a2fb94655208c67a2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
17KB

MD5
d613aaa2d264692eb098eb15cd1ce1e6

SHA1
3d481db378ab77f5e29087a27efc6bc00e38689d

SHA256
a2e3e30caef21572aad565f7aefb383b4d951ee51bdd4754a9abb2ba8339f9f2

SHA512
30fa69bf6ff63224697d193a082263bed1050f814c1f2fc2c14fd0cc1e49a5b6a5f742dfa04df48cfc1124765b73ef72125720fb31875c0bbedca2a96e1d2eff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
511c1f1e30fc2311a879c4e598e80b01

SHA1
a3efedb9e8d6ca6272f7177c2a5b9ebd0d2c4132

SHA256
b8d410a32abe8176f3081cb9e01defbce525df07c53d298080749862f910ddee

SHA512
437064d00cb828dfec66e17fe1c0a281f6abeb61e82dbe69374271dce6677e1e1c851d465765abea5236f3a26abfbc4969075d6ce325a7b37d356ecc5fcb8177

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13310261026938612

Filesize
2KB

MD5
dfdf7e206f20db8eee76728a675dc2cb

SHA1
c5a959ffee463ac44abe8cba7ecdf63880f73ef9

SHA256
017d27bb2b9c1c10ca35b061d4fbc212bf768ffe5cd58d1bc4a2e6d30f593aab

SHA512
4ca678bb62adbb3dc9623b0fd262cb6c20a69634c25add1f58e1ce3d04a4ae11395f6a1703175ca36734bb60829c47cbf3583d21d0df1e64992841587bafea6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
b5dfe83568756f9fc5fc0da2bc125ca0

SHA1
18804518b9bc64d7eca376b6d45b946ba6252415

SHA256
5bafea729f5033093a88be2d72cb616f60d3116b72f928fc1d348669f42dfbe3

SHA512
27e381e19c13eae87dd6d694d252bf331f9bbf6f8f722e047aae7bf271f6d35e58101f665cc9364edbb7de8020abc65126d3b6208c2cc42ad859d764d74c70d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
e92ea772957fabb7067efe22af0f6f57

SHA1
e448b58bc39d3e5f814af05d9d52b574bde80020

SHA256
ae97eb14d60e0c8de84174f40fec4ed15d29943d1687486009df0001c3e84aaa

SHA512
bcf54f2818206d2112e123c83e37d0a383d40f9e26009f0980012975be59533ea980e3d0ba4246c87bb459cc0c2cbecf3d499e5c36ad109b4c649623cc70de53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
160B

MD5
de92ad90be6d3364745b2f73f4c3cf73

SHA1
9158681463bd30e5af4dda4baac81f93cedbda77

SHA256
0025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0

SHA512
9e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
8d41bcbc112ae4d008b07c74c8360293

SHA1
feec8083972aad7fa40702d747d002ef64f27a44

SHA256
9982bb2758d47fda3cf75f793b8a1d36bd98f9827911f91c20ca2934ee20c86d

SHA512
61c17d5b27d2e269f6514c01cd7dcf3a01394498ff1b0950e803f17ee0d91d9d02b46b508c81a8b2f7b4bf74fd4060b5f4dcf33d5b545ff85d174ba9d89e5321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
d181a4b9ab8934190a4976759afc0051

SHA1
f72e421f1706fac152bb4a30fec53146367d36f5

SHA256
ffd1c7e8de73c254ffc94d611b3de9902fc1295243a9353da5878b847310d720

SHA512
e91ddcdedad8266f36bc915b4ad589255ac6cfb3cd67412d25a9c972b79e771a82acc8d74c42705a7de136fbe1a1befa833d8eb7eb03e661c4b805bcb47d3692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
88KB

MD5
3a9d8b6879d2427b61f4bd96d19d3e28

SHA1
03fd5cba0b514245a1049b367012357645b98ff7

SHA256
bad1f22dfd29ea2271bc190240b835c624ffe7b887f547d4f90728c1d35fa294

SHA512
4a7c45f80b5354dfd718ed6957f307f524786cd8b73a14d7ec9ddab9b403d971b0cf5a9b15b0e76c3fc531476a2f30048a84c2238a2ff43e2b69aeca7c662094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
374a5de5f930a4b22d6473f6c31039b9

SHA1
ddff36bf2b34005f1bfc746bba4b67d031223556

SHA256
2cf3f2400855464263c9c698996442bcbf1ed409af921059e39fdc787b51b31b

SHA512
01b1265e92e11c5ad46415951b0bcbd32f7a775a0d3ab7fc9bd0ae8207d7b313fd86cbec80c15bc88aa63cf15e2a500e5d097a4157912c850d920973fa08a1da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
b63048c4e7e52c52053d25da30d9c5ab

SHA1
679a44d402f5ec24605719e06459f5a707989187

SHA256
389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1

SHA512
e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
112KB

MD5
2f5f31d854c7b311996b0997b3200e8a

SHA1
0ab933bdefdb6d5e657f2c043cee837d9aa56175

SHA256
26cd712b904b0b2f00b9579034d6569d3ebfde17bfca1eab981f1a726011482c

SHA512
54f3006e33e3da436f0c0a17001d2a9ee787107f2ebb919214c15863c76c8f7cb39cc949d5fef5d63328199b93303be61cd6295554764192675c3ff51f17747a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
954ef07ecdfb3d421aca939ca5b5863d

SHA1
95bf04acd3a00e88d0db28c74c074a7c1b0c6f9c

SHA256
c3e82ce250af839497e06b004f78c9b4178b338f29d54c7fbb6129106366eb78

SHA512
363191df1560188876bfbed16f600a73118be7d166029691d1a3404392d6d4ff3909e65da8340bae847e39988faaf64fe49ffe42ae5b16ac2a20855e06891e0f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
0e704d5fa5b073a08842915533e4a117

SHA1
11f9e5bcf785fff3364ef5d599f1267bf92b6a67

SHA256
b645f998ebbb2e40ff83cc832575f47c3b2eabbff5aa53467c6f2830b9ad98ca

SHA512
1d8cb67555cf93f06b272ef8b836a22de5aa4d5d0201095f16d069a17353185a99b3c407dbb39d53e142d7a5ffa6b928fb841a11e0e2c387258a59e91b809819

Download Submit