Malware Analysis Report

2024-08-06 12:59

Sample ID 240605-2gf5ysah31
Target Unlock all.exe
SHA256 e19a4a36276e501ee70068b365480f122b3b0e96cba020ca7def1322a716dbe5
Tags
rat venom clients asyncrat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e19a4a36276e501ee70068b365480f122b3b0e96cba020ca7def1322a716dbe5

Threat Level: Known bad

The file Unlock all.exe was found to be: Known bad.

Malicious Activity Summary

rat venom clients asyncrat

Asyncrat family

Async RAT payload

AsyncRat

Drops file in Windows directory

Unsigned PE

Suspicious use of WriteProcessMemory

NTFS ADS

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Modifies registry class

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-05 22:32

Signatures

Async RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Asyncrat family

asyncrat

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-05 22:32

Reported

2024-06-05 22:34

Platform

win11-20240419-en

Max time kernel

51s

Max time network

53s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Unlock all.exe"

Signatures

AsyncRat

rat asyncrat

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621004182947233" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\search.htm:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: 34 N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: 36 N/A C:\Users\Admin\AppData\Local\Temp\Unlock all.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4212 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 5028 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 2632 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 3388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 3388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4212 wrote to memory of 4944 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Unlock all.exe

"C:\Users\Admin\AppData\Local\Temp\Unlock all.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe575dcc40,0x7ffe575dcc4c,0x7ffe575dcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,4571569694188339299,3783839069859684244,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1800 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,4571569694188339299,3783839069859684244,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2104 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,4571569694188339299,3783839069859684244,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2176 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,4571569694188339299,3783839069859684244,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,4571569694188339299,3783839069859684244,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4468,i,4571569694188339299,3783839069859684244,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4496 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4460,i,4571569694188339299,3783839069859684244,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4640 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4424,i,4571569694188339299,3783839069859684244,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3628 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3540,i,4571569694188339299,3783839069859684244,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4808 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4656,i,4571569694188339299,3783839069859684244,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4636 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,4571569694188339299,3783839069859684244,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4952 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe575dcc40,0x7ffe575dcc4c,0x7ffe575dcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,7572930398602186781,3028156522163369064,262144 --variations-seed-version=20240605-050120.949000 --mojo-platform-channel-handle=1944 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,7572930398602186781,3028156522163369064,262144 --variations-seed-version=20240605-050120.949000 --mojo-platform-channel-handle=1980 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,7572930398602186781,3028156522163369064,262144 --variations-seed-version=20240605-050120.949000 --mojo-platform-channel-handle=2368 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,7572930398602186781,3028156522163369064,262144 --variations-seed-version=20240605-050120.949000 --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,7572930398602186781,3028156522163369064,262144 --variations-seed-version=20240605-050120.949000 --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4392,i,7572930398602186781,3028156522163369064,262144 --variations-seed-version=20240605-050120.949000 --mojo-platform-channel-handle=4412 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4600,i,7572930398602186781,3028156522163369064,262144 --variations-seed-version=20240605-050120.949000 --mojo-platform-channel-handle=4616 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4596,i,7572930398602186781,3028156522163369064,262144 --variations-seed-version=20240605-050120.949000 --mojo-platform-channel-handle=4756 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4604,i,7572930398602186781,3028156522163369064,262144 --variations-seed-version=20240605-050120.949000 --mojo-platform-channel-handle=4716 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3764,i,7572930398602186781,3028156522163369064,262144 --variations-seed-version=20240605-050120.949000 --mojo-platform-channel-handle=4916 /prefetch:8

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

Country Destination Domain Proto
GB 92.123.128.135:443 tcp
US 8.8.8.8:53 browser.pipe.aria.microsoft.com udp
DE 20.52.64.201:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 13.107.136.254:443 spo-ring.msedge.net tcp
US 152.199.19.161:443 fp-vs-nocache.azureedge.net tcp
DE 20.113.200.164:443 f91b65866a32eeaec13b59b2642b97b2.azr.footprintdns.com tcp
US 8.8.8.8:53 254.136.107.13.in-addr.arpa udp
US 8.8.8.8:53 164.200.113.20.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 clients2.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.169.14:443 lens.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.187.238:443 clients2.google.com udp

Files

memory/768-0-0x0000000000250000-0x0000000000266000-memory.dmp

memory/768-1-0x00007FFE572F3000-0x00007FFE572F5000-memory.dmp

memory/768-2-0x00007FFE572F0000-0x00007FFE57DB2000-memory.dmp

memory/768-3-0x00007FFE572F0000-0x00007FFE57DB2000-memory.dmp

\??\pipe\crashpad_4212_BTIIRCTROHXIFZGG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 0aa363eb301b762f787b8aa735cf2151
SHA1 7f58dfd6f8a0d78f1546ec30607079bf12bfef6b
SHA256 d5d047841abed416571cbc5bd5d39636f08d16df74f11a75cf86012f2accdd8c
SHA512 c995cbd23401651214ab0d1b33afa4241267a4eb2712316ad01774bda31febe2349cffacf5d01f63a008e4d754bd5a4818f5b94c44ab6cedeb570d291e737733

C:\Users\Admin\Downloads\search.htm:Zone.Identifier

MD5 4afd3f87c3b1310edb68fda3f6811256
SHA1 5631d952072d10486d8c2c73c473d13c3f5d6df1
SHA256 88b9167118f7de9632a72444608bf35c5ac8241f4283ee51a8cb2f0376d1d796
SHA512 c47269547ca76fc56c84dbbeadbe8b429d85704fd2ebfb74723911730faf7760cbbd88444c2b0ac8b4a8e04a2f7567f50b922c272d544c0f00a6a1dd785bc268

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a67f55f2fa85bf2e90c28d30b3da1809
SHA1 0b9d9804468e3a2ce502f8e7bde2ca3c1f00237f
SHA256 0acfc1b7bd0b49e8ad8e47d7d2e824f6d3a7acf778ffa834e988f7ae9244f5d4
SHA512 6cb41b9c55406766656bdc48828879947fc2053177f3d6d0921af93c1b47648ea2549b7926563931db13a811dbafbd15dcf66ae68d1efaa3399906cd8b0d8d7d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 1a7bf2a45df46806686ddf5d762fc2dc
SHA1 71c89e50ac02d9f5656a5f217ff278e3d01d0212
SHA256 b6b837939edc5d9c3ac1ee314986e2d21491fad173511a0203cdd8dd736a5abd
SHA512 e7bebb960a81d46a9c72ffed6fcb7a6a93bc6087d0ddac01e981c493394f800ab592dfe44d2d6a6219715f0bd3d9e10eace809ac45b473d54b5aaf220608462b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 89b69154b630475950c12dc5b9f60719
SHA1 c78680dc3356ab50188e60c8323f7379f048bb31
SHA256 d7ab1b7f0f51dc87f52ef705e763338e82ac7d8209c55f9be150d95499bb2b78
SHA512 47ef11c3ea0a7c9840ebcf9033fbca8c4602878726d23c856908e7ef7057e437e09717295c7d03000f4550ec02d5ae22aaed8105235e926447b8260755b75b4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 586bb9b7d2af365088edf2436e6114cf
SHA1 c4d7b38a42cdf617b689d5aa7ecb6a38ceaf3904
SHA256 8ccd54dcde6f9c57dff1d98f720d14cdea636dfe4d7d8fba6d4e7d4f2e898080
SHA512 e8e179c1b371b7e0235b229d75b9260ca0b1ab8a17b7a051a9657796876a5e35b7eab41027be7bd3cfbfdda3d7f77c11d5312c02be521206f843dbf65b578b00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5444f0a251939697fe348f81ea9cba04
SHA1 a64cdf83b9db2b6f2cef72d10c7247d98094fe5e
SHA256 3cefe5c22a149dae79519ae817abb551ca1546abe954ec5330d8394cc7820e89
SHA512 8e3ac11ea4026ffa456979059de525cb770bb68f89ae90353227a14b2d65bf952b30a0477ef18e2dce869456aa9cc6203db444a6d973791bfc8217a87809ce05

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 dc3ded5e96fced8145c889bd60914bd6
SHA1 afb43e4b3e5b858e3c1231150e575c1d88f48192
SHA256 44a2692338d67db01bf59575644ed1a2523017f93294b9dae01f97b279f2a4b7
SHA512 9cab841904287c0cc1451d6b75ae55671d30dc183d1624a7c3404239cd7359b4dca51f8d39e9b637f6cac1e5eaafcfc211396e29b7820927d804c053f0e2fd6a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

MD5 5d0524a33a030bc1c61288c3457d59c1
SHA1 4e866a88fef53ffb7a167c6e149d996e6e7d1af6
SHA256 932737533b03f41fd5816125abf6180bb23820edbc34edbf59d3b956e8558276
SHA512 1a8c8d158dfe127a9e1c466c4fb0eb3d68de61d67bdab1422197de53050b0a58a5ccaba5d52fd603c983c21d46a87b30cf3afc201ca6a1dfb23f76fc4a8b119d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

MD5 42052b8dc7c47f22b4d69aced26e05ca
SHA1 77a9df98aa09a8cf6b10b2434b452062c33d72ca
SHA256 e8c3603a261ce0a40e8e75fa93a7651af1a14eba4729226104215fed63057375
SHA512 f6e0f646f5c8c5c135e984b1852834deb9d63ba9efa6b74ebdfc6cf37882b9906dc0941edaa4b504b3b50fd0c9e1709a46c361a109887aa64f415e5e9e028eb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 2f3c19a045bf82434389fae16847cbe3
SHA1 87e0fc68b86500ec8af3d158682a3a122e663f30
SHA256 a4cef48ca1c4bcfafec058d86792193458f91e74c932bc3e5371a79246747d21
SHA512 c051a331199cdbadd1e04dff30025c67ee3c09773650de61184e52f34ef79bb07b0a69435d13b1e8680c622059b8ff003ebc065e5345dd921961294e5905dbe8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 aa12ea792026e66caab5841d4d0b9bab
SHA1 47beeba1239050999e8c98ded40f02ce82a78d3f
SHA256 65fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1
SHA512 0b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 fac49e161e404a2a94033d91245077d8
SHA1 fcdd095a60d94e7fedb86bf29c784007b4d7e9c7
SHA256 782fae8642551618ba67e354c7335e274ffeb931ca0c02698e5cd8ca5931a349
SHA512 0a3e34ab9bc45b40f7c2b2c26896ced8869a78992e1a8fae4d0dffd7815216a0168c19661de536b6174f168f88563185ed87929c04a7d8238250960bcf562bb2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 48a6dbb417348b1229b8a3377b98b40a
SHA1 7593b876dfe5d16ab9da6d3c97183a61f5b66273
SHA256 b90854956b21b7b416e2e4547376a55cae24b5833c86abc7d2c11c2d9ab8647b
SHA512 dd952d60786f3836c65350663e0d6854f608beab4e9c407803badd1fb33eb0f3bbcb87f89dd2b42e680389878dd454ec229e8c6a8f8f76cfeeedbe28621273ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 53f6d3b26c367b189bd2fd6fd323a1a5
SHA1 06a3585c60dae9ce8848540aa1071e2e0a50feeb
SHA256 5c310f7c52c4324cc9e16e0dbf8f2617b24b3d76574c85a31b6f649fa2873878
SHA512 19900bad283e747b00d7e839a0c0700346d2aa3b1ada9846a9fdc0c30c0c4577ed8332656791bcc67e87164eba02f797fb857dd2e2d148b31d74c188a223d847

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 9603cf9a6a10b37198419f5c2851dcfe
SHA1 ff78a875ad840270d4b3fe1a080eda9c4f148be4
SHA256 f631340c2fea57b6bc8ee17315028e0edd6e0030b8f430a445727a62b2ed0d11
SHA512 f28fecb48f55c569a3e36c865d5324b664602dae37e04d5a2d0982f41e4accb2425b19d6c21114874084ffe6afb11a32dd43dc111846d97d13f410c385f349e5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 7d9a65c24df533d221c8c3b6916f4e0c
SHA1 9490038e42df392c4413aafcd8bf4ad400997edd
SHA256 9002b669dc63a28be21afac46c1182c02b6c59b574ddffdf088cbe07ce0a7fc9
SHA512 2f7a03ca4e9a95ad925f239cc793b798395f834bad195e1b33db66e9d1a5d25fe33819b861c20bc7646cee24852a659b471fc55d8b50ffffdcd70c08704c4334

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 5c43122231150946abb92686220a8bcc
SHA1 0b991502bc3af0a07975ca895edd299c75c57ed5
SHA256 841cedd0e80d41356311d441afc895ae489efad18d57c3b34e156bb34eebb759
SHA512 6ccb0748e8e3089b8970e8d8165490a083c41683dbec5d3e5ea93560f04fa8bd497ac7eb45eb7975cf655a029c9c1b6d8c7c4a0989ce591c54ee2b89021a46bf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 feab97d30d2998d1a37124dfe2c13c81
SHA1 4b59615e5589d84962f682bc5bf51cd2c9844e2c
SHA256 60c4107df8d85aa978afc2bbfe76ebdf17edc40b9eb7fe5f6369064c80530200
SHA512 229cf0ab95f4d16e20b0461e6a297a056c9f82f756627dd1d5887bef687080b0542f2b575ca7c372d0e46735b344c64c12c6396677cc4eda3a049885ca7d7fab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 344a98dff9e2b16048f35b3ced7de004
SHA1 ded84136d17609768d5cbe4e123a77473a5f6858
SHA256 7c716924f9b8241216e246fa0e581f90d14d4791485c3246d936297c58fa6a3f
SHA512 d7227a9730531bf9ccc3edd0b3c3e63983ecf0ff248f035d6f45d8d282d85f1ae5b929bb534007820c8dcc936e7b9a126b53e17874f196a38b9f461cbd81f0f5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 141fb151d647071f4e67f2be265b06cf
SHA1 ebd45de2ea1dec80831be1f7965490dee64eaf83
SHA256 5882554bd0d8bca7c54fba8d4fbed858e2102ba107281924176f4221f48bd358
SHA512 62f2db9a450e339de29d44fcedcc569d5b663333b68706447e46b1f1e4ca8bbcb66f28442ec627ada73a13dda2e84dd624925251f7975793ac7bdd4d713b5cc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 aaa1d3398c11429309df446cc70a4b24
SHA1 426037d880450cfe67c0db4e8836d8cf67c3af33
SHA256 d3c5bb416732a0643cb435ce980e4cf7ed0d96375d6d1d866565ffa4cf5f4e31
SHA512 5400a74ad59ee80e11b97e884bedee53af567520b807e4c3c43b68446bb495a967e22838aeee4bfbf02486ec5abfb2e821c5165ab2b894a54e0d7eb70c7355a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

MD5 3c5279c0434119f9302ee505e3bda94e
SHA1 3a0b28444ef8493b3627249db762e3a672e75c2f
SHA256 38a16f0299eaa4038c090164990f9a26bfe7e8821c8ea0ccfb513b4485d76d36
SHA512 e6b3970e010e55e0e49cdb8d22ed13928261ce78b5c97a57200f6b0b7502c5ff1d7c772df7d4d9e3906ec197433c7351e983abd60c1eafb1330d040154496b65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

MD5 a66efaa590a0d16b1874a35836ba0a4b
SHA1 bb750c61e162420271f89a90f2b58f43587680e1
SHA256 b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654
SHA512 2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 0bde98edc399974557f0c1241c1ef431
SHA1 29f70edee5dab50166b8262a277664b92954f158
SHA256 e0c858993ebcb3d0379fee485a60b0b7e72e0813a5ed79dce6fb3edaa9918d78
SHA512 abfa7a4febad8323e3c3b9dc1e161b0ac8d032e5e90826f5e2dc4cf17dd3de7a660224b98e8a863e2f03578f52dbc6bc52f92b9e9945c78c9c626cc1e85c314e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 497ff9a5a1501a3dd76e0883049f6ec0
SHA1 86098e490f3d47f3e97e24ed202469924162a8b0
SHA256 1ac9ae1c8e94edf1137775e676c2376c697651d7a3b74f0d2cf9f620e2671f0c
SHA512 66fddd52a88b7fd73f6f955ad4d42c61c00f1ced8669809123ab677028d44f22eb03df4b943c3ddccbded3257b2456175d803909c8832307990b3147fba2c249

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 f825d5248f59bd7b7d0aa2c344d59eaf
SHA1 0a5f5293b0091c77d23bfa2193abb7d6c7bb8920
SHA256 7491e520c61b72a5cac4795b90fdcff58f31604c739e27aef049f09a5f4d7c5e
SHA512 c9afb7c5d6306414c71be8efb3276604162de492712182a838d215b021b6c3f7d69cbbfc437e9d51fcab72213ab2a2ae4e582b90fa802d20c57bf2276803d677

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 18f16f28634a18358d1091da69d3cf20
SHA1 ffea8e23cf56a13f68093dcba8d5cca8c2fc5da9
SHA256 92104b6fc601ef423a759f549aabb9b892696a6dde47e19b2c811f8b2db0856b
SHA512 2c108e756135c42be8b8b5a6b08912628e1672e61c41bebc721b4b5d88dfaf5f34deb7de84d036813dc05f4afad15fa67d29a0001b649911a8d658f317a931e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 c3263a6540a71aa168441f2589f2b251
SHA1 e3371f74fe498099c380f2ce4bcf1239af5244a3
SHA256 87b9a14637383b92ffa191f814171714739369ec11bfcadaf6ab097d7c8482a5
SHA512 c6873fe9d48794d611c9561fdd62e3df4fc3e9dc7f058a32cc0b1b06b0f888e477b951103421562ff767af313077b57e76e82beaddcbb1c7f7d38c2fd32bde8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 37a4b7f0be79eb3f3d3bb36eeec10e80
SHA1 fda290b03afbdf93dc194d0f09331469fd057ad8
SHA256 2d84204bcdaf1900367ea8e6a3fb2e803036404c87ae5504e541933037539442
SHA512 05d64878ee8d0b86d3108637e170480c7ba61e2479c9adcce0301b08609e87079d71d73859af3dd28832d0abec85a799112344872a9df0bbcd2c56974245a870

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 56c1e36f7011a70860d19b2e83c5b613
SHA1 ec355193d24ad4ec03c7e63b9bee25026c74c4c8
SHA256 5d92d5a64297dc7e49ad7390ba8c3b1e027fab119c24a6f47c82ef1f71ed79a3
SHA512 6ef02f216ec85c035e083a830397fad2762394646376e6980ba815c8e3be42ceeac6c86bca6298163119e089c81a29ff41283d98846c66fe502f2c679c1a9790

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

MD5 8e4af76fa6e4afd87057de268b20efeb
SHA1 68c5d19fb6a8248f6a63bc6be48f565865beff97
SHA256 7f1d2ed9ec4332be32982fab1e0725d7e7a880509a5292dbdd821b5df2f5ec83
SHA512 077f328a90182b65feca672dff010037a8854848dca051e9fd6135883a0d4fe396de8e5b91bf97c6e6aac1aaccf4af3e9a53d5a4b80b668f356ee36d66613dec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 050318be55073ee0e37aa1a734b85d03
SHA1 282624ac5a2ffcd52e03e1b7b1bd112db2a479f6
SHA256 79f0bd2df4d579ba06f5dde0fb29052893bd7e2f1f28b8425d0db2139a5525be
SHA512 db3af0f0a01e7162c7114cf8d487b9a7c49add2854b5000e4b7c52aa1de3ea48580bb4896dcb35cdc734495ed020fb6b577fc9bd9d70180644b09231cbfb2506

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

MD5 c380011f04acb74a101f5410fc67e037
SHA1 03686e7b13c504f6b821636518d09e913c806a7a
SHA256 be81384be53fe104afb732d12283010ede4bf8fda5e9c97f14edbd0e7bdd031f
SHA512 ec6a53bdc29382529998293964413e63d98a7a137374489158a9a8756da3de3fea3be466792f57baaed9e094c3ebf58a547850e8a439f4a12221b42dc9f3f8a3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

MD5 af6b163fea6ef0c8847a567247904edb
SHA1 8d90b060ea84f7af8660845928600294122c4481
SHA256 78415a54688503f0fbe8c5efd6a326faaa8d31b068617ae482968603d467915e
SHA512 311520ca73dcb9a0f2573be098bcd83174e3a9d153cb45187d92908ac9789aa56598f1bd9881900e0a0d9eac12e460fe970b577985d2ce78aa4fd6789937456c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

MD5 f301f604176eea7720f01342b89ac01a
SHA1 2a94e5164e07ca34c0959f76701d5f8ceaadd9d9
SHA256 8a0653d131a85c765b8d52eab68e516bd82aa486420271f16bd8cd2bdeade0e9
SHA512 168882811346a6f3dfdee7d4584589958f7df89386e96ccb5b67644e7aaebd0fc089ac84cf9e47baa87b35321fcb4eb75cbb0106e633d0dbe04c20d6f6f8103a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

MD5 395c5e19e1537d211ded957d6fe2cd72
SHA1 65d822ea4b32aa67f3216753a52f32f8400e7f0b
SHA256 9db3db36cfe2011a31cdaeb8c7aaade1028f5994b45021f9600d4346016b7cd7
SHA512 7d426a42cb944004a0eed72e12edc3af46d58a21cba102e569fc63612816a716ab2523285c5a907cb54026dcfcf51b745089ef87ff11558d95164c86e987e6da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 594ca784eba67eaac516b29860e52123
SHA1 e4a8b0421bb76203e5d930128ac3d4c41d086410
SHA256 be1195559d62f55d3044bf49143941c01030d4faf0de6559ffc9682d532e831a
SHA512 8f4512bc515e12c92d59b8c7f3778f52487daeb107ecc33a5ead93dcc8296d6f7bbb27efaa0587d42abd9e2fb2756d7479b605cc292e179d1a1154009cd750e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13362100417354924

MD5 f7f70d4bdc82aa0bf9485ee45d209c80
SHA1 ae941422cae8cb45ed9615b6dab54f372a27e9c3
SHA256 0c35d0d76c3a7e6118f55d4f612368de9343ad690b11e692f8489e5cdc185c54
SHA512 f84ba1fe4e048db9c80e9e396887642202e51665a2bd3bd75b2a638a7531a7042d8bb4e4b8ea03148d5b81dc97a2237b999258cd5e72f4dc2c4e963a1eff62ae

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 18951ad4190ed728ba23e932e0c6e0db
SHA1 fa2d16fcbc3defd07cb8f21d8ea4793a21f261f0
SHA256 66607b009c345a8e70fc1e58ab8a13bbea0e370c8d75f16d2cce5b876a748915
SHA512 a67237089efa8615747bdc6cfe0afc977dc54cfd624a8d2e5124a441c204f1ec58ee7cfbbc105ddc2c18d4f254b9e124d71630bcdba0253d41a96890104f2fff