c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65

Resubmissions

07/08/2024, 11:26

240807-njvt8s1ekf 3

07/08/2024, 11:15

240807-ncnscaxgnm 7

Analysis

max time kernel
240s
max time network
247s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07/08/2024, 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rc8
Size

36B
MD5

a1ca4bebcd03fafbe2b06a46a694e29a
SHA1

ffc88125007c23ff6711147a12f9bba9c3d197ed
SHA256

c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65
SHA512

6fe1730bf2a6bba058c5e1ef309a69079a6acca45c0dbca4e7d79c877257ac08e460af741459d1e335197cf4de209f2a2997816f2a2a3868b2c8d086ef789b0e

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
1656	chrome.exe
1656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	2784	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe
Token: SeShutdownPrivilege	1656	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe
2784	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2840	2784	chrome.exe	32
PID 2784 wrote to memory of 2840	2784	chrome.exe	32
PID 2784 wrote to memory of 2840	2784	chrome.exe	32
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 892	2784	chrome.exe	34
PID 2784 wrote to memory of 2628	2784	chrome.exe	35
PID 2784 wrote to memory of 2628	2784	chrome.exe	35
PID 2784 wrote to memory of 2628	2784	chrome.exe	35
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36
PID 2784 wrote to memory of 2676	2784	chrome.exe	36

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\rc8
1⤵
PID:2960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7169758,0x7fef7169768,0x7fef7169778
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1288,i,3580882728798538152,5708819550922860701,131072 /prefetch:2
  2⤵
  PID:892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1288,i,3580882728798538152,5708819550922860701,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1288,i,3580882728798538152,5708819550922860701,131072 /prefetch:8
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2292 --field-trial-handle=1288,i,3580882728798538152,5708819550922860701,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2392 --field-trial-handle=1288,i,3580882728798538152,5708819550922860701,131072 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1448 --field-trial-handle=1288,i,3580882728798538152,5708819550922860701,131072 /prefetch:2
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3352 --field-trial-handle=1288,i,3580882728798538152,5708819550922860701,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 --field-trial-handle=1288,i,3580882728798538152,5708819550922860701,131072 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3908 --field-trial-handle=1288,i,3580882728798538152,5708819550922860701,131072 /prefetch:1
  2⤵
  PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7169758,0x7fef7169768,0x7fef7169778
  2⤵
  PID:2544

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7169758,0x7fef7169768,0x7fef7169778
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:2
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2332 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2348 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1304 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:2
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3276 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3688 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1456 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2408 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2800 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:1
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3616 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1336 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 --field-trial-handle=1300,i,3949298226323821800,11742391835253172507,131072 /prefetch:8
  2⤵
  PID:1732

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:596

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x47c
1⤵
PID:1976

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
1⤵
- System Location Discovery: System Language Discovery
PID:3032

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
572eac3e69c1f4092f21478699f26b45

SHA1
97cf72290b8fd1b0b3575353eda7ebf1a3366748

SHA256
1106b60cf42e372bcd41e5dcd6244aa685792e0cd37911ba647a3ac78a413f5f

SHA512
26e45186040bc28284fe96c657a6ea2ddbe6302db096b62ffb5c48997cdb06b14260da4704e91bb98c858d9ed7ee1a387e961268b36f3b938f5351c72ce18ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7c90b236-29de-4bc7-a20f-cd83ff43df0d.tmp

Filesize
160KB

MD5
d5836a3e507e0e13e167c410d709b8e2

SHA1
31e755babb670d978f7565b6a184ea65eb3444a3

SHA256
6315769af882931d637af8c8a38268cb05a710ecf2a0b84f3dd59023f72d459d

SHA512
420f9050a7077a63c4a9f0668853f8a3cb03dd3f854243002b7bad514680c7be0288e17a35ae124871aed7f3b6df739d6c36c22bf9722af4ea7a9796f135c116

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\9a674899-13bd-49c3-9f48-6666687a9290.tmp

Filesize
311KB

MD5
306ee64e1fe2c29505f1e14804e81791

SHA1
80e35afeab9d520337a97e49ed3d73d6d85764d3

SHA256
0153c12ed0a08d6070a78a185cfbef14cb0821acf3fa889f7ef4d54ea7e040b4

SHA512
7264c602cfa01cdbbe324b9d6164f7a642972fdc5fcdfd11cbf5ca03ff8ca19a13c11bf49076e3ea9d6ebd4bbd900e7dffc0b9b581204d3c934b39f9693014d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
0e6c086fa2d9984b75b0a4fa191f731a

SHA1
542b08c2375cfd5b8e88f17dd76a1d65043ef050

SHA256
4413dc66a7214431b220d4c2dc603e35f559d58d63aaed08d243ef89e86bebbc

SHA512
2413a93b23b4529eb580a428dc97a2053d306c97b92042309cf35ffa3800da04931c6bb57ece191121094eb5f8d1ad5518b6b315d18c212530783d51c93c9ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d74925704b10f24ec6f4a068cea2c6c4

SHA1
bb0a85037ecd9b7bf8030205feb1105fb50942c2

SHA256
7ad38664f02ecc4772852fe06b2bfbe198f6ed921c01e4660d0a5e87c04d9da8

SHA512
2fe515c067ffc58fd84c68386d075226e411e65b9fed84df21a4c064dfc6df6ce421c7dd82cd1db713083ff080d485f9fba0576f8d2ebd1805c5fd58bd01d593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
db97587b9ce7eabc80297eb434f777bd

SHA1
9916f5499fe9a31c29467aac81246882058cd55a

SHA256
3b9922cd30e9df19cca4ef65f0dc9f94f78c3f39bc59b76a7d1679ff6c830195

SHA512
9682f947bbabff8c274c11edf86664575b81e6826d403cda67e939fd8bca590e772d3750f9358495004e7501f9bf8fb47c9ca3a736e582a9375bad5a419c8ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
6827e3141788f4a6e78a5e3589cef252

SHA1
c99e9faff720d113a38dc2dedadd1873e5dc6e70

SHA256
4e09ce0567162b8ee3f409a8c1b856ba5f43701b4cfb2b3e176cde72d6e83fe7

SHA512
9b3f32fdba467a1cb031d7c09f0f6084d34dc4df7717c4676f167a3117670c2419182d94ea65f1fe27f4c11441d320fa5a97db7fa6766dbcbe0a10232f264518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
0f5dc236a2983dfc0686ab9d99abd804

SHA1
1435a6ca369eacb224af0cef515dfa033b39b32d

SHA256
c437d807408816c443971434c097a5e137dedfe108d788d5da2a952e64401599

SHA512
6e24a7162030cc528cce5450411ee75ba0332679954e1add514ffc179b977d9ed9abcd24af2d71ec3089f4e0e460b791cac71b106852fc633ac69f81a8ce6d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
136B

MD5
972d258d5d0c09705d6189bbb20de197

SHA1
20d2e7d48cba301b0a5c84d986af904f24bcef36

SHA256
294f0f7f6743fd6a21945fdcbcc3cfe39864382f8f941be799ac0b9ee6bc6fd4

SHA512
53dce0de9b2a973641e739470b3b628b502b8b71c6be0a68634e7c383b39a8e7e44b4328f0b9656656ba4251fb7558bb30cc66e2b461e0b954427f7ac7c8b12a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
0b45935bbfbd3fe6839f71006cb0bdc3

SHA1
faa3ef9b540eb1a1942d0c54938312ba27f6f00e

SHA256
63f758cc30dcb168fb34ccd79982102748028b4fff0d62408b1591fe2adb3054

SHA512
5a6a42dd2e4da39681dd811d710c3f1c16cbe75d946a2d8c79d66ccec7c1b16d01c43e9957e1228965daf3fe125313b721d2b9f76e9c2f5107157cc9df838da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
633B

MD5
64669bb444900b8a5d753eb5151db255

SHA1
5af6cde79cc797b0334bb523239b4c1c0a2d49c9

SHA256
366d0ac434004e0c4725648eca19c497e77c9f0fed780b7cda15dc799492a700

SHA512
6102454528b0598209aa73ee2a9e10cde03508c17ce80ce700476db60dce23b56a2968eb3434b83fe982086636afbc415a71b51fe0d62c7b59adce5fc6d0c2ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
11bf160996a9d90040d8ced7c4811b06

SHA1
73dc9a6cd1cb7d453c29e3594c9e4090dda619ce

SHA256
21713a514dc0e546b797db0b1cb1f8c78ca41f8a1e04e38b5e995fd07bdf64bb

SHA512
d5476363facd5904674bdcfc57d8d085a77e8cd5682dd59edaf315ce9557d1ae8aec85e0868f93cc47208fc8ea1a878fb6e7c82c6ab10b8a7e13b794787b23e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
4eb58354ea621e7a6762dfdee28b4e56

SHA1
68b576a9591e614913ba8e036f24425a04add35b

SHA256
c881262b3027ddbc0051dc5ca1f3c5676b7fc976626e30fd7f5e39e5f75f4cb6

SHA512
7621e900fabfc347118061b9377449eb42c6f8a993e034af9de8803c91aa229e06c547a65ba443844966a7575c8de134e4d07ebbe3693e3c809212d8e762612e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
49d5f07c184d6b58d89b56ae9e55ee60

SHA1
602119fe6c8b62c0a9fc5c6eea1c9c2e8308c313

SHA256
3a73e50562d38e49a2fb615c88874d7c3eba1108c11ee5502e4b0754f5a23b7f

SHA512
92dba5f066da040db1bb81ea0a035a34a5f3ffb5bbcd804e8adaeb154aed9785167c3ae43ae825d17e8fa1967394f7f97a2f7c0ee6878bf25e8e7e2cd0a4763c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
cf046c62c6cd5c73089ceeeb1ca6327d

SHA1
20f6afe5a6764fc57913b16dfe07f2238dca70a1

SHA256
dae07077a6fa5cdde056c810da01eace2d9e5abbb97f394e510addd0206680c2

SHA512
b785fa36cb5fa734ae1c057cd507ce3a1ef27ea2f7fe3e08855b81be9fcd96fb90a840fd549316a56324e3b7225bb1fd5b831cfdf983eccc70065d62c292af78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
0f4cca5e565adb42be6550cad18e3b1f

SHA1
e3e9b361bb769aba3a8208cbe60bd7fdd9a1c48a

SHA256
71f705faf21e31bf4ade4f088015ec8f4d371d776811c83af51ad84ab98338b7

SHA512
5c9ef8587641c8e65d1ba4cbf58849491c8204e7570f68f07b398d7320c2cfae8c58ac9502c23fcce6dd24330d31e00636d6fab1ed53e2938feed9d71b16e9d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
44711bb6694ec2eedd5be2865b8510b4

SHA1
526b3aca3b4e5a1f7d096f3b44dac3e4ef8b5323

SHA256
48c4e0d3d2464a88d21f844ada66fd7e1b9a0f8859d4246c767a9a34fad5cda2

SHA512
c443893f76ce95ec93696fdbc0c4499ceaac322433babbaf7945960b6c56749a50885b8587c3575480ae7e72060bde67cc7622d127401ac6b0f0928c52242f63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ddf446eab39b9604a671dd401014f0fc

SHA1
3ad0272e1dc84b52ed46a3f67ea301a0bad187e7

SHA256
faa02f6ed48fd2cf368b53aeac7196b291128f4b803f67a1e0fb9d6a0073dec5

SHA512
5a9de4c37cdd1a3aa854787fdbf216d9e917e4dd17efb7def114ba269f8273cbe2e040a9994e78b15e72c53baadf581abddab72b866d663410c49890cf32009a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
76B

MD5
e24ad8aa6b0da8dfe987e3e54d52ec5d

SHA1
485caba03e0db2443ef0221755abd8fc9f0c509f

SHA256
7364e1a8d99a13c068521140e6d174eb583901d28962bfffb4bef49be6c38298

SHA512
a5624b12cff5910552a66ca57c2d62ce587a02941ce66ef4bd38fb74be912b078095a6489f9a93aa36058a431b9536c859f323cd505bbd568198664c71a3e138

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
9adecaab638169c2c7aee674c9acf621

SHA1
612679132f95e260842f5cb35c559cc674d66410

SHA256
48c36fb55315190615f905dc027e9a2a56c6db03917c4094f14e3e2fec552936

SHA512
42eb76128dd17efc97abfa74cd0423cd7e068e0cefda77da398dd904406d71b73cf8c8913a7419c0db3e8f2f1d95e64c538fdd6c773b1f8c4833ac7984e00e8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13367503600778000

Filesize
9KB

MD5
23e054e9f9dc64553c6260b524b18bcd

SHA1
929aed7a49be92e68b1b0faefcaec6f5a6b26f97

SHA256
ceea03b4f34503f7c124c030ec87f172e1304763bb760bd83459c89d3ae6fdd6

SHA512
6ca70439cb48ae6b63974ed370b623b2db329078252e0356e6dd0ad3b16b920cef2f2352a7d7d6a2884f964dea68278034273de85db8975610f31564a81ac195

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
6ca59c239c54e54ac917696b28e0283f

SHA1
ca14c713900703f9dc46bc465d344e1aa2e37905

SHA256
1b7dabb3e76ecd24b62f5b34bd5c8bfdc3ae6eef64ab3f35db2f56aa2c476a46

SHA512
38b350d0aa5f29dd23d8076137218b804d4fe0d73c60e47c7bf54b7a89a6f40fe2e2aec7d2b64aca31b77c31a4c4f7a2eea6aab5d8290448cd3995c9f72efe1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
136B

MD5
cf85b5bc3e6f2a5d7dfef428143effb3

SHA1
5101bef7f5fa6b9bcf308269256653d5147e3f11

SHA256
e9e2a1641b9367b09ac784aeb116419500bcc69412af84cf6ffcf7aa1ee9e0e2

SHA512
a7675cd1d9a9c5088e0d8026600b848f14c3e864245b954e2c65780a708993b9398c829e483a206f18cde2df04e01389cc9293b14cbd9e4fe47acb61d322c3ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
117B

MD5
2ac0494b5c4c6d605281ee87339a0cc7

SHA1
6ea0fd5480bd086ed4110d0622388574f0222666

SHA256
53161ecf97484ce07e22fbed3f642f3c1daec51a22b84be407522e5d38d2afbd

SHA512
77c6a0422b17b90dcc84094e184020613bfc7f71f07bb6fe15a68f48330e7b374c5228d65606341248983e3ec17c9b30a61e31ebdfac73f7e6abeb9d2b5f8f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
485B

MD5
5e4c981ac8d5a27672ad324b0af22898

SHA1
f43503999f37ccf686b5aa963574be69feb01006

SHA256
66b1bb0160614e301c8e45a1507092697aa9e6cbd22ef5c4431cd59ff25b4c96

SHA512
205dc0bd0fc3c4dcf1be7adba3c2e7e6c0fa34ed8576ddb519f23db5d1e32f3b55fe000ebbeef6777af75f22103ea923f1a7118ec74be16b22644a39475fb61a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
123B

MD5
0fa06b5929392676378b24a7a2bb94a4

SHA1
244aa8682eb09e8c6d1ec4432cdcdd1062b32490

SHA256
507657a9e83da0f39d79aaf608195aeeb13becd87680fe92df154f7c7096dc1e

SHA512
9ed2ef486c0bf99da8f5661205aa2299fdefad4f70eaa143792498fab9c9cd45c0af1bc518696223a0f875109cbe80052af65b72a5c28630703ff0679d8f9c98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
b39569c8a2c68507f2440a8d1533009f

SHA1
46749ab968c0ea1c527824c413e217b101b7bfc7

SHA256
0555ac02c0cc154e157c98e4ca5bf5fa4afb8d61cfb4f23936eba053e4bb3d7d

SHA512
60d8f95c27b51f8220f550b8f110a651cf3ec058c56e823c07514f890e1f683e1295765b043826de97798b47517260404d6edc99b39d1ee1ade2ee40a39ca7c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
1c0c23649f958fa25b0407c289db12da

SHA1
5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574

SHA256
d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf

SHA512
b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
318B

MD5
10e4da67d3fc3400d9d24a5f974783c1

SHA1
0470c3a6caf264659ab419d14344d3929ddcd902

SHA256
51c86570e7fb72a016557cdf7aba090109a269bf944e4aab0f4b5ec04878d506

SHA512
93ff60c2b3ee235faed8fe9711595a308ded4787789d6aa8c197b698455ad78faaf4ce011336f996d3cb86e76ca082dafb5ab24168a21d8712a96cdafa0b522a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
3d2f252f0d060823ec2cdb8dca7800e9

SHA1
69db10023078daf54457da3b324f08009a0334ca

SHA256
43d56c129eabb1a066952ce19df95b558e1d53385ce68ea1513777446ee17acd

SHA512
9b7d4db554787ab9c06b2384eab30dad7d446baf7369e970ace410e3b3315632b9cbc7aadbf2ad913a99b2b4774b4fbf9d909469f53e486e34f66bcf232e34aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
fb45dce6bda278c7d3d13b393437b975

SHA1
401dc4c3873fdefffb73d4ace2c33eba4da6f031

SHA256
39ec38c22a26d9b457a468bde28023cceead2c76c189a2b9ab9cbbfd7ae62607

SHA512
966ae0e1c36342af2abab8e62713646fc4c17d8013fb160fcd58891e47413b89cc5adce1ce52195e7b985c3e3f9092f63171dcb7a1fb572195b008a88d2b5aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
311KB

MD5
c8b89ee43e5340d8c74d299798742616

SHA1
0a4507d240d496de3db52fa002bfe90060725333

SHA256
33f5df18c0d6d4494cb544db5763309dc33f3e3eaef52f66fecac1ac86ba7ac1

SHA512
455c7325e4180f4e558fea0a70912ad557a477acf50b04cdf91f1648520c2988da7cb62272a483356fc4e1e5970244379f0b7919613963cf39e316b8bf272fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
2d7d4fe4ef64e196d9c9ec0125bf26c0

SHA1
076f06f7b299b4c63d54e530b22add4ba0c7fe6d

SHA256
1670a512098de3f386a83693df930b9d8739612b181235d2f08b93b89841a4f1

SHA512
9bc4124ac2a6783537b93a3bee2e5ce128a74405a98d639ece23723933876cd7c215d298b5d0318040d75cf0977aed7404ff769b7fea836980d1e7ab51f46043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
c25df6518f814dd67cdfb615fabb6ed7

SHA1
07f23df099436e345d9da7fe4854e217aa222be2

SHA256
c6f97a582cb0f7d07710548c749ebbc29ba1c2669113433b2d5fe35133d513ca

SHA512
6d6802dda217300a85d2f3ae393555a06b803b6b34cf4000a4f638443f75c402e3d022c14bbb8dd79a5c736e5792d17ee8f3c49ff6607c4a2a136a94860cab0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab92FE.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar942A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit