27e91e3f6b4b2c5853c59ad4cc8d5d0064bcefcfee10529382d5b6f38eb0977c

Resubmissions

02-08-2024 14:37

240802-rzb9lsxgrm 4

02-08-2024 14:35

240802-rx6qfaxgnr 3

Analysis

max time kernel
220s
max time network
273s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
02-08-2024 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UltimMC/imageformats/qico.dll
Size

35KB
MD5

2c32188d9388b06ec91170e4461913ab
SHA1

082689789ff54cacf94b0f171c762df512c8a786
SHA256

63f7f73d9bd956ca55b80ce29d24c0a1da1a126885d45473e5779ca78a709dcb
SHA512

57286e87e9a013229db863c152d41b7af821b8afa7f84259f58f7089a947ca3771d526aada88212fcbb235209b6b504a489a5c43c4ba0b2a77e1f31e882e9262
SSDEEP

384:JUev3snLkJqIN1v5dqY3M1lNRa16NQkgcPkRu7xR3xr+i1AxwWTTVqI5SEwZY1:l2XqL0IexWkg0k0dR31fWdqqSEwZY1

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

Processes:

chrome.exechrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

rundll32.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670831132599797"	chrome.exe

Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-118640398-3063844760-4281400433-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

1832 chrome.exe
1832 chrome.exe
2436 chrome.exe
2436 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exechrome.exe

pid process

1832 chrome.exe
1832 chrome.exe
1832 chrome.exe
1832 chrome.exe
2436 chrome.exe
2436 chrome.exe
2436 chrome.exe
2436 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-118640398-3063844760-4281400433-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe
Token: SeShutdownPrivilege	1832	chrome.exe
Token: SeCreatePagefilePrivilege	1832	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

Processes:

chrome.exechrome.exe

pid	process
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exechrome.exe

pid	process
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
1832	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe
2436	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

4708 MiniSearchHost.exe

pid	process
4708	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

rundll32.exechrome.exe

description	pid	process	target process
PID 4604 wrote to memory of 924	4604	rundll32.exe	rundll32.exe
PID 4604 wrote to memory of 924	4604	rundll32.exe	rundll32.exe
PID 4604 wrote to memory of 924	4604	rundll32.exe	rundll32.exe
PID 1832 wrote to memory of 1960	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 1960	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 3012	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 1780	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 1780	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe
PID 1832 wrote to memory of 2332	1832	chrome.exe	chrome.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\UltimMC\imageformats\qico.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4604

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\UltimMC\imageformats\qico.dll,#1
2⤵
- System Location Discovery: System Language Discovery
PID:924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2fc1cc40,0x7ffa2fc1cc4c,0x7ffa2fc1cc58
2⤵
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,13543849000244013745,17678487840255925511,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1876 /prefetch:2
2⤵
PID:3012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,13543849000244013745,17678487840255925511,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1980 /prefetch:3
2⤵
PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,13543849000244013745,17678487840255925511,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2172 /prefetch:8
2⤵
PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,13543849000244013745,17678487840255925511,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3180 /prefetch:1
2⤵
PID:1408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,13543849000244013745,17678487840255925511,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:1264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3764,i,13543849000244013745,17678487840255925511,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3640 /prefetch:1
2⤵
PID:2292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4604,i,13543849000244013745,17678487840255925511,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4828 /prefetch:8
2⤵
PID:4080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,13543849000244013745,17678487840255925511,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4828 /prefetch:8
2⤵
PID:2352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3716,i,13543849000244013745,17678487840255925511,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4836 /prefetch:1
2⤵
PID:2952

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3564

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4708

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2fc1cc40,0x7ffa2fc1cc4c,0x7ffa2fc1cc58
2⤵
PID:1072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,6053524253970447604,6056301868285013112,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1980 /prefetch:2
2⤵
PID:3096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1700,i,6053524253970447604,6056301868285013112,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2092 /prefetch:3
2⤵
PID:4044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,6053524253970447604,6056301868285013112,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1652 /prefetch:8
2⤵
PID:2060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,6053524253970447604,6056301868285013112,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,6053524253970447604,6056301868285013112,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:4416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3064,i,6053524253970447604,6056301868285013112,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4424 /prefetch:1
2⤵
PID:784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,6053524253970447604,6056301868285013112,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4740 /prefetch:8
2⤵
PID:396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4912,i,6053524253970447604,6056301868285013112,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4960 /prefetch:8
2⤵
PID:2872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4980,i,6053524253970447604,6056301868285013112,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5084 /prefetch:1
2⤵
PID:3296

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4748

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3588

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
5f7b342e271fa380e1ac46fccdcdc599

SHA1
003770f35e9635069e365bee1250ccea465f3b28

SHA256
03680b0b9871e3f0c19ee212f1cd418868e43554215a3f0b3bb0f465eea6090f

SHA512
698c96484cabaf77495f12411a3f153efc9945cfaa3d04c770bd62fce181979dc5d0d17acf57686d7a746824f999896e4d74e9bba8dcffd055745043c2fe9d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
a0d2af4410680eac21ce972103f837c4

SHA1
1982c141ebb7fcbb9fcfaa3c0326f4ac26f31f56

SHA256
3ceb86d5a6e659ffbeb30530a28a4bd9e5cbd20c79c4c25e384c2767933d33a6

SHA512
d787c9b2e3f565a0ce0cb47f1a18d36043c4babcf5d19873e4fd9ce80e66df7566bfad572ee21a55d92dd8776719a6ae0f70515721f590ad5f60b9dd0a7fed86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
d8a630e4c37a5ad2c6a059cff397902d

SHA1
dfddd845a8074db36fd880faab9038e5f9048ef2

SHA256
80e5ec22463ea6fbc021082e66d5fadc993e8d7607c8908eb40270f6b84b5a77

SHA512
432db3529135dfe86e0fd1f8763461b1ece78465089d79d7abb5d02fa400416e05d2033c2735ab24342127f9719767fcb57d1981acca22d5c5b3f3cd2179da00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
42c3222faa014c552621b8cf1af2959b

SHA1
473b543e02265ae7c1e2c24c33a044b2238c9730

SHA256
8f5668b1f60371851f6f17eb8bfefa88293e3027ea7d59b9faf91eba9e709b5d

SHA512
d9253c2416b55cdee777b45d2f39474f3e8674608c2debaf4ffba515d1a8381575acf85ec56b586366ca5c1ecdad27271bea6953fa182e99b96627938b46a674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
Filesize
38KB

MD5
a3f383bf0c3dd2e2d858d7e99ff5598c

SHA1
27d52183f3cce56ca47a1e9697f34d8bb71ecdcc

SHA256
603fd0b2832e97d1ed4872b50f9c5429515de87dd640fd0e333b3196d7ad2beb

SHA512
f8f1d1fd6e5548bf29e28fc49d31d00cb15641524f0f9a8138c759426a801bcecba2bdb95a2ba12334c7c16fda48a35c0efeb421ffedc7248692b9de59200905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
Filesize
45KB

MD5
a3a4a451d8803216f9df19f961498eef

SHA1
f7c80c869fede9162aa485bd65ecc989380be4c3

SHA256
51c834e47bc62f743994fcf6a6f1b71f908e962783b5f8a9aea7d5ebd1afa854

SHA512
5abb182d4e4746e893a1d4f416969927cd0b368dede441f58651851d7547d115f9bb08ccdb862855b63f9e036b3df8957e2bca5f91460f4c7836fa7277eb3f97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
42KB

MD5
db6cb0e1dda0b2767875d505e695f4d1

SHA1
01a432cf11e113a920abf34b141ef9d5c7dd978a

SHA256
e27948cba14ad2c9412e2354c9c29e1805d196ca8a33234b270de06d13f64a3e

SHA512
0fe092a63dd5d3f20448c67f2d882f8748fc3597f4d129c444ca9b6de8c74eb900be068a376e680f773df5fbfdfa9aa051c84c84e074a697529bfae1690c270b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
30KB

MD5
7ca8da45247f693530d022ff05e0d704

SHA1
0347eb2dd148a370b2f9e12e1437b4402a0063b9

SHA256
de546ae33fc7bcff3653b1cf288254b72a9b0fece78a4b73d4055e6bc08bb013

SHA512
bf1bee838cbaff3bdd9bf042c35bea90e9bbe73d1fc3dc6ef78b42da87a8731215f60cfb084c7cac64f2f10c86c967e9a772f832fe48d4ee74c305ee391e52ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
3c9573a2a2f3cc215cc0a83f586478cb

SHA1
9d0e95faa881829d2caa1731e67815fa127a64e1

SHA256
af1a9108408a8e6c53177a66e99c7fceae3a0f8fb2da173d609ee6d8cb2612c6

SHA512
1d4c64363c04a17b4b96bfeb5dffd790ee62f84b91166e5df802c3298125ea8fb079d3b021f35ca616a9a863a8bad5c7e72eb5373db814f7750f7775c941c830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
66043960027c15996d8a3861ebd326d8

SHA1
503b999d7390a3678296aa800ee73610419a5933

SHA256
d817313e0139f7693b8f5d39a84c0cb8bffcb5c39bb4d7659b7d5b9e7b695d8f

SHA512
4997ca0c830b3496a5246c81c52931d28114a33f86bafee60e462b0aa5c79716fa7acae00731fb7b056a3d7b1a37197e5d9cbd3dd85c9cc243190dd5de0ee488

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
2ba3f02d2af8efc971083e1671c4ac8b

SHA1
180e773e060bdf505c7e4758442134e346034370

SHA256
2a1378bea0c8b3c47087bb87ddc05ac8c71b37bc531e9e6a86e4f267f1e94e54

SHA512
18108a94f0fe6b5581bc7c745ce5e30d54c60513090f56d2f8147a489a855cd6396ec236cfc0e9a3d89c23559e982a16e6ae22fe572a779a4e5c039da8eb9ad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
Filesize
317B

MD5
18ef96a2685a03829a4be386750532cd

SHA1
4279730948741ac09f4b7ed8d20fbca1a834bdfd

SHA256
cea08efd4ee7407ef7fa1af08f9f3779849249f0b5c663fa8e3b893742a3b317

SHA512
6e266457b558bbc4c424c29eeb651e55ff076c11ba8833a01e5146c65ce1e54bd4c7f7bc8f7da5bdc9af4a1ee762bce128fd7a43fe428641b7561a814ff02896

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
Filesize
20KB

MD5
cd938bd6a32dd454f0dae9ee99a8ac3e

SHA1
3ee7f7c9d21d2a9836c38a20d9ae3151fce54ac5

SHA256
dc1f848d6200b4585030baa79d4eb540376af2c1a9b5caab171148bd4b3e52ab

SHA512
277d80ce7d4b1a17aa463b81197005d8eda104ee316df38b74c4eddfebd0083d2e854a983288fd8e1a0e4f44651bcc5db7c5cc4870f76211247c8ac2a8fc0029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
Filesize
44KB

MD5
8973d6dea4e2ecc0288073c5be479dba

SHA1
7dc4fd16a65b5f35dd286a47e797e447f73eecf8

SHA256
2d9d579184868701dadac8416de65b6f6eb654e896766291a7eb0e9598751025

SHA512
4b49b000b1e2b267c07ec0ce6940928e6c7fe44bdc2d8830d6e7fcd760d36911afa031423b19ffe47d150dccbb4dcf905213c18f99981d9f9b5bfb4b0df029aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
5ab77b9606f30aa2eae81b41551ae31e

SHA1
05b6f60f55c66db0391eab5c3d3cef11f6989a67

SHA256
58d5c3dad272cc45fbc13640b1f5c2ccf6bdb21f21a9092f38155cdfbdf7f9e6

SHA512
5fec4067a840d5600579be3c9e86e9bdef51b976d3998bd08d22d27d0780f2b6652c5faf3f15e5633c64a39c342f19615876b05bb84bca57bab23cc43223a39e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
Filesize
1.0MB

MD5
d48e75d0046d7a3b5de895ad8295aa4b

SHA1
418cc5a479a1414be019793ca874104fc2230212

SHA256
b6811192b4c84fb46a132a00f4ea3417789857d26ebf7beb407a374641239de8

SHA512
57ed12136c695c448ecb48904df93887269b4d4faaddbe7a284472d60e52261b59a56cd6775ba9f5e7ce833d29f8dfede4dbd83fd1871d5fe92798a9492b21c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
Filesize
4.0MB

MD5
912afc7f6e66427ab2e4b50a7fe50706

SHA1
b797cf737e91daa0753f70d6da64d1b6cb625bac

SHA256
360f08ce790711b675d9f0ae42ae181099f704e371f721748d06f8230c19e72c

SHA512
dc897738e403831b3cbecbceb82653871f982578d75c688233743217c6dedcd529e9e9b80888665a4b76cf7b6560897a97da5b2a210554efcc6d2359ddbc7b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
Filesize
160KB

MD5
a5600a9e996bd9235d578bc726ec128b

SHA1
af8065e55256a93ee06de7ca15b5ccff9f018f03

SHA256
c5933d479f12c39cd28604a3def1882a29c2392cf3ac152befcf1c125e11875b

SHA512
773c99f614aa0bb1e8664b2761b95b62f37afe307ce79555293dd259578f7307516813a8e224b8fc6fbf1fd0cd9fce6f84a984681ee1bd3124e15c7352f55238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
Filesize
278B

MD5
9524a16edb870ac8ea3932d2f161664b

SHA1
23913976e30472766c82e3d148c780e93147cf64

SHA256
041d67cfc4a40746e82ee6cce98e4148c90712370d6821ebbe975728a9dc227e

SHA512
e9bcd2c6ac701b5b41cebc3a3ab33983de18ac49f60712f70843f198cab808d19a6d446daa648b87f00dc4800d37467c03964ff442445dacf403889e9adbf122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Filesize
329B

MD5
958d9394b4bbe26613714a37abe48077

SHA1
e0f527e4440c129b9be69ac323fc6148d94a6223

SHA256
c61e839437dc2b4dc7ff10e7ca7511c85f07411e06b58f776579b831f95c570e

SHA512
360cf0beb1a1c0b75ba35b165d58ade02ba1b1722e6fbcc2a590556ab7b3c4636da93176846c7816846cf6f3d3ede4b6b6b975303867fd0bcf6e5f6935032513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Filesize
20KB

MD5
dd37e34f45096a954b8c58e04fcf9c9f

SHA1
f76a243c8544a2407854b27738cffdc505aa5c9f

SHA256
be16b653c54039dd2f740a3e570a1bd77612180bd6e439d86c27cafec7960e9c

SHA512
f26a97a22b6ec18c9f74d586a5c97a944b87b5516c2173886996ed2235b2a5eed62e0ce04589fff3af3e8fb6404f23f777f4ddf451f9e2383b8d4d463fef6679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
5d5655f83dad02d9b26c8060b5d7cc59

SHA1
4becdb3f1e10170312db4b1bb8608294a78e1770

SHA256
706d8a7b52582123908a8d8a0c3eee5097400456a492c8f2c24108b3023e156d

SHA512
4ad531e0167054771407d755397ea2b8f20513570ca05a8fc1a34bfa2507e621820f9a84044972067e4de32ab91805a6dec659f237d7c7279c9f9cbefa0b07bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
29b98cba665b511ed29656f36650ec3f

SHA1
8a72395488de069605bb75303ac565295475e327

SHA256
166cc4d638faba2b304b090547b5fa056fef0e5bd301b3886e61dc856419282b

SHA512
0b3683ee4f11ff05309e2aeaad554a53cc80a0cf08eb5574bd88a40dc33a28ef19be30479f78566afae789fce50d1938dd5b44abac25b1007e130d0995b6984a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL
Filesize
36KB

MD5
09981616734e61ee4163e902acea3768

SHA1
85c4983da4dd34814ca91b49f59452bdb3eaf7d0

SHA256
ee232474b2b289e18af3267dd3294dd666924b449872d943fdcf7144db82bee9

SHA512
c0ec6a58accae03c02f11f960ebcfb751fb212ee7b1451333942ac6a2da55234c73971b85892f9f192d3c7f7387f00daec43bd2fde77002d91ae1ab38e6f4dfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
90e6fb9a6fe8a5fb757f4a106968dba3

SHA1
4a52fafa466b437f2f96a605114f1c3942a0e464

SHA256
af94e6e48745a493c10f6639093fa3c4601918b9faaeb841ac60a9d45665de73

SHA512
f8742da3aef52decaf202f478aab5494809018d6bde4e91c07b3a6afbad2222b5127965da960ab818d4a6f847d5fc1ab255f2067cc42a487eb1fec5b1be64fc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
227a89af5903ed50c4e06519d91a8bbc

SHA1
c63456969f24a77665486f8c4a54a0c603a284e4

SHA256
04ecc9f67f1448f9a6552d96e60bc026d7e1b55437192dc5b3af7545686b6e77

SHA512
95247ec164e874db0de434871e55bd46019a83798e2665508e60dee16d09cfbc39efb200df2fd68c0efdc19e25a14efb225599c8d9890011733c10e57dd2e49e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
bee51162c6a0a0279fb96d045d57bb69

SHA1
1a2b275250fdcdde7004d4f40388620cb4e7b9df

SHA256
4e6fb482b0aba05f0f308fa4118063e8f03b2a305fc8ebcf01a0f820b67baa68

SHA512
045d034b4f5f973d5b061e00ceea883b73f438247f4590780b1ffb01feeb1a7176d252c22c8615f90f524a3dcc11f7dc86881c178fc7f17e9a066d393ba2d0b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG
Filesize
334B

MD5
944dba83b42187444b3e4f410567c674

SHA1
33e530e1a6f93f07bfc6bfc1b74489e962b6af7d

SHA256
d354f6b5c87601bbc0c98c338df0ab730a84cf5d0b94810c0c1636c7597e2363

SHA512
a363188a56d903678223d3801323416ce4219e896611f13c2d97a92e06f8bf9ef6036434be6edec7cad50797a0df235f8434797d9332b8f43b4f7f105ce87ecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
10e163dc795d2174d40220e0237c8715

SHA1
91720ac39e23b2e2524502ddda02f93785760f4c

SHA256
564b688b3a93572b0b2aa8b8cbd7a2ee53adcfe336a70c547b1dc64aa9fd7068

SHA512
031fa32838345a9b1c61c1742ff7f4f98034c2ef5ef0cf085f470d84bf80af3da13874c34fef5c029dc5ece575340834ebcab8e2522a56ce25f42227da64bddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
240b2243c4ddc0cf63d131a9f37ae000

SHA1
e0b6a3eb9789005a8c6807ab9c7c771ebdd23335

SHA256
8d33ff2f37641fb0e668c9f6813b450ec9736214d744cba4db26b517651ef80e

SHA512
48f1edd6cbc1d9c7104fda5336f8ae76b93d05dcf13909b276f40ecd2d9d902fa5f7374d2237fcb5d55ab5b7630f8c4c22e37508a8e49b4ec8f3c16b15f34edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
3e1a4b8437864dcb120d412a80041ed0

SHA1
d99602293d785192230c45f65f7d812dea2c1945

SHA256
c2ea05a4d98f7547eaeca945f1858a57e55cfb52f23ee8ffb2e4155f1dd0b689

SHA512
a8e0f364fb8ab4b7f81f9440c809e895268887fe4cbe1a541e2aab7fd833768c87f25d69d6dce87bde332abcca1e1e788991130c4a32c4070eb0f92cd0a88916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
9878c5a9172a1c08e1fb8a5d329c23ee

SHA1
7ff93590dbb740400d54b8efac22694babbe3d4e

SHA256
9234845b28089cc453ccc66f2dc6726191159e44a73b97d9598079a118d4a1ff

SHA512
9d2dcd26321f671d72ecb59e15109f77ee73594962d1f01dc54b6fe21dedaf56bdf165d2bcd15640f294f55c4b6a9c468f1d6a4c1ae800504d644aa772b18be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
935c058c2ed0b4b17aaf11a732e5ca8e

SHA1
7e19495f3fd33ddb4bc28ee55cddeeb0c618ebd1

SHA256
4baeba9f8fce561626ef0eb1e21608330aba52cf7185a5058a7e7486526b5960

SHA512
4e71c1e49580863667e1648cab9a6fa95b53f2e2f90b4d03f89638ffe2eb2265890f9c0125e8dad14351b1dc8530f91314c4528841aaf585169ceb9f5812bfbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
c3a4a39de0f769f96416be5b6f27f7d7

SHA1
71e27a4f7e154af4e2f64f293a3499e2e3414ac7

SHA256
93464264f324299e582ca72d003ccc801df3d952d1e9b01fea6e856d784e5307

SHA512
99f5d7ee1d56a5a51f50405f4f04f378b86f962305bb2b87f803121ef34816f391b895f80bc2a7b1745be7ce4f4eafe37d60f4f6b15897d2585a317111f1006d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
5186eef37a5d525302ef20635e0c0d45

SHA1
1c5dd1a86a6bf0adedb552cdb5f3a26a6a27a946

SHA256
2de3117baf2d64e9b3c0f62e10028aa77aac92a2828a31e33fe192d3dbf4b58c

SHA512
f871f30089d071eb194207ffd441fa689cec5d2a34431cc7cefb083494309cf30ecd6f9705e9811d0ce626e4d721b556d65d885e0dbfecdbe84fe1654b6f1050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
Filesize
333B

MD5
88cd6c688fbf16c7aaf395d7185d6d26

SHA1
996a5027056bf668d8aa95060a172f3fa80b46d1

SHA256
b10710c5a2ed3e3594741e97fa242833f554c8814beb4bf1a5e6d3c4388b80af

SHA512
e4e14374322161795cb1d14566b2768d9f8338ba2710d0ef3668b612e8d8ee71b0cf27f1f3ec0bb0eec6abc81364643911d4d085dfbd4ff4d0c6c211bdae7d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13367083153847982
Filesize
3KB

MD5
8eae742f114d76e60a8f7b081d8d5ada

SHA1
eb2b1c91cf572f6f8d29fc5416d5fa41c2d32e61

SHA256
518488f20842906c8914e7f5d0fc1a5d24f1e71328303e146bd6bb57fb79494b

SHA512
2d70a7097e2f99af506ee15abb553f24f893fa0c0c7bdcbc8abf227dd5cbaa346d4620d8bcefe5d887250cadbfabce9710fe00cc0fd0aa3f05537b6f9f38c217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
8955c4dcd903003abfde5d48b32bb5b7

SHA1
2f2c1c08b243782067f7e700fec47e79512ff0cb

SHA256
6a6a1559cca6d9ba9e4a4a38b2e704f354892c1ec2769f88b5f6114cdf3639b6

SHA512
d923e159b758cff4ea41bc02cf89e187bb373e5357b8d719cce543b5538d74d6fcb0bdae257ea1618b81b9352c690296fd64e9ed78f2a29197f825ac0382ba9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
Filesize
345B

MD5
710b2deab4a7686c3ab52790f13c9350

SHA1
869095018c20a277ce2359a8dd35dceb4afa76eb

SHA256
4b4fb568e53b912f8b797ce9c788938f54bb9920845db3679798fba1c6e0a89f

SHA512
11b3a288ad48114cf87a94cc69d6fdc59172a6143a8f95a254ef7f700a91a9c13e8bcc0c9554e7a787f64aaa9e45e6c935c1b9cd32cbd83d7a4dc1527bf0ddd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
Filesize
321B

MD5
21e2fd4d48cae751a671efee6340f270

SHA1
ca20424f1225e3ae979a97941a08fdfa9ecb3a70

SHA256
bb4547bab944bfbbe12cb97ffff5fef9cc8990c38bd9fd0f687c28e58ccb5452

SHA512
acf01e7e173ea7aae0b8a734a2399d7d19143c5396cd6bfaa480054922ac8cae85112f7a429d2d36976a49ae6ae8183a2aff60a0eaaacd00a31c79510e3743a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
Filesize
128KB

MD5
c81e5d4953a6556fe78e78815ba56fbf

SHA1
0a95489a2391d49e2e8d77e828738dbe728281ac

SHA256
ab227ae61dacb8d06e607097d0c0742995ca795b16c0060c853bd2a21f9a399d

SHA512
c50aeadd96ad6c5db38dd8bf5a9b246b8554ed28561bf3e20d8520b9e1b6a7df1b203efbd2cec04969bb96967d5f81544819569f72b1ab7e2ce14cf6a77066da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
Filesize
114KB

MD5
9940444628547c15ae07e96dfad9644b

SHA1
2bfb56c72f351734debf2e646b432f347e82ff66

SHA256
13579ff8ca8ba5a8f0861928c9c0d9c8260af5313b69e24b29be44d7e2f86a21

SHA512
4c2529d8e4f1556ba79514ac7d5f945180093054800c1f193d03f32d8a13cf74e8558a1b5796954934e3d57114652d838223c60d3dce919586e4103bf61321b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager
Filesize
40KB

MD5
7340fd6827dfb34914d1c9ff4d414a97

SHA1
7437b1b7d4de1a892b725d9904ef957100726f4f

SHA256
8c261c6fe0384a0eaec0e0cbc0b9e23f851eb5713806cc02a17edf610cc25290

SHA512
cac8825c507fa8b825c846b683ec31a08333d532c09bbffe06db2e7798c1c060fe05ba8ed838b9a71b703d53eff30833407422d8cbc32d2159a4f054c940e194

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal
Filesize
8KB

MD5
c4791a365a31a3b61d3fd011c3931883

SHA1
feb836a9a5beba93223c60da49b4147b161ceba7

SHA256
e1ba7c79930876bdfc4364fa7374ae8e5a441839002ea38fa5a3f4550b986d24

SHA512
d051c73a785c61f802e8e3e4f1c2579c5a1619cb5e02fe2a237e6cd5f45682e976b188a72b2cceb96f8e2c7e5c2170c8600603a6b296e119fa91ddc91566ca72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
Filesize
13KB

MD5
00ff6ddaa4a6b838068a27308e3837fe

SHA1
b58e5b977f0cfe4eb3cd287b99cd343ab0796cb0

SHA256
27358ddb566e92e16a526fd7f018bde9e041557db518055710448942b04138c2

SHA512
ffbe6d61d6491da26b0d1ba445ccbf6d061e89e1a7dbf56adf4eb98fb5828e103be00f8df18d78cedc03c60084e4d1e14fce9aa1b184e39b17aae9ae05e5bdce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
Filesize
317B

MD5
143d3fd5cd166611ca6cb22fefecdaa7

SHA1
4b36b91b0a020ebff2754a00d81f21d95261bff4

SHA256
9164188c566e4692c4d01550497fb863451ac3f41cf778c0c88a9bb8c0daa791

SHA512
aec874c2f0e67875aef5ee66effa10a75827123f49cab1c635a3dbcdc2db838f31b5cdeefbe2593bddc433ed0bd8c22d2be3638f595d7245dfe9fde6976014b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
1KB

MD5
0f79486928c6b2e14126de488c36f904

SHA1
4f08eff3b4a17f181e157317b4e15e1e2e08dfd7

SHA256
502626ea25382e0fcfcc450a83b6005ed0ef3610c9bc792467950ca005352830

SHA512
ffdd202e26a412fa682fdf39d50fd03e93755f49670e84579c59ababff4172fe528002bd5d1b7011c5095eb45443f180ec8b08050f4e6348d1bf54df15ce616b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
Filesize
335B

MD5
101864d6bcc3becfa80202f6c87191f5

SHA1
86f2985ed17033da1b7864123399fe6505b3731e

SHA256
a1db9e194c922069bd34b755715f5f3eb6b3b40cd48e9de3f784e139b143c943

SHA512
5d424a3ca61564347d5a3cf82a17b91d781223e313cbe3942874fa410998cbcd2cc440bde17c64d100b95207988aa07c1c6508698b463309eaa74e22f840bc01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
Filesize
44KB

MD5
1b2c87cde6471326d87ad22dab39980c

SHA1
7748e86d0193009c1d95abbaee68e8252d315099

SHA256
d5ca615a2e7bfa52fe4a57f68fe09dc9843e46b3cdaca5ab296e4f6ff5f138e5

SHA512
a6ba0878cab88ede9077236e8e1e2823be1acee484d5a348fbdf7705617d2e2feae00df9dceea617599b34b3201e9112e7f20e4a01f157e5eae43d3b60021aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
Filesize
264KB

MD5
8632f0293c4d1cdc5e7cfa0b2d87d16a

SHA1
2616b65ffd100011e27bdd7ef8f5e06e09de2b97

SHA256
75f5192f6c7a3162f9a73d6e6fe11b27c3c25e38bb140f7e76e0dbcd60eb8f12

SHA512
1232cd0087b6c93fa9b36b289ed715ccf6fc611f38401aa125a4981cabb41c39ce794a14f4b75d39c9b0925451fd298b724e3a7c0c678513e20dd36add7a7bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
Filesize
4.0MB

MD5
343b5faa34f6eb34a1d6e716dcdb38f4

SHA1
5292d47fcaf21cb3435494977b86ea6f27fbfa54

SHA256
48a17867cbdcdbe72472f3d2356e7ab1969d9c28ecf477f2546935d816e2a67a

SHA512
d94cd8388cb09ef1d1d152b697c14ef20b92a57f78162d3906a743197abb8982a7287a7eba5b357788880b3524ef5b6825200759eeaff773c3d0ebba016abb17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
Filesize
14B

MD5
aaa1d3398c11429309df446cc70a4b24

SHA1
426037d880450cfe67c0db4e8836d8cf67c3af33

SHA256
d3c5bb416732a0643cb435ce980e4cf7ed0d96375d6d1d866565ffa4cf5f4e31

SHA512
5400a74ad59ee80e11b97e884bedee53af567520b807e4c3c43b68446bb495a967e22838aeee4bfbf02486ec5abfb2e821c5165ab2b894a54e0d7eb70c7355a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
196KB

MD5
c7d44c21f162861c5f64a578caf3e053

SHA1
422da23dd37ad7af7ef0821a991f486a7aa60719

SHA256
3b0382b95e0d0e85274a16b5b47ab30b842407e72730bef8149dc74886e3b660

SHA512
f3fca86ca6623450ff7faf5eb15f58449928b6c695f7c96d9c51f812b0c8d0729008c0ac25ced72af1c858f091f9ac8b7624298b71be398db53956c8f00fbe3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
196KB

MD5
cc7d2a927fd88ba59dadfc98a1be7954

SHA1
ad2d5c18bb31028a30656e600544fb89607e7a86

SHA256
561fadbb080968b9297498c3446c0587aabfbdf431ee76090963ec4e09aa46a2

SHA512
0d32d9da9703753bf1166ed739c62505108b1946c0790485090ab76284982a09db5cad6c43e6188dfbbe751818b43181274b63d4e9b68b3980572acca84528fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
99KB

MD5
1c76ca75bfb05ab423f12edac30820dd

SHA1
63f0e857bcc947bfc53ba7c8a211da366120515b

SHA256
5bca7e574d3e6d4f9fb2e7b343508a2a245905ced335aa10306ed9af798c70a3

SHA512
315201d3bde35721f48f4de7ea3d8f6689bbe1c5b0a0e1c7aa059ef42487d5ce0807b92ec9900dec9df5f80f3fa80c3d1fe75e50b90845f75972c0a01b40721d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
196KB

MD5
129c29cb4cfef3401374e2d640baf4e0

SHA1
7f16f6b0d54a414ec49afd70e24cfcf3fd77ef64

SHA256
93d1642a7241ecc2d35fd953de131675b1d05c8370035ab763558b505d21c126

SHA512
3746a4424d84589f5c3ac9642c78ce3f5ae0daab58b90bfb3151c23927baf8f6b8f63ccf0d5d7894f7bc1393e2f8a512f0b5fe3e31a93ea1a18e10691f85b7d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
99KB

MD5
356944e9ea96fcee19fb57014efcbcc9

SHA1
62e432305f8c65966b530c9f7d3a948f3d8a0bee

SHA256
41451017c3a7a1dc3b59d60a2064c9732b79c37dbba1a142512511b366e0d273

SHA512
c782066ab2ced76f83319c746082a4b80f798839012febb9d4e1ed298afc871e28755c7ae874e8e7703642e7d5c3e45196d11ca2e5c9a12e811deef9d36311f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
d82d3ea8d3a72775ce1cd96d99baf29a

SHA1
b170aa4e1736b2f55b8c09e4a6a8609b0f8276e4

SHA256
f39aeead958ac7fc62dde723f0be7ef8d91057de16780f5fc24da1a36bbdcec7

SHA512
32f5008891e34a3c84c3268d1ab3a213ce59214da8e6e45e0482c5c89ee60617e04479a542fc497ac2ee3b862116324176ae41c5e266ad2e2401978d9c44e328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db
Filesize
28KB

MD5
c48c8dee1061351fa24befe77d37ab9d

SHA1
d1db0b76818a6069843aa353e4f425cbe1d8f9c8

SHA256
3b7213e317b23b6250f65c6a8ec0bddd17524dc869e5a7422e0da0c726ec392b

SHA512
fc9dc377d348824a782477f8d438119d81cc29623b3f3a6631d71126686fcfa369bfddfc8b6dca1d6739b44bf3e34a6add1e3415183de459238ab9c339ae32c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
11KB

MD5
3b93e8913526aafc852e040916ebb33b

SHA1
e4c241067beecc1f6c11c223975f99c000ee404c

SHA256
c832b51b60b10fb06325d80ef559aef72eab725909d5e8285ad76abf2ec9fa44

SHA512
85898bf66554078a27819c785b3f13edfda288daf86538ad64614530f118e5eaeb172d8e0276c726f5a2083d2a26c9fc653622299f0b7740500b9adf3363fa88

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
11KB

MD5
1aa4f0a36e23a7d07c600340176afece

SHA1
0c0502b1beb76292ae1f0ae574018c4a4d25ef7e

SHA256
b30cc338fd5588b371599ef70da98afb5883b7bfbf4981c0901774fa9a07ce98

SHA512
3c1de082a020acab1a2d74c6772eb75e7a273a148a3a0ea7167d6c93bb71d40673c2ab3770fcd303a1c867b14b2717517300dbba93d533577696e818d8050344

Download Submit
\??\pipe\crashpad_1832_YJWYEDFDUHKKJMKE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit