943fd1ea44266c5d7fa02f2b292db095a4e6ba8027a1f6c73fd60d1165e63aff

Resubmissions

25-07-2024 14:23

240725-rp5heatblk 3

25-07-2024 11:18

240725-nd85nsydph 4

Analysis

max time kernel
149s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
25-07-2024 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GooseDesktop.exe
Size

221KB
MD5

c883e2c769ebe56240a71260b17f1b93
SHA1

4a831d4f48f6ea81db508c2a87cf860acd17edb1
SHA256

943fd1ea44266c5d7fa02f2b292db095a4e6ba8027a1f6c73fd60d1165e63aff
SHA512

dae40d442794152285ce484b10095d11592a39cb1968bd38cc70ee23005bd1e04ad4312d7266107bdd375e10fa91ab9fd3d41d4d6ccd2268d052b343528c4376
SSDEEP

3072:gzebbi+ndU/n6u4WhGINz6tFvaxWt5H3ANdl3Mn4bqwyW13B26wqIl9nNwo3WdZj:gzQU/n6unYCW74bqwye3ijlDwocZ

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1064	3776	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GooseDesktop.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133663799493992211"	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe
Token: SeShutdownPrivilege	3944	chrome.exe
Token: SeCreatePagefilePrivilege	3944	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe
3944	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 2660	3944	chrome.exe	106
PID 3944 wrote to memory of 2660	3944	chrome.exe	106
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 3452	3944	chrome.exe	107
PID 3944 wrote to memory of 2360	3944	chrome.exe	108
PID 3944 wrote to memory of 2360	3944	chrome.exe	108
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109
PID 3944 wrote to memory of 3676	3944	chrome.exe	109

C:\Users\Admin\AppData\Local\Temp\GooseDesktop.exe
"C:\Users\Admin\AppData\Local\Temp\GooseDesktop.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3776
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 1276
  2⤵
  - Program crash
  PID:1064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3776 -ip 3776
1⤵
PID:2860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe1210cc40,0x7ffe1210cc4c,0x7ffe1210cc58
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1772,i,6908637248489590951,10434222593834939222,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,6908637248489590951,10434222593834939222,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,6908637248489590951,10434222593834939222,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,6908637248489590951,10434222593834939222,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,6908637248489590951,10434222593834939222,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4500,i,6908637248489590951,10434222593834939222,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,6908637248489590951,10434222593834939222,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,6908637248489590951,10434222593834939222,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:2176
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7fe024698,0x7ff7fe0246a4,0x7ff7fe0246b0
    3⤵
    - Drops file in Program Files directory
    PID:1568
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:2112
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7fe024698,0x7ff7fe0246a4,0x7ff7fe0246b0
    3⤵
    - Drops file in Program Files directory
    PID:2296
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:1680
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7fe024698,0x7ff7fe0246a4,0x7ff7fe0246b0
    3⤵
    - Drops file in Program Files directory
    PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5180,i,6908637248489590951,10434222593834939222,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4392

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Crashpad\settings.dat

Filesize
40B

MD5
8e7df218557e5800f26b8c379fa893f6

SHA1
9d581ea29a769d1c46bbcae1588408ed76c786b5

SHA256
855836daf7a503746b97df91e141df8372012a9abe160d65ec4e18f7f62b53ea

SHA512
3f0be242d5870471064c0dc4f41ea0b7f6a91fa3d44c39eb4a2439e2d5dc44ad8a737a9abf42b64e9d0e0b73d09c8ec7eaeeba68ba4d801c1f7e269513912a60

Download Submit
C:\Program Files\Google\Chrome\Application\SetupMetrics\4106b099-669b-4267-bc5b-e3ba45b4085b.tmp

Filesize
520B

MD5
d7bdecbddac6262e516e22a4d6f24f0b

SHA1
1a633ee43641fa78fbe959d13fa18654fd4a90be

SHA256
db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

SHA512
1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c1fa260eb085e25638c53065dbcb05bd

SHA1
69722ba40ec3829a0552470baad94e3d55262b5f

SHA256
1ac91868d8825a906b2b72c382e61fea8316339e64a0c94e59a43b267a2bdd07

SHA512
a181fdb301ced6e3925c272bbfd4d45c1b45d0e258e0f2c4e1872f7b3735d607d4e73a6301ac6be95941e62157eedb528846b96ddcfe894f990f494d86244624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
5ac828ee8e3812a5b225161caf6c61da

SHA1
86e65f22356c55c21147ce97903f5dbdf363649f

SHA256
b70465f707e42b41529b4e6d592f136d9eb307c39d040d147ad3c42842b723e7

SHA512
87472912277ae0201c2a41edc228720809b8a94599c54b06a9c509ff3b4a616fcdd10484b679fa0d436e472a8fc062f4b9cf7f4fa274dde6d10f77d378c06aa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
58580ad8bd8006e7a541314f97f094f6

SHA1
fc7b11eb26960f8948eeef51ff06f879939ced64

SHA256
c1f9cf2ccc4a5a7c357220711eda78b74a25cc71cbf2614cefba8b79b4ab860e

SHA512
ff0d7e6ab877d62fee87e5328dfcc25e9a7e634306ad30ebc070e5d2f8b5cc1919318052d03e8fd6652994fa5141a31297c1ee5574daef541e34de63eb529f46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
16887f667e1d1cd20cf9174f85fb06a1

SHA1
308ea4e16e47e69e9264ac1cddc06e24de04a197

SHA256
28b138b3dc404980421c0d00e033b0b1b679eefcd27a7f38a80103e59f65e6be

SHA512
d9cfd13d6cfec836a44ead56ec321f3f128c79c7ff22a0fd9d7bca51b8b4c435d15785a0d17018eae4b92dd1b67de81415e4b0c3c44b3b8aef5103aaf46af9dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d1de16aa508ce929cbbf60d49e6eb272

SHA1
38bfef6a25d419c0763b86da3952a459e0302bc3

SHA256
266d28520bc88d737ca241d05c5a5155034f2dc4541dfc5918fc3dce44f0cd7b

SHA512
765165ee6e27f59b5dad4195d1aeaaa08b676d2791e4f22bfeafac5b9895c8cfc2ec18b336b8e4a20027d153e5855bbfd11406926628f435704c763163b7e914

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
aae21e406ad10f07e9edb82ac00fe332

SHA1
3475323ab6d9cb58dddd8e6c8fba48f45b30a533

SHA256
abb922bdb82c27f76e941017ed157189b6aa22842c0a610f4bb749e20b765c01

SHA512
4c7d0ed00824021c4545780f94aa81940124fc160cdd31884fbd582f059086019cb6ff310d94c979672903b28ca23ec690b28f0fced730a16d83708fc2fb3346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
88d5c11dfbc9976be1eb1175a5aa5fee

SHA1
35045df0a8d19df30f3f3e5036d6fbcf35219ace

SHA256
fc9eec827638bc9c7c30c0020c81cde46dcad2f2f2bdf4494d0bea4af400853a

SHA512
1088ab7baa8cd00c6738805d893767c5047ae94dcb97ed3c92ec8bd3750187a7369b32c0c01bf13fb67a8183946d02ad822fa798ad9cde5f9b6c0eb0e6b86851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c3680954b0785721721360515200131

SHA1
ef450dc88633d490691b3197500bb3a412b4c8f5

SHA256
6dfb0036ca813529d926525e9df2056bdda2b5c06b3a03ea231549032fa43cd0

SHA512
486fd8f3bd72cd98e8ddae0f425cbe8c9c3acad28fa46f0ac5e7d1e8b7a50ed9cd692ba043317f30c581f75c8c1b2e64fef4a59eaad60c3cb818f5400d46fd3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
673273fb02678042fa4570840dc20ce0

SHA1
2f97f997c340eb7119464d75d34aafb8f0dea966

SHA256
11e8ce9c83646cf5e92c94334ac6534b4aa318d0b5bd14ebe6c2db651b9e58c3

SHA512
588bf940cf0205d7273685687051d99b828fedf7e45292cdfe11482398155af0f12c7e07c038effe8047e3e6cb4790817a4ec1b33ce263fd967ad2d9c69b31ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc3e11509804ac1daa216e45c82b9ced

SHA1
69011d75738c4a4893a1e256e4eef4ec631626fe

SHA256
62144f4fed6540c5ac003cb8fae6ad3ea28d3f2738eb27eda6469044bc140042

SHA512
44fbb7a0200d5b50acf588ce5280eb192aae41da2939cd9cbc4e35a63bc11012aeafb0459115d088d24a24ea3993177067ca15423914c38cbf0c7d4e503ae142

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c87575923e1e7f5f1b3081ecbc98362

SHA1
c4f696c5e3650de4665a7b06b2017aa8fdaf3b4a

SHA256
e96ba448c66bdd8976e3314fed00ddb28910954c42117d780fc454be0279259a

SHA512
5d987b8701dd8aff220e7b645b860d9eccc19cc96622547c19d6602d2d22915eb2556ac97e72721a646d7a9543e58f961cd0f3fd07a6af1f946d0c654866bb5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41eb0f9c962a3c44eb0c2f8fca6d132a

SHA1
3aa030b16bf4b8f5aa0c89041f04d031dd9ae919

SHA256
5d6cc156804aff0eb501f1c21676760d38e180e4bd764fe33d201647950dddd1

SHA512
be4f8d889eb629b2641c9311f0374f97efb6603ecd439da97ddfaf3252fcdbddfe733528e5761a8efb6066168c60b75c402de4e67711adc68a16bf5d19522d28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c8aec9378f62cfd2424e3ab38dd1a0b

SHA1
e6f9b23616e6faf695ea81da4f736d8fe4c8ace3

SHA256
73b26088d773cb6e5ec7e4e4806f8e646871556ec3b8dbac60234afa26a2ebc8

SHA512
635b6a045af83a0a3e9c612b489af1b4c281fe7300df3b07ab3b9ba3365e4fe4b71a9ca58aeb984d33976012c5f9e90424c80bfd23dc50d20b66392acfd26bbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
da0a7c9737e5aa8a1037e65b08402717

SHA1
24d56fd72b42eaed030f989b4f86d64a97ed2eca

SHA256
e86a1c75c7ff799ae4dcdb2dec8d95189779c50086ae7ec3f5a320a0f24ab474

SHA512
dbd824b04905954a36103624f523d6b87703d6cf85603b81cfe0de1fab71c2f2f2a7b0310dca8d00a7b36cde7561d4b79a36d9ac11bcbe12582dcc3d07f594c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
fbe99596ebfc05f180c2b8f76c478bec

SHA1
7512a79039c80ba6ef0ff6fc8085f65e508b5df0

SHA256
7c4553253a293a8677c2da5abe4501f705b8e406903428c00f663da23f414f0c

SHA512
225dce396349313cd346d66fd48e5a2f5d466f4d623edbab1a71a09cad41db69e6b2766b7fe17ccc5fd1808e38e3d178426bc2677c6f44d9c0d35fba0f826154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
50d14b81d9e25f026c1c62ef1d4cf686

SHA1
3fee71455fd76393a71046a368afce3dea012f7a

SHA256
ab1f9ddbe748be7e7eda4ec6ddb61a64baa6111132d78f1439707aaab0a35b01

SHA512
2fd6b0a18e8ce8509e6a6011684f31047a9df75f8d103c83be2f115b0c03018e19f437d8e6fd016b35973044f87c21b85360ec6dedd4184d1dd95bb8fc856aa1

Download Submit
memory/3776-0-0x0000000074FDE000-0x0000000074FDF000-memory.dmp

Filesize
4KB

Download
memory/3776-6-0x0000000074FD0000-0x0000000075780000-memory.dmp

Filesize
7.7MB

Download
memory/3776-5-0x0000000074FD0000-0x0000000075780000-memory.dmp

Filesize
7.7MB

Download
memory/3776-4-0x0000000004C50000-0x0000000004C5A000-memory.dmp

Filesize
40KB

Download
memory/3776-3-0x0000000005100000-0x00000000056A4000-memory.dmp

Filesize
5.6MB

Download
memory/3776-2-0x0000000004AB0000-0x0000000004B42000-memory.dmp

Filesize
584KB

Download
memory/3776-1-0x0000000000090000-0x00000000000CE000-memory.dmp

Filesize
248KB

Download