wshrat | 711cde8967739737b59a8ea4a2f3105611b27ea839e7289baedd7840059d4797

Resubmissions

Analysis

max time kernel
96s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Tax Returns of R48_765.js
Size

957KB
MD5

0f597e6821a29bc87b36222f08eff311
SHA1

e7f24cd04de9b92c013d71d3de526461cfb33c91
SHA256

df018cc7e708b47edfe4f39769058ce0ba10a65fe653d3a32412dd504d3f2028
SHA512

693ed1331f7f048789c11bc661949519149c43e3a76b3b600a1990f74763500a6b4a5efb532921bcdb58b27f3a136af9ba63e2e1dce4094fe078076d0073f1a7
SSDEEP

6144:QQ5C90ha3hcY0c5OyZD5i8frkU+uKCbbBGZs3xh527wIy+6Y16vLKdYoiAL1Xl4R:TKF

Score

10^/10

wshrat execution trojan

Malware Config

Extracted

Family

wshrat

http://harold.2waky.com:3609

Signatures

WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
trojan wshrat

Blocklisted process makes network request 20 IoCs

flow	pid	Process
7	3372	wscript.exe
9	3372	wscript.exe
35	3372	wscript.exe
43	3372	wscript.exe
44	3372	wscript.exe
58	3372	wscript.exe
67	3372	wscript.exe
80	3372	wscript.exe
96	3372	wscript.exe
97	3372	wscript.exe
98	3372	wscript.exe
99	3372	wscript.exe
111	3372	wscript.exe
120	3372	wscript.exe
133	3372	wscript.exe
157	3372	wscript.exe
273	3372	wscript.exe
388	3372	wscript.exe
389	3372	wscript.exe
396	3372	wscript.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	wscript.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tax Returns of R48_765.js	wscript.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tax Returns of R48_765.js	wscript.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
6	ip-api.com

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133610171122984706"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Script User-Agent 19 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	80	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	389	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	111	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	388	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	44	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	58	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	67	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	97	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	99	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	133	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	35	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	43	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	98	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	120	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	157	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	273	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	396	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	9	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom
HTTP User-Agent header	96	WSHRAT\|024666B1\|RIJTOOVX\|Admin\|Microsoft Windows 10 Pro\|plus\|nan-av\|false - 24/5/2024\|JavaScript-v3.4\|GB:United Kingdom

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	2060	chrome.exe
Token: SeCreatePagefilePrivilege	2060	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe
Token: SeShutdownPrivilege	4440	chrome.exe
Token: SeCreatePagefilePrivilege	4440	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
2060	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 3372	1552	wscript.exe	84
PID 1552 wrote to memory of 3372	1552	wscript.exe	84
PID 2060 wrote to memory of 1516	2060	chrome.exe	100
PID 2060 wrote to memory of 1516	2060	chrome.exe	100
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 392	2060	chrome.exe	101
PID 2060 wrote to memory of 624	2060	chrome.exe	102
PID 2060 wrote to memory of 624	2060	chrome.exe	102
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103
PID 2060 wrote to memory of 2232	2060	chrome.exe	103

C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\AppData\Local\Temp\Tax Returns of R48_765.js"
1⤵
- Checks computer location settings
- Drops startup file
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Windows\System32\wscript.exe
  "C:\Windows\System32\wscript.exe" //B "C:\Users\Admin\AppData\Roaming\Tax Returns of R48_765.js"
  2⤵
  - Blocklisted process makes network request
  - Drops startup file
  PID:3372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcbe31ab58,0x7ffcbe31ab68,0x7ffcbe31ab78
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=2064,i,1694717037330226715,11168213590502607330,131072 /prefetch:2
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2064,i,1694717037330226715,11168213590502607330,131072 /prefetch:8
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=2064,i,1694717037330226715,11168213590502607330,131072 /prefetch:8
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=2064,i,1694717037330226715,11168213590502607330,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=2064,i,1694717037330226715,11168213590502607330,131072 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3636 --field-trial-handle=2064,i,1694717037330226715,11168213590502607330,131072 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4080 --field-trial-handle=2064,i,1694717037330226715,11168213590502607330,131072 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4608 --field-trial-handle=2064,i,1694717037330226715,11168213590502607330,131072 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=2064,i,1694717037330226715,11168213590502607330,131072 /prefetch:8
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=2064,i,1694717037330226715,11168213590502607330,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=2064,i,1694717037330226715,11168213590502607330,131072 /prefetch:8
  2⤵
  PID:4720

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbe31ab58,0x7ffcbe31ab68,0x7ffcbe31ab78
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:2
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1828 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3932 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4600 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4124 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:8
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5072
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff702d2ae48,0x7ff702d2ae58,0x7ff702d2ae68
    3⤵
    PID:1608
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3328
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff702d2ae48,0x7ff702d2ae58,0x7ff702d2ae68
    3⤵
    PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5140 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2444 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5280 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5164 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5556 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5588 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5492 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5940 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6052 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6072 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4340 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5040 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6176 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6340 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4876 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6620 --field-trial-handle=1980,i,1286047489585555300,3658070642483606179,131072 /prefetch:1
  2⤵
  PID:5172

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2cd879c3b1b25f881f4b7ab71b67a095

SHA1
e8c477526bb5bdddd659fdd44606060d83e703ad

SHA256
d15ec0b42a1305238584533da0ddd5ec2959a76896cabc74599185af8af9e92a

SHA512
95c25065ecb23b375e233d554beb9c5fb61d877f6b5586155d5b5931d270cedfd4508a8fde3dfee5073af2215b256d7cffde9f77923d41909d4168d9bc61123a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
a341e697fa8222a4e55b48b17d5f6ec0

SHA1
583b9b1cf7d7160a33d380fca45db3b439f88292

SHA256
8fba3fec7154446e7e2a01227c7de068b71c8ab41c9f8ff8a5b010c5bb472210

SHA512
52a32a2518476f6765568052c291e4912b24760063a876b342608bceb89c96caa33bfaa71839fecafcd7e4c750a4f517298d1ca189f8c49d8c311223abbc1c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
414f74a212dff93738ece370bc3239a5

SHA1
76666cb479a9635cc5f342c88209970f11818440

SHA256
aebd826845a384099056c7cfc59fe5dfad35e0965f7dd216658dd3e402bcc39a

SHA512
c32a8a8c66f90e7ad32bfce707b2e6e9d23f1207d0896f69597a36873d1b8af7ea3c008556a88a9a9603333a0e9b9ad5fd4059f0a182e9b3f4d3aa2034a4f389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
006de7b1e7d1b690b3ed12355de53fd4

SHA1
0ea16894af036f4d02f63ab265f0a705cdee83de

SHA256
5feec4ac5857b7b281dc618a51a7eac1535b47a6870a342668552ef414e11b96

SHA512
81a4b94abecd743fdeb8aa9dc3da5d687f7c3e73f279bc72d40d93d1fe4218fc830f6aa9ca863a43d6f2a9e747b94048a4b7f10d320bb72e91db66f02465d0b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
34KB

MD5
1e78c85e3de0f25a754eafd8ca415caa

SHA1
2edd553707e53687d8c863d9b4b3a0b309989ee4

SHA256
15aec6e76420ad5e9f8e5fe1f6333ab7313b0f8ffb60ed9e2533e505421f5085

SHA512
e32832e20207e7c3a08839a7bf15f6abff9853a8e7063f76d117c4ad4b14db3fd1ca9ad3dfa417e1999c9e2a756d6b4227ef6c17bd04634bacace37c4b3ec21f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
59KB

MD5
7626aade5004330bfb65f1e1f790df0c

SHA1
97dca3e04f19cfe55b010c13f10a81ffe8b8374b

SHA256
cdeaef4fa58a99edcdd3c26ced28e6d512704d3a326a03a61d072d3a287fd60e

SHA512
f7b1b34430546788a7451e723a78186c4738b3906cb2bca2a6ae94b1a70f9f863b2bfa7947cc897dfb88b6a3fe98030aa58101f5f656812ff10837e7585e3f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
218ad98524f5c88b2f98ddcd4caac6ce

SHA1
059fb13920726be6fa609dde5cc98818afc4f281

SHA256
e6e6102927bd61ce0b23ca7dc44968d10504bb27009baaeb554a9af474982f5c

SHA512
3c392d23fd63eebaf26b2f038a6ded5621c8fadd73977de331d36e901cda953cba34605d89fdd4fa0eda7778c290e3cbf85fab1e8a5cc61fe8e9ab94d6a082c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
eeec36a2c395dfb7c8dc0f86e65938cc

SHA1
2b71ba491b66d3a3e365c8209c189e6b16add055

SHA256
32c814e98d15cd2c2beeef81486384f5380776393af3eb997b2db0f04a17a5ad

SHA512
9311c31f8eb1cd13fae0ec34f0027794f25a49cd2dfb774f1f90229d324c74718e030aaac9d5c7b8faaccbd7da9ce90ada9c80a462c213ff8d3150fba6a40168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
8736d20e2b830a1c884eb313b6723312

SHA1
31bb63078d419a4c95788044ff919aa4fb437730

SHA256
16b559fd110d3d64e6d8114cfc9dd5e468a40dc29eb500fae9c7a321019a28fa

SHA512
8f4c065a32996c667eb8b2a46e442dfa43a3d35ea4e43a82146d060fd2ef4ef1a4e8ff8d511253a5969d7b9806a39a42a38314d4e9a81c8c776a162533ef466f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
36c674d05786ca38b2f06beee1e519c4

SHA1
e90747bd2c302d7eac7b1f6d3a36c8faf715e32d

SHA256
447992db9de936d53f3b046120b16f76b37030c9511f0981890d1c7a9791fa16

SHA512
92bae161797cc6eeef0b8d8282d809bfeb1781b3f8150368d34d3783aa8e6a45047492e65e40bf24143cf532f196b95a109e2a488e4634013e837b1e0cda569a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
5c58bf83cc08d221813ad38468fbf679

SHA1
5786740230074735db7e8d29dadff2f0cbc15e77

SHA256
c54ca56c3e57e5a71ebb17b232dcf1f064dc59559b5b137b742fb827d60b5cb5

SHA512
e6895c4e564f3bcc09fe59bf075c50cfffea1397d33d048cfa0495bae319f4a57529440aae80cd4b3b777825cfaa46240f389a42512ed6a19c09453906b3f474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
318c43c4e7a281d8eb1d8b726e929398

SHA1
86593b337e711f0c4304fa13290093a94bd953ec

SHA256
a3089391d0aa289ecdcc6020de77e27ebf98456d7f81ab4ee237e25298cb2a75

SHA512
8b3e8bce49b5c805631cd12cd181b8e7b01198edb6ac0a4fc0768fd5e0692d336895048a4a9f58f6610fe46c1295d1faefd7034a33098d493582b3d51bcb0bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
dafb2379fadb43f5e2cd8f58273b8806

SHA1
0ade33230f3c3ced54d1acb6dc42b77293c170f8

SHA256
d6c398018a5f5933ee731258579b83e0437db1978a0bd32e6d3e2d8e681d8c49

SHA512
636ace20c97d14dd1bc01c7c0ff39cffaee8f70bbb46167e7a98b5a4f7f0095a6f2620f1211c42cbe7099a12e2bc3228526d2e10a00f711bc8977dd4b7a27d2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
dd338fdca49e9b6113d1c793ed38a0ac

SHA1
c339c6f7e34709bc02d93b86f73f62ee53775cbd

SHA256
c51427fc1920a91d6401d56db8583fb1f8943679dcdd7cf0fc552642115d3b36

SHA512
d0d098eb09e3bd57a4353ad8baf212768ea24d56678647180a83a9d6c03bf333f0c0c2231166357a32b8ddb042d24db8b3f9438c61770dede0118099ce1999fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
13dea55b5ebcc0e97533e32ef457a03b

SHA1
c3773fdb9c0feffa0aabdd17a0ca16900f198994

SHA256
8b279b6e68e6c210b5af26bbbc8e785cb146ad5820d8dc020b4b456275fbe779

SHA512
f63421dcd4a7cb74c0c05516e0884e4af3aed82c325ff83ade58c9694ec4db31839f59d668ebfbf78f9da06f24e6487976fff8fdbc33bdd510a4410c35501dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e07745581d1bc586a5874311f7ec1a31

SHA1
709a6f88266022f09723b982d3a449620479ed1c

SHA256
1f7d6baaff762247d44e8e38bb4a00aac781e655aae138948adaa62693be980d

SHA512
16e85e8927a9a2498151f1c821133ccadbe1435b57c11c8204d92aae87d1b8ac010d998cf066a9022692c60bb565536b8dae54707af3973874ab4a7990afa150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
75c373e3eeef0e03dcd6604721e9d59f

SHA1
a3c9f7bb4092b6847ea666764c9ea79d15dc0e05

SHA256
ee7fb467754046da9b0160eecbee7a72c42963d4c6dfdadd3d491b6eda8c2d72

SHA512
412480fe2d7c27bccb4fa81a1d91ea321854ae52262c89e7b6bc1554b3a9da7efbb0851efd0a60ca5afdbe02c1a9a9657eedb46aee6503b823fe4d5b841bd45a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
a5b2ef0e4255f9a42861f944be24a09f

SHA1
0437254b36e072df44269f7dde6490f792bd7579

SHA256
24aba9cbbe2343f15a9a83facf4e44783247bd1901fdae1e8245a2b54eb62f32

SHA512
a9100c9589abc14c0518d173c050129c7c1a275ecfdc82a1b96c9845057cbbeb40bb1db1328ca56e83eb364c23844aea92c06703b445ba7cca207a26893cd14f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
90dae19eabf07123509371b4bd108a4e

SHA1
26cb9358753f7d1e75b996b1ee8932d4efe888a9

SHA256
992c72fba9ffa6a6272962660a6e4a2a1df3cd3b0ea681b7826d9abeea4ea17c

SHA512
bfd0c978024cc76229acf192be558510f2c5cb799d5843b3d6b05e89bec819af6d5ef0c76261c7c04b46be80adea3804149d89ea597f073b1aba69fc5d2a6375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e35c1457d3f1c61c66784cc75b659fa0

SHA1
539000c76703b17ed422011ca9428e60647012b5

SHA256
34e58aa7e01fd0366897bfd6f7854e118b858eec1d220ac2fe9e8b0414c38598

SHA512
b0fd0e5940b4de0fae4b7f2c0ff827a93067c4ef743ad42c1ab33d2959a1794a510182bdab352d72cf01d09ba43de7a3125882b4e21cbd5b60e34dffa5c3f938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a95ad36351df5c92b328576ddf70afeb

SHA1
c003bc1ac0f7349801a1482f235a7b29e9abcd80

SHA256
8215c73f167b3ee6d2ca68b3e7400fd3c55a05b85b428723a98ea6f0126e3473

SHA512
f7fcbeabc8c39f26817df7a8b7615738a184863f01bda0b67ec9070e12a09f85f7d55942ec66016bc92c5f82b3fbd79a2670d26a8f2321d039d17c5d507fb438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
917f499f0f19f5994594bffe20544bf7

SHA1
b3877afad4f10427036fda9e2193308e8f8c0bfb

SHA256
00cff31aabfda14220a5e5eb1fda9e9c396c644b48148d9062079ee3aa7f2e1f

SHA512
beb9538038219044fdf1f7d8f3a8e2f6c3c9d0bbd26a23b67d7b75f68d1373131e4bb6b5cdef1af9dd7a4ed8cf9227f468982c752a2d6b413065971fd0d018cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0aa104f889f36b1e2cb85390349731e9

SHA1
fb96b9d54201db17d67a0ea5b584ca13f13f5661

SHA256
796714624806cb327269a9f1bdc64be01310beee2c4a36c040ef2928f21189af

SHA512
f3b26a5fc9c24a9ea3440b900e51b0ee90819295f7cff57f16913d78cca742287a3b4b2355f8c3e27bd70ae6b8707d75b00327cf6189fe5e2ee118fe716fc833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c8fd23fb6e001247a6a41a7da1a1d806

SHA1
17e4e964517e80e562d7ac66b44543db5ed95c52

SHA256
627cdeaff705b58f3c7f2374be8b25e8cc46cdb909b441c141e8dcafab6284ef

SHA512
8091e8b2afc246550b758759f0a02313bacf71ea05581f661687d7a26edcf3aac2e4251ee68b6f6e36d85129b0e95696cc5c5489e0583646b62020700cb013e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
3f95666f6097a75caf27f0f1810ebe67

SHA1
70339d43cd0ccf0ef658a5bd40ad9d1b6c269318

SHA256
0cc09745a42a46b7c4e803ee9d52a73941f8dcc2f8ebf701259384e5938fa097

SHA512
f2cb8113fbf74f9c486f4a41f7ec768df52b8a2df1801b0435ea84bbe8c98b7c3ef570f1f37e93627e118bb362bc23618c9c03d06061573521ae480417d31ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
e8f5f2ecadf72949d9f57ce2a95dcf5e

SHA1
80644262e00d825c3e64531ccecc9c9d4ee47065

SHA256
79f1dba07ee4260b0f9f17929ac4f3354ed7362371bbabb5c263e91db552d27d

SHA512
9abe7ba6a7552b7bb992dcef25a9635255f545d916804ca57e6d5dbe29687f48e12c7c524bf3eb6f1d04b3fc63ec8628aea92126d72af336120f183815ecfdb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13361017111360974

Filesize
2KB

MD5
dee325afe5a1ba6593a57e673804fcce

SHA1
d3e0c2b7aca2c1c4635f5e722848b144aba09b68

SHA256
236cd54909a34252eb5dfe44c21d30495bc0da50f6e02f466fc8026962ab7ca0

SHA512
6bc346f600f4cc369fd366f5e4198a537bac913cbaf6bbfc43e806034c01ae27503fd51a130d33ec30ed88aba871b786b6eab9fd7c50e2269c9c7f3a4a7a06d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
ef1394e8cd1f03c168a507fc32d7dfa1

SHA1
f10ea156a40b1deab06b7fc4500c3c7b6718ec9f

SHA256
dc1a413948a5dd19cd39ba3558d1e4ebed280dd840c4dd98ae5d8f4aa613e7c3

SHA512
d5b792cbc01249ac40042bab5f4f9d97f55094dfe62cbe389556414c030aa11ad6b1ae0ff5d9e20d700cf91a1ba34996bfa2b6c8d073f4ebdae4ca6de250567d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
c29aefc15db21b8529f372a6f5f1a9f1

SHA1
ca64891864bf1bb19a89339c4f0983c0232b1c71

SHA256
ca4469dc050d723439399c7304f2509fee1277435e79c6d3e5065f970cf0333b

SHA512
d9fbffdb4f678f5bfc51fed18f24505f21a26e47a853b4866f15d0d3d2fcb217fe4254d62e0a07e1748ae6916d8afe1745fca54e5618ef2a63b9c5df5061b1ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
b5cee04247a49350a1e4ff53d66c3d5b

SHA1
6045a78ac711ed3e23342b0726d52ab23467efbb

SHA256
fdf2b99a1a8dc1ca7973215e1409562bbe2f92ccd9119bd78dc05ca3cefb2558

SHA512
b015d72f11599d31adb029b44cfe7292340a1fd4d4cee8ab55d64a4ad375c3388448f40405ba0dcbe29e9c936fc53bfeb8e5a53e871e6e4453cbd268e49c5444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
5d58260322b23f1cdf92774e8e09cc33

SHA1
def1a70a8bb9bc809c80fd6b42173bf76832ec51

SHA256
c02c005a4942f58a5631f649093838810c5426fa108a8f4ce2f3603fc8ee0806

SHA512
3240f1e20ae95455bea0fa8e66d154209809698b5608ce7299ebf42e81c1e7961369e24cb58b0ba9f9d4c0984ba3fbc378ce8d8a69533fffd10c201cbad1ce66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
75762fa084289345d95776f5344d8bbf

SHA1
fcda9c9bf0eef0d64bafa889f1209061d57ac371

SHA256
e6c33fb6fb60780b6c49ee12b1033d66334999391cf673e908cd4c62a47a0a5b

SHA512
2032b4bd28a250e410e2da97d791bd7ca95444b1e7c8617a6271df37de650a227ea87c77aed9784247a22d7f6299f5cebb3c59865ae2db3524b119f83def7633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
adb9fce942b52f1b948fd33625d37732

SHA1
466712f0782309be859d7a9bce44814ac4d93eb9

SHA256
4253594cf599edd8305d55181b9edb587d0f0917ad9eff2ae565458d803b08f8

SHA512
acde01ae563bc79d5525b073502eefb20c9c8974a19560fd2df7e14683be0cad4b9f0326b70d6bdb29a6957da83d0cab3bb0e2477afc611cc3818c9e40b6dd41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
39877efba78be20094fa695120fbaf3e

SHA1
b1b8c9f3b6903e075835e42498653187c0728ae9

SHA256
2fde7ce33b7a212b4b140e2669d188be4700d1262f6b6b43acd0ec0f4538a508

SHA512
28eab04a4417d1118796333aea87ecae7388168ac251c041d5c01b22e6af799e2e52fa73d284c3cb102a7c96d501e180de94245fb538af4a6208244d9e2e1e28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
52a59866041bf068bd5a2db709fc845e

SHA1
26abfd4aa342a3415465f6e3e8bc428b7f99c81a

SHA256
22e6031cef6aabbb3ec9a6e1295ebac4553f7df56d6a57aee975299994afe67a

SHA512
2b89ecd6fe7f6f6e962bb097f363904a078089518a5952fcf6598cf9379f41b7a2f900a6cd3717e04003fd8321b2c6a117dcccfd44a87d61f5ff69367b8ee81e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
b10a94859d551e1b134a1c5ce52f8f0d

SHA1
fc66c447cb3f7c50f96fa1d7cff5648103888ac2

SHA256
a9d960daad8d0826b887bf1a85889aa9ffeff4d691183ee55e47a80a838ef69d

SHA512
1b2e212d92583e7603445eb4304da80123983324943722961fb79d01c8daa67b6b0121a30d3d3503afc49cbd6bb89e984d7ea87a27f8af2a585b5d194c44727c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
1f7fc7abd1565704d01ac287284a0e28

SHA1
a4acf6a0a9dd65b44371bb560505d9b7553a50a4

SHA256
66f5dbfd417cd54120f312eb7e60db7606ce99e58a3d4ea55258f4163dba732a

SHA512
95d5f4baade999a21a02d2c0744b1a623acbef4cef537d17303bab0837803ec1b32b4700b0dc3191b54ffc31c530565c462d8582461fb9784fe2118c479f8a65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
88706ad3cabbcb9f491fc17e55f7498e

SHA1
200de65c58535446286aa022cf2bd9c1073d4961

SHA256
f5ac3b4fe5cabb39ca1baf15a208c9224cd96cda1ce05a42cceb001f91757756

SHA512
8734f8c89d0e7251204f825bc33c208b7f6b0056015b3e9d037d05c5fbfeb49ef4fbce518cf3247de4072c6687e58eefae9ad2fefb40b97ca65d84af8ccbc875

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
134KB

MD5
fddf420a46afe668b3f493e430f5d9f5

SHA1
34e63e2a0bf2e694015d514112a947af51dd2d16

SHA256
11512769e34ac962c7b18d6a6ea7834e3d55812ffc76ac14c2545a3ac932aeb2

SHA512
823d3cba99f36994dd534b65d9bbd1a53b3b78934b7110c205abc8ba960b748c336ba4f7db46ac0937572496ec64836e140c4c12598785f9bb9f5cb7d8c83417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
134KB

MD5
91ba25750a59c6934e2abe446c9018e5

SHA1
54b73598aba8498661838ef9a8463e3fa1cc8468

SHA256
c2231e2a45ada2af6a4b49343666c843480adea5f2ac0eced7051ffc139e7acb

SHA512
ab33201b13dff328d85aaf8c47caa70559ba6eb10d93b72ee8b300f770e905ff8d5832215c34ff03e03187521e56915abcc413e58729b926b537bfcd6e2fcf4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
2076ad396bb5f77b40b687a6ca3d80de

SHA1
5ef26473c16303a94b3e60f0b7c63e4453ff30b0

SHA256
32b69417307dbb3f2dcba35dd0e3fe8844de600b308c4ed0566a626c5773087d

SHA512
f52d7c1ea88e0bc0fec13684ec9cc1a123000e1759bcebae728ac1e667cc0d879bbfb0dbe8d1844208c0c00a32883bf0716affba3287530da06724fea39ee461

Download Submit
C:\Users\Admin\AppData\Roaming\Tax Returns of R48_765.js

Filesize
957KB

MD5
0f597e6821a29bc87b36222f08eff311

SHA1
e7f24cd04de9b92c013d71d3de526461cfb33c91

SHA256
df018cc7e708b47edfe4f39769058ce0ba10a65fe653d3a32412dd504d3f2028

SHA512
693ed1331f7f048789c11bc661949519149c43e3a76b3b600a1990f74763500a6b4a5efb532921bcdb58b27f3a136af9ba63e2e1dce4094fe078076d0073f1a7

Download Submit
C:\Windows\TEMP\Crashpad\settings.dat

Filesize
40B

MD5
b2c359ffd4bf582baf62f6e8adf87a6e

SHA1
8e9a26cf9202a00b2f38b9cf92a2cc0fa2e76b79

SHA256
ee8fad0e09119ff89b6f13fc18df351e81b41199adfc10acbfeccbbb88e02a9d

SHA512
1b1cddd7353d0e9300f1c661feda7f8d1a71e6d90279cb72c3adb51a7bce9c64e2fc87777926db50a8d41cc945445821d1b3cc1628f7446a7c03e64bcf8aff92

Download Submit