d75619cd0fe939bec360b0d148916522bbd7c5a71454a52b48e51699f0e0add7

Analysis

max time kernel
63s
max time network
65s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
03/12/2024, 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

server-booster.zip
Size

11KB
MD5

96a9484f3c2f3b500b11e7a0b54b542c
SHA1

d79a5f1b59c75de055d70f7fa5ff0cecb928ef85
SHA256

d75619cd0fe939bec360b0d148916522bbd7c5a71454a52b48e51699f0e0add7
SHA512

414e53e1336dec9c7c7cb2dde6b813e619bc21bc6e21e400a09d9045313ba4756a90b5bebfc12e0f8aa8348324f25007252ee0d15e8b581c65b9f6c7c0367821
SSDEEP

192:C8yOQus+M3QEy4YuoW8HkYY8kZLXj3yPH1EUsM0sjn75z/P48:r3Qus+Mzy4YuCq8kNj3e1x0sbt/P1

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133777272615822243"	chrome.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
4928	chrome.exe
4928	chrome.exe
3712	chrome.exe
3712	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2068	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2068	7zFM.exe
Token: 35	2068	7zFM.exe
Token: SeSecurityPrivilege	2068	7zFM.exe
Token: SeSecurityPrivilege	2068	7zFM.exe
Token: SeSecurityPrivilege	2068	7zFM.exe
Token: SeSecurityPrivilege	2068	7zFM.exe
Token: SeSecurityPrivilege	2068	7zFM.exe
Token: SeSecurityPrivilege	2068	7zFM.exe
Token: SeSecurityPrivilege	2068	7zFM.exe
Token: SeSecurityPrivilege	2068	7zFM.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	4928	chrome.exe
Token: SeCreatePagefilePrivilege	4928	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe
Token: SeShutdownPrivilege	3712	chrome.exe
Token: SeCreatePagefilePrivilege	3712	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
2068	7zFM.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
4928	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe
3712	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 3316	2068	7zFM.exe	77
PID 2068 wrote to memory of 3316	2068	7zFM.exe	77
PID 2068 wrote to memory of 3532	2068	7zFM.exe	81
PID 2068 wrote to memory of 3532	2068	7zFM.exe	81
PID 2068 wrote to memory of 4200	2068	7zFM.exe	83
PID 2068 wrote to memory of 4200	2068	7zFM.exe	83
PID 2068 wrote to memory of 792	2068	7zFM.exe	85
PID 2068 wrote to memory of 792	2068	7zFM.exe	85
PID 792 wrote to memory of 2408	792	cmd.exe	87
PID 792 wrote to memory of 2408	792	cmd.exe	87
PID 792 wrote to memory of 2408	792	cmd.exe	87
PID 2068 wrote to memory of 2436	2068	7zFM.exe	88
PID 2068 wrote to memory of 2436	2068	7zFM.exe	88
PID 2436 wrote to memory of 2400	2436	cmd.exe	90
PID 2436 wrote to memory of 2400	2436	cmd.exe	90
PID 2436 wrote to memory of 2400	2436	cmd.exe	90
PID 2068 wrote to memory of 1672	2068	7zFM.exe	91
PID 2068 wrote to memory of 1672	2068	7zFM.exe	91
PID 1672 wrote to memory of 3908	1672	cmd.exe	93
PID 1672 wrote to memory of 3908	1672	cmd.exe	93
PID 1672 wrote to memory of 3908	1672	cmd.exe	93
PID 2068 wrote to memory of 5036	2068	7zFM.exe	94
PID 2068 wrote to memory of 5036	2068	7zFM.exe	94
PID 5036 wrote to memory of 1260	5036	cmd.exe	96
PID 5036 wrote to memory of 1260	5036	cmd.exe	96
PID 5036 wrote to memory of 1260	5036	cmd.exe	96
PID 2068 wrote to memory of 2552	2068	7zFM.exe	97
PID 2068 wrote to memory of 2552	2068	7zFM.exe	97
PID 2552 wrote to memory of 3596	2552	cmd.exe	99
PID 2552 wrote to memory of 3596	2552	cmd.exe	99
PID 2552 wrote to memory of 3596	2552	cmd.exe	99
PID 4928 wrote to memory of 4576	4928	chrome.exe	101
PID 4928 wrote to memory of 4576	4928	chrome.exe	101
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 1896	4928	chrome.exe	102
PID 4928 wrote to memory of 3304	4928	chrome.exe	103

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\server-booster.zip"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO418C8CF7\install.cmd" "
  2⤵
  PID:3316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO418D75E7\install.cmd" "
  2⤵
  PID:3532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO418198E7\install.cmd" "
  2⤵
  PID:4200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO4186B1D7\start.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:792
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python main.py
    3⤵
    PID:2408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO4186FCD7\start.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2436
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python main.py
    3⤵
    PID:2400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO4189ABD7\start.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1672
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python main.py
    3⤵
    PID:3908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO418087C7\start.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5036
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python main.py
    3⤵
    PID:1260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO418373C7\start.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
    python main.py
    3⤵
    PID:3596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1bf7cc40,0x7ffb1bf7cc4c,0x7ffb1bf7cc58
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,5117103138979589032,8605044047081310292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1740 /prefetch:2
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,5117103138979589032,8605044047081310292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,5117103138979589032,8605044047081310292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,5117103138979589032,8605044047081310292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,5117103138979589032,8605044047081310292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4384,i,5117103138979589032,8605044047081310292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4252,i,5117103138979589032,8605044047081310292,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:4160

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2660

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1bf7cc40,0x7ffb1bf7cc4c,0x7ffb1bf7cc58
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1724,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1792 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3560,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4544,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4580,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4928,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5392,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5452 /prefetch:2
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4920,i,4240229784417704983,12415013486223338434,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2720

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1624

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
129695cb13d7a74b2339de2c6556dd72

SHA1
314d3406a078f2c388ddd861d66e41d17985ac35

SHA256
2afff6d4c92cde01a63f9c67fa7a035a1ea17c25dc1ed06f59594880682eb02e

SHA512
085502747eae8f5927ee5b1bda77ae3eef5a3828de370deb3d2e4c199c28aab2dbd0d5bc58c4a61f582548b11dd865ffa2c21e58cbd9376051ab042c1b7337b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b8c920fdedc18cae5aa4ce5dbaa123e6

SHA1
b887d02fa4e4029e45f460887521aadfe30f7adf

SHA256
e2dd7aaf4b4224a81be2f7a778b4e988dbfd58151d4fd791bc15e7952d0b5c63

SHA512
fe6a3ee631850015c4df0d9080ff6c858bb550d2e61fb36c8d14c428122136187e6d8cc18bdcb893377146150ab6822b951e0470dd96da00edbb14e177c18c0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
c08de0fdd885207e7359d6e2cba2100f

SHA1
bcc6c85d501ffb75f56e1d19c8d5e20d85b13462

SHA256
efe09230a308581a75ee6c0b6ea452df6458c20d16f99f40bcb7f1c08c56b20d

SHA512
3c2884aa7446c8af4d54ed7393dbf0384b7f645f468f709e76fb9fd19722790518c5976a191914cb9a14ed321cf52796cc45623d7c44937594c1b9de600615db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
01e0b80c4ebd60054fa820356171971f

SHA1
2bc27bcfd9e8cb6573498f9a8155aa30a3ee0594

SHA256
54e5cb507ceb570fcb86338bcc44192ca2795625774b7b1314dcc4608832e63c

SHA512
1787c521a54ac9246841f37e4bb97784468566010ba57d6744bce5ad564a37099fa4182e5d5534ce419d3feadee7a97dc28365c5df71525295e404cd3cd3edf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
0c91db6214f5ecf8315eb8602ae41c64

SHA1
16f959dc12b3c9852bc72fff9ee74c7d674d23e4

SHA256
435bd888d4776201552bdea304d975022cb88afcc14545003409a18ccd7f70f1

SHA512
47113c84479db4b6702bf71436502e3476855b7bcbba1d4ec6c3a1e33efde3a4b94d556d955bff29fb3e0f56eb2bf92cc6f6b04a69d19c5c37c867efe55e89e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
e18f359f6b6877b9bbb20ba0aa51dd3c

SHA1
9408e03967fe46836ea6dc047758a68f9b708229

SHA256
54e6b1f06fa23f328361a79008928a112cd3e0e840771f95e54a2a114acfb0a9

SHA512
5c3be914ba272b416ae6b0471f5e77daede62ab739a055498f3f28b450bc7dcefec885c6e9357ec41b542e99068d986acc24822c4a3dd84e7c22120322dca3d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
3bea190d9f172801e38693616068fcf2

SHA1
6f36b4d6b141f618394cdab9b5ed4ea67b63d3db

SHA256
53a36a85aea23ae5869132ae8c36a5526f99b3880d66b0cb990b3c57c146db03

SHA512
0fdca02ba8e23ba7af14271efd7323ad282c14ef9ade8e692331594cc8c2fb176e13db2d964f3e7051c95b90d3e8e6b871a1071eb8f57b9e92837f08bb334b35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6e86c6aaa13178b6b27589f16e0291e0

SHA1
c3c919285a808600f795800e320b73968686c0db

SHA256
2f908bd75981ed36aced5a5d72558c02618710052c9dbf2ed1287e1f914c18a5

SHA512
dcf0afff1160c9ac715f9000bb7e06a9e69bd1875be8a5d175ac9f88147c50e54a3e23fd10fc2590a1bc15ecabd7c8dc639f209186876bceefcc9bda0cc17e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
9fe1b9f8a371d0c2da6d5b12fdd44c73

SHA1
dcbae3a48d9743720598e7067f9655caf28b4865

SHA256
f7cbf06ae9ce949fddec69b3b171ae1f8f822a1b06f2a4a50a667227978a7ee5

SHA512
48b43e94de877e3166b147323eb3bcf8a4d5b8c1b653392af8e1697d5ec82e9acaf269b20bb9a4b4b88e1738d1a1c8551f9b9f3f22202ca551097c07e71d2d84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
10890cbc963252fe76f016aedca4cf54

SHA1
01f6bbdddfb24ec00e3593e658d069951f756c28

SHA256
5e7a9fbd62b4eff404549c0f5a857f87a01bcf3107be93e58a223b879f90f51e

SHA512
2902002573540eb82deb19b412091c4b7dec3838394597c93025decb3d84555dc581cea43cafa002dc99f9ce2ae03823e1b9b3ec5ddd134a77bb7b74b280a146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
36437badd150a526590900f792166fbd

SHA1
6ec19de11a686b46752ef95a296372a8cfcd106f

SHA256
d7da01c4fb31af7439ad659f74e84c16593806f6adf50f317e9f654f6389ce8d

SHA512
bc7545fb7ff91fc884b3e75638343a1c2537da486de290570ca76762f3b9e0dc7a0053d45638235762ea4e0331a62723c5b9717c228fbbcd9b6726114987d9ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
b334e57fabc26e241246fb2675702e76

SHA1
563b74075cf7883482c9ed4029d245e0f1434d12

SHA256
db1d4766bc28a4159b24f29fc789ade733a372367dad4f8ef6a55a84eaf61b54

SHA512
7b0eb2544d93d13d03f4ba282ce232822a5fd78b16750c7409e1d071573f31c7e799b6ce5882f48da6c23c5ab48de2e0c41c6aea0d44cb0b426799e7c4ba9984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
8f564bfc53b371853e712843a2c9589a

SHA1
853d49f7a896ed08af83826a7dd427124301c770

SHA256
dbfe505a6e9e5d1424ea288a885c2fff079b9f845535de28663b0b6e528ce882

SHA512
bcb7b3603b1d08f0ac3d15af07ee879f37e98d5f5685136b2f4c90a3f0f3fd6314c3b034f9767673c791a81b6d8aa2d9acdaedbfe99cb900d8631101f1b10725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
9056c73a1b2966378c01a81b5b8ac4fe

SHA1
cee0d2db24199b4aa47b8e93d0bf351cadc3da31

SHA256
b8bde61a7375ca61e954cbafa2502bc95844063faf78195afb85a21177bebe07

SHA512
725e1cd8d98c9df14e74f9dec913f82da03681012dddccdc665c10ba82fc51cbac7d1b3edb3043d973baeab09d93347e484b25b1146401199cd97e7d35dca1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
125B

MD5
03254d1e8dd056870ff469c0202d12e7

SHA1
36d8d37ce99ac64c4a388de3d2380841231af029

SHA256
624a1e665abe68d1388a306a291d7c543d297cd3ac102611c8a591be04845eb2

SHA512
439a02e95fab6e517aeb8059783eafca79ebcabeca2224c7d14f0881e2a2c8f75762ed5d0124396ca38339c89987deaab88e99d6f5d94520ba59d3b8924d3f9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
3cc6d2eb46c920cf8aee2e4de2eb634a

SHA1
bf540d68432a829b8fc4c8e1940de648ca35bbd8

SHA256
b1eb5f89351a83b1b96e728eaff49da70e05177311ae391f1ebb15e244f6a6e2

SHA512
5afe54ef692b58830b0c2640e548b265730a7d46f776bcbfdae312f2c344d7ed0e0b535e4435ee5d4aaeaf613aea020bae79c03402d5c15b7367306fc7ba5907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
45c858cff848d254b39f264fd74a2747

SHA1
ddcd15b124694bd9593877232e3874327c3ead74

SHA256
4b18cb29e2d23ca33dcfe6c52b1079b3e4065bb8929b4e21fc0ac4fa3ce54fd0

SHA512
09c70f8f6c655eae217f8813520f8f91df457b9b1fefd1e771e76ef14c6ea61cb04bc68d94fa1424e8691ff2d25ca33191627cc38780bc619e6ad1cf454fbe9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a5a2b972bd48cdcb6385c39de8b1277d

SHA1
9402c4e9a7d84d3367c77805de2fd95efb79f9f4

SHA256
db5ed3cd704182a6479ef812655d8b6118341a1ae05706fdcea561112188234b

SHA512
86baf6fadc5a3eee850617f78f615527dd8e1ec7b7e2b57b67d8a948ee47b9992adee2712a1698457a25b0ee71561b257deb06e8e8d918f0cc1d864259680eda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b240e34ab4d20c0bb21ebdb121fe252e

SHA1
a83771e3a1e88dc3b4220dd00e64f7b92c9b28d3

SHA256
108550a885a394c526496c84f71d5ba5a5e5dfc14e80fc296cd3e46ba731ebcb

SHA512
e2c4eeb91d5da67a2fe140f909664d6bc6e341046439179ae8fa2f663d8291b69294a78f3dbbff5bd58b77e6db043dac920e5347838980cc7c3526266bdb16d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
929318563070aa33c8aad88eb23a9dd7

SHA1
0ad2e776d2c3abdaf2963f8e08bec2bb10e23706

SHA256
c62970e8fdc6ef94ed1fecae8a25e2c6bc34d4d81ba016b5203ed74ce7f5dd46

SHA512
4a8cd31d7de11878bd8445ec523533973d2f6a2e677178fa72ca7fd8c0da50d73ec0bd0334e099fb7ee75e02a01e7dfeaed446a14d393decee3d4894a3d65d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
26771e8a4803470d1238755a3c2a9bde

SHA1
fd2c6b04853d0e5b07cfaa31dd28d50f79c91caf

SHA256
3cfc08ca56ed1ddfaa52aa29dfe526d511b87051bf50b8ae8fbe94170b0b6a46

SHA512
d55de7b8f46ec42f187b80045c34abbee09d5c13b36b142ed448521a0f530b21dbdafdd5a53622373e88ce8e543f1995ee724eedf10f41925bac5605081fe539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2af699f2a4efd89afb88233fc05c9322

SHA1
4edef40e6e0b5420ac47b1d8655016d202056b99

SHA256
a919f9837532e48736862ee7cb6aed612a030e32e498dffef260ce60bf03adb0

SHA512
1b4f084f05a60f58941aef018831290f82d572ba90dc2876de3a5c7bb2271cb9add51074f38e06071ebe464b7b385d5859bf619b970a36c5de95eaffc94f50fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf15350e1998d98be1b8d9acab275b82

SHA1
614ed1271029c55707e40a480d5152a7568ff7e5

SHA256
b3e7a6bbd0d8a0adf78f792f7302d4a5686772319881f581e6f241bddacc33ef

SHA512
9a03cdabe0f1b9ed190262d905a57313cde1cf98da5b5bada678d396d0d336838557310d846a811d1e3c4741a7c21e3e514303c407fca8a57d8dd7c39464d67e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e70df346500a73d9d6d074e1906f9dd9

SHA1
7fe1381f5bd1d0180e57c4a26989968d70688ee1

SHA256
70ce72f844eb74e6b1412df4ce3fc4c20d92acb1520a9df1deeef075056b8d82

SHA512
79c132ffd78a2b57ef19a5e10675ea9c9ce758c5e4a6d9c483601c4ab9ed88f5f7b9c171dd9a666c5ef783bc06b8130106b3a388e79df2c143390968e2dcaa72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4a1b7b4037a72a146e2a4e99a5e94804

SHA1
c579f093221cf5c3a446985e41b39d6ede4a9c8f

SHA256
febd605223d81cc297d6819ebeec63b9250a45e06c030235b006c9aa3b3465e5

SHA512
16bfb5410d629dc4ce2ca82e5cfc1f19b65ebb0e6e81c363033fc80ac1dd29745847b0463c872ef9ff1cbd785700f48ddd265d4f3adca2f706564d799d340b84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a57356c97a62b2edb360e0242bda646c

SHA1
72a109b38313eacb6f62132d7075a430fb0d0ae5

SHA256
95813879646521ec9fbca44b9924e9a1ff524669c557dc2cc9516eb7122c3bea

SHA512
1a847b00ed7f00be5baf9d8bcf38f8d526f0057c7bd9f0ab7b30d6475407edbbecb6f03912cb1fb5fd60b153364537d0e43c6bad6c895e66d1b16d5d43dc82dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
e76d612dfc711cbe0f250bc8008e5503

SHA1
3ed09d3e3b427122f0dc40b30aadc726b280f919

SHA256
1cd2a3ac436394a78a8bc444e25b30b98132c86b737c810d37dfff7c3193c9ba

SHA512
c6afe20aa28f5c8da3cc02058b992ecfd19f0b13b0f96826ad29ca7387f36f0a44c6ac7351095646e16816a387bf6422d8d7967059873def69fae51678c8133e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5f1a71e5430fc550581fcfe80559d9a7

SHA1
95bd745afa9adc28556be421e7027abc3df66cd5

SHA256
9f30faa17f39af9461c8b53c192383c67f49b3e7c5be8e442a5b12f6dfe3a290

SHA512
dd6a2b1b90c411330b80788f5580b724dce5456cc292abc0f23f90d9d73abb65a1d2cbbd70696eaa0948bb2540d40bd28e5687a7a6c90f5e811a3f823036fbe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13377727242820462

Filesize
3KB

MD5
bc05aea2b42ac013b35cdde059854d64

SHA1
43f2a413962904ac350f9ba1487c2b66e9229232

SHA256
e8d8ad1a2e9494213524afd8cbf7abd53b83cd449cdc8d965037fbeaf6631026

SHA512
e227a3e6f30668b10c0929edfc8908902c509f8392c7270f8f02e24e24fc12176476c68e2c11d16144b0b118f2b59940e60c212ff65ec4d79fc6e69e45955100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
6367f6bb2a29f48a9814c20c5e2f3788

SHA1
5f20c7bf4520b7706fa9e3bbc736b20412941414

SHA256
18f0dadd5b30e3d7bf8b624922f1d4ba09e6b81d889fbd55109984d3adc5cc73

SHA512
c79176cb2cce08995a976bb83238af57b75addb54a840c47612f8c7c54fd621bbb08aa42eb485c66be5c5d1af6f8cfbf220c9ffee8ce0fa3b434abf3716a4976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
56694927696161c06994677732437fb8

SHA1
15a2b0f917510a28db9bfc21fe75d66caefc603f

SHA256
ace4699fe7d9b2801b22535386b1c53f5f22b4ced78237f9b987018e1a8e7e26

SHA512
734edf14008ddfe0bc345afa34c865c8d54b1b8d30a0b6793e4ef83e5ebb76e2934ab7099d290fd4367138188d86b5bcff3335543733812acd6163d6baa5f1c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
699914d5440281c219ed17816a3937c2

SHA1
060185a3ca3380c06ee7fd7dfd0d1e8d2ca7da5a

SHA256
819e39fef43ae61d78041e620bbffccc56d68f6010f6400124bc6a9710bf5001

SHA512
f928eb49b203f7f2996ea4aec262e4e15c2bcbd5963154b53c1c2cc056fcce7c8ac673735519635b010342912b13e7c14e7334c1ed06223271a852b31e036c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
114KB

MD5
fbeeb53894354414128e432d5fe081e6

SHA1
1bd07147d83c297908a5463be78fcd35eb2667ba

SHA256
fde64f6c244556f38ba1492a6935595fdece86c124439397c4cdcc37be1440a0

SHA512
c5ea073d6b2d083ea8c65b67e0a9f4821f7c1414c3d899631404171cedc2cf2217fd1ca34576a07a71ed4e4d462f56ef805d53f40c7a465089bd42cd7a57994e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
56ae81e13aa6d0ab4b18aba3bc365a03

SHA1
7005e813ce2d88e225b13019d0fa76ba3e1bd20e

SHA256
3e0c6ad0e1593160b4f3cd33a5367b97b4f40d9959c3c8d74cf096b010cfb8a5

SHA512
cb27cd508f885560a2b20999bdd1b77a3786cd91aba9aa1b8e803acde4c422b34441197b8ca83917244b798023d7f70543ee3856170ba679b8d8da334735ca51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
7865e42d14d75c4a35f79057be152e41

SHA1
a0666d8de87574d02fb6aca8422e3bd878ac8a08

SHA256
b4e196d5fbd259afac0cf706fa3acd58425b77a51eee53963d5d4faf5b55cdc9

SHA512
990510b24fab625f315288e7d583c2f795ded608eb5bc2ee31f760f0125e84867aeb91cb83d63c0665530a4ffd861a22f5390ee00802e69af258bb69d1a31756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
18KB

MD5
452517d05fa8e290163ea15355e3b1e4

SHA1
fa1fe95836ff3b19009bfe1b4534b5bb45a0135a

SHA256
cf75ee47222e4b384f1cf8e22de7a153cebb7b243d116be4267be34e698d2f58

SHA512
9137187fc534bd3971a32ff3aafa3972f047e0f6f79c3b4a168d62fb4bae4600523133d094c8acca75056a39c90728a50feb471ddd199f638c9ab9fb28da87fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
9ec9edc2a75b5afd9c0fdf351a69e9ff

SHA1
64a9d2b1e91e7cdd474535dfe9ca6f7c11b10470

SHA256
d23939a7b7363da78289cb6c7cda1729bfe911f9ae2d933f2503aa1531dc4857

SHA512
494e8e1165c0fac29e368c007dee912d7804bc07f7223ad6bcc95539bbe807c2b046b614beef97a3f14b07f61484f77c59f6464d4c475d9090cf133882e9c63d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
fe50380a8263024ff02078bd99874a24

SHA1
1a925c510e0a221952ef23df07c2933722e2c3bc

SHA256
d7a491fb027c363682a1ebb28840137250fe6183d8449960be900884b85577be

SHA512
29c445b8bb96f336640fd385df18b2a8cb59b44507cf75394c5b98f4b7c5ec9e122fabcbdd3e911865495f0331ff232f1eb09ba1079de35a464d66dcec6df789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
4b81c3684ff8f069cb4d18e1e7465d57

SHA1
90ab9d1f1829a29f44f57adcef6c6020b32a613f

SHA256
78659dde9ae060b871addc294ce23d2b18e57138ebae7aa46ac1bc918281cbf4

SHA512
03936c0b09ee13ef50dd37a1462bd7a176c56257fb57ff84ec849de8aaeeaee6ff8e7344916d2dd604818b9f146a573f3778a8b17d62d579a4858afb911f3a18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
6b2c568e353ab3bfbb81be7c73988328

SHA1
0d0171c197a43db0c83edb6494dd7c7e5be503eb

SHA256
b304bad43c8a7ea167759044df0dac89fd3c9ee7b8aeadee291f56fec7059da7

SHA512
85f417e3ec48048698c9ad19cf756c447af6e9e35079bc372a53a28330053b33e0ba553a9a30f448e5a7d2ae04bfe0f417d4d2e6b0a57f4e508061c4fab3d0b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
23378dc2961ba4f133fef5752b0c088a

SHA1
b565947a5f2201b2950e9897ff40c4588a5fa103

SHA256
d1687088398ede179ee9a3b37782b26794a5c43c6fcde017debd04c8788bad1c

SHA512
73f8b88d74a747f616d44c754dda0043d05e278ab4b4d12f3b9809b55e1daf659302ff2be31ec541b47d5421c7524fa0652d0a4064cf0ab179f007017d7d2a80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
0e301ada364986bc9faaa3a07ec0a79c

SHA1
648eafae7a7b07cfd912f5dba42544703a735e31

SHA256
65360d52e2589de4ba8b1e94c05f44e67de93b9e8b55f1310df6dd67a77d038a

SHA512
5aa4aa01ddc11b7fb638c75797687fe2b281db622118b012ae2f59fa4a4bf1cf64cd27d1138aa768ca228ea47f0794a3cd55068f4fb8510d0fe86328430096c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
f200ad33bb133d86ba021513acbcb452

SHA1
1cb128e327a527362f037dca3294b40f49357e5b

SHA256
5c93adc55239fd5d1f39d49267f5e1a959be1e4ce409631a60f559461d09dbf8

SHA512
2e3d01ef8de1ede7b26a1f69a010eb5bab407509233e9fe0cb94e62bf05ec367a7929a76ddcd1edbdf2244cdac8b3d77b8d4d7a12d2ecdf31ebaf61837cad14c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
974B

MD5
2f440a0f7ac3bee1aa591fc9df477376

SHA1
1c25859ed9fd52aa977ff01c412807accd8ca6e4

SHA256
8772e3a0d1b54c1850847ff396615b03f0cd7c88baad12255a4728c9c88bca53

SHA512
77c2dfd2256e2e61ab90944f568e05e88afa3dd2e6fca775145f8ff6c6c4f21422c57c4dfa14359bbf7fdc493c2661ee78285e05c8b50c73043c0ba907982505

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
1KB

MD5
f30cccc0adf5d8e553048d1a1758a03b

SHA1
c7fdcdd5dfb1f44deacf1223635d127f09ac2246

SHA256
a7df39fac26de410a1503274c24ea91abd251a9696ae88335c9ea2d0119694bb

SHA512
3814186235eea037844221bb9124db7965e5b0aa5fb6c5db2983e1bc058e0a6d51d82675d3c00ca7f1db0adcedaca77dff036ffc44a8835c7abd8bdc4dfcee4f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
1KB

MD5
d0e38a5f56807c01d41b0abca4fe0db1

SHA1
c12c27e535515bc785460f9ebdf870afab113fd9

SHA256
9d3b64fc9717f9cad3666f6df9eb4627b13400fb27f14f054d9278f181c732ab

SHA512
c78d3151d55ea71e726326b7333764025ab562b94b0f6c673702b8c2423400af0ec405b3eeb235e6f6b45f65a8dccd8c077bcec93646ba3bcc19892d691787dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
2KB

MD5
6e93faeb0a83899e80ec841df5b0f642

SHA1
5c1c05a0ad1a3bb9ea14f535f0b3db9f8dcb3776

SHA256
9abe5cab6dd96387899f56846bcee4ca8dcb87b483e7a8042a4fdc062680c649

SHA512
74fd6daba87f58930fa79fc2b026ec9d8e979638eb0af623e8489b5083f5439b2f3eb4515ffae5fe74760e130c66a0f25e864a642ed2d992a83e2ad61f9c6f6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO4186B1D7\start.bat

Filesize
14B

MD5
92a6f2af2e2bf7d6e64b7821f5400d1c

SHA1
ee3e35bf31da9e6616c1c6a663fd19b4d745a279

SHA256
89b15dd343075c7271ec08f848803709a915526e81831af0a9df53577b5155b5

SHA512
57ebb186b961d2e73bfe554f247b53558cd358bba5716578c355a85caf783087495ca15e981bed2c049e4485bb3d5edf413d90b0e16f68ba95bbdc7f26f5b29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO418C8CF7\install.cmd

Filesize
981B

MD5
d7127f1c50fc5d90bb62818327dc1f6b

SHA1
df23bbbec28cf5bd81ddf9264c637f7c09d7e989

SHA256
f4f1b9a354cd9fae8f63e2afad80385699c1a8936c3bb8e119c157f5f1202e94

SHA512
e2a73d71e5db8b26c80210eddbb55dde3f7cf89661c7f0850fb7d5ef6c41dce60a7487115328a0bc40fef3d9948a303235169c835b1333d8ad794ee0b10ac125

Download Submit
C:\Users\Admin\AppData\Local\Temp\8ab59ebc-d037-462c-858e-4244e39293f3.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3712_1285806956\987a0acd-a173-4139-81f8-5475494c47a1.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3712_1285806956\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit