Analysis

  • max time kernel
    94s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-05-2024 13:11

General

  • Target

    chromesetup.exe

  • Size

    8.3MB

  • MD5

    1389a3d0f300476b17597580db541cca

  • SHA1

    7a0e2f6e1bb5b926877a2ddfe5930f56969a9f4a

  • SHA256

    e0ea789539cddd03cf75bfed7fc050aa7e9b259b85562b1d6e241f2954857a09

  • SHA512

    f0b60c8e3c36f88fdfdda1667116325097249313022d5e7143852a1340b21199dc61d94f29e40c8942a5e159d973ab79011c8d6cd4ea400cf503b652e5cab83f

  • SSDEEP

    196608:8gt5LKUjY+A1QtCopK7ogW5o35+VqmXaEvNTWc3KFKxJSU:8A5WUs+A1OCopRX5y54qmXaEvNTx3KFU

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks whether UAC is enabled 1 TTPs 3 IoCs
  • Modifies Installed Components in the registry 2 TTPs 7 IoCs
  • Checks computer location settings 2 TTPs 5 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks system information in the registry 2 TTPs 2 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • Executes dropped EXE 24 IoCs
  • Loads dropped DLL 29 IoCs
  • Registers COM server for autorun 1 TTPs 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 12 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\chromesetup.exe
    "C:\Users\Admin\AppData\Local\Temp\chromesetup.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:840
    • C:\Program Files (x86)\Google840_585983759\bin\updater.exe
      "C:\Program Files (x86)\Google840_585983759\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={E41F2270-7C92-1876-808C-0A628107E00F}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&brand=NZSX&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2
      2⤵
      • Checks whether UAC is enabled
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2820
      • C:\Program Files (x86)\Google840_585983759\bin\updater.exe
        "C:\Program Files (x86)\Google840_585983759\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x27c,0x280,0x284,0x278,0x288,0xab758c,0xab7598,0xab75a4
        3⤵
        • Drops file in Program Files directory
        • Executes dropped EXE
        PID:2680
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer
        3⤵
        • Checks computer location settings
        • Checks system information in the registry
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2720
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa1e091c70,0x7ffa1e091c7c,0x7ffa1e091c88
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4256
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=1964 /prefetch:2
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1176
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1840,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=2000 /prefetch:3
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3948
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2296,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:8
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4356
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=3196 /prefetch:1
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2384
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=3332 /prefetch:1
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3200
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3824,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:1
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4816
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4736,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:1
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2584
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3888,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:8
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4280
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3672,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:8
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4980
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --field-trial-handle=5028,i,302801697441652912,886648613348138514,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:8
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2924
  • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
    "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update-internal
    1⤵
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
      "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x8e758c,0x8e7598,0x8e75a4
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      PID:3340
  • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
    "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update
    1⤵
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe
      "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=127.0.6490.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x8e758c,0x8e7598,0x8e75a4
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      PID:3744
    • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe
      "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\125.0.6422.113_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\748ce08e-5625-45ab-8450-3520235bd70b.tmp"
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3504
      • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe
        "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\748ce08e-5625-45ab-8450-3520235bd70b.tmp"
        3⤵
        • Modifies Installed Components in the registry
        • Drops file in Program Files directory
        • Executes dropped EXE
        • Registers COM server for autorun
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:1912
        • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe
          "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff75fb52698,0x7ff75fb526a4,0x7ff75fb526b0
          4⤵
          • Executes dropped EXE
          PID:4524
        • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe
          "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
          4⤵
          • Drops file in System32 directory
          • Drops file in Program Files directory
          • Executes dropped EXE
          • Modifies data under HKEY_USERS
          • Suspicious use of WriteProcessMemory
          PID:2516
          • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe
            "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=125.0.6422.113 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff75fb52698,0x7ff75fb526a4,0x7ff75fb526b0
            5⤵
            • Drops file in Program Files directory
            • Executes dropped EXE
            PID:4644
  • C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe
    "C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:3504
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
    1⤵
      PID:2288
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
      1⤵
      • Modifies data under HKEY_USERS
      PID:1844

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Google840_585983759\bin\updater.exe

      Filesize

      4.6MB

      MD5

      675c9a53a09d5385bbdb3a43a88f2493

      SHA1

      71d1c311eadd4d5949c0b48def8ad0f2186bc243

      SHA256

      ebb428a4c1e29192617e7699513ec78512735110bba68bbee54dee34807094ae

      SHA512

      e3b1d8351b6d208678673e4c69aea745de5b2576a43d2cf9e06c1ea0780dcbc2ca56d5d5fc712b80309ba7950b90130ca2780185b71c990ea6c6062bd29f5136

    • C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\Crashpad\settings.dat

      Filesize

      40B

      MD5

      cfec73a9244c66ee701334d1708b348f

      SHA1

      c62a35a1266b1d310bfe37ec89820e325dd267b2

      SHA256

      158ae6ce668e6c6b2aada579f99ca9e3822533889b5ce43da0c88a0eed19646d

      SHA512

      b6e4bbe1e83546b4e07b0b1ef1457e9f8eeabeccced1da9a6253032d8db55b8d378c55d74fa87f3ffff78220e06a2da8a4bb5adee5ebb5b8f56e1407bf136ebd

    • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

      Filesize

      354B

      MD5

      7136b45ffcac6b52d6873f2864471ea9

      SHA1

      7afb956fccbfa48ec7fcac07cde0f6059a51a534

      SHA256

      78f60448736dd9d298a2bc503571a91a8f0c342e95ff8cc589d546e84e7384c2

      SHA512

      66755a95e16371a527df8b702ba8d686a08678aa0d3257ec4775c5fef8c81d422d7a6ce8aa1fa1c150ebe02f14a0df23776dabc42b6da5ed83b79be956fc2ac7

    • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

      Filesize

      520B

      MD5

      5f741b494cb8e3f7a15a862677087d14

      SHA1

      c64aa2a60e36c846e28bf6a7d8effcee5ec54033

      SHA256

      f197c7fb8013f429f3b782a15ffba410469d0990112dc5c99d5b1e8487cf5d1e

      SHA512

      f51636110543132c7c504e31b57bf660ed4f2be73346334baf3ad35da5b074161024aba75ea352ed7f82c08eabee9f9c6220ba97e64b750883a2574bc86a1585

    • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

      Filesize

      620B

      MD5

      f5e9705edcd9cd1b6ac059f131c39d8a

      SHA1

      d5910cd2b246bc882de25e498225e40072dcd83d

      SHA256

      c43e13749b724d9b3eb1469a625dd7236c0a97ac6e17329f102f86b3fcd585d5

      SHA512

      7adc87d10c67e05b5245ccc9ffdeb76ac89b137ea430fdb2165010fb7a1ab97a72b907d53551a88087428c0bf41555f54d23979b25dbc5d251456749b165dcdc

    • C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

      Filesize

      49B

      MD5

      bdce395b453a0a3ffcf742feb2a210ae

      SHA1

      8bfc909ac17238d49d93a3668256b92766391452

      SHA256

      82f7226a5b6be7356507c368ca2468c5d9b7d4a4036fa18d85c6a99e2f0eae41

      SHA512

      cf4d12cecd6d749990265779d1f9ec5e505b54cf283580f611cd346aaca17816b4c58547bb61c451190c07b651d967f2d03c13b74e2210195514f8087b92288e

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log

      Filesize

      4KB

      MD5

      a5feb64c636e70b5c16828429c998c72

      SHA1

      ce3b7b0feaf2e1047f3aabfe058665d1cc6d97e9

      SHA256

      62cc2fe9f75821f4bd9c3448c5067a19d40721ab5fcd87a2b60317109676f51d

      SHA512

      c58d67fb023fba154ebedcfa4e401d3eb45a6081a660a9c2b2b88e6750e8ffff1c0133d66f3c2f39c991b7b6f019fd4608857b492bf836c0606651daba6bdcd6

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log

      Filesize

      5KB

      MD5

      6cac67cac010146fa74726d026d9f47b

      SHA1

      e145a7aa4d8696f14550f9ab38069b0359897758

      SHA256

      7f1daa56bec0f7f0ca5862773f00730f09e16a8403e69d899d6cde28e050a529

      SHA512

      4f8b954d15e6c38c82fee7444445a46ba08564bf12cd2cc4001f266544a6ef2c977d328b46fc51c0b80ddc83591f0726f8c31aafeaf5010110b09f00ccd2d9ed

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log

      Filesize

      10KB

      MD5

      bbef1145e1483303648c6c300f24ba68

      SHA1

      46c1f3af114934341a2ca8281ba52a06d0483a29

      SHA256

      d70172883dc4e6b238c99c802a295bbe7a9de41114f5aae97f105d6165f10381

      SHA512

      8400f3ea9ba1dd16cb34626a3ebcd2a5f01721bcddce564e10f185aefda79bf2e304f3e33501a02d864337bfe3d68a1803fcdf8fae5993931e6f114f67cdb1de

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log

      Filesize

      11KB

      MD5

      f210060538ad9c31e3e20f947b7a17c4

      SHA1

      6cf868d266e59028cdcc78514ff0c30c324d7404

      SHA256

      84cf547c62dd1fe0d01052705cb146680046a5e12fd17a0efd296b77dbcb74d1

      SHA512

      5d8c99cc9c839d23f8428bcad4e28f48dcbd53c449e50c541775ca22bc03671e00ad20a31a72792be9d985019b57dd9caefbaf7d77a90333d2cc1f504178a3e9

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log

      Filesize

      1KB

      MD5

      cc40e3787a777a1c93223792b54a9c46

      SHA1

      a0d96c05c7818b6267ce459e9d416cc58dce40f5

      SHA256

      30b7a4d224af8ac73facd4a883d01d1b3ec2134a7e710bb4105dd931158a3d77

      SHA512

      e2d06f9dc50fc0e63ac012e45774dd213ae3613d57b092c22b9691c7ab99aeb41a18c56aec865396e768e3a290560b9557869c51ca096321c7dedd111d05bf47

    • C:\Program Files (x86)\Google\GoogleUpdater\updater.log

      Filesize

      2KB

      MD5

      e1e1659c90d86af5b351ff8752286796

      SHA1

      8509037fb1026d1614b3e020389219807be96ae6

      SHA256

      0a083476796dd532b4c2c1344847426e03d8a9a0ee1887fdef7eae74bbbc700d

      SHA512

      b242215bc285f92688cadd705f5d1cc6efb38bc12cda9976e8b7732d2c187c5254b70aff3b848910805017d858fbd6d977ecf46b347ff60d461b406b296c1784

    • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\748ce08e-5625-45ab-8450-3520235bd70b.tmp

      Filesize

      630KB

      MD5

      c089c4384640b0c4adfc8efd6e9bd7bb

      SHA1

      6493eae2a45cddb77fcfd86a6e9fc5023566c461

      SHA256

      ff5435bc9b547ef318d0b7fe3f9d8240ba437f1b207859dcb516c15553effbd0

      SHA512

      6f258bc5921c6bc742cae2e4575f4fee23b2e602476c19b6633ce56918dd6dd21b8ee1350cbf6b65b1f58008cf1e0e0362a01a79ae4c9f06905e710d412337ca

    • C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping2652_821596823\CR_E80CB.tmp\setup.exe

      Filesize

      4.0MB

      MD5

      e8e4e8f66fa72b10eacc18ff5ce000ba

      SHA1

      9064de09632d155e2acf236d54c343f276bdf79a

      SHA256

      ac03c7f78bc590bf6b400c5078a7fa6b1e61d3935cd591868f7f73fff930e4b3

      SHA512

      7fa4768d6043a4fbe38ba70947e9b5bd8e4111606ce673f8b0ee7dd3d95ea9b3e6dcf0f96bc55634c85a1a3f6a4120ff7461a3463ca36133f57a607bef49b158

    • C:\Program Files\Crashpad\settings.dat

      Filesize

      40B

      MD5

      33de1fba7ac00c88354e2220884b563a

      SHA1

      d023ec955120896a402fe951ea315b1bee6f93fa

      SHA256

      75c127032f9249e4342461d99484fb1cc87a7a4955630085df1df23db77bc820

      SHA512

      b30f584d32ee6fcb1f078338c60c5cb72fb05f101c28fb29405057eebd8ef1dafc47bd1410af559df16797b84993c78a51e318afbc44910ac5d52b0c36a15ecf

    • C:\Program Files\Google\Chrome\Application\125.0.6422.113\chrome_elf.dll

      Filesize

      1.2MB

      MD5

      d8e75711fa2b3dc467acc8a4b9d8c54f

      SHA1

      560d442ca0773a28e082de55b7fa0be2b9d0ed51

      SHA256

      c66cbcde3a049b9ce780a6bb78fed467471943cb78d3c83ae28f9f9fa37715ce

      SHA512

      978384dfe0f9dbf80f9deeeb3bd3d59d39592789329cfb0ab41e12b2a4e34a0f498fdcb26b189e57f2a4160f4337ff09ed7b66d5f0a1d28199ce7939fdd813a0

    • C:\Program Files\Google\Chrome\Application\125.0.6422.113\d3dcompiler_47.dll

      Filesize

      4.7MB

      MD5

      a7b7470c347f84365ffe1b2072b4f95c

      SHA1

      57a96f6fb326ba65b7f7016242132b3f9464c7a3

      SHA256

      af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

      SHA512

      83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

    • C:\Program Files\Google\Chrome\Application\125.0.6422.113\dxcompiler.dll

      Filesize

      21.0MB

      MD5

      2d85f8fce028fc1a7cce5cc198f7e7a9

      SHA1

      eb6ab7c16ce3d9e8675299935b087a1e5e24abb4

      SHA256

      b567286cc299f492a3879d2e7b162d0767bfbfb13de448e72b44e3d42f70d304

      SHA512

      7d32a8639d9294ccecb1e4d10ab32fadd91bed2c53a4eaead216a18f90d8475bc9cf686b95ac867df40a14631db33302706e7070b5779432f629aafc6c9bbb66

    • C:\Program Files\Google\Chrome\Application\125.0.6422.113\dxil.dll

      Filesize

      1.4MB

      MD5

      30da04b06e0abec33fecc55db1aa9b95

      SHA1

      de711585acfe49c510b500328803d3a411a4e515

      SHA256

      a5fe1d8d9caa2ff29daffd53f73a9a4e19c250351b2abe4fc7b57e60ce67ac68

      SHA512

      67790874377e308d1448d0e41df9dd353a5f63686df4eb9a8e70a4da449b0c63a5d3655ab38d24b145ad3c57971b1c6793ea6c5ac2257b6eb2e8964a44ab0f08

    • C:\Program Files\Google\Chrome\Application\125.0.6422.113\elevation_service.exe

      Filesize

      1.7MB

      MD5

      05472bb56813c11872a1b7e934fa9f3e

      SHA1

      2a62b33207e3836208e3d5c46bb8dfde04b09d16

      SHA256

      f12a1e99ddd7552742fef5827e9d581a70215fa0f31fd344898063e1cc4ceb39

      SHA512

      cc6359e6d24c350a4b864ce76ed270d08ed7631912f294bc943aa5f877b84a7de8d93dd971e3c35b1811ace7ed8223745d06049cd1ac690f0d67b7e3bc4a0394

    • C:\Program Files\Google\Chrome\Application\125.0.6422.113\libEGL.dll

      Filesize

      471KB

      MD5

      916ba1465ae826fa94c715227e70b625

      SHA1

      ae3281c9bfa530df6e42bdf070fbb5895a9b205a

      SHA256

      2315b8e49dda72a6f73004769d4c422a9ed157c6046099db7745bc11b0243d52

      SHA512

      97da6f751f6afb498dd09c7538955320df87699c271881ab968aee2f9e30ab4b162fb0284c7954056f4a5de50ebc359eefeea48203e0a6f289a12c02de9e4918

    • C:\Program Files\Google\Chrome\Application\125.0.6422.113\libGLESv2.dll

      Filesize

      7.7MB

      MD5

      d29011fd0d464f424cf26cc5f67d207d

      SHA1

      9feb6324b6402f545ef8f9e13ff58f4c30560598

      SHA256

      59b391a6a1ca1647a41fdd4182e95073bcab94558dba7e6d0598e4f802108e0a

      SHA512

      fa2d47a8c58e90aa32a528c1e733c56e5ed2ea6477a995ef2296e22f8681af1df76fbb9335f9339d7bbb366e7f5913f45b76398948e789b8a0b222fae292027b

    • C:\Program Files\Google\Chrome\Application\125.0.6422.113\vk_swiftshader.dll

      Filesize

      5.0MB

      MD5

      3f41bfdec6263198a1052353e44f0ef3

      SHA1

      1dad97372e9a715af9029a1f6a4fdf2760a1c590

      SHA256

      3775a2391025bab98e8dbc0ae6e2b8bcebc113ba65705eef011827a99438aff8

      SHA512

      759d00d15f6f2b48580b007a6a0e3182806bc42e94e107832d76c7d529b79711bdf69a792fd09f48b4a0b15393277a69af74f22429c93f90844cf841fd621749

    • C:\Program Files\Google\Chrome\Application\chrome.exe

      Filesize

      2.7MB

      MD5

      3998300d42dfa46c534071833137a1e4

      SHA1

      cd881ee067bce496a7d271b3dc1c0ebfef923d4b

      SHA256

      9841226f3175588c51e60e828dc8e3c16c42f9f7af15f363963fc230ce7bf4ad

      SHA512

      a25eb0bcebcc874548b49c8e3d58e64da2e7c79c01e3bf372d005f56db571c830bc6081a89169fc45e3f7a6aafa3239f9ea64ebf7fc233b80d0ea27fbb532c8f

    • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

      Filesize

      2KB

      MD5

      36a65a1c622f47e18c62b14f3a4a0ca4

      SHA1

      6ee360836785ba5ef967e8e0a85202bac7814bf9

      SHA256

      e65125eb218c89a71185f9d3f898f87ec55a29d34f2a2cf4976f42a839c3a035

      SHA512

      d07d295fc1583b890d2a61cdbb675822c4caf81f8605e0fe6abc00fe5cd560d7ced50b72f3216a4f10e30e3a3b00e0f42e1cae2c30d3e0879f7d713ef8172ad6

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

      Filesize

      181B

      MD5

      5565e6fdd319147e2265e3861c2a9eba

      SHA1

      2d5c1479cedd1db70580dca8e49628c8b9f1f0ff

      SHA256

      f3c8f96ab06cffba8dd3658551854fbb642964335adcdb7672fafbfb4e3b67d6

      SHA512

      44e541317d6a5c955dae1f3005a336db879d2645856f6a4a869443f792730d6fe3ca7efdca06f1319468a0ba4ebcab5df04412e30eac2cc38f9965d866e8f9e9

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState~RFe588b34.TMP

      Filesize

      414B

      MD5

      d5c946e2a51e840013f72c4c55411612

      SHA1

      f77e791fe57615f3c66b6a2e19922edb78319154

      SHA256

      6b7514bbcbf1fb2c6911c70f98b8069d821ea52db43ff5f9e261df3d9f38da2b

      SHA512

      42850e5fa8442bca91185ae6bec36ae58b6e2b04a894c0deeb7f657f4289b1e3cd9991d8cdf3b6d559787a3188767d1b3ed21a195afdc05f9d90773f3018abd9

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

      Filesize

      192KB

      MD5

      505a174e740b3c0e7065c45a78b5cf42

      SHA1

      38911944f14a8b5717245c8e6bd1d48e58c7df12

      SHA256

      024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d

      SHA512

      7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

      Filesize

      2KB

      MD5

      3850a2b7d50755b1ebd41913c4a1711b

      SHA1

      e70fc3c07f867b9e3154f76c75f5b46b655ba174

      SHA256

      df39a02f0609036ac079b44f8e2b30b6b7bf3c1a037a4ca38f8ee1ab970e033c

      SHA512

      5c81e8d1ba5a157603a78ec5cd58f8a2a15d42b14617e8ea038e473e4d523919dcde42abc48e8d410ae8cdfa8857d0d9dffc38ef2c576a409fe67a8303eb34e0

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

      Filesize

      2B

      MD5

      d751713988987e9331980363e24189ce

      SHA1

      97d170e1550eee4afc0af065b78cda302a97674c

      SHA256

      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

      SHA512

      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

      Filesize

      356B

      MD5

      792e783581d03e5a5dda6bd6b4e038ce

      SHA1

      099035b202eea03f8f3b751a30908e722e9722a6

      SHA256

      31d0402e812a548c4417e59d9e87259131d31b4964ed880ef2b213730ff55781

      SHA512

      1bf31b0b1491d77cac6dd49f7cb1b269cfa197fab9fc7abb800774af41de15d90258644844c62a1cd37e2fbb3a8b91d1c9e8d87c074a1e777e8c8721b6f6b97e

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

      Filesize

      9KB

      MD5

      a1d9408874f7c27c92f01f42cd72b164

      SHA1

      a5563aac4115e8fac4ac3e555037854d48f81dcc

      SHA256

      8e9d78628bb855c93b365bea261a355571820b9a5cdaa76b43a5439a281ee5fb

      SHA512

      ad8e1e87aa6066c9596fdb5ecc526b46d5e406ec4977375c04984eb119940911c268b8d895b822e1a25cb688294240ef88f9f413067dc486178f2f692260c905

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

      Filesize

      11KB

      MD5

      784665874d8126c4212c6116440bbd17

      SHA1

      cd45af550c61944b6b742666674a3e032e446677

      SHA256

      74b066e76acba8cea145735374ce77dd73d1c9944751ce84215d9d3132c34b53

      SHA512

      6f271861e3dd63ee900870c72197c6b7fb4a0cf7b9a293b5e4d15bdbee8a142169ae7282f6857ea9dfdb936c59198f4bf9a86a4318600d1fc53ac2e61c7e9c6e

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

      Filesize

      15KB

      MD5

      cdf869a7b2e9d73da62aefef33d76e38

      SHA1

      da114319c12f776e65139f8dfe6457157f4021df

      SHA256

      98e1d270ef062feb4282cc97ab4e6f8cb1265daa17a70cd6b3df5d293edd36b2

      SHA512

      deb841608d08f36de2db71be2aee5a33f25af3b1614e0f004ba2e0d368384aa11be0119f51f4afc81d5d49892505edcb35c041f148aae1c6a9e47757a35e79eb

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

      Filesize

      38B

      MD5

      3433ccf3e03fc35b634cd0627833b0ad

      SHA1

      789a43382e88905d6eb739ada3a8ba8c479ede02

      SHA256

      f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d

      SHA512

      21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_0

      Filesize

      8KB

      MD5

      cf89d16bb9107c631daabf0c0ee58efb

      SHA1

      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

      SHA256

      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

      SHA512

      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

      Filesize

      264KB

      MD5

      9daf94e87e09618e680d1942d07fd64d

      SHA1

      2fcf79cc4a067a4be75449b7a4d70cb82439bdf2

      SHA256

      d56662c23c4e3c59106fce84335f39a985ff519ac08b372b56a32463fbc309c2

      SHA512

      dce80b424c5faeedbeebb9066aa2ad57caceda12aec8bbf8501b709a83f92ce73d83048643ed2510e3e436fe2e6f7d7c846537fcff79331b645caff7f8b853a6

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_2

      Filesize

      8KB

      MD5

      0962291d6d367570bee5454721c17e11

      SHA1

      59d10a893ef321a706a9255176761366115bedcb

      SHA256

      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

      SHA512

      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_3

      Filesize

      8KB

      MD5

      41876349cb12d6db992f1309f22df3f0

      SHA1

      5cf26b3420fc0302cd0a71e8d029739b8765be27

      SHA256

      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

      SHA512

      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

      Filesize

      129KB

      MD5

      95710effb7bf9892fd9cce346a01a1bd

      SHA1

      9453b0c8b0c808355c555c73e042f13f6054dd97

      SHA256

      5888454648d267d78ad890370670e061e03e04ad93f54c600619b7a515150a9a

      SHA512

      e8cb7be6dab36e7c5c63a9eee9edf63724e69546f4197e8e9cbbd766d6261e376bfe1be45fd10aba65368ff5ea747a3edf51d638225b2ada8587a2633ce261f8

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

      Filesize

      203KB

      MD5

      82c559b530e6f4a4ee8ee76d452ba613

      SHA1

      fe136c7751ac22fba85670463bf93f632527397b

      SHA256

      5080d814aa26baace17d8c90ef282959ae04fbb1cbd606c7a065ebb2c84eda80

      SHA512

      243936a1596fb150e9c662473bbd2eb21551ff0bf8657a59c5baa7e8c3f0744fff2d1c2e370057e05192ee4004b326cf7c49d711ceac7eae7d2f4fda6b3f5770

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

      Filesize

      130KB

      MD5

      8f56d16ee43b41748b82331536026758

      SHA1

      38a7a82cad9ddd210d16ef5cdeb9d4c959df018a

      SHA256

      24df00723d8f7363f27bd69eaad829cf66343aa03f9006cf4f34852d027bf564

      SHA512

      1a46517b8d4ec040c276e3875ad44a501bad110739fe6005421d3c554030f61e48d7378b526569356904e0d8c5df3df3657022b9ba5c4212f55b0d1862a790b1

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

      Filesize

      203KB

      MD5

      04541d63b69c2b9a64522e538285ab60

      SHA1

      d33a1ce7aa294dfb2e04a500f2811f5cbe57a635

      SHA256

      67c5f827716f378edcd529478241d915e360d20c75bbb500cc093542a8cabdaa

      SHA512

      f8cd32c2677bf240b760f27efe7f5aee017c2d3e6312834f6bc00f1aedb21ac7e738be9c75106e1abf9859f558b279074fecda65980efbc6fcb169f3aa4de0d5

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

      Filesize

      203KB

      MD5

      c2c97bf5f0b75fe15a76015708939d8e

      SHA1

      a7e6fad8962e68b14e76f621884ae13db867f469

      SHA256

      1a159713696ec3ff151ad1661f46dcd86bf8e37bb717332018b9dcf36911aa8e

      SHA512

      628c616264e81d7378195b9944284179195404d08bc401ae97e6a3fd4d9d7368d57b9ade378f700e1c7139e2439d1a3c541e46d83e7766547bd168ca9e1c5158

    • C:\Windows\TEMP\chrome_installer.log

      Filesize

      22KB

      MD5

      e442dc6381244ec9ba6a8a9d5ae1cbdf

      SHA1

      78180f581901debae6f2163a325ab9b2d0805fa3

      SHA256

      063330a944a6fbd418cc9e639f02bc0d9c9b007d9d4464ce9ac88feb393396a7

      SHA512

      539078a293da7c391b3e4071b56a3476cfc15ce4f0eae3b20892f3d9740bdc48537a6b033207ee49ad9579285afc7e26c5df4e91a76610edc2199786eef6c89b