8e8875152f64ef5b6bbd4b7ce8372f28c0d7403537c942644f4f9abc48d4b959

Analysis

max time kernel
1800s
max time network
1748s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

674DC1D6-0A99-4CAD-AD15-7A3A2FCCA2B3-ezgif.com-video-to-gif-converter.gif
Size

22.3MB
MD5

03606789ccf9b53ea695f646a2d25e98
SHA1

9e768f81054c6d94c3b97da6b7af5a694ba41809
SHA256

8e8875152f64ef5b6bbd4b7ce8372f28c0d7403537c942644f4f9abc48d4b959
SHA512

b3358fb42169f30ebab0323a7df83fe0b4231343f96116883ad6e97a0c1db9e3f1d2d813efb105e462ccdd2cf0754946765cfab8825a74f2d92c32d71d633af4
SSDEEP

393216:Gj4Ho18w2C9vOXz2uSHeMkEiaR/dUk75JE8YjgtM4kz6MO1j:1HE2CAXZSHeWiiVUXJjga4p1j

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133637729881543786"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1536	chrome.exe
1536	chrome.exe
2892	chrome.exe
2892	chrome.exe
2300	chrome.exe
2300	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe
Token: SeShutdownPrivilege	1536	chrome.exe
Token: SeCreatePagefilePrivilege	1536	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
1536	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 4424	1536	chrome.exe	81
PID 1536 wrote to memory of 4424	1536	chrome.exe	81
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 3024	1536	chrome.exe	82
PID 1536 wrote to memory of 1952	1536	chrome.exe	83
PID 1536 wrote to memory of 1952	1536	chrome.exe	83
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84
PID 1536 wrote to memory of 4512	1536	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\674DC1D6-0A99-4CAD-AD15-7A3A2FCCA2B3-ezgif.com-video-to-gif-converter.gif
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff810c3ab58,0x7ff810c3ab68,0x7ff810c3ab78
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:2
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2172 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4868 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4976 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3452 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3084 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3304 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5024 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3068 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4776 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1540 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4076 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3432 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4972 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1828,i,6808552310926079133,17425496142507256015,131072 /prefetch:8
  2⤵
  PID:3356

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff810c3ab58,0x7ff810c3ab68,0x7ff810c3ab78
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:2
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2304 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:1
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3304
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7b4c8ae48,0x7ff7b4c8ae58,0x7ff7b4c8ae68
    3⤵
    PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5016 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4380 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3196 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4708 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1188
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7b4c8ae48,0x7ff7b4c8ae58,0x7ff7b4c8ae68
    3⤵
    PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1956 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2672 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=244 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3192 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4504 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4172 --field-trial-handle=2004,i,5296052084130574047,10911637018521969011,131072 /prefetch:1
  2⤵
  PID:4548

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
23e6ef5a90e33c22bae14f76f2684f3a

SHA1
77c72b67f257c2dde499789fd62a0dc0503f3f21

SHA256
62d7beeb501a1dcd8ce49a2f96b3346f4a7823c6f5c47dac0e6dc6e486801790

SHA512
23be0240146ba8d857fc8d37d77eb722066065877d1f698f0d3e185fcdae3daf9e1b2580a1db839c1356a45b599996d5acc83fda2af36840d3a8748684df5122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
38d9fba893948f5ad3168583239b9ed2

SHA1
7ce02449193544ec34844e7a21379823b0b8a066

SHA256
08f1a3452ad3c53b634108468d7d66754516e46493de5c3ee982749e462c0486

SHA512
a298a9f69f6d261f526a878df57b6cd49a5cef0307aa583ef725a6d4b9c799248e6ac6c5cfdcb84bc03aa0194b7cd9618cc28e599d3d395427752d6b6b3bb4cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
a7c76618ec7d3c82dcfa36176b0a147d

SHA1
a65328f11fe8d2b6385a26152e965b0e60dee599

SHA256
637eb2c9b99a1086178f1e1a416274e69ede20e9bb9c5b656c7bbb1e8582f6d0

SHA512
70fc7adf8cce1e22e2a36b81c8f0df17c7e4523f60ee7e5f2d2e9b20911400b013392361140bb362a313d31b80268be986f3d1393c5b794457e8595fa05be68f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
c358dcbc5398aa6a9691a8bb88263f4f

SHA1
22051f9e060e60c11f085160d49da317089a2d5f

SHA256
c3dd6e18b58038805b33fab7ab7316343cbb00c1bb64246a1260c39dad69cc83

SHA512
af4a1eb9d47692b173b899ed339c988122f6b00dca6b94cfcd3013d26118cdd9eb14a75a12ca3131a73e2a70958d9b7c9d47d11c128775b9fa4d6f31fc251935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
f5988d0a7740979c698c115dfdea201b

SHA1
2735a7a02adbde87ef18a2d474fb0f741d0d20c7

SHA256
cc81477600c3fd148a7e7a426a30ba63bb18e5d88311f004b55fe8d9b20c4381

SHA512
1645d7c103f91da1d8600c1b39f9e26dd50afba1fd692d137c3fd557f84181b9646642ec530fe96c1a933d6fc6c0bffed90c055f38226edd2bea71b821668f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
fe7822e99ab1f43b52caee2aa455e14d

SHA1
8a80cb3f2a977890acf28e5e7023b917db2721b1

SHA256
a742a9212963df99bf185838fc5a135b956655f7e1538707dbe0656c2a7f12fd

SHA512
b7ef264e88529d0e542505df5be61e1efdc1a429822b2cdb91887cae7e6977020491db21e2ec66f72632df5a39de4874a4ad6160e854239034e0a5e5a149c776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
7c898222b4cb86613da5f628f94b28bf

SHA1
fb6b8894f6c8f36fd9b2f7dd7f23f5b8ecb9132c

SHA256
00098ede03ca6944275c1f9a8af843b0018b7ad0e6be666358140dd6a9435781

SHA512
f7d6987d0ed88d62b62bddeb28e65e032981761ab2d2c8f33a76e77b9a19010553d9d072c38aba27f82be49ca80a19bca399205ef785e94e8eeda1f0e18a909b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
152KB

MD5
dfbce1b33a6388320bc93955e1dfa5eb

SHA1
6e92bf64cf5ff0dd9eb53ffca87524929fae71f9

SHA256
f2ad800bbb59765d4500ac61d0135788acdd5c5367b34f9acb214e805e099860

SHA512
a0e7e437336c4e66c6c26b27f4f88d764b2233ac79800135f711d657d45cd7e241bf83e0201eb69d0af4de83bcfc5649ad6407a53ddd95dfbbfa58d0cc263295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
126e2e91db1ea850a9b34409be70d30f

SHA1
ab03b71b5cbb22eda01e7dee9bf27b0c5a647a40

SHA256
a418d395ba57329093646fb47d5b9e86f3774e64b4fed1d483b5c12b921398f1

SHA512
bcb6b14d39c728eb947967ff0aa4ea91e98f1f2a60283b2e9844d0ef723674b26fcb2276fa85a15c593ea3f9412c57e237d2436ae0a187e862b52b2dc36e3270

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
c437d74d23625ef89163154301bae86a

SHA1
a5d016737ebc841353d04578d2a5a93ae809301a

SHA256
a6f8766d59880b4344131b42d880ebede0c10ea43c5a9c10ad48849528004ea1

SHA512
009c9bafc5ebf7af4579fc442818e3439377924310c7d0a22f6916e214f7bb05faef3fc8b06231c43172e0a5b5554d7117c7ebdad3f04bfba2bb4d3b666c203f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal

Filesize
4KB

MD5
e8b94e075fda33e61f8c7515a7ca9385

SHA1
b77ee0b3f86a7207e27992afe3ad9b11dbc73c2c

SHA256
51ef1d4bd0faf155ab1bcd8fb6bf00ae365ac3da164b3cfa1211f169779a0c82

SHA512
e337199c06ac43641d54d1628ee891bfaef66afa501a3e3ce82d2750b1fa14299f4aaf8529059fb31c6bd96813567bc60d23c0732502e25aa4882da9cdd6e5e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
811B

MD5
5695d9f59c26032f410e1047917c3e0e

SHA1
32d3879661e8a0ce3f276df49e90137b1a5ef4ec

SHA256
3c9c87a6de72ad49f8e3854be1144f1029500731a28d06471613060698a0ff33

SHA512
436be4227113962e3578eaf379786b333b279fb01c8a45d2579ca86d893fbed64af92acea89f1dcc9a76af7b44d663c51d7ed9aa2af0d8cc0060d95b2a2184bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d0181acc783d0492d19243fb17d20998

SHA1
81eee42de1db4eb18dba2f613937d282d68a8102

SHA256
1d8ef31ef07765de78b8f7aa449b685033145c8c307d55f0d374ff86b2786852

SHA512
9a5ea91f7808e199ababfff4c017261cf332b324ef65cfa801fa6c3ca3f7496a34611625236eb6ddd73de500717343b41ed8359ecb7385586bf091a4f2b15d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d651bff36f0b0366d2c77d5b1468da1a

SHA1
f4d405dd0486b7d39078df0d2534c47212cc6a2a

SHA256
7340f3f4de93a8cd22a9e54fdfc2bbcf16cd04b21d171e9322bafc5943527403

SHA512
a8684d2fabed5e0dd7e1d0a2e76b1debae8a5e18fb7601217cac66101398ff44d998e7d8b6bce5c106323e54277f92796c8671fa62aacd95b1bba17c96203072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e5af1b5207f875ac1e8a949784509bda

SHA1
313a571f5c4fc3add3599cfa17744a0f04ba9cf8

SHA256
c5af12aab8b3b103f0d0f68216ac7f218fd694daed527e8737c259e0e7784b76

SHA512
6a5d4a03e966e9a0990c28675d18a60eed1b48b5eb9c8f49c8548bcf06b5db04052085bac503f6a25b7c69565fb67ce1272062c041d65ef90aa3672afb520ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ffc39ab42526b265b5e95521d9a7692f

SHA1
808bba13a812b4deca44c2d519156983cc2b1a22

SHA256
94d7c68d1e5a3b461885436e7742cdb3903c8360e750c6dbab955386e9c9c81a

SHA512
7ebb8d6eb362bc8731e43c1f1f151db3f569c02ffa6df66c90130e552b2b0953a98e7c68a82afc0d6b95a011b826659e3da78b6ea66c8eea99a8fbed7cbece97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8697d9c0ed60f36ec60fdc003e90dbf4

SHA1
a945e2dc2260a560ccf73ee30961563de5738d6c

SHA256
70dd678ade1c66b2f9962bf5ded0e74eda66f120f618ad7c1ee0a52cf76fdfb4

SHA512
66562ecf3b64251f578aaa9ab663a62e6061157f25b33b6aed8b68fef6fdd6819685797f6339c2146c9b654be9d98f9e43bf121a02b7330a7b682411f7bf4f4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
ee7bbd5fbb21ea1935342cc3c509bcb7

SHA1
448deabd0f107f54d9d37dddbac18b12f941c030

SHA256
f5dec9738e0ebd7ff39d1414954e91e99cdace7b17519f3868bab79aa6a1ba75

SHA512
4cef1fe48db6272dbd3023d9e0872bd85c8fc9d1ac0d21b3735111cfd1bf1128374b3ba3fdc65eb8eddb464c2033ae37c00d851c6268368c16d50baa1ffd18e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13363772987351851

Filesize
15KB

MD5
91b81b0c8ba99a0dd7ca99e5ecac1c61

SHA1
44e8060ef11dd7877a3763b173d06c8647d8a056

SHA256
5a4bb8c68bd070015a0e4d23d7a79ca4453313040dc1f6c230bb6dc17e800a08

SHA512
6aeb1b7b6bd79c8f79ec0a626cf283d80c65226cba13cd03b9a9548179db5283e589a5516b4e68ad6a9bc9e1d73691252eaf164fa6447900bcbb857740314a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13363773010481851

Filesize
6KB

MD5
13482d8aeb4c23f15ab6cdb7fc227503

SHA1
e9cc5c7b31cec6add851c12a5c126c69d7c56cc8

SHA256
b0cbb865853ea463f7750de577614c606df07071058d065368703a21a33498da

SHA512
25f516e067895f706d8835516320ce262507302406903959cf84314234a40f1a02cbad25d25448a2a779e52b89bd0f7eb283ab871d1c57b77eacd3b04d8392d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
aa1c7bda8a2b7767ff323e5d1769c63e

SHA1
ba1a75050e7939239a194676010b59a9b07c8d22

SHA256
c0f61a4c1cb6fe9f245ffa2465229bfd88019bf7619e7c2c036bd8fdb6d905c2

SHA512
13b2f7d6ae3bf02944355736985793f4980463c842df858865646dd11ab53734892e5841a631c1b6155e51b2422349031a23d5cb57c6e95172ad17064bb350ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
339B

MD5
2a1bcaf623ac8f32b067d155a2f42cff

SHA1
cfa3518503f59975da5fd04984116d510f088947

SHA256
3e2bc44bef0871520cbdebf83c2bc441cb8da727379bdbcf6848d40683fb3bed

SHA512
b6eb6ddafcc283f1e2d7af5145e6756358b0bb907dd2ea74008811b6cb8da3683da6cc66e75f73dd11a0e0d2b24b334c68e748bf5239e374c8e0a8be4958e41a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
46d5023bdf6f561c5eed2cc80e162d69

SHA1
da238c8e289aa9c61e35ad3f83377a3a8ab6d6df

SHA256
030b7b4960e4f49bf5fef7c66dc6e7e2aef513a26fdff0e8a8f2f49f2e5c2bd1

SHA512
33af0ba459992e1098030867157bebdf626e23d28d68a4aa1c7737eeb0adcd484935e8d71676a6a8dce389ed6a66fbf465fbafb653cf8d7a6ca9f18666cd697d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
11b0c8d4b706f39cc1bbbd3a6f808500

SHA1
e7f75fdb496bac6f835b7f17f90a3778543244a9

SHA256
1a65c3fef36ee1d88d4f91a954ca127cbb9e1e0cf267d927271b46d2709a3d87

SHA512
f07212efe739eaba2a7da3833badfa8ace8b0d17bab99460c225a813197844f97b63791597ffcaa9117aa5cb4849ac1ae30c8ba969a1ae4f62ac4c0145d8dad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
eee38e34fc2463ce94dabdab668227bc

SHA1
a7990106f9adf0a434532ea32d38875971d75aec

SHA256
58b86cc6e0dc9fc31ee37a31250243e4e90ae751b8c37e05e7f183679235630b

SHA512
c71911b1e7d4f32491ceedd9c3cfa51779ada6e858c184dcf33b16f437408c5b4c82cdf21dc06cdbcb91c420b9174621cc13d702f233949160840b191c75fa3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
028aca45056a301284681eebdb9b93af

SHA1
70a1ec0bdacbc0ebeb00fc43784dd460c92a90ac

SHA256
8c9d4bccdd517a0ba43209287257cfafcda284f40c14f22a3628b3be0628dd4f

SHA512
9501688242d22f055a409ff23e82f22e6d7d2a5562b17a36df4a08094d7ade7fb1d7bc4ccfca41f7385c0747fe19c3bd5dccfebb65c624949b0ef3561fb3f6e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
9416a45c2f629ba918c0346f4188bf44

SHA1
da1fed57eac5f25c7990a9873c580a2eff42c0ae

SHA256
e16f20d3db0ea5817b02278a2b839c5a7427be2d4504967023432f0e7f42d5d6

SHA512
9b132952d16c0bb897347e19fd043d2cd8c69c32690fdb5e18bb32e0d5940427265a1af24d6fc1228c937b70c1fb3bfb9b00cf1cdcebf62729e5fd079969e12a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
7bb6cca9ba8d96901001d0abc787a4f2

SHA1
9c8948ef3db0ad37a1b5348cfef25cdce9ba98a8

SHA256
43d0f1eb46ef5f707013e4701e88d55a14215a2e57a5302cd69f0f98529f7cc4

SHA512
3c4288c4b70fa6330b379e72d276c9d58cbddb12f077e0cf6bcff49d477ed5c777dabe9d9762cc3e729334ea33a864161c1ae4cff6bdb2f07890ef677b36b46c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
b8f4fb154db84b7628a0684b56615a02

SHA1
28556f8d8b0cbbe8366d5c3def3be79c525fa671

SHA256
84dc6bb15cad4c39baac77bb8ec96988a09345dd00aac6bdd0ca38b01b33773a

SHA512
dfc93f6c8d1cf81e66e24a7c72334e7b960b27d0e56b0eab6b65d223430e49563dcb2c77a6e5e859a9052e9e169349efe8a49273dd1e2add0c09aafac6337a28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
8af25e45102960744dda4bb2bd585d6c

SHA1
1d5068de214d7cf639d684b7139edbec9cf62972

SHA256
c8f2e367fb73e4717f3932960fa824048111bae3d0a36fdc6d40e8fa8f1b1d97

SHA512
8a62f766f986927b834516c4e2b04ec36ed8c20c76dcb92c65f6de64c3fe23593e04c544a614bf56f4629e02b00494d7bb80e304c6dcb6266ffe64a56d87cf92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
0b369b9ca89b55e0905b11ba0c31f6ce

SHA1
f69ea5aaf8c8d2b466f20f8bcd7622a8ad3cb0bb

SHA256
313a56a193d94cf5a875d323fdb50e2153a83edc7bcd0f65f1941abd1945f56e

SHA512
bd3ec9af2e24b9251307ebbc37572ee3b4e3cf16b0b15f5b378edd53e35757a45c08642ff7c91c7a31778a8ba8dc788e74d3dd6f51052d21ceb38ca5722e25ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
a03ea546b508b5e69ad2b3d402ad818f

SHA1
be874b8337cc74f3aa85d9ba989d208f5cfede54

SHA256
b15668e5fe95445acf9bbd4d06616c4e8f9369fe09e42960e6d5ecfe69808cd7

SHA512
872a00d0d6b58998b5a3104d94c7c0b1be4486d48ee379c9507f6c25baa45c4c44e3233b0f799367e32c5ac94f9470d479e6aae7db0351995f8190f02d5a6847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
0f2cc310b2d96196f33ec05d45b8a0ff

SHA1
4b0202fbf8a708f3ca290b99748de4012e6526a4

SHA256
c2979f9468b5f1cfaa1eb75c65dbc0c9ec194937cc843e574f1cd71a3a235b82

SHA512
7bf349856e1a14fb28e03c66101726412bba794612b4005e46a0ad5c176a0fe3f0a2562ffbe837c8fecdbd5bc6c80ab0d09a4e961b887acf47f219f062452065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
c801781b547876f79251fd2197462bf7

SHA1
4d07ce9ddee2cde9eec514d0c0bb391a10631583

SHA256
c2c6215ab92d03be30fed18a2d2a77adf5c683e663ebc9dbbcf3b7384c2cdd5c

SHA512
3c0e330b929b6dffbaae5d58fa72876a7c726c74875cbad480728fd16d46465f602af98e3942bf41d9bb3f504bd58fdce805f745d8bdbb6edc58f8e4818a3594

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
5871b5c86967d5d7e5c5be14e059301b

SHA1
97e773658ffa54111c180520574068ff1563dc59

SHA256
92e63beb6510c15a40abda137c6195916bba3e04ab39193ef2fdd75b65b09da0

SHA512
ab96acc8faaaf6d8fffff37e03a48e950931f0f5c662781fb14a74a0513fe56a4f39fdd7c403c39eae1a27d9e0c3422f61d91df2e53fa733ac482ed4adea1677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
e25a4b70a8ef7d6c44124cc69b66965f

SHA1
212696f9baea05e1f71f19fba31195eb8f35691d

SHA256
295241cb1a4ff7be871e6a71eeddf809cffeec7e8eecaaf41f4df7468346efa4

SHA512
2c7073559d33b5a10beb3a7be2fa8f7c1e7fd105d23532b2e522650f9093add5a94188f733cee7b236f7b5c06f27e5692303d531d42c3f098c53b6e9c596b296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
0a32b8af50cad465f6d443862f274349

SHA1
39d2739ea614aab97412a6ac8d23c5c6e6a6006f

SHA256
acfd4a6ee1789bb2e36a800505cc64c0faeadac09c0e15a69357ea55b245bfe1

SHA512
28d1639394ec7a925abdb45d51e37223c05969a6b938b6ce044803e396085ea32897b3ce2d17193f9230ce0e681b8bbb30b62ae6f0304099f3d48b203a5e4d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
3608aa61b1ae32a18bde1aebb604b04f

SHA1
f789f591503d14bd16dbb1fcd92d2d790482c876

SHA256
a82e75c888030439da4708f0a3c00854deb656d5b60d92d4e7c8dc58546acba2

SHA512
08256a0e41a7d2677b89a31d988e8c3091bdc1e32cec698bf3288ae9d2c048eb9ac862c35467ff5f309c5adaa1010116705ee92ced003f8fac5bb9bb574e8b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
35cfac8571391531851be329b0d3b48e

SHA1
182e401fcebc8ec392c9a6fbb92d69e5eb8980ba

SHA256
b5b62009f716c704f8f287ca615e51cb2d9035c87daf1dea1496509357ed2918

SHA512
1bc2b3d504d97ece8bd640dcf07fc2ecf47fb04b5947f37731d109c87552d63bfbad95a770d3bb9ef25b006967089b2becaff7fc1ad94eae64ee2ba57a256596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58503e.TMP

Filesize
88KB

MD5
3b7b18b488bdfd96af568366591e4d7b

SHA1
b4f340b637f66d4d2e6359f929887a8252ad72e9

SHA256
3336c8bffd638381fceb6e1199739a770a69984fd692b178d0753a12d52b8ec9

SHA512
07cba2d1a69e39205d5559644de649c5801e1fe33b2ef6206bed895c95555961a1f68c20d8a127abbf6472f3f930af695d2d720091a7eb45d4d45781ee404e2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
6174efac92a24aa13ec7bdede1d93ddb

SHA1
57b750467c9c50e40f6a957056fcc1759a6abd21

SHA256
12fb393f378aa857716cdc7bab485c3b26afa844b12bbf19250c9319189e9da3

SHA512
db29ffc7138a6557c1a3021990bf43f3813bf7272f82a882c4204202848118cf353b910cac1150e7584a67f69f8ed543ef2e3f8b775dfc2a4cadbb307bb54995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
3B

MD5
292f7e22e4c2e1464f269e554ae5b97a

SHA1
cc5b37cbeb77d07838303d5117951c766d2cf051

SHA256
4008b01283dd5f860d1dbb59727bf2a921523578f569783939e15df652eb09e3

SHA512
836813d839dbbf771794ef1d95b68cd95faf53781e50f1a921ecaee9b8568022480ae10ecfa6c8cd7dab0a328e80a1ff1c598302e2fdb02ad04b7828a917a0e6

Download Submit