Malware Analysis Report

2024-10-10 10:00

Sample ID 240623-nafzqayfjh
Target cheeto.exe
SHA256 e82372deee967ba8a1a74e29a8887ac64e700554153267d09a184986a98efa29
Tags
umbral execution spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e82372deee967ba8a1a74e29a8887ac64e700554153267d09a184986a98efa29

Threat Level: Known bad

The file cheeto.exe was found to be: Known bad.

Malicious Activity Summary

umbral execution spyware stealer

Detect Umbral payload

Umbral

Umbral family

Drops file in Drivers directory

Command and Scripting Interpreter: PowerShell

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Views/modifies file attributes

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Runs ping.exe

Detects videocard installed

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-23 11:11

Signatures

Detect Umbral payload

Description Indicator Process Target
N/A N/A N/A N/A

Umbral family

umbral

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-23 11:11

Reported

2024-06-23 11:56

Platform

win11-20240508-en

Max time kernel

2699s

Max time network

2696s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cheeto.exe"

Signatures

Detect Umbral payload

Description Indicator Process Target
N/A N/A N/A N/A

Umbral

stealer umbral

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\etc\hosts C:\Users\Admin\AppData\Local\Temp\cheeto.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Detects videocard installed

Description Indicator Process Target
N/A N/A C:\Windows\System32\Wbem\wmic.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636147488275763" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\wmic.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 436 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\Wbem\wmic.exe
PID 436 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\Wbem\wmic.exe
PID 436 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\SYSTEM32\attrib.exe
PID 436 wrote to memory of 2992 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\SYSTEM32\attrib.exe
PID 436 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 436 wrote to memory of 5112 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 436 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 436 wrote to memory of 3872 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 436 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 436 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 436 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 436 wrote to memory of 3048 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 436 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\Wbem\wmic.exe
PID 436 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\Wbem\wmic.exe
PID 436 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\Wbem\wmic.exe
PID 436 wrote to memory of 4264 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\Wbem\wmic.exe
PID 436 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\Wbem\wmic.exe
PID 436 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\Wbem\wmic.exe
PID 436 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 436 wrote to memory of 3352 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 436 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\Wbem\wmic.exe
PID 436 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\System32\Wbem\wmic.exe
PID 436 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\SYSTEM32\cmd.exe
PID 436 wrote to memory of 4796 N/A C:\Users\Admin\AppData\Local\Temp\cheeto.exe C:\Windows\SYSTEM32\cmd.exe
PID 4796 wrote to memory of 2344 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\PING.EXE
PID 4796 wrote to memory of 2344 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\PING.EXE
PID 1960 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 1388 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3148 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 432 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1960 wrote to memory of 3348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\attrib.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\cheeto.exe

"C:\Users\Admin\AppData\Local\Temp\cheeto.exe"

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Windows\SYSTEM32\attrib.exe

"attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\cheeto.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\cheeto.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" os get Caption

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" computersystem get totalphysicalmemory

C:\Windows\System32\Wbem\wmic.exe

"wmic.exe" csproduct get uuid

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER

C:\Windows\System32\Wbem\wmic.exe

"wmic" path win32_VideoController get name

C:\Windows\SYSTEM32\cmd.exe

"cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\cheeto.exe" && pause

C:\Windows\system32\PING.EXE

ping localhost

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff97200ab58,0x7ff97200ab68,0x7ff97200ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4164 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff97200ab58,0x7ff97200ab68,0x7ff97200ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3820 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4316 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4736 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4716 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 gstatic.com udp
GB 172.217.16.227:443 gstatic.com tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 208.95.112.1:80 ip-api.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.137.232:443 discord.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
GB 142.250.187.206:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 172.217.16.238:443 apis.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp

Files

memory/436-0-0x000001C8B84D0000-0x000001C8B8510000-memory.dmp

memory/436-1-0x00007FF971813000-0x00007FF971815000-memory.dmp

memory/436-2-0x00007FF971810000-0x00007FF9722D2000-memory.dmp

memory/5112-3-0x00007FF971810000-0x00007FF9722D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_q04zb405.vv3.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5112-12-0x000001CFCA9E0000-0x000001CFCAA02000-memory.dmp

memory/5112-14-0x00007FF971810000-0x00007FF9722D2000-memory.dmp

memory/5112-13-0x00007FF971810000-0x00007FF9722D2000-memory.dmp

memory/5112-17-0x00007FF971810000-0x00007FF9722D2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 627073ee3ca9676911bee35548eff2b8
SHA1 4c4b68c65e2cab9864b51167d710aa29ebdcff2e
SHA256 85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c
SHA512 3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 1a9fa92a4f2e2ec9e244d43a6a4f8fb9
SHA1 9910190edfaccece1dfcc1d92e357772f5dae8f7
SHA256 0ee052d5333fd5fd86bc84856fec98e045f077a7ac8051651bf7c521b9706888
SHA512 5d2361476fa22200e6f83883efe7dcb8c3fe7dae8d56e04e28a36e9ae1270c327b6aa161d92b239593da7661289d002c574446ecfd6bd19928209aae25e3ef64

memory/436-31-0x000001C8D2D20000-0x000001C8D2D96000-memory.dmp

memory/436-32-0x000001C8BA5B0000-0x000001C8BA600000-memory.dmp

memory/436-33-0x000001C8BA430000-0x000001C8BA44E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 fa21dd50b4e64421076f843031c8ccf7
SHA1 2c56e94f130c0d8d77116e939ffee4e37cf982bd
SHA256 e4f21aca1e12aafa8de7af24b79a75526e902c7d4b3fea5bdb6e723976997be3
SHA512 b8de2bfeb7af06c587dd1f424d410cf83471f31a55a3ea4c4481ce07ffd9bf66ddc1f7775ecd6ac65ac33baaec90ba5a208a9aefc84f31125a50dfb919982687

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 7332074ae2b01262736b6fbd9e100dac
SHA1 22f992165065107cc9417fa4117240d84414a13c
SHA256 baea84fda6c1f13090b8cbd91c920848946f10ce155ef31a1df4cd453ee7e4aa
SHA512 4ae6f0e012c31ac1fc2ff4a8877ce2b4667c45b6e651de798318a39a2b6fd39a6f72dffa8b0b89b7a045a27d724d195656faa25a9fec79b22f37ddebb5d22da2

memory/436-67-0x000001C8BA590000-0x000001C8BA59A000-memory.dmp

memory/436-68-0x000001C8BA620000-0x000001C8BA632000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 17d36e2871735da5dc714f2989e25f06
SHA1 15fd7420c63c69cc5c543c1dd51bbd85a32802b5
SHA256 815e7a726cf6bb33f206036ed3e65db8cb93857375275aca95212d6e6ce143e6
SHA512 edf49d1499f99f7eade0ec9c9459bb82629059b1bec78dca5a7df465a78c9b4d026c4c0da7c7be590606dba96402d9cc2186b305f4f994dd85a3d291e3d2d5e8

memory/436-85-0x00007FF971810000-0x00007FF9722D2000-memory.dmp

C:\Windows\system32\drivers\etc\hosts

MD5 4028457913f9d08b06137643fe3e01bc
SHA1 a5cb3f12beaea8194a2d3d83a62bdb8d558f5f14
SHA256 289d433902418aaf62e7b96b215ece04fcbcef2457daf90f46837a4d5090da58
SHA512 c8e1eef90618341bbde885fd126ece2b1911ca99d20d82f62985869ba457553b4c2bf1e841fd06dacbf27275b3b0940e5a794e1b1db0fd56440a96592362c28b

\??\pipe\crashpad_1960_AUFSMNZCICDODERF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9f0dcb2b1fd587d3bafb9c701e3621b2
SHA1 c068494c557eb2908340323d012f83d53532e958
SHA256 74da2cad6e8d068cc4ffd5a5cef007c79b77bb50e733a94c3c7b8fbf05b8222e
SHA512 0e05bd50db1c1b927c7afbf809318fec7ac287f53f4a84746a1a379e156634ba7af8fcc10e6e0db6139ef7a5334bd75dc8a674bbaf47b7af8ed55788c6bc1842

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b626c6c9304f060bfe8fdb0aa25ef743
SHA1 4ce08b0288518f1c88617155c9b84a242060dbca
SHA256 0b23f01218f70cc7d91a334543e1fc3434db31feeb6b8b5c59c0f80f2b770162
SHA512 7113d202130b6adb1b1971ebf2606fb95f15d7adbf1d36b8c6817ff0f55baa7dcca9a035fe176008026baf0a02799638801e4eb1d80b66ac87a961c145f8ffb1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 65ad248c3c6154149d44443fa966586a
SHA1 08c4843e8ce83946a87745757157fbc28f11fcbd
SHA256 30e878e1c4c315631f541e17018a2a5612694b24aa6e2da41bd2bc53f976d0af
SHA512 5b3802e6d9323323e905b8d91c22cbfd24483b97470a2b99b5b0187afcde33e0cdce0a7eac7a6d48efddcd87de6ef8c55b632c4ec80dd7f60fad22cd001a83e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 33c1929ec889259977fad8360c1cffcb
SHA1 f700ee4f4c82adc1bcc6c26a1affaaadc2126d0f
SHA256 e50d3f4b63348ba207fbfcfb92bd630e016a5351775f9a33ddb88dc99fa2a97c
SHA512 9758b86c4ebc9d9c80cc0006b37066970ed1b082cc531df6cd7b65d14806ddaf6c7d179823874fbb86d08fd28991838095564e65e4765255afa6e5439b41456c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 721405564c0b7988a5d87c6918d7c021
SHA1 dfc7312dd57324b6f54e3dbb0468c0e035bf4064
SHA256 7c39ba0caef0333acd5c0a368f0da04365c16df7bc83e169bc2cd74ebe569924
SHA512 411ddee8526faf34712797f8be72d2fb3d374b6fcf934f97e11622c53660480e79746df2c6da7c4eeebcd00db552c81b9760f4f5b40cad156db6553224d828ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6f53997d83c5dfd439f47f807cd7245e
SHA1 f3cbeef03ffc979c63d6ba6d7465375949e3611b
SHA256 6491a94ba64163deb1ae539fb108c876b7052d2e651d18c6d66b602c17e7c94c
SHA512 71035ec848f44052c647ac4dc6ce39aacafbd9644ce864a6d0e5959b533a12dba21b83d3c08d99290a1ce79b0f9e226c3edbabd218cc78e8f5d975be131a45eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 60bbc192dd26ee52247b0156ee1df427
SHA1 ac903b225dfb28bb8e1648653fb5712bc205916b
SHA256 1644b5e335173640acc6e79f9212c9b84c0498308db5168a0e9a6011f02c609b
SHA512 767dd86ede9b08cbd3a048cc93f8e0a64ee0e8924ee6272a89a3da608228e722e7872d44a066c3e2a13b8a27df9b40e46a7b28498e7936fecd8c97d13c5c36b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 961e3604f228b0d10541ebf921500c86
SHA1 6e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256 f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 284a4a0938c25db2b7f3168008d3b0ff
SHA1 a8bdabb5c9ecfa121ba3db5cd9c03a703c65e1be
SHA256 a56d336a144ec2efeba12a2e3c8b54d17501652379e02e28154c33f36514f0e6
SHA512 b220cb1a3aa84afbfba328b42e7cc90cb51d86dd1d077d7a3b7908e37b8e74aa6d0d8cbebdb25f7b0614ccb4c98dd5157e506a879a44d40dd51ed1799d7d20af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 ff25badda05dd05f3d5d70f0ccd92a30
SHA1 e91aeced231c1329e77d40b52e37a5e7b8150519
SHA256 77208e3c61ecfb226c3deff3f7e112f44d2c3a4b2d8bdd1cb075f0018e7b14f9
SHA512 e44e57c83146ccf2f410ebda612b2e0ca2aaa4c8a200a98d61e867cab3324fc9ea2f4d140ef99bbeef916d29d3b4b3de57611e1cb976dda45314abfd3e3d7747

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 32288fc79ae1d627c9755c45370d872c
SHA1 41ba8947349bbec0899760232090c6f7e91a1a81
SHA256 869d24b5b207f869629bf1a5296bdeb46cf53f58e4fba9ad58a3b012a030bfab
SHA512 dab3433848c45db45d28a2d3a91c64a60fd4237edc94fa0959c47153bfd10c1c88dfb7510eb5c6d040c144b7563a12ba40f8152dfb1df36c5bd6eab5ec6d185f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

MD5 befe20692d6033d8186c4b88787a2b72
SHA1 aa80c019d748c6654e252eb90737137228b17707
SHA256 2938ab39d7f856282081d3ad30c1e2da7be573ad534b79d9532d2542671cfaef
SHA512 eb2c9186a8e41be2019b894886cf648b9329b10dc9b76d0ded322ea14d4d31191555458c99717a48117dfb720f54022c8aa14116ce29e682b52cd29c37e2df3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 882cfafea14f13f179694cf6ffeb9f8d
SHA1 c349aa1a98f49d62fd6d71d008266990e2fedf21
SHA256 73ecc42b645fb1ae814696dc7e3ea12a230012d19ec2faefee85dd852029d661
SHA512 ce7e7d48611e0dcc3a57308ef867447d2a43b5deadf85aa3164ff6b1a8d52681b16a9b871f51c6c94d5cd2e721727e83b8f93aa6d3daaaadf4250c69e1f151ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 0d985b74827dfb0dd406b5369ecd7bd0
SHA1 7d3eca03f0b08c1f6ea0481aebd07fd324a43735
SHA256 b3efc7787e7b320b236d25876b7d7c306b4c1604207f2f569615f9d1367a7f3b
SHA512 a24a1d86b6d8bcfb9d88b126ac822a8b8811436b15aae71a298d6448cd3162ff8541c43a5dc8db52b9c66dab5a9355ed248b8d69df06662d9940a9c663afff9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 b39be71bcbcffa45d332af2ed5928c0b
SHA1 bb5520be6d50286767ed0c2ac06780eba6b645b3
SHA256 3cde4417e7fb01d7e3469d290552246dd1f21a1c68e076554764eceb2f2c0159
SHA512 9105c12af9bcbdb84b1249ccbe8b079dc24d42ae105476e90a31ba34e477bfb9bc0d7477d2e9610fc82e5584a08b1f15c781f4aa630283b3cbcc4fd8d803e8ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 7b1248eb48525256a214a55a78335b82
SHA1 b026013162e7bd362baad94c11dc61612a2385dc
SHA256 0ab6b44633f4c4466d4a390f630bef73c8242e46cfbf7e4dbc644e5ffb453757
SHA512 e3a6ff2a1e7fd26e6d81ce09a1e1dd62505a10534d84a612daae43e55e9fd524cf7e97e6f46409b9af9c2108514b42b91884a4aa4b24c06ee698826d93fa591c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

MD5 baae5e55facea5f41a617a9bd4f70b86
SHA1 e0895fe6ad826ebcccf4540eb504a1c50b7c9fe5
SHA256 660a4e6d45e4922ddc5c58846dd631c42e3a4d298e9174ea53cf9f8ed3328498
SHA512 594021621d8d6f5e1a280bb1d2ff4ee9cee4235cedf190392b82736a3b3ed56169c3a785a19d13655da1e4caa71b11195fac20991eaa36adba57affe8f120815

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 2e2ee494dcc8f53c145072209a1661b1
SHA1 ac824af8d1810e3148f0817281ce1fcef0c2407f
SHA256 2cbf45b9ebf80a33dffe6898923df9a25de0c304e2c4d9be0a43f9d93ac8bad8
SHA512 51eee210a8a2bd8f05bcdb4c84831e37d3be648195feda8e1721b2126efe2e2157783e7c17402c52a24206ec8653bfffb35f1e4be69580d76acd804321542675

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

MD5 cfd2fdfedddc08d2932df2d665e36745
SHA1 b3ddd2ea3ff672a4f0babe49ed656b33800e79d0
SHA256 576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536
SHA512 394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

MD5 caaa5222d179a24ca5540080c7018b99
SHA1 1f415a7a73a12a4c16f25709504f4e4e4beae9dd
SHA256 b729255f2e984a20fa0f0eb07e08368cf468fd17ff27a7d1dbb4042ec261d8cf
SHA512 71b4f878aa154ba4a8523c2e36faa8dbe3cfafa082b18796d8b69539dee9506253b9e55fc9b71cc2c9027d22ae08587b0e2ddadbc8d3395dbb73584d1ca1ebcc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 a7bc61aa08dc38d8d8a6e02d8cc75972
SHA1 a602a43dd886d50c9937fd8de66f0df789ae5967
SHA256 e7418dd8e55d31fab9f5248c3ae5e7c94eaf99fb4dd9a2c05d9bfe77f7607526
SHA512 946440af2166afa47785a409ef805644ecb015af628249345ba349927e8edfd34ee6a7ef9594b6cb9fa7c8057b90637265f249a44d8d91e0c5770d518e38deef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 54043669662d05105013aecd8fa81615
SHA1 dc650be86cd4e342d2ba4c944d2047eecbfd187d
SHA256 f702c8a438f79ab4d99042f7bf9cce31b0a777d88d464931af18a17002057f46
SHA512 9c21f8597a60c0b55592c884d78dda1792b34ed0d33b4a05bb01151a01e5cd684241d58865f9d07ce919e58d24ac8e40786e01a8cced5863db06349b272822a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 011e4aca502eff80e9b69ba422e1dc72
SHA1 be09cade14d8ebb3a8f5e7f0bace2efac4c75dba
SHA256 da52c160a1e6e0d2a6a3be6c40de0359229d3ff38cddf01723c635c38874ed95
SHA512 9ace6cc51c9eade6f8dc516043ab0a20c05c80e7f2166dec86d07b1a341ec011a966ed8613890d33e807d3955f6b21fa4b139f287e9016e199ed6377e533c554

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 6f6c33afd34e64194371b6e449401679
SHA1 a420961672ac707619bf3bca3dbd08fe6fbd2f11
SHA256 62add6c4720000dd7533afad0e4fd87ce9bb377543b94e350935837c7e46da08
SHA512 a2f1b4d3293490242340bf153bf8aaf53218a45c8113ed9c5468ae23011486d51d4671fa8057e9cee6d2ef410b482b569b25852ce623146a3c13b5c6c52b6c18

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 6e0c39e4221aebb5cbd03c3aab629913
SHA1 dbaa812068e93f8331b8474c0c71e105d1f2c4c8
SHA256 82034312e7af64469d5bed106ad6b0d83601f4e57eb888f184fb515b1a6b6aec
SHA512 6c4d95279abcb13242f457d9ca4da7c84c3d25a2e51d2078430bad8e79ae1c6534b6fd9e8b098c95bd06fa553876e6f7c9321b12d1604c9e866b1d95cc152f0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 009b9a2ee7afbf6dd0b9617fc8f8ecba
SHA1 c97ed0652e731fc412e3b7bdfca2994b7cc206a7
SHA256 de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915
SHA512 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 c9ee0b55e6073411e1189fdbcca78441
SHA1 f7a9217dd8a0e27668f43f044942efe90580197e
SHA256 069226f23f25d5b48e811ad575c34a66c987cbf4e63576f35246d0c4a583e05d
SHA512 fd5c0153c5a72258eace8106f53ba87617834002bdea546284888da2aac75a542f474a8275c9d7cd2420fc0ec6decb2c704a8cd08ab38a46d731289154c103f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 29b3137234d0c65ebf357aa80cf8d428
SHA1 b37dde924414bd806ec1fc38f50b2296ffbf0a9d
SHA256 6ac34ffc34165f4846bb81da5c32c6c7097751b881c3c102f89909990022eaa3
SHA512 48018b649bf5558aa89446c4d109b018a89b0ed923715932bba295c9deb97ae00da62a6aaadc68a1088952820fc87ffba7e96adf40bcef9b12605c7710139c8e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

MD5 8a30a1fdd0459d9ea8b1e78a8e636856
SHA1 9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20
SHA256 88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33
SHA512 b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 099027031498d58bec921fefacf1ff19
SHA1 0e8732e1171a5e8e94704ef3d4686a91c4fa87de
SHA256 1443f352c9adcb8b37ad0e8ee9a71dd707aa396a34b522b5de6ae8e41c50b931
SHA512 406fc545259681d19684d3f58d72fecfd318495927828ade9eaf6b1b0060b15c812472d87a882f6ef9e4049ae4bcafe39b92c5d1c4e8941d213fe410e65c98e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 1efe2587473d75c80c0b0827d5845397
SHA1 4ab70bdbaa733b4ea46c210cdfdd0eb9c1951982
SHA256 f3205b7453098e79448889fd853cb8b24ccdb3d522939ff85d6aee6a75436d3e
SHA512 ab63c4935ed759b07108286016570902bf66f1519194d19076817f705b7ad1728f60cf861d09b4d0a1fa81d495a62eef0a075165e42549ba6e2d2e1093941241

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 c4d0d49131921ad0a5c9ce651c7eeeb8
SHA1 b589ba2879d14c62dec1680b33d401694495fdbd
SHA256 c8505e8925ba82fe13386d1b84f4cd11f547a8d911169889ff2b378c3f6bd113
SHA512 60a20b47334c6edb85a195acc5db85d39129971309c042a6be0d3e424930dd6c76702761331629846db9f3558d94b4757bc0a5ea20b196ced5fc0cc939ef2bbd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13363614748004516

MD5 41ea1defb61592d8bea56c95268b7176
SHA1 395b950f922a802590feac23191bc58bf09139aa
SHA256 4fe24ede64be4874dcb481a5933b6d63fd2bf13b05db52ddff6a24ab26ea0ae0
SHA512 1e7e9909da8c8de68165e5f8b39795f52f27414b90fe3c864d94238232129fa2c3c272557834098bc088539005c6c5541f58f803ca4f2fea0db0144ef6e38ed1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

MD5 60bb6268824fc5b71e33c0090f65726c
SHA1 ea47f392afb796d5328d41562a26a8df9dba8a1a
SHA256 0d98daf3244d6d2c2a56530bf86da3b30c8d807b25de2579178620bee43ab6c7
SHA512 989cc59335b070b9cb8920c78738feb063258ef4034c97a4c58bd719f43851cde6a14de0c152fb148920e0feeefc1674606993641a60f7300c2d7ce6ccc5b8d8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5cbabab93584ffc7a2c7cbc2698283d5
SHA1 afc382da29aa2961a9bbfdd7d7221963c9fcdab4
SHA256 eba4b665456906cdfc7ba7115e0c035b3e0d111ec0a0ec5a224e428d25df392d
SHA512 5eed525f3ee322a2f5d51941ed50c35f7e4b82eeea522aef6897e172fcfe70ea0b90197c196f54bdbb167cf6aeec02b1c0db77cfc720d5803bbd507669fb096f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5934f5352e4c7e37795deab3a1f0b39e
SHA1 33347c44867bca38a1ad9cb3acc3f7c06ca69e6f
SHA256 a4fbec2f2fe36608bf407b6c0e5d86dd440e78f2d8c1c438809f4996ee4af690
SHA512 287c31202401754774f4b9849399ff77cf3fae85b5267ba6da837bb907cc4dde3ccba3f4efac1a2a669ef7ab30167fedb05c1269ab91b013dc1c34f42bddc1a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 08f17a4125aeab1775fb41794dbfb5bc
SHA1 722d21d2b1e9f8fa780b3116af9ee1cd32dd761a
SHA256 817dab2f73dd4539ef470e532fe6573071c7816a2af7d51dd07a0e3aab464fae
SHA512 b01fe84171543603d549c7427d5e7be405f9e8c438ced268d2a66d8035f830bfdacb79ceb41d47f661223e8a742ebd44f713e9a433210796cfc1b249790bd145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c0a1f4708d0fc001d26cc46912df3c55
SHA1 43f862c40e00ee9900b292e82e837f247868cdc1
SHA256 b8d5cd80b01512da0a52cad9584d2945671d35f958db50379144d17f987af046
SHA512 b0a3bc7c11342e64e26c83c0f327c1a4529286753c545bce5d32baf0cc17161897179f99c460fecad99db1f31765bfeeae1fb4cd661696f8c14fe09d88560487

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9a2df410f7acf1bda0a9d14dc8fe56e5
SHA1 39f0d3e0733791c7bd8b5bfc6eea77cd6f6b1181
SHA256 609dad0f97bd4c00a18f960235b7711c4fc685460a68d883d37fed4f2032b2f3
SHA512 0417f36c63373fdc385d2c1e23c02285c3b96480545eb499f514fd49446b10f989ad06a45ec07840bd3c373d9016351d84a653ac4c59724cfd8968ed32d6a987

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4043ab332bc96640727854d0c6183034
SHA1 12aa7186d5dffd31d88adfff9c1557c82e82a8a5
SHA256 40e3048e9664fbe9f316d0bafe8ae9d80a026e03485307f7d6dec33f582f0646
SHA512 24f84d635406ca715283af07672c344a9e4f6cfb26d32a17218e152736f2ffe3c4eecc25899746314c55d05d091ebecd23dba581bb69aed5ab24be492769bd78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2ef8ddf8c4d2f46cbb10d9effcc05527
SHA1 70c95ca7c8060011485a3a138a35d8633b2501d1
SHA256 7294cbe60282db685bf18d8225e1ecf4a2b89b1db582c1010c44b1093e08c064
SHA512 df4e63f23150ec4e093e159a9b14506ce7588f4d7a95a0f2eade5ddef366716a74642cf5827554b486ab1878c12bad81bb160198756132147753177c9006e142

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 df46eb1fe5d54a0521d9965203a4a9da
SHA1 e977aae1bb82f3d57267ead3b91df3d82d6d50c6
SHA256 6076a9ea8f52f5ad109fbe29f955ee052f626b22ee45366bfa83f70706744b1d
SHA512 5bc5f8d247ba164f1af6f4ae902906568a4e9baf05c9782d999e537730d8cfe443daac6f44aa246f27e9678237a4b57a7e8411e3c4fbe88e943525cdb2ae239e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 be56c5b38955227f9c191b721bbae53e
SHA1 f010757699ddfa6f873edfb0626742a9e5fa3c3a
SHA256 61b026ef699d660a3d68bac7eaba70c3604f3f7a77bee043822530502642c889
SHA512 08207b6069bc20d891bfb6c8c63117be474a06895b0d9394732bf8afecc6da235d184ab8dc5021faf596c692b0fdd01ec107e4b19cf706302053a22bfe95fe61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 09a6c002a5409ecbf9a6e9ed35f74cab
SHA1 3e7de551035df32d5b425a994d847d87771783e9
SHA256 9a067635380849c299897b24dd7846170bdee48740d6d0ec6d29a6a2f385248a
SHA512 600a5045a7e1467e867ed3358585619bb6fc726cb0ccfd9930f002dc9e32c03c9f368fadb16d5f6ad0be9ff08b2f9cdd06cfd5eeffc6175ebb5b3a21d62f4b61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 49132d0c520380abfe38dd0f81f68191
SHA1 0f347782e7b79d6978310e8ca1b976108163edc5
SHA256 9dbc41680d0292e191e16c95af767e4bc531743c9af7722ee29129d5d7645950
SHA512 992a33aa9a89abc965c22c881e6b6f36a0e83576057673d56435e0c914e3ebc4d0b5007661e7193752ca2e6724951dc1bc2781587e50fbc4ebc3330685c5c82f