Malware Analysis Report

2024-11-30 06:44

Sample ID 240604-bh5ltsfh3x
Target Unknown (1).exe
SHA256 ea6443416c31bb5f5d8476357619c3c9b80d3959742b8f3080b56ce8c24b9429
Tags
spyware stealer
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ea6443416c31bb5f5d8476357619c3c9b80d3959742b8f3080b56ce8c24b9429

Threat Level: Shows suspicious behavior

The file Unknown (1).exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

spyware stealer

Reads user/profile data of web browsers

Checks computer location settings

Enumerates physical storage devices

Program crash

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Kills process with taskkill

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 01:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 01:09

Reported

2024-06-04 01:22

Platform

win7-20240221-es

Max time kernel

118s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Unknown (1).exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Unknown (1).exe

"C:\Users\Admin\AppData\Local\Temp\Unknown (1).exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 172

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-04 01:09

Reported

2024-06-04 01:32

Platform

win10v2004-20240508-es

Max time kernel

565s

Max time network

458s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Unknown (1).exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Unknown (1).exe N/A

Reads user/profile data of web browsers

spyware stealer

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A \??\c:\windows\SysWOW64\taskkill.exe N/A
N/A N/A \??\c:\windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619377805145612" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A \??\c:\windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A \??\c:\windows\SysWOW64\taskkill.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2228 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\Unknown (1).exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2228 wrote to memory of 696 N/A C:\Users\Admin\AppData\Local\Temp\Unknown (1).exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 1000 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 2424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 2424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 696 wrote to memory of 4440 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Unknown (1).exe

"C:\Users\Admin\AppData\Local\Temp\Unknown (1).exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff985faab58,0x7ff985faab68,0x7ff985faab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3820 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:8

\??\c:\windows\SysWOW64\taskkill.exe

/IM chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5028 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5016 --field-trial-handle=1900,i,18342602941475093442,12080664282746881875,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --no-startup-window --load-extension="C:\Users\Admin\AppData\Local\ServiceApp\apps-helper" --hide-crash-restore-bubble

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff985faab58,0x7ff985faab68,0x7ff985faab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1952,i,9840453372430708785,17458862110134184551,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1952,i,9840453372430708785,17458862110134184551,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2248 --field-trial-handle=1952,i,9840453372430708785,17458862110134184551,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3232 --field-trial-handle=1952,i,9840453372430708785,17458862110134184551,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3560 --field-trial-handle=1952,i,9840453372430708785,17458862110134184551,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3772 --field-trial-handle=1952,i,9840453372430708785,17458862110134184551,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3784 --field-trial-handle=1952,i,9840453372430708785,17458862110134184551,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2820 --field-trial-handle=1952,i,9840453372430708785,17458862110134184551,131072 /prefetch:8

\??\c:\windows\SysWOW64\taskkill.exe

/F /IM chrome.exe /T

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 37.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

\??\pipe\crashpad_696_WIXQLKMCKRUJCDEX

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\ServiceApp\apps-helper\apps.crx

MD5 d28022bee7b1c61dd1c065a85a8f15ca
SHA1 bb6510937cd735c8dee1f6f8e36c5ea2011ea4e7
SHA256 092f386c78aef402225279c45d519ea6abfb2ce07a735bb1288529c20b1f5db9
SHA512 0215880912ba0907a0d9326c5b63e00ab860278f2f22f2560136a2dc4babf6e5a99764f59d05e8228fabce6f1b2a8e4ff2fda64d353cfdf4b9de07ed3bb7628d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1be921e6ecedc3b1de4fffbe220a8a53
SHA1 1f9d614060505c9999932ca64b283df4b8c521bc
SHA256 348c6303968fa116d447258db6ae6b2de10ffaee0937f99840249e76e5cd2834
SHA512 b8f0186df2e20386668fa9852c94f17093690309da81a9331f542a718a3565c7442304cd104e48c3cafda809119d88a6d1d775c35c840d6ffee8ddd00e75ead1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fbba98b9d166639c4e64e9fa320c6fc1
SHA1 10b76088663f36949b6b9380de7a1e4ca904b2a4
SHA256 47b3c85ebae16c8fb605694dd4cf2e91012a1f62b08265bbb017344b1705b9e3
SHA512 31754b2825e99278f83eeb753edaf3ca96628373b941ae8ba35af270e6b7fbaf8d8615bc7a760d2855e41903f942647aef2885a1d88e4230a4d8c51e84660540

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 77a23a5903d716d361d09bf45c07c663
SHA1 74b6a0bd40082b25085484d85550fb504e70c94c
SHA256 e5de7d7844ffd78adbe1178933eab5654c17ec64db4868743cf0fa3d6da12c31
SHA512 a638dd795da7dc4b9522a34746ff4719716fd5e9a3b5f2ed99766e5a82765b02f065c77878370430dbc5224eb91533e9a8d4b1472e7385956c68d942666b7042

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 e559bc9645759a936e7607046647cc92
SHA1 713928b1f1185ec0cecf6c88f90b9d7f50c1881c
SHA256 be32e0571bc598df174dbe1b7885c3bec25bfdd34ac902525b11c4b334bbd2d3
SHA512 a7e3e87b75bc9296968457d3ab79135542cc9b52dbd6d658defebb331e15a63267faa6daf070fc3e833b6a1efd14402ab292754a739f53df3229ceb700040c09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 62545dc49d6e567f27a1cf30ad786e06
SHA1 88a89062d3b34c161beaca3c3893a3f5b2f8ad66
SHA256 926d650db163bb569607f8b4ba85b8d647dc37bf900f262960af68b9f09ea088
SHA512 9f947f9a9cf6381fe60f1dea9095c7b141bc2bfe752888e621a2cce81d26e7fd369c199c179e473ae4427bebf60466d7bacc1d6f944d1366076171f25a9f7d55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 23e6ef5a90e33c22bae14f76f2684f3a
SHA1 77c72b67f257c2dde499789fd62a0dc0503f3f21
SHA256 62d7beeb501a1dcd8ce49a2f96b3346f4a7823c6f5c47dac0e6dc6e486801790
SHA512 23be0240146ba8d857fc8d37d77eb722066065877d1f698f0d3e185fcdae3daf9e1b2580a1db839c1356a45b599996d5acc83fda2af36840d3a8748684df5122

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 fa3d6b1929c9213ac258c1df3c25c54e
SHA1 87073265c40f4aecd7fe71b1f4180084114cf07d
SHA256 518acdd2d7bc3ba6b14030adfb2d3d5418453261ec7aa560f2cbc43761eb0a21
SHA512 1761e305ad6047b0e90d87012eb4d3ca4f88de8c76458824ba9c94a18f0ec90a5bc0b010f536ab8afcb957c0a6526ccb29dee88135c0205629cc77e26a6cf007

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 46d5023bdf6f561c5eed2cc80e162d69
SHA1 da238c8e289aa9c61e35ad3f83377a3a8ab6d6df
SHA256 030b7b4960e4f49bf5fef7c66dc6e7e2aef513a26fdff0e8a8f2f49f2e5c2bd1
SHA512 33af0ba459992e1098030867157bebdf626e23d28d68a4aa1c7737eeb0adcd484935e8d71676a6a8dce389ed6a66fbf465fbafb653cf8d7a6ca9f18666cd697d

C:\Users\Admin\AppData\Local\ServiceApp\apps-helper\manifest.json

MD5 99f8d6aa35e67db20b5f6e3fc54101ce
SHA1 37e09293aa7cdb8fae7754aaae3e8bd2591a2f29
SHA256 cc1c1c7aa14ac707f66629095b8e117109660c13511f26d6eeda1e9fdc363ab2
SHA512 57562dbe3c33139b98ff244cdcc233c9689823a11032d42b9b179eda53831481422d69a62691eebff34c0ae85c36cbe7f8b16599d89919bab759cfd38af27797

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 d06e32ffd331b9c0807e63e5e29df726
SHA1 ba53d97ea76f1cecb2a91ed143133ed3c5bc513d
SHA256 1f64cfd6e14501533b3da0828eb3aa116d38a0c9b7f171d3cecd04616de3f634
SHA512 73470b3f2d3482cbdfb6e53bf6b4b38804e4bffe384d6d699c8caac1eb51422e34f5de18a351a553a6419882a9e2187604bb1fd4f5b5901ae16d3b7f7a333b5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 198c1fa22ff60eddccc3371db5a811a9
SHA1 03ceaadcaf501d64e08d3b287aa976750cf497b1
SHA256 9c626dfaee97c501528a2ff29871a9a8cc2b79949cd8a84688bbadbcbe38e1b5
SHA512 6eb150c135b31a0acb25c7bbaacace14555ed5a8524223a471f7c21c4da1d0e918dcdd67f24ddc82e8c2281eaff01a42b867c6c28c6103611af28458999ca0ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 c454ae5ce7e2fd9e0ae3fdde8c3c5b7d
SHA1 319ca391f79615898a468744183b182ac71fb74a
SHA256 66a7a92e129d7625547dff31716173974618f0c14342cd6bac173bc7c46d3071
SHA512 962a5431f0a0adfcb631250feda9393059ed3c3c0dcd6d52c0262006d5e0af3c56ac27b52dc14ae5d9cddcc76e695db6f1b68aad7e14676f87eb63b238eae2f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

MD5 7bb6cca9ba8d96901001d0abc787a4f2
SHA1 9c8948ef3db0ad37a1b5348cfef25cdce9ba98a8
SHA256 43d0f1eb46ef5f707013e4701e88d55a14215a2e57a5302cd69f0f98529f7cc4
SHA512 3c4288c4b70fa6330b379e72d276c9d58cbddb12f077e0cf6bcff49d477ed5c777dabe9d9762cc3e729334ea33a864161c1ae4cff6bdb2f07890ef677b36b46c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 1c84f829d8c45072beae71462d41f142
SHA1 f6856a75ae1be0f4f9b5b04ea6d582dbd69d817e
SHA256 4a9265ae2aa5ae80bc270886d73925b845bb1246d0885268635180ae24c70e53
SHA512 e9907cbcb4a99fbc9adcc80d310187677e13bcdc9b1c5a9eac0a5cb7979dfb97e482051a65ebeb595e47587af1c10259391680df2bdbad86489dc4f81118f8d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

MD5 d8dd7405e667de64c84f28862c205924
SHA1 79c6ca775f1abbc5b3393aaecdc2f7b3cc6db551
SHA256 8ad4ef99b3a1817bbcd60c813406087376fccd22be5d5bfe1bf43295f0fbedf3
SHA512 23c86c024ab1ade0fcaff20f0ebe28d7b7f109dc4a680150016f7513f382342a3d5f1990c2d3eeba1a762f73c163ce8e8746f9151dae0127ab53b8c1430d706c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 0951c27e24c6388748411ca503561425
SHA1 b3dce856a7ba09a9ec233855f968e11813ffe59d
SHA256 315c3df1da0737c256d7ca8c4223f74a62ff5cd2235c0b7f5796d8f7a96beaa7
SHA512 571aee73b1ac190be62d7364f7b2f8b7b2d6dbe6d152038833de4f24b4b372eaf694c33a2f5f64d6f797653c06d3d5af6e4c59bc7f9b3123c50e43ecc0850309

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 b2b2ee9f274811f11bbec94e848458d8
SHA1 cada16998fe102f9309c864d34024c6eb088886b
SHA256 defb83eff77fde0680a8258787f0e2b171d96e5b07fee3a9a60bf98f47d4a571
SHA512 68889add02f5c62a5218c43e0ee3bb3ae5152b2355d635c5aca5bba52d9921c5edbe264d4aaf0fd8368922e28669241a5435e03dcd34060d97bd23222e3d61d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 aa12ea792026e66caab5841d4d0b9bab
SHA1 47beeba1239050999e8c98ded40f02ce82a78d3f
SHA256 65fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1
SHA512 0b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 33d2dcc9ccf87d6ed728ab0c46235369
SHA1 249e080a07601d8537b242546067229f49a4aca1
SHA256 a455f1cebb519dc1861af1646224fb2cff08843469c0f346d93efb6745615c4c
SHA512 754e230d5ed0a578559702f43312b2cb2b282676a95218ec3213efb566fed6ca02034bc6dc7ba124afee6f9b766a0680a8e51ea377b998eb2a10d0b7de67f7cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 6d66c063a5048fc856aa58a9be1ce582
SHA1 50c39a74928bec238fa5b7d5581f8c28b7d976b6
SHA256 3fb5f3eb311f3e82e1de4a9bc8694aa6bed91bbb955ccea7da6d6ae8ff8da0b8
SHA512 678f43c5804d07f72424af3a0c74d852ca55106b7c91b8546d4679a8cd0925fefbf94921685d21c982746478cbd08b0ce4dd2d0f4a0993450952843ae1ab10ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 d07b90c1930602742fec997aebbac80f
SHA1 6884c3517c29e379d17d583128c0c1701c4e7aaa
SHA256 5864d29bbc1fb96dc2949c12d26891fb0b57287c6f3334af877050497435a6ae
SHA512 96b4b64bbd6601fff626db5ddb0b1abbeff22faaa26d2558d3230a9b96f1697bf0717f9b1f7396636402f8348cbd62cfa7ebc1b293d674ecac5a30da4cfacb1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 4ec7d97159d9881d44f312660bc89f5b
SHA1 579d2010e105e663d5a708f1ba91549b23b5bcbf
SHA256 ae3779624e252bebb43041068f58c238cd76c2bec3627a2cbeb798f6cab67f9f
SHA512 27fa3b47420544b635393e9947fc258c88c854151fae07d11e0ab28258bf4283593b235461b6106ea140a36eadc1499c1e9eb2bc0e8dde50ca931584bbe40db2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 367634597a6ec6d0f4a79e30b7c9a479
SHA1 f0442990ccba871e775fbf2989779a54a27b76e6
SHA256 bf66f54a88740124107982cebe563786fe3bc4a46d67096521c0dc3b9b93d2be
SHA512 99f31d9541b9ece79c18a6c36a63f83da9390105d98540410331059c521665c26956673e6c9fbfea71942ac8ba3d06585d09d0b3655a31fc125c5a86459ae38c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1a50638d-6857-407d-9588-1dd3f370e636.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 009b9a2ee7afbf6dd0b9617fc8f8ecba
SHA1 c97ed0652e731fc412e3b7bdfca2994b7cc206a7
SHA256 de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915
SHA512 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 7e628dcf1a0ce923fdbd4819f8d8c3b2
SHA1 089eade61ead050e4d5407d04c694c1a2097390c
SHA256 900dad3aa868395a90e581a2b747b0902f691395c6db045a27088eb2620ce329
SHA512 a0af2f908825f1cf71cc8b1c3e89bf2aa44b066f59798729e6d48b67573e4efc28a1f3103a8afda92db6710617c1149b0c53902886e3d2cc0a49da752886a49e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 edbbe68a14144857446812fc7c27d7ae
SHA1 a092f33157bf4de1d7214f64baa4031f17a7dc64
SHA256 098d10a626708cf05f69b378d90386994393f7d0fe42077171606392ca16a858
SHA512 1293eace494a74f13979f87aed1f8344efd71e9a2c18ba3b788a9ee3d256405f9f7bdf42454929f9ce5c10f0cc50c2a1b7d3117a4e5ebe313c9072f090c510f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 9f9dd9d94cfcbcfa49a006bfbd5042e8
SHA1 8bcf31dda5a73626edbe8556d68566a293ce052c
SHA256 38f9ecf2512387c53e85d5e9da15280e92443ec7a1b55502c4b69d3861185ff5
SHA512 a7abd15c63a587b26577dee6ee6b24817a3632e8f19c267997e79761cb16bf27f3d997c6a2749411d5b555e748633dc2026dec333188a21a320e90681bdff064

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 612ac1d1fc1a5384e6904b860e28676b
SHA1 3b3c79287dc5de4240487e1ca32a8c3fd10d451e
SHA256 185fa1ee8338a844df6e87f9731e2c1154c0226a3b792cf1695b638bf9b16c0b
SHA512 1b40118d5d3eaa1e46af442a19c00604e77b1e45726168b789b757d870c53a7664cf523586fa83e75e944d4210c68a42795920a43e85fa267341b419982fe056

C:\Users\Admin\AppData\Local\ServiceApp\apps-helper\service.js

MD5 0d67e04a068cb7f660c077c00d42bf0e
SHA1 d07b8d3d9300b18eecf5b8d179e1a004811885aa
SHA256 0626d33f723c33ed98f9e8c1a78b43510e6dbd196ef91fc0be2633ba73b91649
SHA512 2626de8dff9df4d983437cdcb86aafa4a3a3a894aa1572a33c160d480cf8830aecb230be407f57a5cde45133a436e52926ed8612fc6d6245f50fe918f2baca84

C:\Users\Admin\AppData\Local\Temp\scoped_dir4044_1192685622\CRX_INSTALL\manifest.json

MD5 9353c270da2dd4836e229cb9ad049fee
SHA1 4fd8e822e85d43ad69692b8185dad64a0da44313
SHA256 4f5a041e6ee123988f6c49904f3dc862c5ab284f55309d8050c5dc2d3d37356c
SHA512 78a38649d45bdbc893fb70e21a66c0e4996752ac910959c1732f4162eeafdff27a68987083e3cbffb91bb9da90e1951642c7387896f46ed684e1814efb00abcb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iglfjaeojcakllgbfalclepdncgidelo\1.0_0\src\content.css

MD5 fc4d5e1d4d7f3d66a6f5c65abe693fc2
SHA1 8f4fe7ead18db219b8843e005eadb82b7c379971
SHA256 eede9ac5c201aee389bc558407a076360c28f58f6c7eaecc3f7f7c8bbaaf211d
SHA512 db9ad81ede04ae345d0cf5b8970003db6cd8301c25942f76fcedb9af92342e7a988d87b4b7c4fe77cd46afff0a07c780c4677e22f1f518ba2a4d38841b22459e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iglfjaeojcakllgbfalclepdncgidelo\1.0_0\src\content.js

MD5 f595e32e27d035c2995cb90a99151a48
SHA1 0ef51b8ea20b398f6459e607c69f0300ab2810d8
SHA256 a70edb3f4706ec8986c899ba01c2544b704a1047213c5eae28a614b739807b69
SHA512 f286a3e0ca84c2d365cef15b7e2f45bda47ed34704d6c04dccf55036f008a3af1b7d23ca43ee6b0cd871cfa11a1981f608538e8f3c26dd43f2f02d4a0397bd0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iglfjaeojcakllgbfalclepdncgidelo\1.0_0\src\jquery-3.5.1.min.js

MD5 dc5e7f18c8d36ac1d3d4753a87c98d0a
SHA1 c8e1c8b386dc5b7a9184c763c88d19a346eb3342
SHA256 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
SHA512 6cb4f4426f559c06190df97229c05a436820d21498350ac9f118a5625758435171418a022ed523bae46e668f9f8ea871feab6aff58ad2740b67a30f196d65516

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c99bed39a7c468ebf67ceb413f342286
SHA1 06a77d0edaff99b7834baf7b76f564f73b4e2752
SHA256 051d01897377e4129fc9101b9c243d8fed089ff50d000c9f03453f7b7d108312
SHA512 5c0e05b22c7cd00ee3318b0545765672ca878bf416c12c8bb7778ee81b505d759b4464f85362ae0dfd9570051b5be157d4ae410a88140bb6f71e0c5381d95b71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ce0df62d7c63a2ef32e83f0931da8c10
SHA1 46a28233c0e9118cd3e7dcafc36b5285027c6ec2
SHA256 54c12a6a7b983d5254eb02902d5ab080309371a26947101ee21ce7fc8bb39d3e
SHA512 d03eb6394cee70d9aa856b6197749db73eb5896152c42659a63e8cb64764a3b6dc7e72374c68a7ea2507f140dd48b06a6767876e13bece019f9048183e2e75ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 d87bb05a414c3a8154709213a609adca
SHA1 64062e76e008872da59b5a62311f1534c2bc7f02
SHA256 1ec6a045a08020393af00103ccb439864a3f0a47366a27750c0cbcd6533339d7
SHA512 22f0630128a808fd5334eb6825eeb685c19cdbf868b498b80043962a55a706c2192ca578cafaed65d7177437b0c85157583f2c15f75bb1d82bf81c8d8d8e0660