hxxps://www[.]youtube[.]com/redirect?event=channel_description&redir_token=QUFFLUhqbUk2Zkh4NU9KSE1oaEF1aERWLXdLNnpNdGZjZ3xBQ3Jtc0trYkUzdzl4Z1NIcjg1eHFxVnJtNmRyT0V5YWRveUN0RGUyMmdGNm5fR2dGSU9wZDNENXZYSE9TUGVsalpCRHBxX1lWUmRKanRKT21DcTlVS2phOG9xU1d5U05ES2ZCekFtSUVpVC14TVFrVWhsWFVONA&q=https%3A%2F%2Fquoo[.]eu%2FKWwD

Resubmissions

28/02/2024, 23:58

240228-31jkvsgf61 6

28/02/2024, 23:51

240228-3v64zagf95 6

08/06/2023, 16:26

230608-txye6sgg68 1

Analysis

max time kernel
299s
max time network
302s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
28/02/2024, 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=channel_description&redir_token=QUFFLUhqbUk2Zkh4NU9KSE1oaEF1aERWLXdLNnpNdGZjZ3xBQ3Jtc0trYkUzdzl4Z1NIcjg1eHFxVnJtNmRyT0V5YWRveUN0RGUyMmdGNm5fR2dGSU9wZDNENXZYSE9TUGVsalpCRHBxX1lWUmRKanRKT21DcTlVS2phOG9xU1d5U05ES2ZCekFtSUVpVC14TVFrVWhsWFVONA&q=https%3A%2F%2Fquoo.eu%2FKWwD

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
35	discord.com
36	discord.com
37	discord.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536379116497067"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
1936	chrome.exe
1936	chrome.exe
944	chrome.exe
944	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	4624	chrome.exe
Token: SeCreatePagefilePrivilege	4624	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe
Token: SeShutdownPrivilege	1936	chrome.exe
Token: SeCreatePagefilePrivilege	1936	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
4624	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe
1936	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 4576	4624	chrome.exe	73
PID 4624 wrote to memory of 4576	4624	chrome.exe	73
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 4856	4624	chrome.exe	76
PID 4624 wrote to memory of 3052	4624	chrome.exe	75
PID 4624 wrote to memory of 3052	4624	chrome.exe	75
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77
PID 4624 wrote to memory of 2400	4624	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=channel_description&redir_token=QUFFLUhqbUk2Zkh4NU9KSE1oaEF1aERWLXdLNnpNdGZjZ3xBQ3Jtc0trYkUzdzl4Z1NIcjg1eHFxVnJtNmRyT0V5YWRveUN0RGUyMmdGNm5fR2dGSU9wZDNENXZYSE9TUGVsalpCRHBxX1lWUmRKanRKT21DcTlVS2phOG9xU1d5U05ES2ZCekFtSUVpVC14TVFrVWhsWFVONA&q=https%3A%2F%2Fquoo.eu%2FKWwD
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9f10b9758,0x7ff9f10b9768,0x7ff9f10b9778
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1816,i,13658194886636162049,3302599980520776718,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1816,i,13658194886636162049,3302599980520776718,131072 /prefetch:2
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1816,i,13658194886636162049,3302599980520776718,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1816,i,13658194886636162049,3302599980520776718,131072 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1816,i,13658194886636162049,3302599980520776718,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1816,i,13658194886636162049,3302599980520776718,131072 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 --field-trial-handle=1816,i,13658194886636162049,3302599980520776718,131072 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4604 --field-trial-handle=1816,i,13658194886636162049,3302599980520776718,131072 /prefetch:1
  2⤵
  PID:984

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9f10b9758,0x7ff9f10b9768,0x7ff9f10b9778
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:8
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2872 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4844 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5028
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6b5897688,0x7ff6b5897698,0x7ff6b58976a8
    3⤵
    PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5176 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2932 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:8
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3052 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:8
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2948 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3760 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4724 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=1736,i,3090030143411382448,1426814565822823072,131072 /prefetch:8
  2⤵
  PID:4996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2424

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x200
1⤵
PID:4092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
9a0520197a7f7681288a56c368880f05

SHA1
23c3c8ccbc36ea6504e98839453109dcf19438b0

SHA256
b67de484a503964afd5d3eb451b930eb345b0480e3e12cc496cb41aa377ef96d

SHA512
89b445b5d031199f604b803419127730cdb82bfb77bf1caa4b03a61be8322ea057dac3c21899e932a32e282bd06048d8b37688976a753fb564079509632a7889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\014a7a00-d7c5-4c08-9788-38f20a6013d9.tmp

Filesize
7KB

MD5
321264c2f26863b2f8496d6edf132c70

SHA1
1786b4a62cf0ba7787694da20278834194b6739d

SHA256
4b1bdd4de34ee8c9de76f58fa7d8bb3663b51b51bd0bb6ccb0b618a1661830e7

SHA512
a872eddc8844b3d6eb80aa5e82391f0cbd85f8b299342a007d83114f17702b3957aab5604e4d9c091ab5bb020430c46ffb9ca6d02dcacbc78b611bcfa24ab92f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
c9dab176f198bee4806065ba294f10d5

SHA1
acacd6552f52d7fcf551911ba24e7d3aae7aaebb

SHA256
89ebf14befb3ce36f43216ed126cca0c4029f2a2edd4cdefd3792e5502fc0d56

SHA512
f8a1a9424124852d3cade7a44fc809a7fb5fec251dd1c8a5d1a511e6a9307670cec2b299ae711764255e51df272318e41b35a629fb45c7b7e1c262041fdc7502

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
bb96d0e62ac19bf9a460a6bf5eb14825

SHA1
dfbf370a68ed3cffd4291937060eb5c5008e344c

SHA256
60cf6709542f131c2b6c3ce77cfb4850766fa498ed5d9fb170b246c7f71f290f

SHA512
a568532498788a595646a053513dae7d6e7c14ea298337cbb748d805d8f16ab1d89bc643155f0e5591de75ed97b604d15685a00a3cec6e4c9b99789b029fe4dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
bcc2e1b1bd27e931b309e4f83daa86b6

SHA1
6a1a374c66586aebb92f7ea0c45a06c9e6d33e9d

SHA256
69dcd04ddab905958fcfabfbd8df75397124859f3a86d1669cc7241286a66f86

SHA512
44a60dc0e8710f42f972bcca0c497d1516724cc92dbd6f6d723c394c6f071c9d2f90a8a0bed2dc3f9b73b7d8af5dcd42d330f4f3f544546f0c32dd7becc19bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
4ba7ee2d2a32aca7e4469443e3078195

SHA1
e77f0c90bab932ecbad0b2f14587b135466975a6

SHA256
512d343f01abc6393c3c0c0b184e3aaa10b2cb388494665a0508a3722bd6d5be

SHA512
df86cec7874cc8a4d12d2600684012767743b8bf70ae9947b45dadf6ecfe702387206ea79f7b95a409ddb5cbba9bdfe46b82f24348c7dfa72e44abd0ad72e5dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
30KB

MD5
454ba5604d437a67bc8ecde0379e733b

SHA1
0257298ff862e4f9eb295e026cb469de33bfde67

SHA256
b24d5ec49d9ed977ad67c75aae0b355a7eb182b1d7775ddf1bc56d4511cf0a6d

SHA512
fa434ffe53f553f2afde0e5c3dc1f7204d1ac4e94971a19b3a9f6316c30668af2d52ff3390c02a41d466eb8067f54c92c676292f4aef67d4c1f06e4030d888b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
e5fd2dc4c4b8f7942bc21b6a5c53e68e

SHA1
9e1421a5cd4f7a79e07991a180f67a545163dd7a

SHA256
25c7cedf0cda83c871069cd000aec33b8fe923647c7df012aa5da16f48ec8ff7

SHA512
0feff8068181be2ecd39870d17af09d01c6e04ba7ee655ab5148717c666297a241480efd3e53356d183f348bb1399e49ef60743ec66d93f8505d863d99da1dba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
524a2a9f2e16b454875dd0efcac987d0

SHA1
f51337c1c0200dffbf09fddc2109644919aae579

SHA256
138db64d55ec5dbd5deefecf8bf1660e7b04e68acc96299af2a6ae9be1e191ad

SHA512
d6bc57c75defeefacd59aca8dc93aaa5e87b2afa7d0c4448f224df032bd24921594ea306eb76f08adb97922438da2afdfede6b2b57f57bddea100d60e15d3099

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
e32fe1b824a87a102e4739eaed224a86

SHA1
c80d986c67db5d03c4670ec653042bf419496bb7

SHA256
bde2b0484151d3d39b54627f683ba4df45c71badf3899efb77a23367b14da7c5

SHA512
4f1f558a7a843dc5bdb809b42f86369ad6792f462fe444f79532fac0265a0b24a58842162bfac0b975315848ca901232a343370c1e631146adf7f87749448a14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
3fa8ef84be5b56347be9d278e0e993c4

SHA1
5f387446ba8958c5eac63bacc1013f079f3da5bd

SHA256
2c43ade5a6c6617c3da5137f72bd6f5f8d877404abf1f86ca373a829599d0a8c

SHA512
ed24d23c859273f1a385e81ee474ad6d6d310a95e96ad78b1697b64a9978443d588a91512d4e79cd96af116e6453a3b6c9857ae8310484713782c187a2164b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
993db5ea495ebf72bd7fb6f23e383740

SHA1
564ad9c561ff01665383187f48b05dd7351c08ef

SHA256
1d53020a65f7d2a20c29216a0ff799c4fd4707c2d69342dfdba587d1a125189e

SHA512
350faeedb326f7ca186dbe0f579603cae069bf381d5dbe29b08c6c2af7c6f2b8e06c37c7a517cfd1a274c788935c00efb8e4547ecd6ff0bd0fca6fc5548d61b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
5989377b3f302c0bafeda74c8f78451d

SHA1
eabc5cf53843ed570e406d70b483cdc099b87a71

SHA256
ef26a76e42fb40bd91453ad21590a4bbc3c6e9bd31425a4cb2e388631e979124

SHA512
5d9c36760580b7eb3e74c374fbb29034b23813d6e786b7944d1175c8d4235ced8a8da58a8fe4c402d2cd56425e8aac58fb1b209bd58ed35775ec390c650e14ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2544d935bfa3f7450695b7261081ea14

SHA1
ea76fe877342bb4b40c68fa7438b818b52d8b46d

SHA256
f9618e9a18aa65cd106b055410671af143ce7a5ab1573ce7ac927000ebb6525b

SHA512
65a6ae3fc1a902801ea965986083aad4371a49e1f0b70f6d0c05d1a97d035760da8dcc1c836306a8bc2d57d5fb82c988ab9e0e000e4e652f41ed862d49aa1a85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
eaab1de8d5f1c9ee91e7045a1590806e

SHA1
7aa7c28472531d590a504de343ea43e531d1187a

SHA256
5a63699ba89e1bfd0481f4eb63e1722324a8b89cc563172d0c9aa0565da3c6a8

SHA512
25161ece4f5cfc6da2056257271c07f2b95acaf55d940584888cbb44bbab1e882971e78c43b2cb562f0cb3a30a03550ced8d228240c24cedc055f8bc6be28105

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
78109bbbba06e701c6747c8cea5f2f1b

SHA1
25b21348eb3126a76965eabaff980116c49ec7db

SHA256
42828d7e2bdd8e89d9c5e4cd5f17a66f554153227aee178a98fa93da0a5a61d8

SHA512
81bb1ddbf8d051abd6fd1f5a7e248afa4e8575866b28b4ae607de39fb8eabd181d78bae5756ff8c090da0c7c52159e56d1c69a3bb9ae92eced28e7993e558b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f4070a30ab1f8c93079e65dacc509841

SHA1
240b7914b0760db1ffb642474b18b7919600fe87

SHA256
282c639ce2c621894fb82c9b2c7efbd2a6e3970dc000e3720e3f616e571a884f

SHA512
1dcc483eaea566e9d81f3a2dd78bc1ad52099153f61219e3cd792e5aa44595edbb7fa0124796e1e9d78787b218d7b48e67cebb407eec2ddea27c4e95a7cc9c79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
061104f07f91b2b70960ac7f7b10bec0

SHA1
0eb492c4c27a3e4367eb02b67c11976774db2cc4

SHA256
9291c5f4c5b65ee05331aa8a2503c37a240385e312f533d99e59d4e0e8dda9da

SHA512
05efde71e8f680f597948c7e405fd80c98616d17b264a364a505f5290426a9d601169ea7828a368f61b285a4b5ba4d5bc275b82de28b8c6ad1c03780f578cf85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
c6de50e5f104a6150cb24339d5e5d4ae

SHA1
18bba032a9da48d3bcf4f67fe1572eb7db2c7ff4

SHA256
ae702a2edfc2ffb38afadf4c7a7f4c07c6783dc6da80843fb9ff40f897069a23

SHA512
16a34316737c74e9bcc57fd657f351a50f9aa41ac1b10edad25e1cb535c8dbac7d16643e5dc47331071b150d61a615dd5def49df6f36a394d8f2c306e792db0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
16d9a88597be7b45170908bc31efb4f6

SHA1
6d2e1a36b72cb3bbfed5299d0b894a4d1e59e89d

SHA256
ff5810051d434b42009095e119c0e2029050110d54bbd2e1a1624340d1648d0c

SHA512
78ed31c6e0d32030622f65b5d1dc48da3e5a302e895f398d9b4b7fc4e422c846bfd23282763fafd1c054502c9c964a08f6f49681b66d7b27c8e1329a9f4df259

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2017ad78717ee81ac75c1ae99739a947

SHA1
04750308d7a4ddfadb9524c5532fe7a548a14db1

SHA256
88828a71ded14662e28181f8d821d8256d4e514cd07796e284e0020c493cf6d8

SHA512
02ccefd73945dfcc1f37f405feffb70963a7777948bff671295a040f3b222afbf9d3ab34c8538d3eba3440e6e636a1f58632b365ea35924f5641d5f323d25266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5ec16dcf0bcd1a44c65d8d36a802d01c

SHA1
521aa0531622124d3f68a38044fc9a0cc41f02cb

SHA256
58a2e0934d1f4614160cf469841ab3e5eee0577607612edcec76bdb2cb9f9bff

SHA512
46e12613cb22580681c95254de42d0ef0771875858312994135b506974d0d999d881fd9cb0a0802387f205ab76d4a39ea6aa365395fbb1003fe4c8dfe433db35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
16b044fe99215735090bfdd3f730b35c

SHA1
d39eac5559f7c1a10fda14dd2e5af8737715e427

SHA256
8f503232911325c0fc9c3f3bd95b2cf626ebc6d631bd6fa2139eca096e2d5e03

SHA512
835cd1da63b3e315f1bba6be1233e4b8f9732edb65a764de239d8d71623a386f7377076489618ed4ae6747fe30d53f57391e32fb939fb12a582bfcee0ee9f631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4729eb4a94658400372e3d37bc7e2fc6

SHA1
deadcf481f70c390cdae110d9608e5752604f6f6

SHA256
742629e3776383eb90c6059fac5b6d2f8ee74bd40ef78df6c9226fd58852b5eb

SHA512
2439631bdabd7987ec7f4cf41bd37b45a33e8c425825d8ca2f6cce82ed7bab72e8113887ce7e0b045bf16e066ac82055c5f310ba00b5ee8ae774f7c1308da8c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
6ac032c5856d71d0d12cbc682c0aaea9

SHA1
81a5a2bc340bf923407aabdd2422072a45c116a9

SHA256
2d0e03cb2c8b89e21dc14ef0225cba1ff34466f39a14c7664316a06bf2345f55

SHA512
0221611a59e2de4bb15db363c4f062bd5d596b75b180f35e6ffe71fe79ecf9cae1d21b7c4f571578118c6c07fde12dc324483768e4afd66fcb1bc40e432006f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c87d7133cc418c48b8d648e53d738d20

SHA1
eb97c6a5fe8cb7d114008e06008da93f6db7ce17

SHA256
5142ec6751e94c2620682988aae346dafcd618ce9679ec96a9cc02ca77064530

SHA512
2ad56c5a17cc8149bea9faa4aa189e917b6a2ae311ee982858b4147febdd1c61877696b14cfa302ee85fa98eb7b2b033d895e43f3c9503b6377f10ae897bb749

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3671431470b867a734a1ea251a2005db

SHA1
f27be01f309de0f73305f94b58d1581574348650

SHA256
57e1cac1c97568f972db9c2b4fe1d0b1c8a590eeb2267c742243215530146824

SHA512
55fd5c5a2b361023285d64c4548c0bc03780f5ad1e1db807cab03c6ea0a413e09b2b45030f85dd994fd5ac14bad01f3e1323e662cd3089e2c03e2ecd25cbe505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
19b4eab5633c1d1d0b566c44c017b569

SHA1
3a2f4d0af99283dfef31fbc22da067bf8b29b2e1

SHA256
8e11c91d9e445bffa92a49966f6c9f08f0e6e1878f5cff99bf3d4bbbe8f50730

SHA512
e265f7bcf4fe8c0efe7603e534e1cf1fdfc907c9e055c7e7e79f3b58c39fbe46a724c42a6be92e26bd2ba3a949cc3e391e13bff46567b8aef72635aa843ebba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4f7799c2a1d78f79b99b701c3e03f984

SHA1
d3def0fb5eb65e6f1e841383752201dbe450e23a

SHA256
222931ded3fea9c62f46644a6022ab23d63966762a517aff5a037a7548eb6138

SHA512
f536bc616e4ca003f074215af73d10a7e8549b2c605e740a36ef02fd572edc3982017bce5d21d86e230c17d5e62d71069b877ea2eb881e8d3731a350b091ef55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
74552dd4d7ebdca412aa1698cf718791

SHA1
9cf89e057093465db4d737e4d78c7d4c0adec638

SHA256
383c9d3d28fb83321f0bb7fcfba58435b5a7c112e72b479c1e8d953c1248c2a9

SHA512
17e700ab6e9c3991dbc56980973f32a9d81f1449a7d1d53f029a3df53dabb6e723dae6477446f0e3afa177a558a6ebc69b552a274e0232b09cecf71ecab6af7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c6b7965ed0e5e13d3e6a6e57807cbe48

SHA1
de443a455e3bc934d3a0b0a2156711d5279b9002

SHA256
36919d9e5479e3e97f29a5363a92f1f5671c90e712f451f10d1ff4a1303a39b6

SHA512
6f190a1d88f1f7a7fffe9a221f7542e2a827cbb497ca3f308111f6f68d578109d7bbd993144b9b38ca711cf17b1d1451ebcf23434587d520578f12323e428324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bfc99fe31049a97eb3e8844f93a655f7

SHA1
a9972c226bb9036cbe1edb73f04dc8bf11171e89

SHA256
7c20738c42432e2375c230cc4279d9cbde2aeb6efdb1a209f1d022d3d3a3c6df

SHA512
3718dcf2ae031707872c558713c7b120323a8703c63fa77167a90eece07ff8fb166a0ad75abdd3ea1e4c1de05ae2ff1152b63992a1525a21f78eea7a269e3191

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fcef56d1d028cf021b422847677822a8

SHA1
a34cc90282a7451a8f1862d850a73ebaa606f13c

SHA256
901af5b3ce32ed801e8e3312860080c08c8142c72ba304db065170cf288e96b7

SHA512
b8d1f48e8121ac5a235393b6e079a5347aa8372efc301061ab143d95556cb6bc1b7af505f6a24033606c4cd8d14d618d7e381ea1bf744f10600377aa117edb21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ffc4b0c310c744bb3d4fa135ae917782

SHA1
d6c16e68bbdc839c0ea06ce3ce6914082069a4ad

SHA256
52080bc29e0552353c2a5a476254c7b0cf7fd55f7d11ea9e83ac8c048513056f

SHA512
52e14fdfc661d2b182fd2f015316cc8a9abc5f7d868efbbe4d03499d2d268cf287004dedbfa7b269e3e024811adf50d248f271c80864b5ba0564c8f45c3720d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
56e9535065f5571055be2f29cdd80c51

SHA1
43e19f8c48cd41a29312203b8372338cea459416

SHA256
f61029b8ab476d7cf262a143ecb52929814ef0768c8a92be467c90e9a1ccbb8a

SHA512
3f01a2efb908349fc1583693502890475c5909bfbb64dea0c33da518e82c81e6141676e847729067f947318f2e7f506ce5c1341d374ca0d85781da1403fd6a2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
db6671b81d888a525b8d20db728b7853

SHA1
b3e8abd357a2f2339ee5294e1175493f5860e8bb

SHA256
599ecd9a48dec9cb96ebdba71bb23bc2e394266bc5c587bfbc1d0a09cdf29b83

SHA512
2d5c8e16ccfee6578c4471a94d0c2892cc840f1ed387ba3522cd300084ecb13788a9426e9a2456eb1bc8d11d62b268ec8cd7183dbab44a9040c0f3f097428c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
784ef75e0dfa573f1abaf5061fc96918

SHA1
90e0b56fd995e3c0cfe47f1c4163a835360cb6ea

SHA256
b0f317a2e63bdbf7399b6ef0f3c44228df6fc478ca91b2fa5078fa6b65c839f5

SHA512
c6a3b6ebf98b066fbed7375f3150d5415c8a2fa964eedbc633080732f92bab39e1fe789b2d460862e09a843652d58c3f40949978da4056c3aad43717903d7462

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
561B

MD5
43861a893e7c4a70f0481d4a73be8841

SHA1
789bf7952480e5f3cd4c8ace3bc2e99d92f084dc

SHA256
47aab0b6ae85e605033dd7170348178502451906052a2eb03ce204d59a66b496

SHA512
8fa7e950dbc76cd9d93fc3e3aaf453610f25167a4efb1763db1e78bd8594b4d423cf5fec13221a139d091c9cfd436ca2f96e500513010de3586bcfdbf70e4931

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
c0a5cab1d841c288929005385fbbc70c

SHA1
5a5cc014ab694975f1cd0a282be0f5587191204b

SHA256
c210ae1378f7364e93d3bca93dd605c86123caa9f95c0aef0f3d6051a76347aa

SHA512
10f135cf4d2f01a815da7096f96270e735ffb2d8a7785c1a59dc15649950ff5d3ee6f3fade705dbd7dec8e65986c097d34e081160ff4f774fc20d6e097a50d99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13353637911841018

Filesize
5KB

MD5
b92828995a43cd3d90cbf08af5beb50b

SHA1
5434ff7a6a2ad3de0deb328e1dd6b038f4c72272

SHA256
f4713b125f6a90cc4b1aedc5b26c841deb5aec6a6d158dd5146e0da5a4ed34c5

SHA512
1e1bf1a72d830d3c6027ed1cbe9153edc560b675289d74e1d5e017b1e0576c80e44981a745b16b69923714acabed5438c8bae0fc7b27803ef6e441acee326f33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13353637915911018

Filesize
2KB

MD5
12254c4a3e296d9e89b70a6e11c29a83

SHA1
4a0576d9b2813d4734d4879b5b33218d1c3da95b

SHA256
7525eb34d367c48f8cc16857e51a14828dcbac246140b1c0379bc68439cfba26

SHA512
dda49de8ec26b5ae603127b06bed69427ae4c98a7ddb08c7483dc4f877b2bc05c1e4d0d93010ef1edbac60043badaeaa4629005ef31d607684f7ba8cdb073492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
fb475ae767b3aca1a6f6dece87c6a3c9

SHA1
dfbb984fa98e531260111925d78fa48fe3417a78

SHA256
8179682e24c8b79300677a9f04329fec49151847ab370cd524b50ab92272fb7b

SHA512
0e3ae35696bc061114517248cc74391f0666a5312c87eb2601a1d23318041319ed358fa5748f26392567e1c5e480babfcdd33edbd02f78a70c3f1b71326add7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
cec9c1a99e8b122812f73ebfd29ad090

SHA1
10aec60397ac12e8ef746ab5a5bffb95151916d6

SHA256
7bc84f87d7077d21712a99b45fe6f3870aff1bf276ed56ed3a3337fab9a78695

SHA512
42ed1445227ac6f6735e619e6d19c940e86adbd701228f980c4e9b35dab946980ce8ffec1adcf7c73000a36de0d7e061a288cef0c064bebe81c13c2fcd187002

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
2c6ff1bd89d31624c28eac070bdfa807

SHA1
70d58a9945f322159a6bb9536481b508dd2dffb0

SHA256
582a74a79dec7c5656d14d4867c5f66471535c548c0dcbca3b2fbdcc99ffe2a4

SHA512
0044f0c7cfd6d71fdb95e987669d7fd4f0500dd39d3470d32913ab5bedde93d46d81c1834b2425e821115c272355fa8e2be6a697dbdab13f769d10df8f8fc8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
341f083d0f5833e478e8f884a064d483

SHA1
aca4b0ae37a0785cd329028d2feba8695bd7eae1

SHA256
92b783a34cc19f6b0aa45466ccb4c59baa6b06c1d142284b04df4f03528fe494

SHA512
f1ecf9155cdfca0619a5461c7a7319fa0e047539c7745d2a28c1e50b2a5e61a3ad1e770b13a7cf4f9086efde2aedc07222410f8013868fedc1802cb89b1b9475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
c2e9a95e099208810eb22ce02644471a

SHA1
72f839921025487dbc84cdff1a9c8e3bd323cee5

SHA256
eb0e97765f932331ad31102c058ab7cd208091819b318be74e39b22fcfc5f8e7

SHA512
f9560797d36171c6d2f7e3fcfb2689ad0e61f516da02c3597115fb02e1bead4412de890b1874d3e623f11872b3824b29de75b557b24b99ad6874354e05e8f51c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
874B

MD5
335fea61959c0a91ebe507b1164447b6

SHA1
68c2c376d6330a7ab0c16914fd01f2a915ae6170

SHA256
d279f501b4e05f81573110cb90bc16bddd07ba817cb70924bc26e153d30e77dd

SHA512
1c813303bcbdcef4d7ad7d93853032b5f44f7b89705759a4e9d711ec8610790415eaecc79ed99c38f29af338f4f2ed6a0d9acb0e7838826798b3d67ac55ba732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
f59ac7e1e7b45cc59bf14ba101429994

SHA1
59e7f391557a766583696a275b04215f82d21c98

SHA256
a6062da135b15269648aae11d4c8ef44dd43f30092738c17fb21ad7a43b67ec5

SHA512
96f575483e04334ba684ff343a66b0d6246f709c7ff6d297f5f91b4b52fd7d4b6654de2397bffcb8bcd13e2585d9b8fc78b6c37fb2cd8c7d69c8239df6197fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
918B

MD5
362530af49026ad859bc202796944017

SHA1
cbc05944634e8dc41912a1e3f8cd43fc3bc813c0

SHA256
f480d7b2c68958e73c7c01bc873ae1d39fee53131f7331ed23a0b3ca6d66a5f5

SHA512
1cdf8be231102c483eab9dd88b98922360a2283183f36fd463d2acab40884c245aca9f9610ede550769adc87fea2643e702cc41ebef9498221b0b196f5621465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
96bc827e7a77cbe7cd481162b6765761

SHA1
e2f14ff389de23f96c8d6fdc185e52147febbaf6

SHA256
d7979fb7f20d3854ce1b1d06ade4769811e622bc135864926ae2e68cc320351f

SHA512
b1dedc236066d32a709d94fd798f663fd1b31a9eb3f81e937c22f9d6fa490cb66729510ff351d91da3ead7b4040d9a9c6edae009bb4f72d60030cc3b33447c38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
0caea9b8642ac560504e296bae0ffcf4

SHA1
239787b935f121cbd45b5a90f36bd42f194a4786

SHA256
970d4785f9fc1a6d1bac6f546c4e4a48590ee1c187b2a106c589a3acffda0900

SHA512
5c5e613577d66fbbfa29e6acb230231692ddb35daab1e1e95c0a03ca9c4d7ecde77419a93be13d3c04387fdbf71512d784ba52ca3821bb7e28c433937f9ab5ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
bcb31df329fc10a1f6f205f39ad7251d

SHA1
45517e06ee80a1c064356a81da2b2a30e00ba0d7

SHA256
e67858bfe8b8dc6f76a27331c3603621595287c3a03b559bb765a4054ed3a19e

SHA512
8eb85b7fea6bb61682db82fa789db0ee692b75bd4d392adacbff627fc67fdc3b9036bb4b4c8c22944a809ad08c25c04f38092daaa01ab66a5e4eab6c478541aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
50d265955822cee24504d81a5d7cf286

SHA1
e2f543355f5389d5643dd03bdfbaafc973df14a3

SHA256
888a2f1763b43d7111ef90f43e39e49838c11e406bb536c9f402506659ac8bc6

SHA512
eb5915de4b58810efa2b460e09531d3f97944c371b8dd1df9bfe802a4ff15bc599c4e63e716facb65140aa44c118e64308d5051db9abdfb828c08a9271ac1bd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
e0cb0c31f824e6f7fc554710645b63d7

SHA1
ac6d73a2108c645ec54449dd4196eb778341dfc7

SHA256
a26a1ea4d3cf82f2b808f41e8c5842880363cfb89506e70601eb9edc860d2b4d

SHA512
5c3309e8b5509a660a9719e2e13b7784d20c1bfdde959bf45750f231c27653c412b0af7bb3e840e4ece299d5f2d17ab952436a7409e0a00f565cc81f81b1149f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
62e291214083a9e4b036576683d3d2a0

SHA1
bae2951f9af458cdf0fd48f88501cf12c97e9938

SHA256
d82a35252212209582929dcee8761f512334859c60a0fe0bfd6c41ba692396f6

SHA512
b2006617aaaa3be73c0359c1c27abdaff85c7db19e6e913b0a247d4649c8c2e79aa88a906b67005b92a496fff18648479539a0608d3b5ad01f4d4e492bf43c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
8881b30782950ceb5b3ac7ceed5310d5

SHA1
ba111eeafd7906b7f9d23d674dde0c198f631a4c

SHA256
21623f13618350862f5290a878f87fad555defcab38e2c8d0f6844a7ea82ad4d

SHA512
071e5a795f91e4fd9c379a967846b7f36bff42e3980df68cb87feb57f58a1f6209159f814228dc03eb47d76141e0f39d1439109a547ee00766630939b79610d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
d86cfd31f8ad3fc9b484583680ea0834

SHA1
6bb6cb61f3486c28e314b7739457255aa6104662

SHA256
959486bed2b30dc33ff85c0508e6dd3c3f496f35471a52f19307bea63f47e2c1

SHA512
34d9c4763690dd351251ea67a44055525bbfaecacdd9e20a1b77751bef30d47a77a93a596b5288f5866a228bdb4c49bae35933d195f3dc5a9c9e017b83203499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
7c78ab8ee9d2d8ea5949d612de1f0a6d

SHA1
1760be5dde5e0311631576d1ea434b301af107e2

SHA256
019cf7a6119d9eade9be43c467adaee44f6c84de7bcc777dfdcd2c771a0d1ae8

SHA512
8a89df968a73c9d93a9d6c8b7cced24e528d3eed0d7295e2b6ff04eebb797739678a58bdfa685850d0bb929dc9d049ffa51b88c2b264f02eb23b29fb81e29c26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
0ade5df115368b6f11802af2b8fe665f

SHA1
80f70b6694d99ce1b58a766318bdedd23b69c555

SHA256
2aa1a5b1794254c295a5fe9040decde690626fd9ed755df0d19fbf50131d8525

SHA512
87f17ddd68129377011e6139ece32f2faa25dcf3b8f67345124bf7633eba41ec6c9354896cdcac3ee5e4648d1be60f48dd702eb3fe760caf18b0b696c38cf5fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585678.TMP

Filesize
100KB

MD5
7c0e9d87fe271e4e461252d77600dc59

SHA1
8d22103dd7ca593b2ace9660de56f6c364cadbc5

SHA256
6a04edfe67f7e911b839409a2b24e91eeb0445b2f29a8ae7da571fff69b92ce3

SHA512
ed1f44109d0f231333cb50e6a39c2a29f0d284fa7eef1f9bd79ef0319ae90a5ff8cd9ba575b168dcf6b0187be71127468ee69052ba0abaaa329ce0335066ec7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
e57cf4cc7ce10183cedfe6cea96bde2f

SHA1
ac58f33071399925979145e825f0e9b9f9648840

SHA256
3a3d64d73467bb8fdbac607cc459275a0fb7fed1eea322bb7d2ab8b9ae972e8d

SHA512
1bbecea86761c4cef42c08c1813648c26813fcf61a1d796c8868d283d48e9ff664fb7dfcfcfedf35c3e442f4d79024fe167a0de9fbe24c1d7bb668dd3dd7ab8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit