86a47093b7e1222f391b70024b70e498f8ca75773e1e7fa17d7bd682ef8a07aa

Analysis

max time kernel
62s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ChromeSetup.exe
Size

8.5MB
MD5

92633d66ba78b30bbb34b7254ad245ce
SHA1

db746b49e11204f83a730d74e337c476f0e9cd3f
SHA256

86a47093b7e1222f391b70024b70e498f8ca75773e1e7fa17d7bd682ef8a07aa
SHA512

ebc8e20f8f393c359540fb9d4c22b86338cef469a2e6d245f0d8c2c6ff1e293ed54d3c28274ca9ea960607bc470c9ca189dd45c936f9a8c24c88ff5ca883e917
SSDEEP

196608:6xfKlmR5/9Bz6nKuvueLWj9HC/Zfy5hPza21BNmxIVFuvgW8B:6bR57WnKYueL88ZK5Za21BNmxQFuvg

Score

7^/10

discovery evasion persistence privilege_escalation spyware stealer trojan

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\127.0.6533.89\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable"	setup.exe

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	updater.exe

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	chrome.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	chrome.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk	setup.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	chrome.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	setup.exe
File opened for modification	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\CR_779FC.tmp\setup.exe	127.0.6533.89_chrome_installer.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Extensions\external_extensions.json	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\bn.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\en-GB.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\ta.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\uk.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\WidevineCdm\LICENSE	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\v8_context_snapshot.bin	setup.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata	updater.exe
File opened for modification	C:\Program Files (x86)\Google\Update\GoogleUpdate.exe	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\el.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\nb.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\pt-PT.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\ur.pak	setup.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\cs.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\gu.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\chrome_elf.dll	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\dxcompiler.dll	setup.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\chrome_pwa_launcher.exe	setup.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\934657b9-91b1-46fa-adc4-d7ecca0860d4.tmp	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\6f77ce4b-6c1f-4596-afc5-e6e49cd9b2e0.tmp	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\hi.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\tr.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\VisualElements\SmallLogoBeta.png	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\chrome.exe	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\chrome.dll	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\vulkan-1.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\updater.log	updater.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata	updater.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\settings.dat	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\sr.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\MEIPreload\preloaded_data.pb	setup.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\prefs.json	updater.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\prefs.json	updater.exe
File created	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\CR_779FC.tmp\CHROME.PACKED.7Z	127.0.6533.89_chrome_installer.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\52b20e2d-d554-44cd-b2eb-8461e087e364.tmp	updater.exe
File created	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\CR_779FC.tmp\SETUP.EX_	127.0.6533.89_chrome_installer.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\sw.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\metadata	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\chrome_100_percent.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\pl.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\vk_swiftshader_icd.json	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\chrome.exe.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Google\GoogleUpdater\updater.log	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\af.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\lt.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\nl.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\VisualElements\LogoCanary.png	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\VisualElements\SmallLogo.png	setup.exe
File created	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\127.0.6533.89_chrome_installer.exe	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\en-US.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\ja.pak	setup.exe
File created	C:\Program Files (x86)\Google\Update\GoogleUpdate.exe	updater.exe
File created	C:\Program Files (x86)\Google\GoogleUpdater\e42deda7-0b2a-402b-bfac-c59073851a61.tmp	updater.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\he.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\Locales\zh-CN.pak	setup.exe
File created	C:\Program Files\Google\Chrome\Temp\source2068_1400520906\Chrome-bin\127.0.6533.89\chrome_wer.dll	setup.exe
File created	C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\manifest.fingerprint	updater.exe

Executes dropped EXE 22 IoCs

pid	Process
3524	updater.exe
1584	updater.exe
3864	updater.exe
4584	updater.exe
1600	updater.exe
4040	updater.exe
1544	127.0.6533.89_chrome_installer.exe
2068	setup.exe
4436	setup.exe
1876	setup.exe
4408	setup.exe
2204	chrome.exe
3868	chrome.exe
3612	chrome.exe
3504	chrome.exe
4956	chrome.exe
2632	elevation_service.exe
2468	chrome.exe
440	chrome.exe
4820	chrome.exe
2388	chrome.exe
2944	chrome.exe

Loads dropped DLL 25 IoCs

pid	Process
2204	chrome.exe
3868	chrome.exe
2204	chrome.exe
3612	chrome.exe
3504	chrome.exe
3612	chrome.exe
4956	chrome.exe
3504	chrome.exe
4956	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
3612	chrome.exe
2468	chrome.exe
2468	chrome.exe
440	chrome.exe
440	chrome.exe
4820	chrome.exe
4820	chrome.exe
2388	chrome.exe
2388	chrome.exe
2944	chrome.exe
2944	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ChromeSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	updater.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1544	127.0.6533.89_chrome_installer.exe
2068	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674175496583136"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Google\Chrome	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Google	setup.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Google\Chrome\InstallerPinned = "0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{699F07AD-304C-5F71-A2DA-ABD765965B54}\TypeLib\Version = "1.0"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\1.0\0\win64\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\6"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5F793925-C903-4E92-9AE3-77CA5EAB1716}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\6"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib\Version = "1.0"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{F4FE76BC-62B9-49FC-972F-C81FC3A926DB}\1.0\0\win32	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ = "IPolicyStatusValue"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{CCA9FC90-B200-5641-99C0-7907756A93CF}\TypeLib	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCA9FC90-B200-5641-99C0-7907756A93CF}\TypeLib\Version = "1.0"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\ = "IPolicyStatus4System"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{4DC034A8-4BFC-4D43-9250-914163356BB0}\1.0\0	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib\ = "{D106AB5F-A70E-400E-A21B-96208C1D8DBB}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\TypeLib	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\TypeLib	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9CD91E3-A00C-4B9E-BD63-7F34EB815D98}\1.0\ = "GoogleUpdater TypeLib for ICurrentStateSystem"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\ProxyStubClsid32	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\TypeLib	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\TypeLib\Version = "1.0"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\1.0\ = "GoogleUpdater TypeLib for IGoogleUpdate3Web"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\1.0\ = "GoogleUpdater TypeLib for IUpdaterSystem"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\TypeLib\Version = "1.0"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\1.0	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{513BC7DA-6B8D-45F7-90A0-2E9F66CEF962}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0\0	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C4622B28-A747-44C7-96AF-319BE5C3B261}\TypeLib\ = "{C4622B28-A747-44C7-96AF-319BE5C3B261}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DC034A8-4BFC-4D43-9250-914163356BB0}\TypeLib\ = "{4DC034A8-4BFC-4D43-9250-914163356BB0}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\1.0\ = "GoogleUpdater TypeLib for IAppCommandWeb"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1588C1A8-27D9-563E-9641-8D20767FB258}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\ProxyStubClsid32	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{F4334319-8210-469B-8262-DD03623FEB5B}\1.0\0\win64	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{5F793925-C903-4E92-9AE3-77CA5EAB1716}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\TypeLib\ = "{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\TypeLib\ = "{0CD01D1E-4A1C-489D-93B9-9B6672877C57}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\TypeLib	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\TypeLib\ = "{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{8A4B5D74-8832-5170-AB03-2415833EC703}\ProxyStubClsid32	updater.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\ProgID	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\TypeLib\Version = "1.0"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{D576ED7F-31DA-4EE1-98CE-1F882FB3047A}\ProxyStubClsid32	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{F258BE54-7C5F-44A0-AAE0-730620A31D23}\TypeLib	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\TypeLib\Version = "1.0"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib\Version = "1.0"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F4334319-8210-469B-8262-DD03623FEB5B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\TypeLib	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\TypeLib\ = "{F63F6F8B-ACD5-413C-A44B-0409136D26CB}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8A4B5D74-8832-5170-AB03-2415833EC703}\1.0\0\win32\ = "C:\\Program Files (x86)\\Google\\GoogleUpdater\\128.0.6597.0\\updater.exe\\5"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Interface\{CCA9FC90-B200-5641-99C0-7907756A93CF}\ProxyStubClsid32	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{1588C1A8-27D9-563E-9641-8D20767FB258}\1.0	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\TypeLib	updater.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ACAB122B-29C0-56A9-8145-AFA2F82A547C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F966A529-43C6-4710-8FF4-0B456324C8F4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	updater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\TypeLib	updater.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
3524	updater.exe
3524	updater.exe
3524	updater.exe
3524	updater.exe
3524	updater.exe
3524	updater.exe
3864	updater.exe
3864	updater.exe
3864	updater.exe
3864	updater.exe
3864	updater.exe
3864	updater.exe
1600	updater.exe
1600	updater.exe
1600	updater.exe
1600	updater.exe
1600	updater.exe
1600	updater.exe
1600	updater.exe
1600	updater.exe
3524	updater.exe
3524	updater.exe
2204	chrome.exe
2204	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: 33	2896	ChromeSetup.exe
Token: SeIncBasePriorityPrivilege	2896	ChromeSetup.exe
Token: 33	1544	127.0.6533.89_chrome_installer.exe
Token: SeIncBasePriorityPrivilege	1544	127.0.6533.89_chrome_installer.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 3524	2896	ChromeSetup.exe	85
PID 2896 wrote to memory of 3524	2896	ChromeSetup.exe	85
PID 2896 wrote to memory of 3524	2896	ChromeSetup.exe	85
PID 3524 wrote to memory of 1584	3524	updater.exe	87
PID 3524 wrote to memory of 1584	3524	updater.exe	87
PID 3524 wrote to memory of 1584	3524	updater.exe	87
PID 3864 wrote to memory of 4584	3864	updater.exe	89
PID 3864 wrote to memory of 4584	3864	updater.exe	89
PID 3864 wrote to memory of 4584	3864	updater.exe	89
PID 1600 wrote to memory of 4040	1600	updater.exe	91
PID 1600 wrote to memory of 4040	1600	updater.exe	91
PID 1600 wrote to memory of 4040	1600	updater.exe	91
PID 1600 wrote to memory of 1544	1600	updater.exe	93
PID 1600 wrote to memory of 1544	1600	updater.exe	93
PID 1544 wrote to memory of 2068	1544	127.0.6533.89_chrome_installer.exe	94
PID 1544 wrote to memory of 2068	1544	127.0.6533.89_chrome_installer.exe	94
PID 2068 wrote to memory of 4436	2068	setup.exe	95
PID 2068 wrote to memory of 4436	2068	setup.exe	95
PID 2068 wrote to memory of 1876	2068	setup.exe	96
PID 2068 wrote to memory of 1876	2068	setup.exe	96
PID 1876 wrote to memory of 4408	1876	setup.exe	97
PID 1876 wrote to memory of 4408	1876	setup.exe	97
PID 3524 wrote to memory of 2204	3524	updater.exe	105
PID 3524 wrote to memory of 2204	3524	updater.exe	105
PID 2204 wrote to memory of 3868	2204	chrome.exe	106
PID 2204 wrote to memory of 3868	2204	chrome.exe	106
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 3612	2204	chrome.exe	108
PID 2204 wrote to memory of 4956	2204	chrome.exe	109
PID 2204 wrote to memory of 4956	2204	chrome.exe	109
PID 2204 wrote to memory of 3504	2204	chrome.exe	110
PID 2204 wrote to memory of 3504	2204	chrome.exe	110
PID 2204 wrote to memory of 3504	2204	chrome.exe	110
PID 2204 wrote to memory of 3504	2204	chrome.exe	110
PID 2204 wrote to memory of 3504	2204	chrome.exe	110
PID 2204 wrote to memory of 3504	2204	chrome.exe	110

C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe
"C:\Users\Admin\AppData\Local\Temp\ChromeSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files (x86)\Google2896_737854670\bin\updater.exe
  "C:\Program Files (x86)\Google2896_737854670\bin\updater.exe" --install=appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={020437FD-F95A-3456-614E-C524C3DFA102}&lang=en&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-statsdef_1&installdataindex=empty --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/updater/*=2
  2⤵
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3524
- - C:\Program Files (x86)\Google2896_737854670\bin\updater.exe
    "C:\Program Files (x86)\Google2896_737854670\bin\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x5dc694,0x5dc6a0,0x5dc6ac
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1584
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer
    3⤵
    - Checks computer location settings
    - Checks system information in the registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2204
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.89 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd7e21e790,0x7ffd7e21e79c,0x7ffd7e21e7a8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3868
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,7130700564840393763,5769012211156262750,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1904 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3612
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=2168,i,7130700564840393763,5769012211156262750,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:3
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4956
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2256,i,7130700564840393763,5769012211156262750,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2416 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3504
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,7130700564840393763,5769012211156262750,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:2468
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,7130700564840393763,5769012211156262750,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3224 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:440
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4164,i,7130700564840393763,5769012211156262750,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4216 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:4820
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4544,i,7130700564840393763,5769012211156262750,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4644 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:2388
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --field-trial-handle=5008,i,7130700564840393763,5769012211156262750,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5044 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2944

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --system --windows-service --service=update-internal
1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
  "C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x114c694,0x114c6a0,0x114c6ac
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4584

C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
"C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --system --windows-service --service=update
1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe
  "C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\updater.exe" --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=128.0.6597.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x278,0x27c,0x280,0x254,0x284,0x114c694,0x114c6a0,0x114c6ac
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4040
- C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\127.0.6533.89_chrome_installer.exe
  "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\127.0.6533.89_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\de3da749-1a6f-4a4e-86fa-8a6cfb1a5835.tmp"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1544
- - C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\CR_779FC.tmp\setup.exe
    "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\CR_779FC.tmp\setup.exe" --install-archive="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\CR_779FC.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --installerdata="C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\de3da749-1a6f-4a4e-86fa-8a6cfb1a5835.tmp"
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Drops file in Program Files directory
    - Executes dropped EXE
    - System Network Configuration Discovery: Internet Connection Discovery
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:2068
  - - C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\CR_779FC.tmp\setup.exe
      "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\CR_779FC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.89 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff63afa41f8,0x7ff63afa4204,0x7ff63afa4210
      4⤵
      Executes dropped EXE
      PID:4436
  - - C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\CR_779FC.tmp\setup.exe
      "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\CR_779FC.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
      4⤵
      Drops file in System32 directory
      Drops file in Program Files directory
      Executes dropped EXE
      Modifies data under HKEY_USERS
      Suspicious use of WriteProcessMemory
      PID:1876
    - - C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\CR_779FC.tmp\setup.exe
        
        "C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\CR_779FC.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=127.0.6533.89 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff63afa41f8,0x7ff63afa4204,0x7ff63afa4210
        5⤵
        Executes dropped EXE
        
        PID:4408

C:\Program Files\Google\Chrome\Application\127.0.6533.89\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\127.0.6533.89\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google2896_737854670\bin\updater.exe

Filesize
4.7MB

MD5
823816b4a601c69c89435ee17ef7b9e0

SHA1
2fc4c446243be4a18a6a0d142a68d5da7d2a6954

SHA256
c2a7c0fa80f228c2ce599e4427280997ea9e1a3f85ed32e5d5e4219dfb05ddb2

SHA512
f3b38807ed1eb96c932e850b9b37551554408a628bedf12aa32bde08c442ff3663bf584335e7eab193ce2cf7552bce456737c96a2ba9faa953150e6304068fc6

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\128.0.6597.0\Crashpad\settings.dat

Filesize
40B

MD5
d6efb55adb088f4fca5dd3ae68dca59d

SHA1
3262d04c776016d7f1f563122e2f541c582493d8

SHA256
fc8dffd43a2f66d7f0668600ffb8184e6e5e5e740eba59c0fd11c3a8a7b63974

SHA512
29ea39012f4275e4b24ebf9d5201385f2f8ab93a53c3b2ed5d97eb1eae78cc7c9d6ab86490774fee4b4b9ba3990ca31b0d7fb3f19ee6ff90f5e65b9d5b329b34

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
492B

MD5
f5eb68c7331bf72a993da741527a3f77

SHA1
bec26ef4b23dc9d41217c296085442c0de1f4993

SHA256
951d3a57c6b128e04114e33113ff63c7ec77b89621394a0a055b74314e520ad2

SHA512
248ef286380aa1f367af5d4b842b8d0c3cd49a9c2e0cde408eef53fb4af57d73c4973ce40709a021cabd90ba1ce663d6914a4d1a4ce7c2f947df28f04d312568

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
354B

MD5
d4927578fc92dc543365aa4e43b202ba

SHA1
5e1aeb950ac6ac3f071fa02f90a4fbc0c8e5304c

SHA256
4ac029c04a6e82f4c588237f57a798b4285c818bdbb4250c20f11a5b95d4ecd1

SHA512
4c6cbf4bfb4279edc6d6bd816ca4d1d4dbc8b7f06d875493ffeea3a8782568f49911db28aae743a41962bbe4fe34afc531e119be58888a2acf0623e99df38e95

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
49B

MD5
7b693a82168c33ec9e8cf276859ddf7f

SHA1
d396dbbe299fe7754a6244d01e97cc4edd0693eb

SHA256
84a9a7f43db56cd6e9a408f88244e8ba5efbe48a5b5168d321f112b8c8fd8e3f

SHA512
4064c158d753d19a72e1be1c8bd5fe7f22e2032d67d1dd7ea1d85ce652d63c69b85a4292c4403b0f7729b05607f3d1ccfaf4d27d04ad09ffcec70082450320ab

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json

Filesize
591B

MD5
a9063eeee9186cdea7d0912d60aeb9de

SHA1
3191fcab9b94953b01dd4743ff05786a640e406e

SHA256
cc875692e9ac8e691cdd7007fb6b504c844267a1fb9a66b574e19616b9edf93d

SHA512
042755dd7622eabc26e93b8b51d14fb0f7f23775a9814fbbc9bad37a477df162b9d182d49061ecd8f26d9e6e4f896a550d627b575ca8373ce00f35ceb6248701

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
4KB

MD5
417fdfd3374d43c52242f02021113afc

SHA1
03c171eac46742f65d53a50ff20ce2ea13af45a0

SHA256
efcf31da84124913bf76af5623f4fe5553c8499d200a547f90ec06ac69f00cdd

SHA512
78b742de78ad25c3355fb89de9ac24044106843707a21f68b5ea9d348f8526a4bc944f98a9ab16bff5e3c1323299ce5a8d19ddae617e4d97b5e55cd4fc10f6d4

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
5KB

MD5
5b9f33bfd8caaba43fa2307e907bd8a3

SHA1
f41aa846d2be8f7192c60344ccbd43dbfa5f8089

SHA256
cb38e36fa5e6d250c4b473df46ec2e5db65cf8aec8d870ed360b99f957b5b50f

SHA512
00256a21f7bc699d836493901a4f82ca729873bfe1b26cbcd13f574a552439cff93b6876d92043810f93cc1152d6db9924dd95e339746766acc77ff00be7aa12

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
9KB

MD5
a8ec6822f8932ae73eab76b207c336b8

SHA1
9dacc624786562a47c8e003ab6de2c27a55705db

SHA256
19b3d3b73829b9023000911c93097b7a6b48cc6b306455d0e20d8767b0e26a3f

SHA512
0e3528eb883cf4ab79e05daf1fcbf1af49a8fbeacfdce348c892936b6ce442e01bfb12fe1d8a8c41fc77d8d56e4483194afef36629e35d3e31f3ba94c5097f45

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
11KB

MD5
1c59aa8746e4068371001e266239ea09

SHA1
8f1827cecc18c70cb0105119d8dc3377b3d7a11d

SHA256
beb9385ee08594204197b78c2adf3ab6c8e23a558c45e21a358a11f76ce16b79

SHA512
359dd965b75c5b9742117a7a049bedb9541b1a2215f6adb7799aae078dd828f78c8da6385fb618c009d28b85a12e8725008896489dd6e30146357609800cdc50

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
1KB

MD5
e5b9a79228e1a027c3ce22fc2c666761

SHA1
f475727612271621d7761115bfaf580f971c38c4

SHA256
40ce375752a32dbcaf9cdd03e5791e1e4d2fd3d412f66856adbd05e98e48fe86

SHA512
ce6710555a88041899619a1880b8b2b12d7e19ee80862bcd2d6ee615b387f54a66c9b09f34972c013bc7ac330425889fd572b50ee014504f6792762366b94b9f

Download Submit
C:\Program Files (x86)\Google\GoogleUpdater\updater.log

Filesize
2KB

MD5
c44bc5855e0efa2bd402d039745b0057

SHA1
ac164125506fc3756499a65ed5ac561f878ac0de

SHA256
a39ebb2b921b2e9dfa17d24589a2565247c7e2f427d176b5b192af7acea31e18

SHA512
5adec7d94879f3213806cde239d7ae385446586f933b9d5a126d295b5655022a29d51c05bfbafe1c8747d05d773044dc216c9fb3de1f70679638543ba6e02c85

Download Submit
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\CR_779FC.tmp\setup.exe

Filesize
3.9MB

MD5
60c59d57af467f484d2301cfc3c825a6

SHA1
7306c8b0c7d1557cbb9c2b558dd1054609d63545

SHA256
c7c81f53e39093e634aa69067becbf2d97fdf50fe1da00b90450bd59037cf6a9

SHA512
a066fef9610de4f75e5c2187e4443d5310f72c0a822f3fdae6f5b0aaf1c31e4242214768fd10de3d57abfc7dcb51cc1d360378e3f4da783d8c688d7a036ddaba

Download Submit
C:\Program Files (x86)\chrome_Unpacker_BeginUnzipping1600_658037913\de3da749-1a6f-4a4e-86fa-8a6cfb1a5835.tmp

Filesize
654KB

MD5
4492a0d3e880cb2a7d0798dc0685d75d

SHA1
f0114c6b3fd626897d68c49879af590dc95c6ecd

SHA256
c24393e52eacda8b7037b1a818c356795069d8631685535fce471a98c18f1847

SHA512
f267bbabfb7be026b2181f1fa57aa7c743c03026eba4ae7e258e3ca716a210c664d51092d6ad98842a61de4533135083d17cb9edfc4cde4cdec231203985ae43

Download Submit
C:\Program Files\Crashpad\settings.dat

Filesize
40B

MD5
1f29661577d73d34562cfa83922a8705

SHA1
8c5d38f6eb3813c1d1150017f05f8930e61c0094

SHA256
190e8f98579bece07125bca4c381358033766dc5aca06dd0b282442b814add69

SHA512
ab47ef3d1cf83ab70da597184f518480440048635a9915065f76fc98c6aeaecd75c5f27319c9dc224625a8534c230303cd0a2844a07c892ab30f331438b64f3a

Download Submit
C:\Program Files\Google\Chrome\Application\127.0.6533.89\chrome_elf.dll

Filesize
1.2MB

MD5
96a42a2599ee7302d008d45709318e36

SHA1
3ddb510e882f154b2602a9b72ea891637de255ae

SHA256
4ccd689e7058c9c12f56cc4d5cf792855d5603a2853f011f583f6720d2ad8d64

SHA512
41ec67cb9e9328957b2407ed0dab6eaa43ed9d18a35b61c60936be8d2f284b55090dbee09d93329bce796accb37417e2bae0b8f42b517b24e6812f7f3a39da41

Download Submit
C:\Program Files\Google\Chrome\Application\127.0.6533.89\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Program Files\Google\Chrome\Application\127.0.6533.89\dxcompiler.dll

Filesize
20.8MB

MD5
ef27fb10efdfa228500e1f735381d4ed

SHA1
6f6ffa85abe6162207a69d711c7cbd5c128470fe

SHA256
66a1dfbbf8efb90456ac2f03bdc05299dc7b9a6e7767d2dc522e70191daf8bb1

SHA512
d00a679eb048130e41845e4363cd94537f4c5edcca4054c61c4eda14e690c278fe196a4d799ac84dc66b5c0f4ec2b28d8d552ae07273d6c3deba7d039cae0d3e

Download Submit
C:\Program Files\Google\Chrome\Application\127.0.6533.89\dxil.dll

Filesize
1.4MB

MD5
30da04b06e0abec33fecc55db1aa9b95

SHA1
de711585acfe49c510b500328803d3a411a4e515

SHA256
a5fe1d8d9caa2ff29daffd53f73a9a4e19c250351b2abe4fc7b57e60ce67ac68

SHA512
67790874377e308d1448d0e41df9dd353a5f63686df4eb9a8e70a4da449b0c63a5d3655ab38d24b145ad3c57971b1c6793ea6c5ac2257b6eb2e8964a44ab0f08

Download Submit
C:\Program Files\Google\Chrome\Application\127.0.6533.89\elevation_service.exe

Filesize
1.6MB

MD5
a42c5c204ca0c6bed2e7154fb47c30bf

SHA1
e5bae65d81fe76ef1a8ecbfa6e45901452cfbbbe

SHA256
481472459b5c1be48ff3985bf59f6b5c3ff5677eef23ba84bba8cc8efe7ef7f9

SHA512
88f51ef506d66b8989ef9211d2ee2337d213c342205e6cf8632c3cd5408b82181f825be5ddeca18cdb462ac599e61939944a2106ddf6ea3f188938c05704c16a

Download Submit
C:\Program Files\Google\Chrome\Application\127.0.6533.89\libEGL.dll

Filesize
463KB

MD5
e719a66461c0892769f773f672425078

SHA1
468fbcaa0624daf96ddd76f5f1d6bd5f1de05dbc

SHA256
2866458fbf9057ed201d36ae8d07eff106d42d8ba392f43860cad26e226c73f5

SHA512
792c257123d1838908cb1f3eb7b81e69773ae9487832e33434c5b40f9af04af0cad6aa052209f1819f081fd29d87568522da9d4c2c3716d7eeb7f61fe087936f

Download Submit
C:\Program Files\Google\Chrome\Application\127.0.6533.89\libGLESv2.dll

Filesize
7.6MB

MD5
b62ee232b907bc3e571a2afc4a970670

SHA1
d6f1967682affc1608ae1a3122decd203a4e0c1e

SHA256
853bdf0d45232705ccd0450d0b3fda9d7d426c125f0ee6baf30dade8284c6ef8

SHA512
5cdb58463e566c1f52f084c95cf72dc520dc9a8b855f52f408148e79db0ad9588b0ba30bbf6e9dd06052a1da2433a9d5f8dd60c335462bd58f17af167608a83a

Download Submit
C:\Program Files\Google\Chrome\Application\127.0.6533.89\vk_swiftshader.dll

Filesize
5.0MB

MD5
078384e75782adde43a4fd1cbe80707b

SHA1
4ab7104b9425bd6c4fe9d8f4db9fe5ca745bba0c

SHA256
32c4b7f6d17229a351b99521a4c5f9df1005864610df33ea2cf9728dbb837dd6

SHA512
a73471d0509fdac3d5576407d481d4754d2973730d36670c10ab3c35f814c39db290416977f905e71aa3d1244cf9856f0248e133293619e3aec851d56b447607

Download Submit
C:\Program Files\Google\Chrome\Application\chrome.exe

Filesize
2.4MB

MD5
2126c7c7750b19301ab9cf5b83163629

SHA1
0bb457eae5e584cabd0ffeed177529ae2ea60b29

SHA256
39c6fda982646f8595d2de92fd6a4a47ca6d494c74e10acfd5a539636fe0b500

SHA512
22dca04d1606ff75f3d2fc0329b36fc90c526a404133f69946a9d710c037a58e5656ccbe217dbfb4ae732aab6624d5c3717a2eb717c8bcaafbf568c77d740b59

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

Filesize
2KB

MD5
5dba923a923fa343c5d21ef906cca139

SHA1
95640b457f8010fa30c47056e129c60daa375c38

SHA256
630edd149d31529d74a938ec351a96c39d71e988d5b5b95107018e7aec1519cd

SHA512
9ba3c2192c9a2b8673d91db34633727cfdf5245a5f9d0761a3849002af2238701fc2d4920d1225e6d7518baa8619b1dbd5a7b8c90e2b7be5fb514bea22d35aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

Filesize
192KB

MD5
505a174e740b3c0e7065c45a78b5cf42

SHA1
38911944f14a8b5717245c8e6bd1d48e58c7df12

SHA256
024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d

SHA512
7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c3f98c42d0cc8b4dcabf1964a35e7f0d

SHA1
10c34d9936748bebfe9ef33a05c8f07f73cd746e

SHA256
d887cfa12259da7ee4d4de4c75a478304f548b9238f857d52c45ca574bcddd73

SHA512
8047df95ff76ba61534b0e65fa496fc928d64fe3dab91466f3b2d9a870f960ee0f19b46121ecf1801e948be3f0934a4a5acf405b187b140f602ad2b91f30e19f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
83e6e1c6ec91c87934e4182ccc2c303a

SHA1
0fc3c5ed70a69c6631d7644b4c74a69647281863

SHA256
2a147d17cb182f385a1922ea700b1e8a117b3e6709713e19660255c7a951dc8d

SHA512
1c67054fcd2f1f44e368428f37cab16cf875809a9161aaf4ce3ab50d4b392a422758bdbbf128c3f7fa1b7203b6ce0fe5e66c1fa08e4f2f752563891c859825f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8edb9298d3967ec65f674532a64eaf44

SHA1
08337c85abae53228bd118022a4be91573e2a6de

SHA256
140d73632234faf0da756b43f3bdea6d0f61530b5e6d4ed334279779ccbe7488

SHA512
bca395ce84b17fb2cf2a518618028168d2b7f467267d9ea80090632b08f6a61cc122af1846cf3d12285cb121975316a3c1d55ab0274e2a42e4b479b9eaa96dc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d08c755e085ac8bc106becfbc8430d69

SHA1
1722134db7f26f19e5002eca2a68cfa458922e61

SHA256
37d90f67f9d3761c48dd74789fc0d103780d0050d711e71f48cc033b7e0bed5d

SHA512
e87902d2bd3aa37d895b77e6d36f58d32e0a6e062dd12e7a18840fa83219b048252ea5df9518cf1dc9245784e6104aab45d392a4f94ba3d57d58a49a73d4d7c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
98e27495a125d84de5ee01cdee140352

SHA1
f630905fdf77542fe44104414ba3650ef47f20d6

SHA256
dc89d5a1d561d3642a1c1b65e2a37db45a435dc76378d08e9fe05791427fd9b4

SHA512
51eb03e3cc55c81b7000a25b302761223bef6892a5d6171d18040faf39994d92172ab8e5afb24d3df47733f74d645f66ae15c52af6e30b647101bf81838a93de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

Filesize
38B

MD5
3433ccf3e03fc35b634cd0627833b0ad

SHA1
789a43382e88905d6eb739ada3a8ba8c479ede02

SHA256
f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d

SHA512
21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
179KB

MD5
6bcfcc1ccd0159aaee2777569cd6e2c7

SHA1
2d77185d596fd002fab2e12b058b12001f4c0f2e

SHA256
6dc71f4860143af4bd33d27fa394b40aab9ce5a0c030ee995165ae2a0434a6cc

SHA512
e9842ffef6acbd121ef96a1b87387c2b6208a93ae03691fe33969e1a65ccfb09a45044657ecb5fdd9fe641bc105f60234013b2c6c2094ac77232e7d31bbbd0fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
36ef77317d59a11812bc8d4ef5d1804f

SHA1
33022cc349915b4173ea247fda68f30a2c73c5bc

SHA256
ba7e39f3081f14c65dab036b84f1947ab9bb1480331ce46dfd90c470c454cb6f

SHA512
cc5e94c6d8d9fcc2a671b6f3f3a81d0d6900cee97b5e05f8a6b91b15aff425c0be0ba8c40e91c88502fb4a90737cb2b33ba701ad87c4c210e9638e692fa89a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d5007e6698e983ea2e23a39aead662a9

SHA1
76d691561bffdbfe484a0aad7c69dc6eb8e6269b

SHA256
5624359e1aab795f5fb39f016ac2ad9c6dfedb3f20def4905184f7a82319f734

SHA512
d35359e64dd81e24a0ac2f651be49bf7dc296b674640820674890414ddb90c2bbf6297387e59fd56b0cfe3b710f7af7a2485225dcb46e1c306811a4113512e83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
179KB

MD5
7cdf4fc6c95cdedbbc79fd0ac08912f6

SHA1
1c667ecf4125a8d8a3f7a7f1ae8cc3e0ea9c6a5a

SHA256
06e436955a6bf2febb142d758ad5386740ccfe7fd47b75b7ef84c12336fde922

SHA512
9afb6c83a81edd30cf9eaaeb901f6ee82bc7e250ddc53d43ac4d925a6af42f78bd7cff00a5231be64f715445c824e347370bf1cbb9f78b172cb873ea6b5da00b

Download Submit
C:\Windows\TEMP\chrome_installer.log

Filesize
21KB

MD5
35fd83fb33d698f4f6bf584768e6fe9c

SHA1
da28456545484b1e17d2dfbd2f2648b3243ea316

SHA256
3b516cf36863cb35cf79624417ba8004e09c200f11cc8357bc8a5e9fde7b7f7d

SHA512
cdfcca667de555c1926c6984323108313ee8b14cf6f7ff4dacaba19089a522e80c8fc0b534d276fba545d4cd504b059d3d002a6b8011917b113435be77a2d408

Download Submit