c4ad1a54321eb6243787cfb1559cd733fabb6514241a8ff58a5aaea182d6b63c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

builder.jar
Size

639KB
MD5

99d46db1bfa599919c83701225bcaede
SHA1

4bd6bf0791c9956222e22d27cd7b73e2df38e9f5
SHA256

c4ad1a54321eb6243787cfb1559cd733fabb6514241a8ff58a5aaea182d6b63c
SHA512

c477d30438334f0de1cbd5ed4c0864b5cfbeafdaaadc8cec34c40cf5850f1e5e34f734a0f678d1e4db91cf79304161e72d29c4b5ea6beeb94348e7a457ec8dd7
SSDEEP

12288:U/TPQL/tZvOZR4lDcnuTgu/LRX+NBQNO7cgah2RD63ouM2RUSYVDMQ:U/TQTjOb4pLTguFOMO7hAZouxRnYVDMQ

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1733438358443.tmp"	reg.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133779120114382445"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe
Token: SeShutdownPrivilege	3208	chrome.exe
Token: SeCreatePagefilePrivilege	3208	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe
3208	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4440	java.exe
4440	java.exe
4440	java.exe
4440	java.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 1624	4440	java.exe	83
PID 4440 wrote to memory of 1624	4440	java.exe	83
PID 1624 wrote to memory of 3424	1624	cmd.exe	85
PID 1624 wrote to memory of 3424	1624	cmd.exe	85
PID 3208 wrote to memory of 4776	3208	chrome.exe	98
PID 3208 wrote to memory of 4776	3208	chrome.exe	98
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4396	3208	chrome.exe	99
PID 3208 wrote to memory of 4060	3208	chrome.exe	100
PID 3208 wrote to memory of 4060	3208	chrome.exe	100
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101
PID 3208 wrote to memory of 2640	3208	chrome.exe	101

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\builder.jar
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1733438358443.tmp" /f"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1624
- - C:\Windows\system32\reg.exe
    REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1733438358443.tmp" /f
    3⤵
    - Adds Run key to start application
    PID:3424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8e2b3cc40,0x7ff8e2b3cc4c,0x7ff8e2b3cc58
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,1545861596155191242,821827280644333199,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,1545861596155191242,821827280644333199,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,1545861596155191242,821827280644333199,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,1545861596155191242,821827280644333199,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3304,i,1545861596155191242,821827280644333199,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3712,i,1545861596155191242,821827280644333199,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,1545861596155191242,821827280644333199,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,1545861596155191242,821827280644333199,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,1545861596155191242,821827280644333199,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5220,i,1545861596155191242,821827280644333199,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5096,i,1545861596155191242,821827280644333199,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5292,i,1545861596155191242,821827280644333199,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4044 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5628,i,1545861596155191242,821827280644333199,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5400 /prefetch:2
  2⤵
  PID:3080

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3412

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0c227729-10ad-42a5-823f-d8a76b54d265.tmp

Filesize
9KB

MD5
910b1e2caf1c95c598de500cced7c9e1

SHA1
cf786a4bfcc502143e5dd9f79c2d8d4f5d0f6a92

SHA256
66a9f6e96095f147536c2941676ec43b4654705fef1bb5650d144e551ece0860

SHA512
84260906bca94bbc819a38be8af8a31605e0a9def9f24b9eb16fa2bab7c183cd4ae8ed5d1e91b48cc33a38752f85e9a0ee71646fd59a06e4c551e21793f81248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5c51c5fe096ee2949ba507dca51b4b21

SHA1
c9ae86b52d6f3f3ff548d5fbb4be8801b1d92fab

SHA256
30a92587ee9b7dcac87896b3fc9a2db4bf61ac19506958ec9a19b0b09529ceb1

SHA512
8f557a4893a3dbfdd75fcdf2b5c3bdd820f72d5c16e9ee221d083137821467d9f23bfbd3c83cdd01366150b3141b10cf6aa0f21477ed9970f52bd98c6fa57335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
3e56c897724254bec04ee408d530839a

SHA1
b68f5bdbe6072d14f372538aa09759a924a811a3

SHA256
c9f0136383dfd2deb6fe3856eb6279e37df07ba6789e037fa5924caf32347b5c

SHA512
cf771166123118f7f724a15d7c1e2e472e66485893f551161035934fce7a75493c6d11ca11527e2a7650df4c8915701c3215839b2a43eabce01f5085e76c4aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3a4dc71991c8dd34b8f2263abdcb72bb

SHA1
5dbd805b33e9f46f3abfc8b9c31c4aa6c79c366d

SHA256
89ee12a902c74f74f9ed5d7b1047ebd7097f52361df7453d8c7e60f5038cdfb1

SHA512
13f0e9279e4a874e9359859c4c68536a004e1ddda50eb64818405c05304bf6f7f85b74a81895cd5f3a4eee486679b2ba4be8c0180207d65fef8e0c65646cc0c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1378a88f61ea77884352a440fde088fc

SHA1
d7ec0a0be2dd88471fbf6fc84861e53b765cb029

SHA256
a21f320736fd6c7bd1eff4731d1a1073403dbe3e2b71287a84531bc6b07c5edc

SHA512
2d84191a05ef2aef356778de0abec78b138b5b5f0718135ee8db21d801f0cd76d4bc42e9ff1db320b3e95971e38d2ca654e807e7d89d29415f86ded68a2e6f3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ba3df9be41c47f39610c68c517b2175

SHA1
c36e00ce15306b8f6e8c95e8d26a9c4657c61e1e

SHA256
2631c69e14d2e805956c19b8e8c92cdede611440c34c5351d753121eb998a85c

SHA512
69d552445af06f60161f3fa5e36e8bdc262931e202f0022ebf70065561ea078d2c864e93329dfddee7aeb3631052b65073509fda27620dafab2fd4fa6c2f0be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48c154ab2a49c18239f3fc6d53aa0299

SHA1
f543808080098a53dc3baa12deeae60489779b6f

SHA256
b4b918d9e3330a0019c701da5da22eb4fa433eaac16dc4c3654c10f72723f65e

SHA512
01d259e1d3ae20f7d6c4775407a40e89961e427ed49dc6dbda3c5e56ff5464bc293caa1f45c1885eeb495705f073abb2e061fe668b0e8bdf9ab47178ecc221e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34596df4ee5243f7821ee7b347bcdcc5

SHA1
72663523cc9af3864fc0c8df838562a21bfd8615

SHA256
2f9e5f0c8684f84ade87821b77d518dfcbfb91c091c3d645c62e33e6e93f4000

SHA512
867f20a072015d53ea340c5c3c671139ee8e9fa33008c5730edf059716a84868195b28f19c2e4dace27527e23f0fb97bafa6fd3b930ab272f537d1b27b7268fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
01160391300bac50abb7549fcc77077a

SHA1
6a2cf65b1c5b66b6dcf2c238b3c66964e5cdf57c

SHA256
5fe28b42bb7f5a9fdffcaf676694b6a5339b3e511f085e2c61efc1bf0f6698a4

SHA512
8810dd851ab206060bbeb79bc0b63d1407cd2156b1e0989be3e930635da9bf9ad5d510fcc28568ab77dca790e9c5124e8e90d0a5849edd184250de14fe2dd95f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2fa6fa40bb88c5af9270e1b8782be34e

SHA1
64a570d6979e00c633aeae0627db68bb52ba2194

SHA256
5ed4dd46e5518dde8504017de236cf4df7ea5fbe1a8b2dd0eae348c07968a9dc

SHA512
3072249e815cbb9a9a9288e83c0b3a685d3946fedb9028c5af40c8c879089d52c1b34afcc2eca01bf19a25f92a533573f4b5d9947b4eb76b8581cc53f05e060c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
f05f917b43d15980352c60ab2f79a94c

SHA1
46631d35f012e1c475c95d409d51dd566847ae3c

SHA256
591bd4ee836e464593380e0e29bf5176f5f0ed26cd9cbc39999cf815e86a39f1

SHA512
8ae4dca3a2075294bf4cd68693da2ab2cedd3a80c2252068a3d75449e32213a6d9cd6d8c59cfd3fd9712894675ce859ddc2424beaa691f7817d151ecfc8669db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
7e93b78459a5c83074de87540d92d5db

SHA1
1e1f1ef7740991ee42cf59fa17990c2df7acf1c0

SHA256
b96a6f5b55f787273c646f1a4ef9c2940b31468e075b6404db9d300898acabe7

SHA512
3f5b8cb3894969cd60050ede59c87bbe0932b361bc537d5e7ffd8b1c22945c40277a4c1ffeded13f1f7e44bfd9198a6699a6fe66f387efbfac053d146877da03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
c755a5caf74f7bc5c88f6396d1b06d87

SHA1
95745b4e58270a80fdb4cdecabe9e619c1b651a8

SHA256
bd113a297d73fa56ec6ce0d01f559a0fda02d3f32db6610b2c8e927e6a6f54c3

SHA512
5cbe0ffe22130eb145492fb438891256a246e3069cffd3f4842326f980d58c970b8aa35babdcd64955ea20c4ed989b44280617502bb391fbff3501a7ff729b05

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3208_257168786\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3208_257168786\cb7db904-68c1-4e25-8068-9de7ae65f035.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
memory/4440-46-0x000001A30E6E0000-0x000001A30E6F0000-memory.dmp

Filesize
64KB

Download
memory/4440-86-0x000001A30E7E0000-0x000001A30E7F0000-memory.dmp

Filesize
64KB

Download
memory/4440-57-0x000001A30E7A0000-0x000001A30E7B0000-memory.dmp

Filesize
64KB

Download
memory/4440-56-0x000001A30E710000-0x000001A30E720000-memory.dmp

Filesize
64KB

Download
memory/4440-59-0x000001A30E720000-0x000001A30E730000-memory.dmp

Filesize
64KB

Download
memory/4440-60-0x000001A30E7B0000-0x000001A30E7C0000-memory.dmp

Filesize
64KB

Download
memory/4440-62-0x000001A30E730000-0x000001A30E740000-memory.dmp

Filesize
64KB

Download
memory/4440-66-0x000001A30E740000-0x000001A30E750000-memory.dmp

Filesize
64KB

Download
memory/4440-67-0x000001A30E7C0000-0x000001A30E7D0000-memory.dmp

Filesize
64KB

Download
memory/4440-71-0x000001A30E7D0000-0x000001A30E7E0000-memory.dmp

Filesize
64KB

Download
memory/4440-70-0x000001A30E750000-0x000001A30E760000-memory.dmp

Filesize
64KB

Download
memory/4440-72-0x000001A30CB90000-0x000001A30CB91000-memory.dmp

Filesize
4KB

Download
memory/4440-74-0x000001A30E760000-0x000001A30E770000-memory.dmp

Filesize
64KB

Download
memory/4440-75-0x000001A30E7E0000-0x000001A30E7F0000-memory.dmp

Filesize
64KB

Download
memory/4440-77-0x000001A30E770000-0x000001A30E780000-memory.dmp

Filesize
64KB

Download
memory/4440-78-0x000001A30E7F0000-0x000001A30E800000-memory.dmp

Filesize
64KB

Download
memory/4440-79-0x000001A30CB90000-0x000001A30CB91000-memory.dmp

Filesize
4KB

Download
memory/4440-80-0x000001A30E780000-0x000001A30E790000-memory.dmp

Filesize
64KB

Download
memory/4440-81-0x000001A30E790000-0x000001A30E7A0000-memory.dmp

Filesize
64KB

Download
memory/4440-82-0x000001A30E7A0000-0x000001A30E7B0000-memory.dmp

Filesize
64KB

Download
memory/4440-83-0x000001A30E7B0000-0x000001A30E7C0000-memory.dmp

Filesize
64KB

Download
memory/4440-84-0x000001A30E7C0000-0x000001A30E7D0000-memory.dmp

Filesize
64KB

Download
memory/4440-85-0x000001A30E7D0000-0x000001A30E7E0000-memory.dmp

Filesize
64KB

Download
memory/4440-53-0x000001A30E700000-0x000001A30E710000-memory.dmp

Filesize
64KB

Download
memory/4440-87-0x000001A30E7F0000-0x000001A30E800000-memory.dmp

Filesize
64KB

Download
memory/4440-52-0x000001A30CB90000-0x000001A30CB91000-memory.dmp

Filesize
4KB

Download
memory/4440-50-0x000001A30E790000-0x000001A30E7A0000-memory.dmp

Filesize
64KB

Download
memory/4440-49-0x000001A30E6F0000-0x000001A30E700000-memory.dmp

Filesize
64KB

Download
memory/4440-2-0x000001A30E460000-0x000001A30E6D0000-memory.dmp

Filesize
2.4MB

Download
memory/4440-47-0x000001A30E780000-0x000001A30E790000-memory.dmp

Filesize
64KB

Download
memory/4440-42-0x000001A30E6D0000-0x000001A30E6E0000-memory.dmp

Filesize
64KB

Download
memory/4440-43-0x000001A30E770000-0x000001A30E780000-memory.dmp

Filesize
64KB

Download
memory/4440-39-0x000001A30E460000-0x000001A30E6D0000-memory.dmp

Filesize
2.4MB

Download
memory/4440-40-0x000001A30E760000-0x000001A30E770000-memory.dmp

Filesize
64KB

Download
memory/4440-36-0x000001A30E750000-0x000001A30E760000-memory.dmp

Filesize
64KB

Download
memory/4440-32-0x000001A30E740000-0x000001A30E750000-memory.dmp

Filesize
64KB

Download
memory/4440-528-0x000001A30CB90000-0x000001A30CB91000-memory.dmp

Filesize
4KB

Download
memory/4440-31-0x000001A30CB90000-0x000001A30CB91000-memory.dmp

Filesize
4KB

Download
memory/4440-27-0x000001A30E730000-0x000001A30E740000-memory.dmp

Filesize
64KB

Download
memory/4440-25-0x000001A30E720000-0x000001A30E730000-memory.dmp

Filesize
64KB

Download
memory/4440-23-0x000001A30E710000-0x000001A30E720000-memory.dmp

Filesize
64KB

Download
memory/4440-21-0x000001A30E700000-0x000001A30E710000-memory.dmp

Filesize
64KB

Download
memory/4440-19-0x000001A30E6F0000-0x000001A30E700000-memory.dmp

Filesize
64KB

Download
memory/4440-18-0x000001A30E6E0000-0x000001A30E6F0000-memory.dmp

Filesize
64KB

Download
memory/4440-15-0x000001A30E6D0000-0x000001A30E6E0000-memory.dmp

Filesize
64KB

Download