hxxps://gofile[.]cc/f/b9b5d2f1-bcb4-4e18-b012-53ec92f7eec4

Analysis

max time kernel
333s
max time network
339s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
15/01/2023, 10:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.cc/f/b9b5d2f1-bcb4-4e18-b012-53ec92f7eec4

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4208	ChromeRecovery.exe

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4200_1987254463\ChromeRecovery.exe	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4200_1987254463\ChromeRecovery.exe	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4200_1987254463\manifest.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4200_1987254463\manifest.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4200_1987254463\_metadata\verified_contents.json	elevation_service.exe
File opened for modification	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4200_1987254463\_metadata\verified_contents.json	elevation_service.exe
File created	C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4200_1987254463\ChromeRecoveryCRX.crx	elevation_service.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3044	3056	WerFault.exe	22

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
4264	chrome.exe
4264	chrome.exe
4448	chrome.exe
4448	chrome.exe
4208	chrome.exe
4208	chrome.exe
656	chrome.exe
656	chrome.exe
3204	chrome.exe
3204	chrome.exe
3300	chrome.exe
3300	chrome.exe
5312	chrome.exe
5312	chrome.exe
5540	chrome.exe
5540	chrome.exe
5796	chrome.exe
5796	chrome.exe
5804	chrome.exe
5804	chrome.exe
2672	chrome.exe
2672	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe
5000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
4448	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 3344	4448	chrome.exe	81
PID 4448 wrote to memory of 3344	4448	chrome.exe	81
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 520	4448	chrome.exe	84
PID 4448 wrote to memory of 4264	4448	chrome.exe	85
PID 4448 wrote to memory of 4264	4448	chrome.exe	85
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87
PID 4448 wrote to memory of 4092	4448	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://gofile.cc/f/b9b5d2f1-bcb4-4e18-b012-53ec92f7eec4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7fff55354f50,0x7fff55354f60,0x7fff55354f70
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1684,12062188436564949544,7845126856563412930,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1688 /prefetch:2
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1684,12062188436564949544,7845126856563412930,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1684,12062188436564949544,7845126856563412930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2304 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1684,12062188436564949544,7845126856563412930,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1684,12062188436564949544,7845126856563412930,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1684,12062188436564949544,7845126856563412930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4636 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1684,12062188436564949544,7845126856563412930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1684,12062188436564949544,7845126856563412930,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1684,12062188436564949544,7845126856563412930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:1292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3288

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 460 -p 3056 -ip 3056
1⤵
PID:2708

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3056 -s 1752
1⤵
- Program crash
PID:3044

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\976b00c69b254314b4a74b4be1b2fc00 /t 912 /p 4448
1⤵
PID:4648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x11c,0x120,0x124,0xbc,0x128,0x7fff55354f50,0x7fff55354f60,0x7fff55354f70
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1592 /prefetch:2
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4472 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4464 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=ppapi --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5676 /prefetch:3
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2532 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3700 /prefetch:8
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1580,16398617525657527055,3712455935136439239,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4476

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
1⤵
- Drops file in Program Files directory
PID:4200
- C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4200_1987254463\ChromeRecovery.exe
  "C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir4200_1987254463\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={fd4b80b2-32bb-4bbe-a317-b245fa264613} --system
  2⤵
  - Executes dropped EXE
  PID:4208

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a4c6e8eac2d1112247e6c61ab8c6093a

SHA1
b7546187eb27bfb03aa4565ba2b2ee411701f422

SHA256
c097b8ba974403a966aa2170f51478ee0ec68c98bb2628d9a8acf11cbce00db3

SHA512
db7410fcae1ca64d9f88bb6ed55551f3b21cb47b5024136562094cda3b94ec5b1ad99cb05e2d546afeb56294c1894ef39b1d8d15ca8346a47410a85a1c728ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0

Filesize
44KB

MD5
f0a3a68c6ea373b2c6af7cc94e452cb6

SHA1
09b0b500101bb1fe31648bed9feb2c46e279a6fb

SHA256
c1ea65d4d67e92a4bb079f9d5665c32175b233702d6cb07a821ca59bf1e18096

SHA512
f62e659278a53b817fbf9624cf1467fb6042849f15f0b26b90b668f44701c9a6d7d7a78d9b30fda14dfa9a61201ad87a27c8259165a9024e9c36c0f93bc219e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d23dfba8ab3e3786440585468b3e7b72

SHA1
cb358469d1a074a7de58055d98aab615e7b13257

SHA256
77e02dd40a47b532ff99fd6bcf9a3807b441c10919aaba85519cad72689efa92

SHA512
1bae35e0095b328d8319983bbf5ba3208a1069a0c00622ea9a9d8d70fb4a6b5ce526b38500981dfcf11edb89294a8a95685965172ef14e993dd8a06df1a578fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
838cebfd91250341a34db71f0d60abf2

SHA1
487b3a747ae6eb1b026e4d4a0edd7381c4ba779d

SHA256
d29b12a4dd9891090881bf55f82ec1f25d6102cc6217da731c4e77cb64075e63

SHA512
80c4acecc95ceffebc59158e43fd4295241fb6af40ea1cfaad6921fe8fd9a26bd1d23867b84f014461f44f56528c256ab646ef4e24431c4c7715f5520929584f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
adde1ad3040c695a73987ad055d42cba

SHA1
a82d42957138fca64bb09602f3b04a92bcfccc74

SHA256
b22297f2f9f79cb9d2959e69c95c2fc5b3d7436a5083d56314133f74a266d6b8

SHA512
854115eea3f7dd1bbae3187419ea8b31992acc6f56cea5bac97499b4321b1ef221d3676bdab3aea833c099cc8f7ad03ed29e9a60c4b67f8432531d63b7400a84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
d70221521516d516300565f5adadadb1

SHA1
81c79455650242167125ce38324a0d9e34729143

SHA256
11dc3ac0ba439ab348e42b296d6ac28e26b97831ef4edea8b32e1e88419c3063

SHA512
27424bdb62acaa54df2993a8b921c35676da8684fb5e2fb05e341561005a8a9a920292e16e9354fde50a255ba8feae80612ab2d8f7d4842268914782dfc384c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cookies

Filesize
20KB

MD5
10aecf7a97aeb7ee29fdd7c05c2a086e

SHA1
a874ff1b65e787c6a62eeea6d022829951cfa3e6

SHA256
ee3baffba757e1d3d69a8aeb7e3ce9d2da1d1ebc35182767eb00ae4e233798a1

SHA512
36d692e096c1f5ccce856c3d18f24575cf917993b09615b81a80f917b2b8f2cce8c488f52149ea3faaa6b500a14aaf617ad8dd5252bfd8ee64d4b81fce4ed2f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
82e09ef077e063d23efe1bc319a96a7f

SHA1
7f2f74eeb99e17e93cd67e1726f3b9c16fdabf08

SHA256
b7806aeea3877431518e07d8e5819b1dc4bccf39205fde50ccbf99272a19b0df

SHA512
4ecfd7d7e080335979c39bdd6c1093a3a1c51d05853d80b22212818af99a6d8e5774400ee8a798822427ce83f5bf44531f5967f43092cff3f2d7f7370ebc7b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
210ab40856e529e97ee66f83da178fc7

SHA1
fd62ff83ca1b8b6f297170577da209f66a6fd8e8

SHA256
86c852a8ff5f6eb1875a61a64529fb8ad49d3722ca3d481691fec2af360d8b6d

SHA512
51d0115725a6cad9e53e5ccf27f6e42c0bef59092362f4ec706a82035b7bcdaffc3e8175dbc963be3ddd97b1f5eb22bf6dbae1f1d4aefe8d5f7b28b4f8589294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
116KB

MD5
078bb26f562a99650a06cbfb945e01ae

SHA1
3c4c2079fae0c20d44b04e85c97aad6e9c297396

SHA256
1525b73d79b73808d525c3f7b5d175a25d772c1edd1fc51c257510348445932a

SHA512
08b5797171a5ff837b17a9cdad9ccf844e0f0c00d208de25b336cc7b40cf9ab2b8404532b2d3c2b56071b390a07d89ebba5135040cf3682d7f318e0078d830f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
c6b0bfb99eefae56a027fb7e0853c52f

SHA1
333077656ad21c89e219d17a8dddf09780f21314

SHA256
73d7b89c31f8eb2fd5f02d35a3fa49ea39a4bc4e8c988e61573e2a8bdc4458f4

SHA512
382179da74bfd2f0a97e23575f0ea410ec958c7adff580d8c3e293a23989930e24c8e4def5cd81740f129b59951d48d76b8dba2d6484963f11e1e3b020ffb476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f6cf8436221ad544d634a57ee8de22ef

SHA1
b47155adfc1b472bccf66511bf8640dd46e5e160

SHA256
4c2b36642328ddcd92f9e3d9d95145679e5686fd3e8f839c189a700dbf8f6e4d

SHA512
bf18dae6faff4f020b0d323783f4f11b096f94030da6da4defad7de0925506d4b681acd96cb2e8061e0a0d2e0d28f13ed082b04b3031ad2b35d9e17f996853de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

Filesize
331B

MD5
4818572c45856c0b71dcf9ea2c01da07

SHA1
33f825a1de5687eb9e3eaa1bd93d078a843f6ca2

SHA256
b95d931526f739069160748f2035578716f2790b6336684d9229854a2719549b

SHA512
e1e594e0bdc20a4a009bfbc179f101fb42e642a8e2f4dc1399f775b98d5aaeb4252fbce739c63ca3ed7be495857dd4383fbc2d4a2602d8eb4fb4f5d5d2980362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
15c91802b8ae47d4863388ef4490e4bc

SHA1
380f496b98d160fba3bb8dfcdd4bf99b814d1865

SHA256
d59409e404e7f0453a9e5b0c57a56259fa0ababfae5c0ace4b4d396a16f1b53d

SHA512
7357938332d0f32e14a981a716283781efd18699f58897c4450b252586ec55d595b964ee6f0476fb662ff71ca55aa90aaeaf12bfd473cea403aed7d417c3ab50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
594db5a41901c91eb3f184eb7912e8f6

SHA1
95eb43eb3e34b2e96cfdca67b6105cdada4573da

SHA256
70c71f6b73f9181b46651e44f6ff9563d03d843b9c99c8766ee1ebfbeac7f083

SHA512
7b7d42fcf6365358e5e2bf41f9d118b938c414479dadd4c722abe80848dfa8a94c6f959b8416978c42e336a3b96a2068704699dce80688dfe4ff0f0442a6adef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal

Filesize
24KB

MD5
502b6eab59b0fa309a86330b54552598

SHA1
f8ad58927b56b683f68b97a5c2e79a766c833ddd

SHA256
d85de0e22c7ab41f3b387952f21b52dbdca9e89b55bb99e4308da8f5ed73170b

SHA512
3c9db6109a762e47500e9495aa9f378ee04a98720837657ee11367e4fe1e9b6960358da7a4c3a185f5ec68c0b74007d7fffe7e394681242db99d345fbe7d5570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
85a77cfbd48227fa254b8432776e0807

SHA1
3ff766e8befe11bcbca3e3ed115c9115e7f0c2ca

SHA256
d05a34434cf1c37a541da53a0a22e04d968ef293d03b1cd428c119daf422213d

SHA512
a491867cafac1669e4459080fe060f7ec89a6f81c2d8ade4da031e15bc38aa97d059c02fd02534adb043a79208925d9883c0d8bee315ce2b99cf99aed3563c11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
50cf01a229679bb194920fb2a5acbba0

SHA1
39c925b79caf95a49b373ee0951e1e023137edf8

SHA256
417ba1db70d8398c8a480a1f4cf6db3f2e5ff3157f21819d91e8a18d0a9fe63f

SHA512
098732c65c7af5a3ee39dcb42da7365a2bae33e08e5be1f3e29da45230bffc790696d9f6fdb4b2e722911b6601c41e4ba6f47a62c56217d2227be23bcb20b8b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13318256988611883

Filesize
4KB

MD5
da459618161f5e887a66d33ea93635be

SHA1
310d6f5c9479647958c493ab7b930ccebdf97a32

SHA256
7461c3b46c32ee6234fdf4a7ebb85ae16bb05bbd088aca4ebfb4c4042edaab66

SHA512
592f8173c35fb4f435b352fa2fd96e7e97c4bf1688e857d33e7a8b449183e2380ae1894d96c91a85105da7759a328845b4a1b696b86e9047824acdc8623e2462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shortcuts-journal

Filesize
512B

MD5
f80f6871747b2bf7b9151e8b74ea4792

SHA1
c8c953319c8dd631a9aeabc17260b038cdd4b437

SHA256
f32166fcc79ab3379295e5bdaf0dce815de7f99fddabe4dd2a4628d9756f09a5

SHA512
dd7842f34590088972ff3d589b4ce5bbbaed2787af57e5512c6671665892cbafe66f49c63a67e43fd8cf58f90ad71e68046bfa8e96101b8e6a47599d186c482e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
aa345074b262099e31b907fea8693473

SHA1
5a7f74f937c9e0d577ff614821382c0fc98b110d

SHA256
8596fa0b7d8707b1da1cf5ac09262a0d75291b0226d82386c45606cd4515a004

SHA512
98cbb6058348a6d6d82bf54aca1afbc0d2793bd46190093fdec6c8b1c5c63471413c6e0f62938645affe683948deb57171a13128625e0dec11d1b52664d4093f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
9baf7ba58e02a7ef60624dc3b03229fa

SHA1
a3e4daf1a6353f220576a90a4cd9a80201f3f059

SHA256
68166cf26b3756482a2b1d27e5164a42251963fe13f446243d23ef7fd2ed6b6d

SHA512
68861b385e028b8359c8f6b3251fd4a76d621225e6ac3dcc7721a60f9641a5288094ca51e86aa3cad99fab8f4444bb959c960f143347282648b92d2db1054a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
160B

MD5
de92ad90be6d3364745b2f73f4c3cf73

SHA1
9158681463bd30e5af4dda4baac81f93cedbda77

SHA256
0025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0

SHA512
9e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
318B

MD5
c38731124eec4b6b0c26f6c33d27df0a

SHA1
a4f96b6c8c725bc26b284c13835ff0e46095b0b2

SHA256
b00536929343cc2a29b0cd7fb526b82ee9df5d024f03f4308cb2edec03f709b4

SHA512
c738ca06213999ebd8d863d4edef378f0b9c8bc8cfc0c98581c888dd0185d1405d1127be3a3436a96732803b6c284e90ed1eb5b0e2b123c75de7a03266728897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity

Filesize
872B

MD5
02afa7e7de1617c970e189a73b59cc0c

SHA1
0424707217311af81efe8fe93cc6e6475c25fc2c

SHA256
68e36965b2eb34e494e0726f525a37a76abc2a08717e602cee3d0608660eab12

SHA512
84b076eee5cb1f1ddccf5f2f6231d6204480ae89f46d362886c87da848adf4a90f0e13ffae179f6481d3b435fca84bfac6fd154cd4eb3411ca27886dc3ddfb66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
0000a4e69128d853d055c227bdd9ef62

SHA1
771b071b20ec3fd50c0802b7f40443380e89144a

SHA256
a4ad7c7e38f84ccd3e70da7a6ab772a1df6a0e5820a06738c1982759dfd03f53

SHA512
5bf5256e742ae8edffede3792a5b92968c2b3022d3559b67657cc595dff23235f7ed8e5db74b5044ef000d419fa1934123c5076c90655ef831aa89247d3060e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
002179789f29e1a598c5edd09a458c93

SHA1
dd7ef98404bc7cebc439b62d16faa5a8cab1bb1a

SHA256
13509b16260afe17e8ef9099229e68e61d04eec679739227cb2cb3fcae17d69d

SHA512
6361711f48943ef104957e13231e03637379d6b3b005ea66ca6c8f8f4850d63313040b0e96b08a45fb88b60ef9af1598a0a3c608daabe144a93957b74aa196bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
d926f072b41774f50da6b28384e0fed1

SHA1
237dfa5fa72af61f8c38a1e46618a4de59bd6f10

SHA256
4f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249

SHA512
a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db-journal

Filesize
4KB

MD5
4494af2ba8f34c3a701a407ba4dfd70e

SHA1
cb26400d5585eddb9cc8d5080481973858b85d05

SHA256
961883db8fceed11e1b09f5ba5d2243b59f054b7d581c4bf07285eb54beec570

SHA512
9d1717e717e37f99e79177f81cd0256c82b5287c708945bcd66e591a6d9376724871090076a3e27bc0f116365243862071a1e4f0311df39e199364cfd349a30b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
b63048c4e7e52c52053d25da30d9c5ab

SHA1
679a44d402f5ec24605719e06459f5a707989187

SHA256
389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1

SHA512
e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
106KB

MD5
7ef652ddb740e5544d0b350b0a5deb09

SHA1
06180deab3ba05d08c8742a7a563a9e776658847

SHA256
880d209f4f1c64c584238c7a19bdefd5ff84762bb1635128ffa51f8d5fa5d5dc

SHA512
f65a950466c19852ba09e11db5fce601ec7443ec6a2f4ba7e9f96e322e268d3d4bad949c281e1cc76ba245ee3594cdbe2bb8faea8b582a85b89d22a68eeadf8c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.acl

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit