asyncrat | f9937a7e2b68e5f22f94e15d81b383da2c8b6ddb011ed1955bc470530dd54d4f

Analysis

max time kernel
600s
max time network
602s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
15/10/2022, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hostOPINFO.exe
Size

235KB
MD5

6fd03af8ef1d609531bf7a64cff94723
SHA1

d0bf5d5dbe1a3292b2fd8ed2273caaf3142244da
SHA256

f9937a7e2b68e5f22f94e15d81b383da2c8b6ddb011ed1955bc470530dd54d4f
SHA512

733b29ffc146e6a7f35dfd7f8082309eb7140efe57315dec77930dc4efa716b48d989abb8c4a1bfea77c346ea99aa535a965a61014561f7e30234a81658af177
SSDEEP

6144:VQxF26pltKrLuDpi/LXY5UCYu6IGwC2R5c7JIm2pV/:VmFx+uDMjCUlVwCKdm

Score

10^/10

asyncrat rat spyware stealer

Malware Config

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers.
rat asyncrat

Async RAT payload 3 IoCs

rat

resource	yara_rule
behavioral1/memory/2636-120-0x0000022FAB4D0000-0x0000022FAB4E4000-memory.dmp	asyncrat
behavioral1/memory/2636-193-0x0000022FC5AD0000-0x0000022FC5B02000-memory.dmp	asyncrat
behavioral1/memory/2636-196-0x0000022FC7050000-0x0000022FC705E000-memory.dmp	asyncrat

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	explorer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5040	2748	WerFault.exe
3812	4000	WerFault.exe	97

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies registry class 20 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3428	explorer.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1468	powershell.exe
1468	powershell.exe
1468	powershell.exe
2752	chrome.exe
2752	chrome.exe
1688	chrome.exe
1688	chrome.exe
3376	chrome.exe
3376	chrome.exe
860	chrome.exe
860	chrome.exe
1808	chrome.exe
1808	chrome.exe
4868	chrome.exe
4868	chrome.exe
5044	chrome.exe
5044	chrome.exe
2636	hostOPINFO.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2636	hostOPINFO.exe
Token: SeDebugPrivilege	1468	powershell.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe
1688	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3428	explorer.exe
3428	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 1468	2636	hostOPINFO.exe	67
PID 2636 wrote to memory of 1468	2636	hostOPINFO.exe	67
PID 1468 wrote to memory of 5088	1468	powershell.exe	70
PID 1468 wrote to memory of 5088	1468	powershell.exe	70
PID 2636 wrote to memory of 1688	2636	hostOPINFO.exe	74
PID 2636 wrote to memory of 1688	2636	hostOPINFO.exe	74
PID 1688 wrote to memory of 1088	1688	chrome.exe	75
PID 1688 wrote to memory of 1088	1688	chrome.exe	75
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2748	1688	chrome.exe	84
PID 1688 wrote to memory of 2752	1688	chrome.exe	83
PID 1688 wrote to memory of 2752	1688	chrome.exe	83
PID 1688 wrote to memory of 4632	1688	chrome.exe	77
PID 1688 wrote to memory of 4632	1688	chrome.exe	77
PID 1688 wrote to memory of 4632	1688	chrome.exe	77
PID 1688 wrote to memory of 4632	1688	chrome.exe	77
PID 1688 wrote to memory of 4632	1688	chrome.exe	77
PID 1688 wrote to memory of 4632	1688	chrome.exe	77
PID 1688 wrote to memory of 4632	1688	chrome.exe	77
PID 1688 wrote to memory of 4632	1688	chrome.exe	77
PID 1688 wrote to memory of 4632	1688	chrome.exe	77
PID 1688 wrote to memory of 4632	1688	chrome.exe	77
PID 1688 wrote to memory of 4632	1688	chrome.exe	77
PID 1688 wrote to memory of 4632	1688	chrome.exe	77
PID 1688 wrote to memory of 4632	1688	chrome.exe	77
PID 1688 wrote to memory of 4632	1688	chrome.exe	77

C:\Users\Admin\AppData\Local\Temp\hostOPINFO.exe
"C:\Users\Admin\AppData\Local\Temp\hostOPINFO.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -c explorer shell:::{3080F90E-D7AD-11D9-BD98-0000947B0257}
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe" shell::: -encodedCommand MwAwADgAMABGADkAMABFAC0ARAA3AEEARAAtADEAMQBEADkALQBCAEQAOQA4AC0AMAAwADAAMAA5ADQANwBCADAAMgA1ADcA -inputFormat xml -outputFormat text
    3⤵
    PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1688
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xd4,0xd8,0xdc,0xb0,0xe0,0x7ffdf6f14f50,0x7ffdf6f14f60,0x7ffdf6f14f70
    3⤵
    PID:1088
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=utility --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=2124 /prefetch:8
    3⤵
    PID:4632
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:3940
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2472 /prefetch:1
    3⤵
    PID:5060
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2448 /prefetch:1
    3⤵
    PID:4780
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=network --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=1692 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2752
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1624 /prefetch:2
    3⤵
    PID:2748
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=utility --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4128 /prefetch:8
    3⤵
    PID:656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=utility --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4272 /prefetch:8
    3⤵
    PID:4752
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=utility --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4400 /prefetch:8
    3⤵
    PID:2448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4924 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3376
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=utility --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4968 /prefetch:8
    3⤵
    PID:4412
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=5008 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=utility --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4592 /prefetch:8
    3⤵
    PID:3164
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=utility --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4508 /prefetch:8
    3⤵
    PID:400
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=utility --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4408 /prefetch:8
    3⤵
    PID:3332
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4852 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1808
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=4960 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5044
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --mojo-platform-channel-handle=2428 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4868
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1640,826576100705802842,7896460127001335754,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1468 /prefetch:2
    3⤵
    PID:4000
  - - C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 4000 -s 212
      4⤵
      Program crash
      PID:3812
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c start /b powershell –ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\Admin\AppData\Local\Temp\wosivx.exe"' & exit
  2⤵
  PID:4420
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell –ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\Admin\AppData\Local\Temp\wosivx.exe"'
    3⤵
    PID:4660

C:\Windows\system32\ctfmon.exe
ctfmon.exe
1⤵
PID:4716

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3428

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
1⤵
PID:4080

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2748 -s 192
1⤵
- Program crash
PID:5040

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\BrowserMetrics\BrowserMetrics-62F68B7A-10B4.pma

Filesize
4.0MB

MD5
9a828648214d1e42773fbb776a16bdfe

SHA1
bcdb2d3c15169c3af4d86b37f9dac0bb42f4a818

SHA256
725203c32c63304ce563243187aed2e1c014d1b26335a41b3fb6af8f3344d345

SHA512
fb35571ce6d6b19d270118791315d659d31609eaafb9c3fd52a21cc0e8e52b72c3b9f1e4032de0bd943dfb440882fb7fd49376a01e4641afa276fab01880c5da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad\settings.dat

Filesize
40B

MD5
7813407c23c86944dcb6198cd05110c1

SHA1
5cd0ce8b526f820df7110425432ac5d4ef674051

SHA256
c3cae4b8b257fa124145a9d1f97c64716eba9eb7916bb46e788e606324613306

SHA512
6055e7cc9f8249da378339221565e5c6779a7330a82e61e001b3b4ef6f9381eda43ad478ca61fbd7be9392a8d24a55bd83c961a4c8d9a1cc6b1094706e905acd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\data_1

Filesize
264KB

MD5
4f86a7653c2ab82c19577762d0ad797c

SHA1
cdc19e307fa8580ff0e38556ee1db7670dfb2da2

SHA256
36b40409b02f4d8f33bb4499681d7ea6c9f1d4c5435a96bc75d3c55b27d77724

SHA512
4f4433b00b1675b16d1cbeb0efb0b6229ff16bdcf39b22fa47319eeac1c68a8316758dbdfd359adb24e3ca1471f1cd0469628fcf90fd4a9ff89f6ff4fb3ff3cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cache\index

Filesize
512KB

MD5
51f2cdf441c7d2d69985d87989474f32

SHA1
6015cecb35f531a016a16ea77f380b149fb2227f

SHA256
7c507faca018d8dd0f632cd7c86a2f5d6a5e1dff5380ff840cb99c5986e417a1

SHA512
433eae55ac8a94e8d552cf496c618eabf72e7f4eaed58639666d0fadad40f0cd6ded4e641a6b0a781d976f4e9aa1519bd9b6b9b1330ba031f8d0a1d50289326f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
7d1b4d6210fe3be696c2718fd86186d0

SHA1
b6d1bef666352850a6e139334af6e0e56ddce138

SHA256
37db2acead1533ee68242fcac6b34279e5f0d5946e971acacaca0a30b9d76f80

SHA512
abd501f76acc220590a30fb18cb22b32a9d95c0ff466600a7259af77a31146b3b9910cab42f5927243877c85091bba7270a55031489534d6cf27dd500f39f3ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
cf274c5760fc61c1586dd0e4db07f3b1

SHA1
3d29719ffadf85244ee21df0fadd0a740c21f4be

SHA256
ad4f4d3b0509812171754cf16946385877ee41285c602748ed74afa6ffe1d67a

SHA512
49691f3212aef1a31f957dcaef5e0e9d3f6864983ff24bd5ee31850854527af77d95b949aafa57dbca3c4a9d262f8866160f5fdb5ff5813aed297a59155e9a60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Cookies

Filesize
20KB

MD5
055c8c5c47424f3c2e7a6fc2ee904032

SHA1
5952781d22cff35d94861fac25d89a39af6d0a87

SHA256
531b3121bd59938df4933972344d936a67e75d8b1741807a8a51c898d185dd2a

SHA512
c2772893695f49cb185add62c35284779b20d45adc01184f1912613fa8b2d70c8e785f0d7cfa3bfaf1d2d58e7cdc74f4304fd973a956601927719d6d370dd57a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Extension State\000003.log

Filesize
342B

MD5
829a3c6987490c82e6ba954662c1d61b

SHA1
3799630075c4e24b21e810bb5896dd5ecb96c9b5

SHA256
39dfdec86949f152a1471442545245ac5f3372b56428a6f61dffac0a3ec159e7

SHA512
0fe38650c2f79854b11bb4f6564fa45639e74cf8e644f7913c55cc92ee0ebe58c20307360aa83432e6521c046c39ccf2d2e1098695cae563817d0f4af593e30a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Extension State\LOG

Filesize
137B

MD5
72146efbd96a1df4fb0490d505ad0555

SHA1
85a93fb7e8969e6b310d33df3bd6e21ae5fc32b4

SHA256
516349453ad0275ea63724bfe4a8fc6ea6c0d69cc50f6c72b508958b6d191bc1

SHA512
cd4f1882a182f9494ff34be0b6bbdad450c9bfe302609407d3337529805fcaf3fbbfa3c3a36fe7c57d0dfeafc88fe13e0fa6d94b6c9dd76456c8e2b052ae1ef7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Favicons

Filesize
20KB

MD5
5688ce73407154729a65e71e4123ab21

SHA1
9a2bb4125d44f996af3ed51a71ee6f8ecd296bd7

SHA256
be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60

SHA512
eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\GPUCache\index

Filesize
256KB

MD5
609438f86069f1f5f09ed0185c837ad3

SHA1
0019b2396f9a6e3b3e34d2310b83c7f28ac892ad

SHA256
be0fc59a3c2a88900d0253fc45aed47d6096c0552f4f619c6ea4f9a60734305d

SHA512
8e81323904c2018e5df745f1e3644bcdb59b2daed6996b70bc96d7aa0d04305258a750d7feb11c58369812701ac57042955669c96b28d734b179adf965f4244d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\History

Filesize
116KB

MD5
4e2922249bf476fb3067795f2fa5e794

SHA1
d2db6b2759d9e650ae031eb62247d457ccaa57d2

SHA256
c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1

SHA512
8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Local Storage\leveldb\LOG

Filesize
144B

MD5
78f75ba65de2274f75d0951ccf4c0579

SHA1
e5df6356048ec6ff499452faacdf4b5980fc6485

SHA256
3b290bdb1dbc1e6261fcefcb789159de1e7aca269020be29fe99898eb974c5af

SHA512
d87dae97ccf8e88e86f3e07bb9b9139658b95916d31d0c56fc31ab35a6bc01b582c66521b56a09848aca57cc32637987b995294bcb4a8bb07a741f0e625fa057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Login Data

Filesize
40KB

MD5
b608d407fc15adea97c26936bc6f03f6

SHA1
953e7420801c76393902c0d6bb56148947e41571

SHA256
b281ce54125d4250a80f48fcc02a8eea53f2c35c3b726e2512c3d493da0013bf

SHA512
cc96ddf4bf90d6aaa9d86803cb2aa30cd8e9b295aee1bd5544b88aeab63dc60bb1d4641e846c9771bab51aabbfbcd984c6d3ee83b96f5b65d09c0841d464b9e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Media History

Filesize
140KB

MD5
1ddfe694c682299567c25daee0cf2a04

SHA1
d32bb6199d95989525ce204a859780cca708142c

SHA256
2237a10a071315f272ac9eb9338ce9a83350739537a5cbf0f82bd5ac65e45968

SHA512
a1a09f7e4c919a758c38c8a789feac95dd17f07fc955ca83bd0e4af6ca053f5e205d6f55bcce380f83cbc5bd26e75457ce120fc287c13bd8b73b68e1610d11a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network Persistent State

Filesize
799B

MD5
2754de840da793c08412d01c185c5380

SHA1
5ee0a84f48bbfdd9777c61f55b312b24255a1f14

SHA256
19ea8bbdd978a0d63dacc6503ed48a2a71720bade65b83bab6eba454fcd30409

SHA512
2760f73b0f870aa96f7b99eec8b6ec858b083f7f2fe22e82855dd04ea643729f4861536dd47e3a273416ae8d70bc4b8f5061b5cd65bbdb385e424b1e3dc562d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Platform Notifications\LOG

Filesize
145B

MD5
12ed73b7758afe8c5e67b8e3ee4e0418

SHA1
9f17fb810593691e4142a2ddca75891efb4868e0

SHA256
b2bfb1f2d1690435904723541b19187b22aa68ffeefa0099f84609202f753b12

SHA512
96c23857eab108f9b0cadc2bb7361d45eafd3c494e7099b0ea558a4a0681bf7e8b066908b22ab0166167d6656ea188cf0d97da190697ecbab8f8a929d540f950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
6KB

MD5
139990e0f44328e58c1cc75bd90cc23e

SHA1
414bc1616170b1cad1b753f6ba1903ee1b39a0bb

SHA256
279c82c412ecc03620d7ea0011e40024cc42d10b81986221d038c04555309403

SHA512
a15a15deef52c9dc208f1ee4c033386b0bb1488f1d575dc0466a55a0d8053589d37853714fc1c48d50741a5b22c3ff300a5501949721a4447da0f9ee907ad6fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Reporting and NEL

Filesize
36KB

MD5
f77cc437cc1834f2c99e03c3211373f2

SHA1
626f0e2ac8569eae8f268405009e5f6a5eafa774

SHA256
f9d1cf8bfb78a09b1bcfc7e18fdb32158193a01800707879e60d820589c5fef1

SHA512
4df6e9983da5329dd165705c926747f1bfbed489335198632195ec2f9d09994f1fadc1cafc41e64d7cc075895a55b5b3ae1ae9b575a84418886e91954b41e46a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Secure Preferences

Filesize
15KB

MD5
898c5cfab195aa198e962963e34a506f

SHA1
f5f989da8f5c5d8df7e89f0f564832c1b0c3ab8a

SHA256
376823134fc7e08a2d45956c66b6f45fe36ed7c96e735054dc4e2142af6121dd

SHA512
f41099599cc4fb728aa29d79c9c7584dc86d3a5722873eaa96d12537d9995098931a0cd8f71ded66a517b4d901084338d6893fd68fb7bf531f238f1e5df9a842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Session Storage\LOG

Filesize
138B

MD5
45656e7e3693cb090949a417917ba2be

SHA1
159b31caf16d5ebda18e81174eb760b5c97c2d17

SHA256
f91908b652e592c9d8c50d397b7b2d4fe02897297bc9021970c613948f423c97

SHA512
14154cea35c4a4e121a083500583554697d6e001055ed84487376bde9c681cb9c106912870378eaa9b127e8645e1b9e3bcb40e9ff9ed071a9e48993414640ae3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Sessions\Tabs_13304798335733329

Filesize
669B

MD5
a27318a80f29a6845cf6d1283743000c

SHA1
e0e71ad07ea4df06bf4bc2747a4a8f5c3bca2e4b

SHA256
f65495c462f2473f7138dffc8599ef9ce1c54a47c4d459430c8811be6e77b5a9

SHA512
9730d7cc627b5eab44f00283e1419f9a25499674887c0c2c74a09c3b0794dc29acf2ee6595fa76484b174ab863722211b5fc0b59a17ce57a9e1fd18b9183009c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Site Characteristics Database\LOG

Filesize
152B

MD5
6c5d12ea2429a6d8bc65f5990c9f8629

SHA1
a99e1dad0856604b2a03801de2a177595356dea3

SHA256
7a0ed2712ad51dbd5864ddf940bf10da1fb35ea220c3143476402c3b4f3db1e0

SHA512
c6451aa805db0bbc8504d39dccbfafc45e66382ad81f7db42dd4ff88d68fc3f94e4a820ea854722b3da1742711e5b659c787f5cd8dd91998536f5772a9688ae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Sync Data\LevelDB\000003.log

Filesize
122B

MD5
0d9f70652007603a81c7847dc3cee8da

SHA1
4a7c8341cfd657f31314690bfd9bd8f51030c5b5

SHA256
a705d9d26ed11df2f38e6c25557ccb83916b8598fe92d2ad25868f9ae89844f7

SHA512
27e34f4b5077a9bb58f30d2447c43d2ae877495bda975b33f405d5d08d03a009bf67bd24abcf70838934f17f1ec66ed1b98429ad96997cae68d0f1e0bf9ea4cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Sync Data\LevelDB\LOG

Filesize
140B

MD5
13e081161e1cb852e2f2a1ffc7b8406b

SHA1
5bb04a788a7e4cb72de1773ffae188cb154a5aae

SHA256
3f0741d51a07385dd4c619e3dc8b4b4d1e13b14d6c0e4aabb3d7808a615622f2

SHA512
8b4c951d73a5491dddc1e829afe708be859eee6f32814b86e6d36bca1f4cd75d4f3c30b5d0beb6b5d26c3b9d89c66e952db9f3dec5391fbb595530c5402ac8a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Top Sites

Filesize
20KB

MD5
9048adc11b40da3679e854f2aaee2813

SHA1
3a5f63f46b6f38dc15e852bc9ec85d17b3bf09d3

SHA256
55f6ab81fe7167e23124f16688da2f74223d2c7b6e3312316f243f129519bc2a

SHA512
421477d5561ba0e55597469b01785c46ed1a3ad36f592db527290705129539c6355fc0477c219c899c253fb95b1213b1e05fef57d4d0e0b74c48a9f2cc0d3e1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\TransportSecurity

Filesize
203B

MD5
810b27d9eb3fd6b409e3c5cb0f4db9f8

SHA1
072a7a57f97e22b2aa068a4196748a11440a06fb

SHA256
9349265410a8227efadb958d7aba66256ec47433b1c953fdba3e4aaa4fd6dc56

SHA512
8e441a3f578e04e21317ea46a430804b7c9187d36d1e728325742620150d18b1c6f088c08033386f05fc551e9687e599e81a17877a4bb8974474dc955d51369c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Visited Links

Filesize
128KB

MD5
2d3ddea749ee91af19fa7b29ed578c73

SHA1
e8695820e44fffb6fe9b18f75c8b1fec7ad573db

SHA256
3571e1e2b4917938c0696958dcf405e415891846af5ab9f320ee56d1e2567381

SHA512
b2d7db4d0fad34af878fc02349d71f94010af8c74a00fcf0c1d815810cc44e2a984baf1e49bd9f6795c92b1a4622e3e6a38a405a7a9e59c05286c276ec67850a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Web Data

Filesize
88KB

MD5
8ee018331e95a610680a789192a9d362

SHA1
e1fba0ac3f3d8689acf6c2ee26afdfd0c8e02df9

SHA256
94354ea6703c5ef5fa052aeb1d29715587d80300858ebc063a61c02b7e6e9575

SHA512
4b89b5adc77641e497eda7db62a48fee7b4b8dda83bff637cac850645d31deb93aafee5afeb41390e07fd16505a63f418b6cb153a1d35777c483e2d6d3f783b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Last Version

Filesize
13B

MD5
b63048c4e7e52c52053d25da30d9c5ab

SHA1
679a44d402f5ec24605719e06459f5a707989187

SHA256
389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1

SHA512
e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

Filesize
89KB

MD5
dea49479e9979ca0952b1e4a05687311

SHA1
2c8da3059b06d18d9b7fd4b86d4ce1e90498fe9e

SHA256
ca33bdd64d4339b807b664c6d7dfe3cd6e59c9a9b49bf2484f079d878a673391

SHA512
bfe93581b021dd6e02c0a2d892a6f3f1af3292a2503b3da79fdbe33753846a5edec04404c6b1b5e10daad7baf38e22145180921d3d17c0d5c30ad0269d19123a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
28d6d69da9716f4bae30840884c994f7

SHA1
2d697ebe59efe97c672b5eea2b38de61146a2bef

SHA256
2cf4b1cd74d1e297ffa5372fea97af28358f7488f75cf8c0288dd167c4948544

SHA512
9e722e2716258dbfafbbb3357c04fb7baa9bc22d3158b91afd2e28e6c75a2eda0b8c031ed1c34cdf7a7c35070de0ef4fdfead669cc6360ec6201eb2226b2bd47

Download Submit
memory/1468-127-0x0000024E5AB10000-0x0000024E5AB32000-memory.dmp

Filesize
136KB

Download
memory/2636-121-0x0000022FAB500000-0x0000022FAB51E000-memory.dmp

Filesize
120KB

Download
memory/2636-134-0x0000022FAB47A000-0x0000022FAB47F000-memory.dmp

Filesize
20KB

Download
memory/2636-118-0x0000022FAB410000-0x0000022FAB432000-memory.dmp

Filesize
136KB

Download
memory/2636-120-0x0000022FAB4D0000-0x0000022FAB4E4000-memory.dmp

Filesize
80KB

Download
memory/2636-190-0x0000022FAB47A000-0x0000022FAB47F000-memory.dmp

Filesize
20KB

Download
memory/2636-119-0x0000022FC5A50000-0x0000022FC5AC6000-memory.dmp

Filesize
472KB

Download
memory/2636-193-0x0000022FC5AD0000-0x0000022FC5B02000-memory.dmp

Filesize
200KB

Download
memory/2636-196-0x0000022FC7050000-0x0000022FC705E000-memory.dmp

Filesize
56KB

Download