34d625ed4dd22259602e2a8bc88afb1f3429ba96d23c99c0d3fdb70067415f0b

Resubmissions

04/09/2024, 17:13

240904-vrqntatfmj 3

Analysis

max time kernel
82s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 17:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Tsurugi.ahk
Size

6KB
MD5

cf29aafdd76d7900002b306fa8f5fd7c
SHA1

9fe952b29528d47e5ab1d5e35231a53ccc2b6b2f
SHA256

34d625ed4dd22259602e2a8bc88afb1f3429ba96d23c99c0d3fdb70067415f0b
SHA512

535ce79b36599f98859631c0f2c89a27db466d70ee5ad182dc1c803e22bb18469210af4645baa8223db1afbd6d004d6596848d6259a1639cc2509d58c296dc30
SSDEEP

192:IH1Dk4/EGMT0yV5+ZkOyH0Q5JF0qH7mdT8W3qDq+4qC:IHZtByiZXytzC

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699436493441921"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4884	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe
Token: SeShutdownPrivilege	4160	chrome.exe
Token: SeCreatePagefilePrivilege	4160	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
4160	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe
4884	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 4648	4160	chrome.exe	100
PID 4160 wrote to memory of 4648	4160	chrome.exe	100
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 2668	4160	chrome.exe	101
PID 4160 wrote to memory of 3840	4160	chrome.exe	102
PID 4160 wrote to memory of 3840	4160	chrome.exe	102
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103
PID 4160 wrote to memory of 1724	4160	chrome.exe	103

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Tsurugi.ahk
1⤵
- Modifies registry class
PID:4656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff87419cc40,0x7ff87419cc4c,0x7ff87419cc58
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,880661247935172683,7070791308711649185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,880661247935172683,7070791308711649185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,880661247935172683,7070791308711649185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,880661247935172683,7070791308711649185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3432,i,880661247935172683,7070791308711649185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3748,i,880661247935172683,7070791308711649185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3752,i,880661247935172683,7070791308711649185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,880661247935172683,7070791308711649185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4796,i,880661247935172683,7070791308711649185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:1008

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2244

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff87419cc40,0x7ff87419cc4c,0x7ff87419cc58
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2016,i,10413997703162406260,2377010809049209111,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1892,i,10413997703162406260,2377010809049209111,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=1884 /prefetch:3
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,10413997703162406260,2377010809049209111,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2944,i,10413997703162406260,2377010809049209111,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,10413997703162406260,2377010809049209111,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3660,i,10413997703162406260,2377010809049209111,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:216

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
af2ac817e91cbbc9f636481382b93e59

SHA1
894ef7346e32f322bb069e7b352e501bdfe9d60b

SHA256
a792c41e8f33b310d4702758b37ab67a8ee262d24a8d1c85121f4a00ccbc0b6a

SHA512
d8a5a59f87ac493f187a0609972e1e5b05ce579c1879df5172f24c66429d58d7f587b5dc440c3fea3a7b568ff1455f8aa73e8524ebf4d03b537c63b8850dd932

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ca9dddbf7f71eeedf0b1b2926917eba8

SHA1
4c6f08d82922e6b5efbf17b18a78dbb338031d7b

SHA256
2999feca7e35eb32d9995e04ac35a321478b093777b13b40121dc8aceecc3e62

SHA512
3ee3154b0d5b03b2969471cf14c9419539eabfa8a40a6a86191981ab9d5f1b22d1b5122b33428f47a73e11c6b37f903ec25e61ec264eba2ae3634dca6344135e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d3bbd17a959f87b1c5bd636bc4330cf8

SHA1
bc643a81d8bddbd1995013240fcce1f3884090bb

SHA256
1f32fc872f00d4fd709fd32c58bc77c2e88054684a51ee41d9b1680cb64086c8

SHA512
3aadc34c00003f1a51f36a8c59d68319eaa711d5dbdcd4eb55fc5862788de5843469bee475f455f219eb4dd9fca33a51261988da19c893f588bcbacdceaeaf44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
d4b423098e1a8393618f57cd31a79848

SHA1
f0579dbc29cd3207898cfa6ff7614b1329779b29

SHA256
0fb0bb00fccb85ae1d7ec9ce4c73b57175ce01627edf7be21b9e9ac6220bc2c1

SHA512
39fd4cce3bf59803af93c7872c6d31b2d78284d15b60a411d64264712d9cab709dab8dbca3b6003fee6c1ca9cb08ca2d42d84dc94152a5dc11f63753e5217c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
2a7bb5063193f1e595858a4744c7ec0b

SHA1
33e51f06f870fc0acdbb56c0adb9002f1f6ec26b

SHA256
73d1887d9caa4e7765822f4265cec1786f4b35bc32e70b6b33c179192bf8697f

SHA512
f3b2641fd12c027c945606d57e3b3d84c2d1119509ee786a81fbf14070427170f84d4d28140ab45f34136fa35f0e2f034e3c2e1a71a2235b211c45ac50904414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
01b7883e5c96813b330f85c42f214b74

SHA1
e4f4f34da937f7660a418741a7491e4be2247e0c

SHA256
b1cf21741c030512d7c660d6fa8ecc00d32ddd38cbb7af4064b8d0bb6affb798

SHA512
99be72ce6a635f963f90be58adca83660f8c243b842ce7e38c868d0b9ab8e3843ec5fda2451ef648dbc433022f9ef0af46d060d36053d43b0d8d3f979bb5709a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
35KB

MD5
3f881ccf3138e142301e0d8dedf1ed9a

SHA1
5913c4468189fd632b635042722fe2e23cc9c6fb

SHA256
759a02cce073d04da86fb4cb175d7d4b7b7223de35345cd9c911383a5f77aa9f

SHA512
e40c31555bfa6fb4c192ccac6a96aa39728b54549244c8cc782088cab9dfd20076d16bf1944bbfd5043a7cc2d1649e1d66447101fead0ab130f95858dbc305b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
81KB

MD5
fbed5e37c93807fd38c22932982dc7df

SHA1
961138faafcceb0db957b6a5d78d772031689d37

SHA256
5acd3cccf4913571a842a00762c98ea8105f3fc01d1c956083a162661f2cbc89

SHA512
510424ce37b5cad5c2c8e4de61bffe537ee72aa373a6f02d91959013a65fafc3389118ba36155796289c611cc8d405026811222df82cc0ae3703e71c138ec9c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
44KB

MD5
94338ab9104aaaa816463682484d4f9c

SHA1
aa8ce5dab13e86a3dbdea1fb912924b35541fec0

SHA256
1d89950c46759d52f6101b2604ba78a58af03993ac76cd5b7cd8156824b7b948

SHA512
f8d29857a1cefab40174237721cf2e6689f8df8ee50fe6812d8e46641f839885b5f5cff2b4811785e7f3ef8cdc73f118f9b85c0cc8fc75cd469607c185bdb73f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
43KB

MD5
9ac701ba5010453397ab91f7c8d16695

SHA1
1e59cec957b80efb1b52d02a6dfcf34038aa6ecc

SHA256
f4eef5134325477cd4628fe5562a8096dc0f8e904fb0e0ae39d7f225a1ed53f8

SHA512
1631f0a42045f47dd8c63f4e9de8d00e175a48a4b366eec7bd1d20ba3a5670cee5e82f192ae4c34b71bc6731022eacf899e987efd0835724ce16cde58dff1777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
26KB

MD5
c0522f847cf3db73499ef759a7253ce0

SHA1
8bf957dd5dac19dc7471ee4c049b11ee7fd504cf

SHA256
a257747c752d8f3185924b8fe736fa93ae1e79a0d8e89c291a22478aeded4fdb

SHA512
3df288bbd7960e3a6043ba678acdbfcce8d8f7b2fbc659208eb08affaa7ff109b2b54e81987227574fea53949dd98ba7ff72e75f8ef9bd57c035bdce9cb70879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
67KB

MD5
95f82b1c5dfa93917adcf6e5545f292e

SHA1
95d5a26540400cd397e0633570ff630b70430974

SHA256
67d830248938c0d0b696a6002e4b138975050050f8971ced16b57e3fe2875fde

SHA512
25ec262dad5cf71170a39c42c5358c523b800c738d6e124114cb16bbf7c153f58845ce6ca23434526335c9763b6291b4c26766c1c943b88ceae68fee581e8556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
41KB

MD5
56bb87a98a629bf425da0cd50e5f6ca2

SHA1
f548cb5f96199afe2cc171a4a41296dedb3bffe4

SHA256
bd1de9de1695cdb616bee78d128a19c6ddc1b713aaa1d898ce51809a73fecbf7

SHA512
dc06383ac82e4a1ad3a1251b210b308699afc80b4546319d4a50d75680f15317cf9721a804c3b5dd344b333d93f64e955d5696ce9aaf8ef59f66398548b5188e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d031652afd5e3c18278933e683972315

SHA1
f8a848f3bb45f091ff0ecee3777e9f6bad264084

SHA256
ac40f67226e6ea23c294f15748bc0c8cb7cb0b47d7fd002083af35a57d8ed360

SHA512
4c5c7dd9dc62a883a6e26c035eb387babecc82cc28b4b2c634943d041f29a05748cc2d412dfbed5e4876e025928690cc0309516e970dac7b7fd266b03ae20e2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1d0c418cca39fe064d69a4f2c33abd5d

SHA1
59cc673e354bd7c63e70b1009a21d2839586eac9

SHA256
5b1a837c5c5a61e7939adcf81356ddc0f2eb0bf2d3ae67b74336397a01d35a71

SHA512
aa5c4f821bee1974be7be741d8f286a7446569863fea715f342db9e1e22c9766112d64668821b85696f0257838041694bf107ea15984b11ee5143a2572d3ddb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f9b07cb2678b2bc2ac9d98efcc960dc6

SHA1
5f7e275e4e7d9c614dc8a03d783ca58d5a63f7ee

SHA256
d47dd79afc091834170bbabecf41c8c798d3ae68ecfac26a162b01c18d0007db

SHA512
dbcd8e5b3d4024671d02eeb15e2aab9514876876cf599c696ecf6d2158eb89ccbae2e921160c4eee621b7af537344ca44dd63faf35ce327773cbcfcba4d9cfc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
d22e2f2253504221d080bcf6c68cb011

SHA1
2e46d6fa1f25e872836d2b834a5611043ed7c5f8

SHA256
bd9814875e879044739b8969565d674f18c597e08e3926c9af3982e9e38b72fe

SHA512
174c53dd539057d20b07db67903e1eb3ee7a320d605e5fe68c7860afef0574fb87b30cbe4f5d250e2c9874a65059486f699031cda0657ec910073750a843a32e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
3bde357ad34b1297fd5da9feb6118b33

SHA1
24169f5bf5e55a549884cf65eadcb8ead21f79f3

SHA256
fc4475af2b6578c794f213ba7764bc4881b3021acf36064eb212061d677a2116

SHA512
d2043a966b4318d99adde7e9015156b3511a42e7cec0df4001dc876311aa8048aca9608df0752176734d61e8c796626ed3a57246ab270ea4b15203156cdf6572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
30a2dca8cc8c4a7082542dcdbc39bea6

SHA1
7a592b255d6cf9ec1888ca8a6b62bfd6f3f290ba

SHA256
61baab2319055ec87c9084dae7dc616a5af82d73eae805e31b68dec44623ee3a

SHA512
8879aeb2c1aa66a0e423fd9f456f55c5e58b9f06b29a4bcad92a5716e440987607eb23ffeabd71c30e5b90e61fe24e02b10acea18fc8432c7e187a0f65552d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
4396f29be1b007519275f5372b9aaed0

SHA1
0aa9ba296e3c0bd6131b62c3bc31562aee08f1a4

SHA256
173bd78f98845ce402f8aa4bcdcb28a1b7dae48cb15f14eb79bcd2d4e178ed5b

SHA512
de412a083cbfd721e691b7402037f0ac50c33169e4f3bfb7d5465a71d9f576ab043b9ca6ba80407a92be1891c17bc695f4cbb4447c8de67cc033a2acc094fa7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
0c85278e1a2300e97eb74c47a45a535d

SHA1
6c00c23eda01889e92583629f59f42a9cb1855fb

SHA256
f41a461552993df89386142ddf4db945b75afc6dc2b1a672473bfd67fca30b4a

SHA512
ba1075d230fe78f880c0861f273c1c80e3bd8bf3bb83c8a6ae2932c94e6070fbe02f1af59453204d7c3b836b2864537f23af94b816bf3efeab25955b6f123909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
f3026aa2419e481b7c7e6636e27507f4

SHA1
b122953c9edb1ad7621cfc41b282e3e7c79582d1

SHA256
8b931eb9b9b984e13408bc38bcfff702a4f6a03f722235897079d0dc40823fa4

SHA512
ae267507da70dc2e5ca89a4db9f2170641dbec00762a688274e08bcd510ccd742ff9113bc48dfd88c72277d56810c163854cbba9c6e1fb45c88a050aa2e9f439

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
278B

MD5
aeebf02271f3ff0f5337063304d47a29

SHA1
b568a3dfad63c2415ec6c9599479185d95910a34

SHA256
cd0842bdaf1fab801204614c498b54f9790f21660760920940e7686f8293695c

SHA512
40580990af8f4f7a80c8141d6db405c509f34e63f0595b4d9fd9d681b4cb7e99f0fc71e42e0552508e73435098fbc7710c6e7eeb026df48a267768cfd056eea9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
6b9bdf5fa047c7813969c48afbea44ad

SHA1
1d24e2172073b7369e8295f173709714b0ac2091

SHA256
8bd4977920eb38a8ed560c293398a6c898c3f720528e0e2190299165bb7f2bef

SHA512
2f8753a64a060e2d0320837378aa9b2efe3c9bc4a9042050fa40cfe112a11a79a9b9fc9bebcd8ea3d0f7b18b32c0e399bc6e9c8e17b2b0528cf2eadad6d8d23e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
39372935de654609b30a136f0b61bb75

SHA1
308001ce94c3167c0b536ddc779fb94a91e70f59

SHA256
760bdead641a17139bdeb34e0a3970315abc28c23b7af7ca08da23fc11017fa3

SHA512
bb9d62e78a04f8eab0cf92536e55270207bf329982bb095f0d14ea4bd8303a17e28e08b1b8681f73b66a5889076c556a06dd7178dc00e942436ec8d6a89e86fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
14f69faeebb8e23d993a4e5114dec721

SHA1
736828fdd14adc3c5fed974cf6f1f7741ff92a88

SHA256
258445be3136790baf9f845ec91a818463524c8fe0ab91854391d0a02d6f74bf

SHA512
5c0c5bace0d4625d4e65fa6008b8e248f75c60d4139e1e5d05e747edbfb98be3a125e7c22e85674fd0aef39acc4c8952e01e4c972be986505274a6861ebab277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
600d4a253a1a899d3d815c7f01f67b65

SHA1
54330780c149ed592c0e1783bcea35a565ec2684

SHA256
2b799f02b747b1dc901fc95ce572db5d781c09b8c3bed307e7d3e8cc07656f3d

SHA512
62b8be65bb9782644a93b830fd487ce6d1f84343ad3282d54ed15a3da8c9c1b00be4d77b24d8b37924a18ba02d7ceed13e5a84686c75f00fb1f1c18e13508b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2808f3f58fe079b772261a9e556760e7

SHA1
0e17da501e8da651150c8766a02dcd6b8abc94b5

SHA256
848d0442784e4e7ea62d0c1a6ba4f25e9bf1a3e62563cd150574ee7bf4cad241

SHA512
06fd528e9a73fa5740bfc94ab46b46761e90eb9f3c84501fb1e3229788a55665889713f867bcb9abbe88913951d0f65693faaaead8df1413a2c5b0d450342612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d4e6c49a2566182e3600ea68727def36

SHA1
de9f0314e409c2d79bdbb27663d6258d7e54ab76

SHA256
a686d3f0a20af2c7ba6f2a46049df41b9f3c3c325f63c449485c372136f71aac

SHA512
18f56078ff9ca384981b5c2778baf5d1f393657c5789e908c1e015447062c505bd5e04bcd97ef3c81b1b654347af2eab49e04f5d77a9ea14427d156394ecfccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2b4061a05f9c76ec4fd24d25f27be75c

SHA1
b72172d3a3d698f1a4df35467e99a88cfe5e2681

SHA256
5d38df66aca44765783d29bca5869d853358ce2ad0f14072b1bc940300ef5421

SHA512
f4b1ee98f81ebeb31d438e504c09109ffa98d3819618f9f4ef15f3ca91c95fb2d4a35bec6ebea36734169c23e52ebde776da6ffb5d0f5d99a511c8a0f4042b50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3dfe36c59ea54e787ee8b9b6d5030a9

SHA1
2cb418d040e1146c0e4ffb38424b3d11990330a2

SHA256
6187e2550991e8a6f8304a5ce70450a950b895e33e2e0ee73c94ed6fd1b51f1d

SHA512
fe04cccec2f218e8e22366f20aa3fad0f90fee86fca7e67027dedc08f3550ae5d966b25184e51c1c8283cbb894263dacdad5993d1a3b54888002b984dd918f68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
641c481b6dba32d425e517e655d1e03c

SHA1
336815e8df423564bdef3c063cc00f59856f2f11

SHA256
9371d61730f8a0ba124674d7695d1e7cb824a059c9159f43ff1bd6653668052d

SHA512
f9aeb65cd9f93655353b5c552dfd8ffd6705300d1c60e0eb23d075f8055f22553cee09db7a5c9561b74e52b32cf2f20093cdda01c2f1dd85aadedb58f9f1a877

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a029d175248b774023496a81b77270da

SHA1
2d7d0542bfe1c74e3633d5cd8b8361732ae69108

SHA256
d08d2d6ab170d14d77bee1f13c65f1a384ed855c217a47205aca97760317d46c

SHA512
ff5c65ed3ffff869db0ccd891a928d50f56e518db49448b70e06448358f433121191f30a4a131d61b3afb0f4504d493765dcd3784854a68667e88f72a4c0d646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
9d4ce5c464e5a563e5bea7ee6eac6669

SHA1
ee897f9aca71be6797f2e9b9462fd180dc151434

SHA256
bf0493f619c3b2e7a98d3a269b472ac703171313690847e1d4ae8cd92be59251

SHA512
d4112291603a2a5a2baf16e968802f11fbdf4e17b286671e1e61ad562071476bfa41977ec0c8a468b0d57ccc36afbad3d463c1aaa3980afc9abba554cd383e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13369943700063220

Filesize
4KB

MD5
560dc3e1fa464f3b193e3b0a0990f21b

SHA1
977a91aa6d73079d6a429abe7f5dc72f8cb17682

SHA256
8c0816b9ea3295e6d67f8c39454a554f8c58975e38882882e9d87e51d29ad255

SHA512
11fee796c991d3f335b93f3cbcadcd2f7f30c521fd5b712635f65c539ad8686fc55e80082a3819cf66ac9e260dde9ab4db0df93d070327238f5b36101c020a82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
a6afb06ff536d5a4c8bca0acdd91e489

SHA1
40e939bb4998ead0d44be32b2a3e0cab8aedf177

SHA256
8b9c2401f21282b7508956fce3cd50156114d5376d424ff22029c07abff76b65

SHA512
297eb85542bb539049f1b1f88e7bc58b15c84a150a37469c5f1176a3ee674aa5d299cb584dfbae57db867059e7a5e1c4c4c9887b621d54a3934e7aebbaba1e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
74b1e9f0ebb3e5e2b4a7eb440df44c80

SHA1
b9e14bb002933c892138506caa1678db8bca2633

SHA256
a99d252d800593a158c0a779c70dcd17d2cc1a3c36775078ffa178033e532af8

SHA512
2b4e48350e3d822b3c91d2df09affebef2a34cdd78f337154dfc502fb3afaa811b670442ac4f26c53cf3ac18df29aa861712748e227fc6de99cafcc6a39dc5c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
e51d0c483285ad2d115d699018bb4ac7

SHA1
24da3ca4059649a1ad8ea6bbe10fb8e577312263

SHA256
80b4d0b606cc5e14861a841adc72b83939e96eb7823009f346b5262cdf061d81

SHA512
65e8cfbfc0bdf5abd8713749505064ed2c48b2f9a75ae24c6319e915b6bfd8c833c4ca086633afcc3c0871fb7d0b6b56139990ae4ae5621a89c5cc1a2db16484

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
54ef38cbb2a0e2f426feaf8562b97265

SHA1
6a88a3ba90bba8a8c5a618b89daf14110eeecb38

SHA256
4c56cd43b5e33da3079631571b784cb8ccfe0a1b2a4438afb32a1c53ae916c0b

SHA512
d2e564bd9401a34fe64e498e61468bbca629ce1602fafc5f44e3de5b9557ca6917798464d530164229338535fe950801f5fe783c3606807daa8a5cb46a86baa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
114KB

MD5
53cae4b542e0759ff2d5a305fe368706

SHA1
9e491303524607fd8ede0b8ae043d60f749ca4b5

SHA256
76458aca8459bc6c8cc884448c6d8a57660709712516c70088a3d3f663195aaa

SHA512
9f69f7e3367e0b456b30e7f49ffbf073803acd5f1dd4a10d6f657736dc5e1857eec3eab1b23442924bcdc2966d2d4c2428ea9d5351271f586ebd46552ae3dee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
dcfe34aa5164e285e9bc0c90550d5b4c

SHA1
241dfc6d377ff9041398267d8ffc068a9fc7ba90

SHA256
8cf09357a2df5c8d86078ea9651fae4be9a999ce806c0ece55c56cd39d97444d

SHA512
35b34c05d449f7cb64b6baa4c4aa9f8902ca599b3ebb9cb1e51d5e4b28daf9e4ea3e53f9b9b3a5f6e06c370b32a922866634d24e9a45469fdb5b1b51915bf8e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
f05ff1533b538db3296be1d779e168d1

SHA1
bb2ee110705865499f5807e465758ba0f8d720e8

SHA256
c59b2229fd2dd3590bd01888e62a0e65b62736ace36c88434ae2f16d3656c6ad

SHA512
8527604955e1f7f08a3026525d32a250e551af1fb6fe415fd2779679a009cc8ac97e68ff28c987b3d57741c10eea914b8f510e478657af96ee58490e5a76b206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
71543d41de8b55a4135d171222056f3d

SHA1
248286b39fd08db1212a46738a3ad893c5c762c5

SHA256
aafbb943a9dd1daeff4bff02dcc3da786d7275851b9a5110d5f9cbe74e2a055b

SHA512
8c4bcbc3be258885c21ff2d2928e0f2c0582e40baa2ded3b879110047d2e105a4c3e451655176ce982fdefd407310e447f37b4de027ecc88a74d29f5caf48eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
a06eb6bb11c63e8ad0ae549abb9b5934

SHA1
4138ad1b4c9aa863a0faa59600a5aad8382c8773

SHA256
b458bd9c2a63ede9766ac06d7e9dbc265eabfbad12579b2cf22afad264ae2ce6

SHA512
ff6523c73fffa922b9e0307b53b96a9ee4b206c5fdab89a9d8e13e2422d2fea0861ac4690d97450354decaeeb0e18754ce21258bf19198609405c3cae6c5c1ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
970df5dc80b98d0c7062b55466ff2047

SHA1
7b4c35690c64afe17467d1030a33ea8086e3fe5b

SHA256
a70e22bdc1c4e948074e355cd12b0834aaf469e7035bb5addc2a6a0ecc1b330a

SHA512
b1c5b7011a6a81abf3b98b48bfe2601beefa9708ff65c2a0e6182438d3fecf1590d516859c0b3072958554fcac760b32d24bbf4be7f82b3aa3fcc1a4e50ade93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
0145b325728b32ae86fe6e58230ce539

SHA1
33182851d218a299055b4dab273097bd82af94b9

SHA256
40bbc1cfa2cf4ed23309bf9606b523d701b57a48b19ea097ab2ef89ab589f535

SHA512
bc385837aa7b9059b21624c6fb5f71aa71e1112bc96680d05cb2fb316d4ac5c88b2a2c4d391bad7e3dae1ab64f7b3377670837fe8ce49d4cc9485ec432a461a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
ac434cce7cb3a702cafbf2c78e01c0bd

SHA1
698e18446a6e9c50746a21733ff77aa2f43d993f

SHA256
9ede80f82c342c834c3858556e539327b34b49fcb3a95a8b0b06484ca8d12b57

SHA512
cf5f8b98839abb0f53a207c74a9585656be65511150f22fc3255026b5fa055095a663bbc5cf528d57be2b8932015239a301fde05c3c3caa3f9f82f1834e32dea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
3b05e8ecdd204159fb398b7ded2cbf2a

SHA1
bf4bd5ff0ee13fd4f028be99fe324fa5019e2830

SHA256
9aba97802487cf1a2f2f19a27969e7b2930e75fcbd00dcdb4ad4281444aeeb2f

SHA512
bbea1d8b00f025ebf870cc343825fb67c0bf898faafaea8f2a404e388f4c8c26421047f6b8de0975d828756d67445fdc33174c05f1a7ebac4729fe4de0b3faf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
8ef4acfcd0bc1a934313d0fa883ac386

SHA1
85c36ee2b59275fef3afb43053564901af2c1917

SHA256
25a7adee6ee6840dc5e148954ee95fc8d70c165189756a73dee278bbd9131b6b

SHA512
651049267a25c21b1910e2be0cd8b42a476d97f002c6566475f78e624bfd3cc36546acb65035f97e77e7d08ebf4547ae4ca2a6c0df69b3bd397d894d80edcbb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
ca7d12da81610a2a69bdbbf9d680870a

SHA1
2d3c33883a8338e6558879c56c08c1dcecc85f41

SHA256
098c8977b144a24ec717d8eeb0f6898734e566d843e4fa70c55a54224a2278e1

SHA512
453816433aa91129a1e01321c6f9c908d84b851c9130d379dfda33cb2e74c727f0e5e19dc6f26203d81bdcd2a622ea69126d35a28ecebbeddbf6f5170e91549b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
a3a754d057bc3011a0f132f57be52f58

SHA1
86431109bd4a71ab9dbfd336b35ad80a519ff6f6

SHA256
c9f393ddcadba64c4514b12a3288945c41ae064ef74c24cb4df3939e2c6a27c9

SHA512
0285a16cce5d383409482b168bbc95326cd8db7b16ba3aa55cc4f0a9d93711bb3554e859761920a2423bea37d79cc42a88bc76df4b21d8fbc47a6331dc51e7bd

Download Submit