warzonerat | hxxps://bazaar[.]abuse[.]ch/download/4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc/

Resubmissions

17-10-2024 13:53

241017-q6z4kstclm 10

11-10-2024 13:28

241011-qqx92szbqn 10

Analysis

max time kernel
85s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2024 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bazaar.abuse.ch/download/4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc/

Score

10^/10

warzonerat discovery infostealer persistence rat

Malware Config

Extracted

Family

warzonerat

103.186.116.108:3456

Signatures

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

Warzone RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/memory/1788-144-0x0000000000400000-0x000000000055A000-memory.dmp	warzonerat

Executes dropped EXE 1 IoCs

pid	Process
3524	4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ffjncxosn = "C:\\Users\\Admin\\AppData\\Roaming\\Ffjncxosn.exe"	4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstallUtil.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133736468034483068"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1020	chrome.exe
1020	chrome.exe
4672	chrome.exe
4672	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
2416	7zG.exe
1020	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe
4672	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 4600	1020	chrome.exe	84
PID 1020 wrote to memory of 4600	1020	chrome.exe	84
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1692	1020	chrome.exe	85
PID 1020 wrote to memory of 1972	1020	chrome.exe	86
PID 1020 wrote to memory of 1972	1020	chrome.exe	86
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87
PID 1020 wrote to memory of 3384	1020	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://bazaar.abuse.ch/download/4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe3f6ccc40,0x7ffe3f6ccc4c,0x7ffe3f6ccc58
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2080,i,7048228242759593158,1212928525812839018,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1668,i,7048228242759593158,1212928525812839018,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,7048228242759593158,1212928525812839018,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2304 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,7048228242759593158,1212928525812839018,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,7048228242759593158,1212928525812839018,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4568,i,7048228242759593158,1212928525812839018,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4676,i,7048228242759593158,1212928525812839018,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5100,i,7048228242759593158,1212928525812839018,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:8
  2⤵
  PID:2332

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2560

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4980

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc\" -spe -an -ai#7zMap30052:190:7zEvent30121
1⤵
- Suspicious use of FindShellTrayWindow
PID:2416

C:\Users\Admin\Downloads\4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc\4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc.exe
"C:\Users\Admin\Downloads\4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc\4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:3524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe3f6ccc40,0x7ffe3f6ccc4c,0x7ffe3f6ccc58
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2116,i,2255347819242080570,8345800148206818410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1856,i,2255347819242080570,8345800148206818410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2312,i,2255347819242080570,8345800148206818410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2288 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,2255347819242080570,8345800148206818410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,2255347819242080570,8345800148206818410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3736,i,2255347819242080570,8345800148206818410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4564,i,2255347819242080570,8345800148206818410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,2255347819242080570,8345800148206818410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,2255347819242080570,8345800148206818410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,2255347819242080570,8345800148206818410,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:5088

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
53f896e6ec3a1c85c0d9124da3b7380e

SHA1
f4b222bb0b3fda0f2ab34768d1d086bc6533575e

SHA256
17445b99fe65252ca0a67cde3f5d2b1feb0224d39f52d1641ae0bb8dd0282453

SHA512
512cd2d07e1e7ebe78ddf8f5c5a682a30a0a9a1f55099a466ddd54c351295a92f4ac4946ebf4218d6353a3148ac38a2dbc07c9f96e12042868acce13c9edb1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0dafcfe2ab780f4ee643b25fc8e11b18

SHA1
0f3dc703d2e3785bc9029601119d6ad2abeee28b

SHA256
1a1b7b1c421ad3aba076465a5063f7e8be045ce88bea098671d282e4d2d9a0c1

SHA512
6ccfe123684cfa5ecd01bb6fbfe199586eb4779079f17452ce0248d88a8245f89a66aafb7b97bb608fa0cecc293cfb3a7a6e8576e543a1b9f3ef2a6c9c3d1c61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
6cd1193cfdfb3aa6a4cf8d6ba4a8b39c

SHA1
84abec0ae9df3d590d0fa4c888ba207f5238c02c

SHA256
086ed2774e9554ffcde263bf2cd65c798a6bc0654823f1e9ae74bd569e5306c4

SHA512
ab7a2dcf06fa055e58c60070d09a121e394ba209a8aee677df4a4782baf05db135b0bef06708e6fa8c5fea6d529347351692f4694a2c7945067ce9fe49ae139b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e35138484b4d54674a3090e3ea0ad754

SHA1
29e3c9384c6483cecebcf7e4ed01f719ca8da945

SHA256
0c698571e9e89cfe291e0854de3af9c8b42bd78b768b91bce51ecbbf13a8fc6d

SHA512
bbc11794db14456695b7fd3e32a299a1b3c06b90afbeec9da3c9f6ce18260dbb4d52da41941d31abad800affd0fee65d4af5bc3c9336e8f3e6e5cc47e2729867

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
3e15b7e98d5982e54020391f3188c09d

SHA1
5c68ef59592dfc29c6aaf8e5f91f28ca825fef82

SHA256
13065e8856c74c851d1bd9a4c9e35dbfe98229f28020345437e2cbee716af846

SHA512
57c3857ba5e7053efef9b659f8d3a300f7465707994221ef5f42a3e05f5df568149411961baacdf50898f14e0b3bac1e4e5ce3f1a3eedaa488d169755a539a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
d494ffbea9a53c3edf831178fa45501f

SHA1
da7855e85171837b2ab7af6e14227419a68d0366

SHA256
b5cc9d3b9ad3b52024981c641e818edd47c44e2e2ccefffe5e1589195ecb4b1f

SHA512
e74b45e68c2e37c3fba191f2b2ab4fe3175dec8c50ee7fb9cd848af9819fb104db810bb949bbf96f5534ffd672ccbae98293781e24ed37707f52f41e02f49c69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
22KB

MD5
3b5537dce96f57098998e410b0202920

SHA1
7732b57e4e3bbc122d63f67078efa7cf5f975448

SHA256
a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88

SHA512
c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
30KB

MD5
888c5fa4504182a0224b264a1fda0e73

SHA1
65f058a7dead59a8063362241865526eb0148f16

SHA256
7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715

SHA512
1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
77KB

MD5
b15db15f746f29ffa02638cb455b8ec0

SHA1
75a88815c47a249eadb5f0edc1675957f860cca7

SHA256
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7

SHA512
84e621ac534c416cf13880059d76ce842fa74bb433a274aa5d106adbda20354fa5ed751ed1d13d0c393d54ceb37fe8dbd2f653e4cb791e9f9d3d2a50a250b05f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
100KB

MD5
3e4ddcd3d95eff46194259f54478cb56

SHA1
ea351041464d20be32dc42ad441c55cb669472d8

SHA256
5da4f5e61259fa45b2b4e783c88e4374ed96c591f2d71643a28e8893c5f64b43

SHA512
8a4fb9d65c99a3922210485e2e62a288302623e805690f29a501fd3140b680d8579bfd975d2debfa919a385739cbb73e8794e45ec3253c6c4132db5aa97c557e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
41KB

MD5
ad084ae94f2a62341c8a94c326acae69

SHA1
12a3d4b5b0224b69c252e6de42f9c2d38221e2d0

SHA256
be5a10dd2bb7d409794492a1c6aab8ac0aa7f6f8ffb487d2eac22c10e556afed

SHA512
c95be5871884c93e3f5d857f7065fa749d78573ef136577f3dcac7855ecd32231a990986be3b206b75b7ae31d88e2c55fffaf05da6bb4e41eb836f2a8d36d9ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
30KB

MD5
b038f434214eddefa8e06a0675e8c949

SHA1
34fdb99ddb154623d4bb2c7df2df6e7efb17a591

SHA256
7452aa84d0d7f1043dbc4dd4767f600f1f546fa8a74113f9dfe94b90316c3bcc

SHA512
7f1c785ba2afdae302d610b0ee2b9fceab908ec87032fe94e82cb21f328f187435edc0cbde804a953fbcf87e2f55209cd03f5a62fc37281e549a41f4fa847509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
883e04bc1957843cc628e58ae9db9a1f

SHA1
d5cf187b7ecd48378ca22efab045ba72fce82855

SHA256
b235821dd18dddebe1f045a3d80a568ef26eaa5f58a034c11cbdc8ae35abfdec

SHA512
1618a4f8e5adb6a41a01aa1d0f262c842270a79f5640c51d6d76cfe0b29ddd51cdc38d414cddd7b4d76b8e51f93c483ef5164cc0eaff470a1ac2caa175e38fc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
ae696b8f8266490c7fb96d631c5ac47e

SHA1
7e51060015e955295a6e3350608c570b9492c715

SHA256
c5594ed7edbfafbea91793f597a98b6cc6f7266d79f2c4baca389e685ad62e4c

SHA512
9770caa5c28a237ae9b1f4c39c8be9b2e5818ed345f137db8fce520a6a263f65c636dcc65af9463027dc1bc89b43f314bf5d4913a4ef582c9f7cc18ab8957093

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
0d3665c49ce2df862dc77ca2fd4e5106

SHA1
a0e81e5f5b911a1ef5b1a18f7aaff0a8498eed6a

SHA256
7a1d55c034384ef786ac3cf56d9f8bc7dde987187f1f598fa8a2a515833d3726

SHA512
fc2c93d7f18b2e08fb8c9b8b9a657aa500be9ce9c7d5dfeff3eda03665fd1cb1d00892a29a9278106ff9abcb8b2c5df06e44c3fe8d54bcbb223fc9ba2da7a9ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
045fa1330236d0db2ebf87201e1f9da4

SHA1
01702d18eefaba26275515e22e80c113e69547b4

SHA256
3596c4dec18e881a1f229eb2bf36611391df8c66cfe3bd6fafae7b86624d7978

SHA512
d6bfdc47c625678d81339fa5a973b97ff02522fff661a56a693be9e6f80dca3c031cce5e3497df4ddccfeb980853f89b70f0b6bebcd413910a4f9671925c050a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
2de6984dfe568a64f1576ea679de81ce

SHA1
002bf22fc5d2a54764d9d1ac57407a093b387264

SHA256
999c905603f1e704a8de9ec44a36dc342a216025c5069b142f36814adbb16812

SHA512
c7d38d1e0753a8bb5fcfcc54a1a36aa66035a92392506574d833190fcc3a372a77f0b8c44dc17548ddf09232341db4f4af71c54087aeb7ffdb127b850af22ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
f28d6903d0f97ebb72ef5a977d3c47f5

SHA1
16e38a6ecdc27c8bb86f0392dcc46489defd06af

SHA256
e1addac6af11498cd0dad646a7ca52b4a813c1b45b0e3af00c88f4eeb1d7b120

SHA512
29be802dbddb47b1e6d4532bc44a555ba7870597bc61e295ae578de8fb7dee110c3997d7217f43af3ad8476d762fa3dfacfefaca6a3be0b14ef87efdb0fde4a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
bfac26ed5f12704cd6b4096269d2159f

SHA1
272ef21e22a73246baeb34c8180b89e274169c06

SHA256
beb50164f335cb7530cceb46512b2bd1ccdaa88f60443a6e4995ca60b4eb348c

SHA512
dacc37ff75005e8c29a6e4d4bb117b0abf7072a3a8657dd1de2b412e8d31db2af2965eb44aaf0d8e097406b94f16d8b233ea22cd2214de8efbf9d1327260127a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
fbb3f5808fc1b7a661c5218d251fd23e

SHA1
06c6ef5dbc8ffe5c229f75c0e3d7918ca55801e4

SHA256
bd98671d62cc05722a4b3361518205b416efe4a119f8d5c5d7a4d273d7f3c84b

SHA512
c3e175a6495b91348b1a0ac44112bfd8cedb4044675c360310c18a268de85da25da61254bd8a07c6f5e6449d26c42aba310861c85b2f500f34054f964e5105db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
560B

MD5
e46abde6810ef0a0cc33e0e231468991

SHA1
b43eb2bc63e646f35aa5c3e3cdfd618d6db7d519

SHA256
3101432817e19743cd43e07939fb0056ec4f597f87d6f7061ac80a28c4ee2b3e

SHA512
8c70cf0a8ba4de71ef03a264256a781cb481d5aa10d37dff246b87b706aaedbaab46800cf8cf5ffdc6fbb7af16d5f9171f92c3c170c7b79a718fd551f8042556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
6d2be4649dc6210a745af0a11c5353da

SHA1
c4669eb586ac7a6d2473158f062a759236f12844

SHA256
b495a98cb810083be43c1397fb16fc8609d6e65294d54b22a71d88557c427d33

SHA512
2cb9232513f03a25e311cd8117d4cc0b2916849dd138ddacdc4f452681833ceb6c579934e93f25a69a07fba614b432e3bf618a26b7c6f7526b006978572bbadb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
24d1a1431c84cc09f8d0fe83c65bcd65

SHA1
56a36c0bf4fe9ab4711ab99ba69026c5a044b0af

SHA256
89fcc0d84d5a488773d8e461edbb49edaf0ed706a29601bb0b060eb4fbafd4bc

SHA512
2fe010df3245f5a85d43cc3fc9fe558923e162bd3ff521e8363e0e16c4e5cd619fb44b0d569dbdac344f1d312d51ff5ccd61b756b9418e142a5b3bb73ef30854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f73cff650e3fcc3ba9f285768589fe0c

SHA1
e5677599fd001a6cb373ee21b19c029fcc12831d

SHA256
359791eaf1eb6614dcfb11df1b9fdb23a9103102800ea18e8ccfa0f62fd031f8

SHA512
16c3336e02cd2bfd6ce03f97895428745ead2ddd59b2bd71885f4eac2c9616da98dd6569e9d59e732143f697adc7baa6dfa78a56d4ae377b6485b1df2ea689e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
eacb76ee85a5610f13d5e9ab189340ba

SHA1
7cb7a309c4ccaf4cf0de0e26e68159938e8de67b

SHA256
f961a0d1c54ff20c6393eb5d911f2fc2806dd6cc791698d00cb22cdb40b08c9d

SHA512
8447732b272943ebb6622f0ffe8f44f81ffbbc4e644720b53bc01abb306663d6d5ed3124ee46f17ad60308b9064488f1937cb26d937b0ae914c5f72da58247a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
9c212e28d728503d92f08ad785ea451f

SHA1
468cb215a6426ccb9c3c3e16bddf0aa7b3ca3314

SHA256
51746f06544a708a10958b717d33e98120552173de5da010f6004db1f222757d

SHA512
6531854c405343acda424ec05f493aea6a60362de4e2edc72ed760266df1c7aaa3a0bd7cc30c70a48bf661ce4b7324b73fec2639ed482a0ce2bc43ba1118e827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
d8a854dc9936b9dac517abbfe94fafb5

SHA1
b28745e7bfaf3b369b01bd5fa50a5d1404d6d53b

SHA256
7ac9c26f84355fe9b943891377f645cec69c9452defa06743ce07cfb6c4ee4cf

SHA512
51250131a7af377e078c9f2deda29edd99e74f257dd19505ae47113769801fbd8c7ff039cffafe753102fc3a315768d628de4b6521d6bdd62b011696b0b952e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5dc92eb69400c3e937a319967c768b3a

SHA1
71b6321e28ae8f2e66e6ba0d4e03f7c9929bb4c4

SHA256
14f92f49a8bf13e736fc59c5b2efbe4e3c2ba3e0de08f67c54abbe6896aad393

SHA512
7d247e6a0c560690d29bde24a0b1c6eea08e11c64ededa78b985313a4648c82584703d400b3518f1eafbff0f79ee7fd8371bf4797e1ceb864f2a931cd8b7f0cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34341dd19cdbfe723ebd1b428b9e94e1

SHA1
29c8c1ae01c50f938b4fd4bae582878a2968c38f

SHA256
b5ec26e02747deb8f86e3ba267ae3867a9522ea3580029e0eed27184e4fc0a68

SHA512
2386850fc6a4e52f6947905858cc28f32ffa13631c822abbad86b93cbc4508fcad6a7ed4d0fd7a0c62a3451b21d1410db240dbed0da2238ab9ff5a30968c39a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2c91452514fca564a6cca88a1517468

SHA1
7d55a809a297ee31d9e2732df43e8af30905229f

SHA256
ae1d5500000134d6c930c370f7661da87c4357f358e37100514e1929ca7b2789

SHA512
430f0c98fee2e9a83c4e607de239da8123aa1cf36818fedb096ac3b54e061f8f5c17f160ceee7fcf5a7a8ac4ee47ad87e573e3c9742a8bbe3ac00e8805f1b55b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e37d0f5bbbcf8411bb83a6be4c027c5b

SHA1
1c5c536529b21d0b6e3421614fdddc8a4eeb186c

SHA256
5047d654605d5fb4386ecebef0d6e33860d5f3f6377bcefa53c2733df4558ba2

SHA512
408643282738ed152822242f57dad85bf5186fd78abb8c27cf9ec915f9e3bf4479cb912053f76fce9e4399ee86f802d6b336aadca188ad0b1b134ff6f8d20b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c17b44cbdfd9635e937b665a215d0292

SHA1
6c3764552805a20d18c4cbb51d84d2ac45d0326a

SHA256
c530857593e363cf5fd796568561bd045daed1cf27b2cfa77aad1091a9ed3def

SHA512
f0ca408f447bca011313257d61d9300f9dac1092797e741a6af91a8cb510fb8db02735adb309ee3bf5f694e120792a13e70efb02f1e07bd5ba22619335a1317e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
468290b8a3a2e4049f6c5db55c9dcfc7

SHA1
c34131a88409bbd4d74368bdf93c3ebcc9a54029

SHA256
03ee9fcad8a020f11f71f880c6cd36f25944a777d1a1c48ec285e840b5f808d2

SHA512
3a444b46fa3083d7ae991dcd7512b5b838b76d420248a1189c7a9b9997c56b639747a0180908537b970101f16e21540e86d6761cf35904457c28a8048ef3ef77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
4b0e7b609d173397a9e03b13b25f04a1

SHA1
b37fb21a0934264f07419ef7ae9c75f6978714c0

SHA256
4ce2386957a04080c32ee1c5c5d01a15499254ccde36fa8b5d60306fc1871ca1

SHA512
3366718fd5f41111799a5f4f5e21aa2bf0ffab84c034dbc97cdd645b0ceda66c6255ca8bc37a27ead2621b718b0d5171915b209bd026e7e3d99cc92986d5049f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13373646873280676

Filesize
4KB

MD5
f6ccdecb9a80ff3971a61bd3c518f955

SHA1
dbb4753f20b31fc56c3d4a28c723fa6f764e47ac

SHA256
3a50d4386dcd5034e219d6424ed160a023a321b609da68b751a3ae26033422d6

SHA512
0823616e0fd4183b93333c6c72ac47f358f126c6b802589ed89e624e47d2d4e08577f47a905610f0adf93c9cd07e1dcb992d95af4b5573afef37e1d5ee2bc766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
6027e4123a3852a8d941458d8d570375

SHA1
c4e0c8695e10ecdff8d45ace284041fbc602fdcc

SHA256
648b6c74a66cd321bcc08694a15607cd4098766db2f3b71e4a2e9497d84b4209

SHA512
38b7e8412d2f4b7406f8db0994613c73675cfcc10740d41e86e75b783eaa0024b8d32a790f3da6445d88da1afc3429f3bd59712b621f0d4e1ea7dbb05a660e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
92b33e3d9ac0b190d1a8506d36d6c71f

SHA1
ea0733901e92cc51365d4104b40ef89f81c3f24d

SHA256
b09abdbd53bf7b055e77ff6282614ce0ba25384b60f7e9cdba4a6ca4442c8942

SHA512
89310d1aeda20bc17a89a0b7d24493a8edfb6ff88c49bb39a943263aeb98eb1e79b232b0de8e88774422b7761baa8d9e8980e28c29d1c86af01027e75b493b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
90b0f87b99078acf7dae56e824babec8

SHA1
1acfb3116633d38db4705dd4ec28996f3de50eb1

SHA256
0603e8eabbefdcdbc7856e1e2a95f9552a8b6a3cc7c092009336dfea7a11c07a

SHA512
16badfc3bbb332687686bfd592c11e12aad3e4acfc8fd6c12a26a1358f52ecefc1ecf167b0bb41b47374d32107ed262b1733d7d097f4baa904c39bbab0ce03de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
32f034688ee91b23ae86ade1c295286c

SHA1
c465d79248feeded224ed160035029f0b336db13

SHA256
1e69ea115503ebb106bd80eaf062b83449052064fbcb82a28e9d704860ab9d63

SHA512
b53f43615dae012c87d0c7c6e944b950dd5974295c26ec76148af9364e4bd519f329e70b79c45db12fe20b92638f5a91a66c7fc77af2c33599aea4ca3b3990dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
94a3aecf1fe48f9417f9a2465dd49a4d

SHA1
4aa360a0efe747bcdb3d91cd956412cba73daf00

SHA256
0450a2d4e57808a3022a70343f2cea7b1900040fd51e84181f74801b6c3ad5eb

SHA512
d26c09427e97feb58b912b34ca010ae91a4143cd1183ffb060c35cee2751f84df78de3c41ad347a562b0c4a811e9a1018a4e8500c78c5e0dd408be46d2e1ed15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
0bf6c561a8535242d076bdaf1bb014fb

SHA1
5b9e9120d0d4d3e0ade40f66cdc34132d2109fd5

SHA256
d3ff640f20627dabb473776ae08b5c5068d335e834dfd8032df0e1fc4e00a73b

SHA512
2ff8c5306357e4ea6dcaf1eef6911236fbf8facbeb5ca1de62e4afaf9a641121cf57d1d23b6288cbb2da9921665a6110f089fbd75a0a9fab74a669e112c70330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
21KB

MD5
3bcd258903d29295ccc37fb5a56fbbd8

SHA1
7a932de13bbfaadbacf48527a745b2d43b95f8aa

SHA256
43cad44e64d44cf19a2fdd1df4982b7db7b6ebad2189296c3f60d60e85db85c0

SHA512
0294aca79e49401d64a186efd6dc12fac9e489c75dcedaf6416d6249c251524cd1a35e684c4baec2335105a48c1940f75bcc77f753da370b4cdee5f302f3edde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
e442ea3b0b848c568ca2a7fb48025490

SHA1
ffe78d8ae1bd7cacf24dc313d3b4edde2d071c1e

SHA256
c3b9692bf9a6c809467f2bf3f2795bf3ae900069047dbf019d5227e01f282b6f

SHA512
fbf81428f6d12cd8df24ce8c6a15ca14b1ca4f7d2b693dcf42177e0618ae33dacb2ff96e50d6d5f6d06ae4c9afc8199614bf1ab9a2daf4254fe11be443dce2d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
6978e7eb9da621931caa7e3f561efeee

SHA1
05017a8f63ca607996213ec7887b34cc25c064fe

SHA256
3b6850c66c12e731f6acffd6854d50c21b2d249a6c1becc77c2bbe7291dbc8d0

SHA512
8c583e2411ce6efd85619337a25591d107b5d8188b8fd20b5f83471bbebd90f6af71974c80ddb755eec8abcabd56856b1f6a916f2f68a44ed949d99a59b4efba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
33f73cf693e620ffd9e9088e61145851

SHA1
fadd73b5cc27c1183f960ab8f77ac10cfdc27076

SHA256
25cc2331829954fcc98d4e044366742be7b5a00c3d7ab0f515b375a6c6d1dc14

SHA512
6cddf99bdfd21f960191ce6e079409dac74ae9470a4512f9ae051d604100a31a40fe64c1078a4351baf3f7d7953054ba69e2b5592e2bb8b94765a997924badf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
8e03a88aa417e658b290c8d87e27568f

SHA1
e2a1f9bdf07106600bff0f89bc71b2d78b0dcb29

SHA256
28b44ee06252d80113e3cca8635aa0b8d152c8405f1eee9698b2c5accec6edb0

SHA512
2b0ebcc527d21f417491a9936f59b5acdeec409f5fa4c3b98ad6a458b516b72108f1b803d89075298ee73a9b90453575f24554c194c6654ba1e15b84524f95ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ed94994495a50a4897b6ec682fbdd5e4

SHA1
202d8536ebe8505e3018a915fea30c4d1052bd63

SHA256
21e577d49fb6091be1ef7235257277ea5c9236c40896df586b0230b876f540d8

SHA512
c1347762b45042986e9544778de9fc7bd6513060ff2f9c729cc6ef7f8c848619934e5e88c5e186aba57addbc732400c1394106b17f40579faf2e4894aeadde29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e990658b965d4909162b607919a71fd1

SHA1
619f49d73a81d89f54d40b0e97d137dad6559b5b

SHA256
89dc9f85594c2d49e47934fac2faa1c6f9d1d17e4a2335def2872298bcd70e94

SHA512
436d1cb86dc5f0e63f269225b92b54b5a9078a4b38fcdcb7562f1f0ac97a0d273a14af8a3df03dc78622cded69386632874521be2b4a8d3d36e2d390b5c33653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
63adf89c09daeb2d7ae1cee1c969d6b1

SHA1
07092f7e8f038c84288ce04ed43d4ef29d5b064a

SHA256
aef9b86692520f4bcf1367180d908c80b756f8dcfb181abd3373a7e7f480f68a

SHA512
002cf4f86e40640d0e1f42557f7c4f51253c48549532402805560fd43afd2909cffc1bc034b670d91bf57ded31a874138e31f38110783d0a37d5d141064f329a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
7913182a16ac7956620aa1184b247ceb

SHA1
f4459e0353344cf76b3de69cd75e6e5082f62048

SHA256
27ba5ddcf4d5642849559d8507b47d117efce7696596522daf0c8bf79263401c

SHA512
1fcc62c62a294a94f2eb5091c1561a36ab6d9672c4904d5e4fc3b1d73e7d92090b4f5a79ea8912207a6a03d44d327d950fa20b89d33b4ab153d3d6bed779d4a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
6806344e26240020c2c145fd48ae187b

SHA1
07ea47a271dd6f881bbcebd5e9f03de55080762d

SHA256
8cdb7fe9507f39cdbe134862672bc72f7392980741044ab57f61beb28d34c1dd

SHA512
c0681842e63e42daf5546020535174de4ba8bc8177b6839c36569829bf1346fd8979996c545cc3ee8251b4d34fc8a1bafe95476716372d59ce0431d5df64dd52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
24KB

MD5
19e740225e858ce7ea544fffdede948f

SHA1
f4ba459b82da4aaac9a4fb80d8a685025c8ce0e7

SHA256
eda3f128815602adb3409b8e694c1ba7abcc876e0bfce8dc5f921a96389306c1

SHA512
0f5687bd8304294b5aefb727dbe683b151cb5fee2044775961e9b6ea49549465ca84e8232f961b2ad210b5777eee17bf5f5f926985001ae6f081907f8718b1da

Download Submit
C:\Users\Admin\Downloads\4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc.zip

Filesize
74KB

MD5
0af3a80135d7fe233c42adb210675fd1

SHA1
f43d4489a3b1cc60ae02edf99867e17282f8c5f3

SHA256
c0340b1d54265bd003f45c949cf60124d6343f17b1ef8fb2d5a19b4094da3432

SHA512
0848baec34cb4694789f34531aaa01f582a900966cb5576e00743b34503ca589410f6f1b4cc4b6808b95e06b2eb499be138bcd5994e960799d0b4b1cde6b4d4a

Download Submit
C:\Users\Admin\Downloads\4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc\4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc.exe

Filesize
178KB

MD5
af2c74b707a39bc27264d718968fb286

SHA1
8b83623fd2b68e7b3ccf4058f3eb5b9f07866e84

SHA256
4ad418db066d291782cc25d1348249f04138029a065201a2514c0976fbcd31dc

SHA512
716ba8a75fd655aba451a27091c507773c4add6171ae940337446c880347b32f8c4148c25b8fa23dee87a8d3df57f03ef888e314093434da7dbe8472a3ca7936

Download Submit
memory/1788-144-0x0000000000400000-0x000000000055A000-memory.dmp

Filesize
1.4MB

Download
memory/3524-146-0x0000000070CC0000-0x0000000070CD2000-memory.dmp

Filesize
72KB

Download
memory/3524-145-0x0000000001530000-0x00000000015DB000-memory.dmp

Filesize
684KB

Download