9fa474f91aa006bbdde7d32b5f23a0b9b8a0a1e01a6f144b3e4019f7a1da4609

Analysis

max time kernel
125s
max time network
128s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
28-04-2024 18:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ungoogled-chromium_124.0.6367.60-1.1_installer_x64.exe
Size

90.1MB
MD5

62f7701ee6e9dc7c659860586b60a890
SHA1

b0dcf197b4afaa5b7e2213498146889223e4f4a3
SHA256

9fa474f91aa006bbdde7d32b5f23a0b9b8a0a1e01a6f144b3e4019f7a1da4609
SHA512

f1f2d2972780669c9b34ab7b12edf982efced53aecd1ca120014870309223635a4bf0250695a2fb941c0f5b8777d525e88e9df04e2cc58ca5540e34adb020f23
SSDEEP

1572864:UNibGs37e7g9TZS+lpL0cnl/GKJjbvArD6TyOtq2/H+yBQQ:Oiji05EipIG94r61XX6Q

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Executes dropped EXE 21 IoCs

Processes:

setup.exesetup.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exe

pid	process
2480	setup.exe
2492	setup.exe
4836	chrome.exe
3432	chrome.exe
752	chrome.exe
4844	chrome.exe
684	chrome.exe
4516	chrome.exe
5024	chrome.exe
932	chrome.exe
4288	chrome.exe
4244	chrome.exe
4492	chrome.exe
4708	chrome.exe
420	chrome.exe
4412	chrome.exe
3728	chrome.exe
1084	chrome.exe
2492	chrome.exe
1768	chrome.exe
3604	chrome.exe

Loads dropped DLL 50 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exe

pid	process
4836	chrome.exe
4836	chrome.exe
752	chrome.exe
3432	chrome.exe
752	chrome.exe
4844	chrome.exe
3432	chrome.exe
3432	chrome.exe
4844	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
3432	chrome.exe
684	chrome.exe
684	chrome.exe
4516	chrome.exe
4516	chrome.exe
5024	chrome.exe
5024	chrome.exe
932	chrome.exe
932	chrome.exe
4288	chrome.exe
4288	chrome.exe
4244	chrome.exe
4492	chrome.exe
4492	chrome.exe
4244	chrome.exe
4708	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
4708	chrome.exe
4244	chrome.exe
4244	chrome.exe
4244	chrome.exe
420	chrome.exe
420	chrome.exe
4412	chrome.exe
4412	chrome.exe
3728	chrome.exe
3728	chrome.exe
1084	chrome.exe
1084	chrome.exe
2492	chrome.exe
2492	chrome.exe
1768	chrome.exe
1768	chrome.exe
3604	chrome.exe
3604	chrome.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\124.0.6367.60\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\124.0.6367.60\\notification_helper.exe"	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 4 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	chrome.exe

Drops file in Windows directory 2 IoCs

Processes:

chrome.exechrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
File opened for modification C:\Windows\SystemTemp chrome.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588035595766373"	chrome.exe

Modifies registry class 45 IoCs

Processes:

setup.exesetup.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\Application\AppUserModelId = "Chromium.USN4QEHSKOSR5RSERPKLFPLCWE"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\chrome.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\Application\ApplicationDescription = "Access the Internet"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\Application\ApplicationCompany = "The Chromium Authors"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.shtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.shtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\124.0.6367.60\\notification_helper.exe"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\ = "Chromium HTML Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.shtml\OpenWithProgids\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\chrome.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.htm	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.xht	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.xht\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.webp\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.pdf	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.svg\OpenWithProgids\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.htm\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.html\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.xht\OpenWithProgids\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.xhtml	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.xhtml\OpenWithProgids\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.htm\OpenWithProgids\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.svg	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.xhtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\AppUserModelId = "Chromium.USN4QEHSKOSR5RSERPKLFPLCWE"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\Application\ApplicationName = "Chromium"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.html	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.html\OpenWithProgids\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.pdf\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\chrome.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.webp	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.pdf\OpenWithProgids\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.webp\OpenWithProgids\ChromiumHTM.USN4QEHSKOSR5RSERPKLFPLCWE	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Chromium\\Application\\124.0.6367.60\\notification_helper.exe\""	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\.svg\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\CLSID	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}	setup.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4836 chrome.exe
4836 chrome.exe
4288 chrome.exe
4288 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exechrome.exe

pid process

4836 chrome.exe
4836 chrome.exe
4836 chrome.exe
4288 chrome.exe
4288 chrome.exe
4288 chrome.exe
4288 chrome.exe
4288 chrome.exe
4288 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

ungoogled-chromium_124.0.6367.60-1.1_installer_x64.exechrome.exe

description	pid	process
Token: 33	3592	ungoogled-chromium_124.0.6367.60-1.1_installer_x64.exe
Token: SeIncBasePriorityPrivilege	3592	ungoogled-chromium_124.0.6367.60-1.1_installer_x64.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe
Token: SeShutdownPrivilege	4836	chrome.exe
Token: SeCreatePagefilePrivilege	4836	chrome.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

setup.exechrome.exechrome.exe

pid process

2492 setup.exe
4836 chrome.exe
4836 chrome.exe
4836 chrome.exe
4836 chrome.exe
4288 chrome.exe
4288 chrome.exe

pid	process
2492	setup.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4836	chrome.exe
4288	chrome.exe
4288	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ungoogled-chromium_124.0.6367.60-1.1_installer_x64.exesetup.exechrome.exe

description	pid	process	target process
PID 3592 wrote to memory of 2480	3592	ungoogled-chromium_124.0.6367.60-1.1_installer_x64.exe	setup.exe
PID 3592 wrote to memory of 2480	3592	ungoogled-chromium_124.0.6367.60-1.1_installer_x64.exe	setup.exe
PID 2480 wrote to memory of 2492	2480	setup.exe	setup.exe
PID 2480 wrote to memory of 2492	2480	setup.exe	setup.exe
PID 2480 wrote to memory of 4836	2480	setup.exe	chrome.exe
PID 2480 wrote to memory of 4836	2480	setup.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 3432	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 752	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 752	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe
PID 4836 wrote to memory of 4844	4836	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\ungoogled-chromium_124.0.6367.60-1.1_installer_x64.exe
"C:\Users\Admin\AppData\Local\Temp\ungoogled-chromium_124.0.6367.60-1.1_installer_x64.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Users\Admin\AppData\Local\Temp\CR_8E3A7.tmp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\CR_8E3A7.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_8E3A7.tmp\CHROME.PACKED.7Z"
  2⤵
  - Executes dropped EXE
  - Registers COM server for autorun
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Users\Admin\AppData\Local\Temp\CR_8E3A7.tmp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\CR_8E3A7.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    PID:2492
- - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
    "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --from-installer
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4836
  - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
      "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,2125388167231418180,2960951563906370431,262144 --variations-seed-version --mojo-platform-channel-handle=1852 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3432
  - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
      "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --start-stack-profiler --field-trial-handle=2096,i,2125388167231418180,2960951563906370431,262144 --variations-seed-version --mojo-platform-channel-handle=2092 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:752
  - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
      "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,2125388167231418180,2960951563906370431,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4844
  - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
      "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3232,i,2125388167231418180,2960951563906370431,262144 --variations-seed-version --mojo-platform-channel-handle=3264 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:684
  - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
      "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,2125388167231418180,2960951563906370431,262144 --variations-seed-version --mojo-platform-channel-handle=3316 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4516
  - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
      "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4964,i,2125388167231418180,2960951563906370431,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5024
  - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
      "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5176,i,2125388167231418180,2960951563906370431,262144 --variations-seed-version --mojo-platform-channel-handle=732 /prefetch:1
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:932
  - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
      "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --restart
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Drops file in Windows directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:4288
    - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
        
        "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,18187269330601145145,3350522106965421517,262144 --variations-seed-version --mojo-platform-channel-handle=1948 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
        
        "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --start-stack-profiler --field-trial-handle=1720,i,18187269330601145145,3350522106965421517,262144 --variations-seed-version --mojo-platform-channel-handle=1984 /prefetch:3
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
        
        "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,18187269330601145145,3350522106965421517,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
        
        "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3792,i,18187269330601145145,3350522106965421517,262144 --variations-seed-version --mojo-platform-channel-handle=3832 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
        
        "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3800,i,18187269330601145145,3350522106965421517,262144 --variations-seed-version --mojo-platform-channel-handle=3968 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:420
    - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
        
        "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3968,i,18187269330601145145,3350522106965421517,262144 --variations-seed-version --mojo-platform-channel-handle=3804 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
        
        "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4632,i,18187269330601145145,3350522106965421517,262144 --variations-seed-version --mojo-platform-channel-handle=4644 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
        
        "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4000,i,18187269330601145145,3350522106965421517,262144 --variations-seed-version --mojo-platform-channel-handle=4780 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
        
        "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4116,i,18187269330601145145,3350522106965421517,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1768
    - - C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe
        
        "C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4340,i,18187269330601145145,3350522106965421517,262144 --variations-seed-version --mojo-platform-channel-handle=4068 /prefetch:1
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2312

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Chromium\Application\124.0.6367.60\chrome.dll

Filesize
239.4MB

MD5
561c28976960a4fa6c5d718e9736900d

SHA1
0ef6879cf96ee0f94c43dcdd36beb59f6bb5dd31

SHA256
71ea5b42f15c8139ceb04a9c42e20828db0e93e0f63e823308b6d3089ef196b9

SHA512
87857f7ae144dff719664b5fda5efc70e3d96595f3f802b3152fa6930227953d6a85c45dbe5545965c70f498f36a5f1d519b91cba30b251716089cacb0a906c1

Download Submit
C:\Users\Admin\AppData\Local\Chromium\Application\124.0.6367.60\chrome_elf.dll

Filesize
1.2MB

MD5
03bbc94a84904d304b30779c46f80ca4

SHA1
cb79de0930e04f3f2bb64074c928a1a8faf6b3d2

SHA256
76b8c28a5c54e99b65a86eb2e90db2cb831a72308ca0636dfc19e9da37409264

SHA512
e71150daf4dece323289846a1a4f0415ba538e62e59a91fae2e81775ce8f121d826647e21a5fdd6068fc22b927135bc9ddddf383f384da2abce480e72cfaf53b

Download Submit
C:\Users\Admin\AppData\Local\Chromium\Application\124.0.6367.60\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7349236212b0e5cec2978f2cfa49a1a

SHA1
5abb08949162fd1985b89ffad40aaf5fc769017e

SHA256
a05d04a270f68c8c6d6ea2d23bebf8cd1d5453b26b5442fa54965f90f1c62082

SHA512
c7ff4f9146fefedc199360aa04236294349c881b3865ebc58c5646ad6b3f83fca309de1173f5ebf823a14ba65e5ada77b46f20286d1ea62c37e17adbc9a82d02

Download Submit
C:\Users\Admin\AppData\Local\Chromium\Application\124.0.6367.60\dxcompiler.dll

Filesize
19.9MB

MD5
85a3040e5d94888f6529d8bf1d98a482

SHA1
631e7579b14d75cd05717b967151be2abf3d1559

SHA256
accf941452dd8fdc46ee176745da38d6d24e91c5e929a4be5c6d671a49c1c6a5

SHA512
9306dfd79a965e6af0d81e777a42cc1775a2b5d23225e64d49d3af682970ef499a4affc37ec24f03d0a84322157e4be98da3c4b6c29aef44655944ac51fb11cc

Download Submit
C:\Users\Admin\AppData\Local\Chromium\Application\124.0.6367.60\dxil.dll

Filesize
1.4MB

MD5
88490ebe28ab3caea518b055aed20d9f

SHA1
8701b9ec26ffb2be0abbcb0ed1c310df1928887d

SHA256
6c37738cd2fb4d659b0f49dead8311ae75c93b8c6602b991c00e070f7be20bc1

SHA512
a41486c4cea6cf89a61a0da44c9243fac900aedcc75ccae8ec3faa4085f5b8fb5391e457ffc7ffeecce4ecfcefb86a3e2ff037df18f26bb69ce045ba63df63c9

Download Submit
C:\Users\Admin\AppData\Local\Chromium\Application\124.0.6367.60\libEGL.dll

Filesize
491KB

MD5
80959bee3a3ed29062342a952b17b8eb

SHA1
abdf9876e2bcab020bbf322a1362cec2f23fb8c2

SHA256
9079e4101c600fe327222271cf802e5b8ad2fdf3d576395bc20e8efcfb8a3325

SHA512
b2f146994de39b5616f36ee78d74cbd1ee6f99e84806d7c01232fc9e151cb4bce0409978a4b4d77081bea0875a8c005d4a40d5dda038c5e824dd1460f46b6399

Download Submit
C:\Users\Admin\AppData\Local\Chromium\Application\124.0.6367.60\libGLESv2.dll

Filesize
7.5MB

MD5
b961aff6a36db70019dba360094a84e1

SHA1
e584d0072a40d92e4e1539d9c87f3912e0b0cdc5

SHA256
39c80dcb566ae71705b60f4dc232d5e58bd22fd740ea69db7ae9166fc1d7986b

SHA512
ef694122f86335c4d13f511427d73cab603d22e9a89116c5bf661f61408b99afe5b3135a003605f00b416df8be791518bd342d607d4e6f046b69432185eb5109

Download Submit
C:\Users\Admin\AppData\Local\Chromium\Application\124.0.6367.60\vk_swiftshader.dll

Filesize
5.1MB

MD5
053b50cb15ce8ed5d0b7350088fb8b3d

SHA1
13591c5cf9667cb638cd9d484fe67d381c2a08a4

SHA256
4290430ae3ce102913bd2e0f14c5b44a062686be88a5ed779144f357b5ab9f1a

SHA512
767e1e66eb2fd3a135626c5b103e209360e1bf082ee9b3236884c5e69052ecea62d6262b29da994e467d7fe9ae2f13f6911ea13a313d395d4689cb9ae622d3b5

Download Submit
C:\Users\Admin\AppData\Local\Chromium\Application\SetupMetrics\20240428184550.pma

Filesize
520B

MD5
d7bdecbddac6262e516e22a4d6f24f0b

SHA1
1a633ee43641fa78fbe959d13fa18654fd4a90be

SHA256
db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

SHA512
1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

Download Submit
C:\Users\Admin\AppData\Local\Chromium\Application\SetupMetrics\20240428184550.pma

Filesize
1KB

MD5
bea2f5dda204f352fd94e8f2d7832c52

SHA1
bd81480502ef2b77b729251fbb967a5ab062b87c

SHA256
2c190f2366ba5532d174f73da87dac89e1b41d926551bb56163550672451eec9

SHA512
a78d4b9313660b0f63a52db36e6b989af31292818687b1b04512927cbbcab17b2fa8b892339000d85b1d2f5ff0a76a00cfd1292c9c8ad0196a6b8e5a7589b73c

Download Submit
C:\Users\Admin\AppData\Local\Chromium\Application\chrome.exe

Filesize
2.2MB

MD5
ec737edf94c2f6fa0560fc13dd0525d0

SHA1
92181aa48ac38c89e1838722672f837c0c306d8f

SHA256
35639a13087ed20cb4cdd24a744452a334849224664bccedaae97662edccb6bd

SHA512
3c4be7214d51c9776e9661bdeef4c4a4d9516136f88b622fe5c228a9512290dcf607ba61286d28451e255227f7dfedf7e23e8f54993a42cc177e59c89893ec71

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Favicons

Filesize
20KB

MD5
f56e431b1d09b7ee9076ac27c118cd1e

SHA1
fd00bdd050f91f04e12091c5786438f7f9b0b28f

SHA256
0db6438854d1086c869c9bda01877547517cd155cc8336dc1838abe3458b4bf6

SHA512
54f7b298f2f7447fa071f58bdb1bb80acbdb1c0de4ea46760d391427649b8f255f040c650ab758700289ad5b35096ef8192eff77c4e3c47d72713148a4ad3714

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\History

Filesize
160KB

MD5
b044b83659707df29142efc773df145b

SHA1
4d23ff4383eb6fef65526582899e776ae769de64

SHA256
de8c4d2d08e558a802d1b4082b37aeb0a7237ec494a832f266a1577d30acf9d9

SHA512
22b95c07fa17d7ea3b3a316a4f9b99cbedcfa2048c551defbec676865101c19c2448388a50b46c1c252160b4683524e74793f59c03f06b426c46cbfabded7232

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Network\Network Persistent State~RFe588f1c.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Network\cc2c1a3f-a4d8-4762-95bd-aa171e11ebe5.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences

Filesize
6KB

MD5
caee3d97821c4a487105cbc26b605432

SHA1
c0722887bbb06752948695b8079e6bfdec85defe

SHA256
9d5de30e20b614bca9de111dae6e789d719e3b2f98363f34f0474210b250601d

SHA512
2b33a1b95876fb8d2f1cdf35a1fc5f8dba7795125d379ba50b79ad5bfde419bb3084f70870c8fe5b9b836a60d3fed2c94dbe084d0c5f27b6abf494ab4e24f9a4

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences

Filesize
7KB

MD5
e4c4fc406466a61fa1e15162079aad22

SHA1
294a6b537c6952e37077164c05d99f76a7fcb6bd

SHA256
00773af3bbab572bac8c4e12cb03bd069b136311dff48d501a6d3bb783189c69

SHA512
1d76bbad884c8408092027c3d3af40c623677b4f5f43feaf089ebdae710d6a8ec58f697ab379692c5572cf98c323720184f8c818676d7d372df13400d458dabe

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences

Filesize
6KB

MD5
cefa45c82a1f9a9f7ffb126683c7f67a

SHA1
7d9187477234033522a1463459c1aaf876f6e1d8

SHA256
9c1b6d57acb343967ce6d62e5cd13c45ebec3e816cfc6ddd3b255bcf0f6df0fd

SHA512
811db65a6cdc6617cb47d990aa881e85e009141f5c694360dcad95173240a39169d7589de8083c03988d7cf757a37f24bd0a4e090ea47458e132c11fe3816071

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences

Filesize
7KB

MD5
06721fe2e9c68c6b01e15ef45ea07d3d

SHA1
0aca8d874d748e2cfe9d976604b75a6a9b0ed977

SHA256
67e333cb798e3e965694430a091794412007f55307ba462be9a5c6e10b5e25a7

SHA512
8a9095845feeb4621e8a3f1483c22e7c85bee0eaf0ee3495918608fc33fbf7a10f2aedfe4560eaf676dbf1ce02dc790488169f780bc42f935ee69e72e0be9e37

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences

Filesize
7KB

MD5
69b5216baa5c9e9c08c2cc3ebcd3de6a

SHA1
6af2d0d34ddc18cffeb1437a654c763bf4be3cc7

SHA256
861e6dc142f8ed53d61a4ce7eab5e2aa0f5f954fb409fe3d82b6c674783a3c63

SHA512
d59a6baf35baace838bcf7a3055a6c94bbbdf3336f6818892b5cfb5520406038c2cd80a47df1a4bf15bd28cfa1f655d4e97a527d0cb444a73a6ecc2917f841f0

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Preferences~RFe57e05d.TMP

Filesize
6KB

MD5
3b8ad7d328de1bec1859d4489fffb498

SHA1
0e05b04d5c4b7b900a4fd878ae2e9647b2463c0c

SHA256
bac68b4f9c0841c855aec58fd716f54f5d567b9438afada00c8c37a8c6205a38

SHA512
50cce8ce5e2e0f8c3b3438010779be6769c9b88ff99c2c56866f9ca5e3dd709420cb9708c034d6d669e8fe42fe5035a50148efbfcc85db206cfa8ac62835efc3

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Secure Preferences

Filesize
2KB

MD5
a2bb8da96d3329d6879e57b80963ac96

SHA1
041c2517556bec5b739ee20e16ece90fcf93a72e

SHA256
bf287d9178f5a2454da331ab1cb85f368f65e7f6930549160c97e96d414615ec

SHA512
97b9ca49876d2db3c56319aac9b90cc1c90c5b0f141d90ba22c23e196a1ba36d55e71a8d83aab80e6460666c4a8c0e88776eb2b07209088de46299e9c43a453b

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Secure Preferences~RFe588f0c.TMP

Filesize
2KB

MD5
9dbae5920050bc48339a36e46dccf164

SHA1
a14f329e47fb1e72f4f1d93f64b93de21ec24256

SHA256
da99d931392e4a0283c00136b8241861d3f3f22df1a83b0cacb1f75d61129a74

SHA512
3dd6154e1eb51925511a11da3a426eba305a6f1f80b7ae99175a17d9053f88968e89813d967f80121cc83aeed1dd32dc46ba0c605cc8f163719dc82a85572704

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
48B

MD5
7223321de0b22f2171513e27e134387a

SHA1
6499cb9a5d39ac081140d1e6054414ceecc648c8

SHA256
2ee8d3692738e70cd7f06e66219e90538855ab82212e8dcd26e5cd334c9d12fb

SHA512
5e1367228ca3c46148601bc554e012e9cdd7a0d2553f2f11682c035fa90b2b2b2eaec836aa927c4282fa0b5c82fdc11ba3743f009561d1ff3ace36b1e3a21e62

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Sync Data\LevelDB\LOG

Filesize
271B

MD5
0877fe91427982448d3325ccddbbdcb4

SHA1
beb3a1f8a9c2180b489a8f8d985127592295045a

SHA256
40bb1f1057f9897b5f5940c44746056c55bef4f937afab3f15dc55988dd3ed35

SHA512
568d644e1b9fcac9ff9e1050277b6e4398ac669dbc1e7fb5968a911778faae7f92620fd06ffbe2fb5ba0ee80a37f855e7b915212d2285aaed0924272d0c66a27

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\Visited Links

Filesize
128KB

MD5
37e1c33bad0682cb685201119aff7351

SHA1
1bd2a462748a147fa364adf0c5aed99da06a925e

SHA256
2eddce26da7173608bfc499ab29cb8fbfa3b61234d7fdd0b9703bb4626a2a000

SHA512
b686bb6ef888c3c18a7734cb76dd6bdefe399f5e9ef01af7be5e91e58c9b92021a44e6fee22ea5ead04634aa7b9a04a093cb62c70b41d7b8e0effb3e2b5840bd

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Default\b596ea2a-b28b-4301-b2e9-ce517b7f8163.tmp

Filesize
192KB

MD5
d74126c5e42ad1839d745d25e425de6f

SHA1
7e246ea75a4a2c3fa3616df59eec39e8f58fa039

SHA256
29139eb2568003f11adc0094a631ccae565789e5d84296f4397f38c3d4a13521

SHA512
dde03d76d96adcbe67732f9db878973d68eccb1c43cee9514d5b6920e22f54518c0bd746334d412832d7c7d6d5f67e17db4e876f582888abe44842c3706b425e

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\GrShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Last Version

Filesize
13B

MD5
0633f90ec8b54680e836301fc8cadd5d

SHA1
42ca0910bbd03f02093aada99b09cb8479d13183

SHA256
b3d17ff25180bf320a75804a8223c8f343450cbbf5a2fc7201658788a1d4616b

SHA512
16c4cbe41cb36d359aabb8a04c3a9f1d0032c2ceca65c2c6c1e8275a6c30078d5459a88795bc45b4b17c9dccf8562813bb16f8f4082041769e6dca4784b9714e

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Local State

Filesize
2KB

MD5
ab2ad1229d3f6c0b4c183c0dddb0e3fa

SHA1
f03080e738de5900e9e6f4ec5bfe8ea49a10d7aa

SHA256
c3f8edcbfad18ae35469250ab0f425950bfed025345e679b0f3b1d526fea3125

SHA512
285f1603e6ab1fb3c9afdbeff0b497b1ce6034f5e0120801477bf9bf5b1032673fd682d1a7d9152eedc57b2aa7abae02aad45f32b83656d66e5a0f25b99b6fba

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Local State

Filesize
2KB

MD5
7d0bedaf731b0bb3ca8d29d41763cbad

SHA1
c16e73acdb5dfd001da84fc9b9912df695782bd2

SHA256
32c7b334fe1b4e68b58720442f84183832d0a5511c3f7dbab1da126655003917

SHA512
19366bd6399baf089faf4a730eaf7d63898020be1376bd7240274ad655dec4898b7ee67624a4aae36d5e5a5c6800f36560084986b7af23bf9cc32d0af27cdd39

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Local State

Filesize
2KB

MD5
9ed558510674b36dbe1edae18f95b645

SHA1
7933ded5b1238cc4ae646e67a8ae234280068a2f

SHA256
22589b33058a662977022ec141ac955fb59df6015d0585efac99cf5b0dc95549

SHA512
1049241b2b944ee849dc41b486233a6122c4b5b3e741494338080c6cefc96805eddfc4ae61a24779d0055f510aca9d595c3d07c05338dd2ef1231ee4388ca8ea

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Local State

Filesize
2KB

MD5
3228441eb91d6d9922fcb88f64877346

SHA1
fdc404fa9eef93733ff480e6b1e7766d2df2a98d

SHA256
a4246712a04e07685217db84f811958ed1a973c0b1dc28158eb18b3081ca5ee6

SHA512
39ee3667f8c0308b04e4052c6d64eb13bbb7ec8b79cbdb53c47d4989095b662d10f280b69b4a1596b2087aa67ef38f3efbd0bb5975d309f4804a88dfac645fc7

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Local State~RFe57a24b.TMP

Filesize
964B

MD5
ec260108a5ddd5521f5b055b69c4717d

SHA1
117fb11cb185d595b3f6dbb229ec94bf674fe577

SHA256
86d43472bd05c8c37365246cdbe23ddccff4c53a31beec66d326f0c64a7195dc

SHA512
5273a755580a8766ef03c06098bd2aa6012482f4503342e87aecb94deb3c36dedef301ff6e6731ba71c6caeeeec531814b10dcb99ff22553d014c98e1114335e

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0a50e1c32b4b61c5dc044fad548b4e10

SHA1
29d5bfc6c72d6b5c5b2581f1701917e749881c2f

SHA256
40de4f56b25fe673dd9829cab4e0adafbe861a749b7a797b2797e9aca10a8fb3

SHA512
2328b321e85e827fb38f82f5ef161b1eb686adc1847e5741441933562bac18b3705e78ea420655b41613986d12590f7c56239724d44e4f571b489cec547893ac

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\ShaderCache\index

Filesize
256KB

MD5
da5d411d5f567a91d65257ad78e48fa0

SHA1
82902b49fcf3034dd08dcdf18849e73b0a3a39bb

SHA256
392ba5fda6e7361f4b692934ca177e2e6e2c89ed7dcbe60ca2cb7ca71c041d99

SHA512
ed6c0a886d58d8af9057000282a2a28705245f093ae1177e7cae6788a48bbd61fbc4e8cc4ccddcaef6a5dff6e0694884f86a541b88685da5bc19690ac1eada38

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\segmentation_platform\ukm_db

Filesize
48KB

MD5
8a598d49d6529f9b8482a7d3d794767b

SHA1
488f157c512003ba2bdcb9619fd401624900b87c

SHA256
25e335a8d294d1954dbbc5c5d14922460816fe3b89b3907c4fc1204df721be96

SHA512
766db6ee41794b96002ba4534b3b5917aa52159e8fab8a5830d9906edc0243dec60f5f8d8e1c05077f83903fe98fb9786f27f285e2fb650e7c02068fd87dd59f

Download Submit
C:\Users\Admin\AppData\Local\Chromium\User Data\segmentation_platform\ukm_db-journal

Filesize
20KB

MD5
11cb36e7411e0e2b422caef99b5cc973

SHA1
200735ac05881e2a8f46436215ebb3830ecf95e8

SHA256
1e4822904936bd20884e4ebf44659b8cf4a078d6e72a13a9c109cbb10310f3f1

SHA512
a0d7af4f08971d4e8b43e1290ad55084bd433036277a7a7f0095bd1b8ee8cf7fdfedde4d8b7d2cfb19ce11d9c2a5956442e075317279f634319c5592a368e5e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\CR_8E3A7.tmp\CHROME.PACKED.7Z

Filesize
88.9MB

MD5
4074a7d2e2b2878381668c2469ab5acf

SHA1
1d25d00bdad5e3aa8febdc6d95204fdc349179b1

SHA256
abbd49ef1242bc7d4396b18802a899709c920014f4cdddf6bcefd6715edd325f

SHA512
f0c99b92d5e7bf7f1c6e73c644f2c1531266dc18ecced342c095b1b1f4ed551eb5bf8ff9555b36fb868928ea80922efaa491d8709dc5a9cbe8667c500a6dac03

Download Submit
C:\Users\Admin\AppData\Local\Temp\CR_8E3A7.tmp\setup.exe

Filesize
2.6MB

MD5
c52af4451f145a99a32711697d3d5e34

SHA1
eda2b73929ac9dab8d7e70adb8804560a5b3ddf0

SHA256
972731ed81c278b6dd32b58eb4cb5dd57b37f16c79bf7c26c5ef5c09ce1f9bbe

SHA512
d218acd79ce283f21cf958a31ff73679e426d554cc592723ffd4da3f177899b7b16c5d04179b39a69df448a92084fc65ce4a35699c5f05e340f0f5008284d6da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chromium.lnk

Filesize
2KB

MD5
6db2e26b796b6c36963ccb883a012b7a

SHA1
8af5fee12b67fef303bd41bbffbd3e79725699df

SHA256
446055fa62d9ffce4dec8f03bea414a4e846cf0cc1d930970dc46ff65bc1065c

SHA512
8f5d8a7fb5d5c70e8b161f270ea14683f3a1317c77ca6ac5cab2d7cfec8131327b43abdc5c1677a2454c82148f2a68184a0e550dc8f25e8ccb1c7ea656033fe0

Download Submit
C:\Users\Admin\Desktop\Chromium.lnk

Filesize
2KB

MD5
5099bc3f40d2efc65537f9f874b5abbc

SHA1
6449d955909a4da32acab50e39eda583a1654c0e

SHA256
e8571d81e06091f6e356d305e2a939bb8d5f86e19e5e69cdd2e58d271cbf3753

SHA512
11249b9b6d0d8cb493fcab239a4b1322fbe79dd953e8645bb7e8a6793744928557841b36711f6cfa16040a1692436d2edbec3991aa04ff182c074d23a3514ab8

Download Submit