vidar | 412eb2591e83c426c4941fb1cf80f6b39b5c98f8693095f2b5792b4d5148f0ed

Analysis

max time kernel
996s
max time network
440s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
25/12/2024, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Release/Bootstrapper.exe
Size

8.1MB
MD5

310fac7dee83ed2b2a5810e33efb9911
SHA1

c894c194ad458aab30481df23df4ded393a8625d
SHA256

80118dddb3cbbc3e4cff926376895a870b0aa3afc9a03247806c18ce1fdf7d92
SHA512

cd731de48c4f34f11573dc2f5de2501c8cd5af84dbccb1b92a3b56b017043e5409c87aa5846a38d38bf815078f3506281e082c442306f869e40ca46fe20d708e
SSDEEP

49152:PZefaJ4qV5MH2T3h5kIF82Q+dtiloIa/S05248ezVA3YVX1Mk8rpRa5V8zQ:PUaJ40bTx

Score

10^/10

vidar credential_access discovery spyware stealer

Malware Config

Signatures

Detect Vidar Stealer 7 IoCs

stealer

resource	yara_rule
behavioral1/memory/3492-26-0x0000000004100000-0x0000000004339000-memory.dmp	family_vidar_v7
behavioral1/memory/3492-24-0x0000000004100000-0x0000000004339000-memory.dmp	family_vidar_v7
behavioral1/memory/3492-25-0x0000000004100000-0x0000000004339000-memory.dmp	family_vidar_v7
behavioral1/memory/3492-28-0x0000000004100000-0x0000000004339000-memory.dmp	family_vidar_v7
behavioral1/memory/3492-160-0x0000000004100000-0x0000000004339000-memory.dmp	family_vidar_v7
behavioral1/memory/3492-161-0x0000000004100000-0x0000000004339000-memory.dmp	family_vidar_v7
behavioral1/memory/3492-455-0x0000000004100000-0x0000000004339000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Vidar family
vidar
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Bootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Bootstrapper.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
2704	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133796147003261081"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4616	chrome.exe
4616	chrome.exe
3492	Bootstrapper.exe
3492	Bootstrapper.exe
3956	chrome.exe
3956	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3492	Bootstrapper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe
3956	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 3140	4616	chrome.exe	81
PID 4616 wrote to memory of 3140	4616	chrome.exe	81
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 3112	4616	chrome.exe	82
PID 4616 wrote to memory of 2072	4616	chrome.exe	83
PID 4616 wrote to memory of 2072	4616	chrome.exe	83
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84
PID 4616 wrote to memory of 4960	4616	chrome.exe	84

C:\Users\Admin\AppData\Local\Temp\Release\Bootstrapper.exe
"C:\Users\Admin\AppData\Local\Temp\Release\Bootstrapper.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:3492
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\Admin\AppData\Local\Temp\Release\Bootstrapper.exe" & rd /s /q "C:\ProgramData\HVAI5F3EKF37" & exit
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2804
- - C:\Windows\SysWOW64\timeout.exe
    timeout /t 10
    3⤵
    - System Location Discovery: System Language Discovery
    - Delays execution with timeout.exe
    PID:2704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98031cc40,0x7ff98031cc4c,0x7ff98031cc58
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3268,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4380,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5152,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:2
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4988,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5340,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4592,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5320,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4352,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4388,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5432,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3352,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=868 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5256,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3748,i,16133048513377625600,154744630759397821,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:1784

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98031cc40,0x7ff98031cc4c,0x7ff98031cc58
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,1818478801829495476,13168297437136062075,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,1818478801829495476,13168297437136062075,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2056,i,1818478801829495476,13168297437136062075,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,1818478801829495476,13168297437136062075,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,1818478801829495476,13168297437136062075,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,1818478801829495476,13168297437136062075,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,1818478801829495476,13168297437136062075,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:1772
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff630a34698,0x7ff630a346a4,0x7ff630a346b0
    3⤵
    - Drops file in Windows directory
    PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,1818478801829495476,13168297437136062075,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4924,i,1818478801829495476,13168297437136062075,262144 --variations-seed-version=20241219-130728.147000 --mojo-platform-channel-handle=4256 /prefetch:1
  2⤵
  PID:556

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
46b257e2db3a3cab4fe4e8b36a53c612

SHA1
2327a773bca75530bc9bd7c74ef0ec3acbf99adf

SHA256
e7c310337da9c0b11f73414f116c230092a508f82fe7a57d2fb80a16d1d0973f

SHA512
6c9cdbac647aa323073edce54767cff14c7d54ae4b41034980833ccf8567d05985fb9a148772241f9a070622951af71e0cd943dddc1bbf445dc1c217393855e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\41aa2aa7-1960-43c6-ac5a-190ea5518bed.tmp

Filesize
9KB

MD5
d45c4366ed3268256dd05143e1990d71

SHA1
3771b56db61f33420d809e64d7d4b32fbef941a9

SHA256
a3bb6e90430440420b09d83e8ca6f0e0ecd47884d7121e0bcc9f9fd1efdbe01f

SHA512
77b9a1496ca8cdfdc7e3ff401804900b906ac6e278a12e0141ba89bac92f5540b6685b191af0a0cc3e83583459912ad02b925ecc9dfced9c9e61e0ff0cadecce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
cd15ab7c31534b182fa5bb8d38e3ccd0

SHA1
16a6e969a558a4dcfbc7485625b77d75c2e263a1

SHA256
76b197f91a941aff5fd00475d4f6c115918a72a4d00ed7d8178be96d563ca75c

SHA512
835f8e5e7afa406178d43b6b9b87e65fc4520db2f1553fd7321dcaab615b4a61d01e1c9a21b52760acfcd1299a21539d8b5e14d9bda9b1076749ce08530f64e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
1b59bded892c74f45c9997c082e6e9a5

SHA1
b5fc68a4474ec469553f27160612fb410292323e

SHA256
94932d3fc35a7742d604f7349cac69daf7f84f8d428ff323294be9f67bff3a71

SHA512
2f6ee227933653dc3a5dab7a50c57184dc3d9b030a67513f2b6dced58df794a420b6b58c62785834d575ca5d09b9ae705e95ee52f6c8020bb0a5dba8d061353d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
ae9ad9d727ad59bdbac9bb777582484e

SHA1
1d18fa8d9ed754ae430f80c2b838d3bc1f9d1164

SHA256
fa5fc5e2ac1da539dc9a54b7735e1d58b4edfb9ee7d124db8a344f891cb670dd

SHA512
2894e5ca3460bd03f0abe3b45256d961e0fe7c79889c7c13c932fd1ecc242828d0f9a1d5391a040f9f264cd6d29673f66743f3689b00e979dc86c9060d319698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
0c91db6214f5ecf8315eb8602ae41c64

SHA1
16f959dc12b3c9852bc72fff9ee74c7d674d23e4

SHA256
435bd888d4776201552bdea304d975022cb88afcc14545003409a18ccd7f70f1

SHA512
47113c84479db4b6702bf71436502e3476855b7bcbba1d4ec6c3a1e33efde3a4b94d556d955bff29fb3e0f56eb2bf92cc6f6b04a69d19c5c37c867efe55e89e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
cfa8383d3df0087e1a509086f5030ba2

SHA1
d1fc0e60276c0b8c5c939c30810722aca0a58c07

SHA256
6c1876cb7869a1c9045d529e4f6299d060552d011a0e1130225cb6af1c2ed459

SHA512
d930a49ebb6b87cda27b1767b659afdedbb5eb016b6d75a78110294c0ef58ffd9e2a556c1dc634677330de46eb3fc88e7e59b199c85554caa645e697f02a542e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
37KB

MD5
dd71d83c16db2ab4845cccd6a47b64d2

SHA1
453eac0b552b492d1cdc18e8cd98ed7eb7bc8130

SHA256
baf48a8a1548843efd9cbcf8dbba346547eec4de496dc1b832ede061c0b6a1f8

SHA512
27bf7679da569384baf4f8a69893da94c4710c4ae40c0e459e93952551398f3471e5393bb7a7eb92ee7a5e2f70562a3490f94039f580bbf72c7b3227a740ba67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
27KB

MD5
617ba5980d9cbc783354b7e81d33bd3b

SHA1
71669deff8cfea7ca4730fa6de0636a551786b09

SHA256
fd67c18e3c6a64f7467050fec6d1550a4713585bc56a11a818e63db6a9f9205d

SHA512
28ed34e877121715e2ef956c5073cc0cd111680beeb1ff59e47702e1b41e7f66b467f5f07d3395007958bb75f204304d5b0bc62025718aa9dfa37c1695f53a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
57KB

MD5
cffe23061fac97273ac380f210bda657

SHA1
d15c864f165fe86313b5634026642708545de259

SHA256
80059e05e9847e380927c112138e87dfe4f271c5a472d2252997860ee0296f05

SHA512
3307d3a49b4ba5847e73b2814ec84b151cb77a5274e712812d014d609bc2fb0d3512899fb65415f3713955537aeb91f89d0a5b88f79a131c73903f432d0982af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
32KB

MD5
900eb01d52b954a2b13c521683a281a2

SHA1
54adc40b21e43ffd7387fe8768e3bc6272d561b4

SHA256
a8375632155c6801530cbe04d23ac76379f0f675eebbe1212829243a19b11284

SHA512
a8864808a336ea7eb1292d45e9525789858c2d3955951c65d62fe03a6f03d51aa9d689f8426c16ff9dac2c44d85478b2062178ad3bafa4641a4b66fb3d67373d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
50KB

MD5
df8aa8fa0d57d1fbfe9e683a7ecad2cc

SHA1
fb6d2c68beff011c12a9c035cf0e5281f332567b

SHA256
3906532c624181c65c3fce8f8868d3353e444f956d1466ae84a17d7c625f32f0

SHA512
63b1c01c5a7671bfaa0d3fff752aed8a721655d96a9ede8b1909160a72cc260d22549c67af991fb42068e3c56a1d8b53834abf658de03c8282aaa5d09385ea20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
30KB

MD5
e71398c3cac23e39672306d01c4fe2f0

SHA1
c8c4e0f8399550d5f522df7e82000b92b54fcaf1

SHA256
6975a652547bb053446d1a7d3c9b021faac4dcda5b0ea5dce3b1c34a43a3ea5b

SHA512
bd88025e1386ce3e9004892853cc40fe89b31a38252d901ada3909412df19d225fb4e007ed8ff0b81df75268859a58aba147ee96bcc25d7f74edb78dd09792ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
29KB

MD5
1122c6475c816a42ab23866f29b3500b

SHA1
cef5647f9f0f55942dc02a62ed6e1f5b806aa30a

SHA256
ed32c22d46ec03a5afeb12c9332f6de5e59f4febfcdeaa3dff47bc324610fde1

SHA512
efe88fa5006cd103e51803aa7c4fe00825bf52d814d689319c8fc4867e19fe76101aaa6795d017c35a7e06a47fbe560fcc52864ae3467852b35f38d16066070f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\034f341bd5eda6b2_0

Filesize
19KB

MD5
679fc23618cbffe85261da982185f24e

SHA1
2b69ea8516f7889cb5213a6ad8bffb92645b73c2

SHA256
494232883684ac72ddc74be5122f59df5cce2491805dfe5c62640bdb0e7b421b

SHA512
e98e4207c0fadae83adcb54bfa0f298fe886b8285326b5da6753b9df1339663fdf8bc85cff53cae6af64527ff90460f24e0e1c431f7d9f9c07a83e919d99111b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6892666fd3baf497_0

Filesize
280B

MD5
df7fc4446a52c35dac9634c3a0df194b

SHA1
3376a9f76a6ef56bf09d4f383e6f6ace99163074

SHA256
22905009b2d67e5cc11fcc4b7271fbb7eebde3d79ae224fbabe8860317f557ba

SHA512
a0d6a9ff021c0507b32f50146f295cb307dcb1e209e779d38b7b002d928ad06cf523ea4b1500df14fd98f052d8bc4f90e2d6ab886109f057e38a4680d83f9f3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d57625103830e3cb_0

Filesize
374KB

MD5
fcb1c4a1955dfa9c5bd1379f1ee6dfee

SHA1
b7b5e64b95f5e1dd897835802b52bcfa81a79512

SHA256
73aaa3643854e2691410df7077da19c3d74a2856b27d64d3efb859ace5b7a9b0

SHA512
7ad53e359061180335592f7b23c482ef7479835a30a2a229c908077fd0878158509c1e66684a0606fa6a9a22558ca8cb07918b1a3270b2b48003629fe3dbd58e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f3ae0d23e488645b_0

Filesize
289B

MD5
f77107293b215e0adf0b494e3578cec0

SHA1
d4241cdddd2ced25e1314b46883218fe47e222b1

SHA256
28ea1cbf401510dc3cf99100872f5913ab7c61d14f6015288c7aac9938042635

SHA512
0a99e0114c5ba5a8a54df0b882f136d0c058140d27a86afb1358ad9bff827822a1e2cb97c703bb365c1970a8e041edb61ddefc96657a1f0df11c4635ae0fd23e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
849022a216af4d34c4f5e05a7b1a7505

SHA1
276e8fad3a06fd8e05275ce1b66235d8000d4231

SHA256
5ed2a8f0b48cd7330c4b4e3a51322f0dd71ea66bd0360d103e50246b434d9946

SHA512
c1645cd345a0b5942f85ceaf56e7c4263377e6f14060d9bd059f44557ac87fb0dc1da515a840794ec77f4cccd4d8c4eb456c405deaedc7065ab0c4f95221e641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b637d7eecfd29969ba1ba4f561bf2235

SHA1
dbd08d93015b3345155efae227df648bf0a66040

SHA256
700cbb6432c9fffb14a2b8e989921b4177cec4d0399c80800cc11246bf1bc42b

SHA512
1e6a8a4a8189c24e441a71ebc214535c037b4a51b449ae575c99cd892000a6788929439c311af1ffa3d193b5684b23d14b36f0caec2dcecd779cd6a9a5fe13ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
097207c3bd49609bf795d4318b4a90ce

SHA1
4b77a513f7c43eaf0c74fa2cdac162fcfcc8f22e

SHA256
19d4deb2dfa50b369523e8f955907288c3aa6255743635a8df9870dfb74fad7b

SHA512
bc15d622eece76b4565d804abc73d6a675e3253a0eab81514cbae657696b3050c0faa5c1b247ecfab3668a90ca549b5f2ec149833b52a43f19a2de0ca0e5ec0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
e4efd8093b807d64a87e289908e5fea5

SHA1
dd9503ddfe8006c829277009e646615fba6ea54c

SHA256
75ac4898a4906dc67055c7834f8f17be2f2594149748e5c4f465ca2391a86027

SHA512
75a8c84d6d5aa8b503da8ef04ccd29fd90762fa3997dd6a8a3072fb9761db436e86d7c480dfc91a79b8c4bebc1c87a05b3f37366a9557a31ec90c9a2b8d1cefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
eaa300b4199f2877969a8122df8c334b

SHA1
d40b11e92cab66b466fd93a588eeba32bc9ef727

SHA256
256620aba1cbba848526ad6a90cc01ce80aa584187189a9694d02e0889a9ad4a

SHA512
faf94e723370fe497221d69dbc83b06fad72290e192d5f3d7fad6179ffb44f7ee5e3901518a7d276b27a341818ccf4110564b7a3e30ad0611de3e61a7bf4025d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
601B

MD5
1ba7d20ebe9e99d151e8dbe4a2b14d0d

SHA1
93ff0f68e8b1a61eb85f950632e8cec70ef834a0

SHA256
194dc9f1411531625effc7cdb74cc39c892c6f7ca09c1e7538227181d738181d

SHA512
dbbee28e9df6b50255205bc8888e9150496dd0e37edb7123146943706bcaea74e3f2e63da0f560097edd0129c456ac1d8051f772b8966bd4e546a5ffc5865646

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
61dc46baf50fdcbba56031e7e4cac7c0

SHA1
7047de817fc7aae0e315399378ed8e89bd8795aa

SHA256
a1724ed1615f09f12cdac90afb9e6fae013f061f4e4bcfe0d021c0de85e95e31

SHA512
9507a79bd70ab6aed05f89a5f269bf5c3c3e9c88c935629e2baf684796490096095d5a617f6186de40778538fb406ae94f2d522034c587108e6af1e78a24a975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
afacea1ea64513294b392aa84e1474e6

SHA1
ce510d2de10a84e34d5eb46189c02033b155da56

SHA256
1f75fdc8393ee4368beb43745017c4d0bc7080c832fd00a6561b1949528fd45a

SHA512
1b89e76242341b9689d80761ab3369d1d30451d2135d2e299a5ba13867fa0202cfa546d9a1f8fafa16fe9fea1605b20fb56e7e708d7adfd507401ea7d80ec9a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f2905ada3b530acf8079ffca831449a1

SHA1
816da323c13bacba1ff4ea8a9b854156bbbe061b

SHA256
737c21ae72efe36e6673e278cab2d6506c2af32b3bb6993b4281578af4588f83

SHA512
67b2ccf661a19c41097f87e90bcf23aeee07686a982fed1ac25b6f1c69a0e75f0d12579df9f00bf27e6fe199add6a25de6a5b67ec59665ba31119dadb053f7ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
beb923730e028f53ad8d44bdacc6ebe2

SHA1
f85db3f552110dcbad15ae6b9d28b200698038f6

SHA256
110808606bd0c926fa5966c9ca29aea19fc0973dda4d2479b407b4fdd84543e3

SHA512
df286d8d657aca3fcdbd2d5c5947912d33fae2552b5e29a449d6a0ec6137641ae32c234b011ab729fe114db5f25fd9b9ba2fb8a08524405a9dcddb007b2f3252

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
1f382cbe5ba5345c840fc40b6b319f35

SHA1
be82f2a24c53b8191cd83879633ca86964ae2ee6

SHA256
ded7894f07c5ca85c8f675c543d206666da2ca4bcfb9a66f553a1c0a5b9fc06e

SHA512
8859c6eb1322f41cb094d5475d24a39efd8d87b75048ae32c52f9e4b6a02d9647bad175b2d29869a642ac2c5c7ba1db2ce37ccb5d003d3233a5344a757162588

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
74d35641f22e13c41fd092fdd5cb72c6

SHA1
70898363a37f5a31f4d26697b741087a9a056f12

SHA256
25d03019ddd4a9fa0d446b9c689afc0e84102ed489f91b2a653946a9a5f964a9

SHA512
32f7d2a3dd88692ebd4b99f05cb4ba8228cda5cec6b3e636b03189b4ac839e5cfb9e1dcd4d5a2cf91380082649ef54fe56b460bf708d5dbc3b5bb9fe7182a1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
dcf9f39231ada30aa40460d7b467e0a5

SHA1
b500f7ace20a97d0397109b8df97e8df8820ed3b

SHA256
3b9eafcf38f8055f296d72abd09e459a166d9c72ba51e3c2c82174cf4c87ca58

SHA512
798d22e1a2b23e7afac7d858ed6786ea688aa2844cc5beb75078a32d49b62e260f42cf5682637165ec68c2351698d2cd9ec53bb67ef9b7d72572d57149f0e83a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2755862768cd1cb0bec67b369dc65005

SHA1
9219c0e05d94c2087d693407e93d375566e2f797

SHA256
39eeb989423ff560f9f70d80f41666918937ae8cca3516497ecec77e7028d5f7

SHA512
bc9a5fb2294545a11aeaca7829c620a889f1d86f8f20d6d3abf64a4f65b0f15f80c9cae1b20686f08503f522bbe4673ee468a78d323994405a30ebbc8f52ad36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
0f724ad7e0ff212de723267d854b79db

SHA1
dab47350d40762a3004c4d634c2ebdf54930c520

SHA256
e3ce47d736751d996c77bbfe3f547fb3881ec18040f683146de46055874033fe

SHA512
01cc57e78e5663146dbd321474ccd42e928fbad110c5bcdeb4ff41e00aaa4dba0b6ccbfd363b59069febbbd48bb1812bb2e560b981be8351c0d879cfc42fd440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be595ca87342df774b8bf84d1e5be00b

SHA1
53da17e952ca54e75d4d9caa870174780e33c395

SHA256
6de8639867d9d271e8679f8d0c6b0b357d1b611fa2124d7b857a3456a1f24990

SHA512
25635a2589bcd60637db9d2202d5b5cef2dd7b0e87f5f6ce58dd0aa2f6a9a600a29bf259a8b7fc48f135f95eff31d4d33a89dafceb5450acc26dceba33dab6a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
58df0d5ad77119158e6f888b8ae9ba8d

SHA1
1fcd5498f93ae435dcdf90caa1567e9d62de449e

SHA256
ff87d5c6069fae777b6e6a663dcd37c0eef821f9d29be2c80f83acb0828d6d10

SHA512
90a816257f9e1840f44fcf2bc90385a6e20afa9ff943169448cd13f38b0e369c33cf4fcda55ff50f3f4b6e3ef3a81a3edaf0fce2b270c558916f33232dd4422e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1969bebdd447a19fa3a6639ead498812

SHA1
53134a03d1f6ca7c8bf43fea1a5652ac05dddd56

SHA256
a8ac603f7b3a3d5724e1087c79d0a69027cab360cc7de3d63f8000dc8fe60958

SHA512
285c2bda4ff9572865430d326a3d05feee164ce0e9d6fef839759de168be8d1bbb3280cba15682c1a46862254a49e2c81724d95bc35018c5238c2caa3125db91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc5ede79b22b12986cd2f1b48af16349

SHA1
9ddbaec289728bb76adec8e6af1c3bac711fb045

SHA256
8dc438effccf72e3f1d3ab3eabee5d0ee6bedcc62c754f41056646301119824a

SHA512
b5bd0797c142ddb1d43d9e5a3189e96c89ab2f1f69bc8f359ae3e77649e1096588250935a6c3975fb34a20da6898bc8e04cf06ae1100106564258fef994251c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c2528c7bf1604983d871b43d9dadb44

SHA1
98020ff246a5effdaa443c0a990aef5fa4c8888d

SHA256
a577c4a675230e2c7615fa13f82bf075365e47806912b1ed4546bf5ebe9d6fa0

SHA512
01aad8d4c9e766b4df901011a174d8fc3025b970f77807e1b91121472247bfbb626679790df64be9ac7db35b6cc02186fc2d4c71cc60980478e53f1c9b3e9ec4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eaa28da52428d1c44ac75242da921b0e

SHA1
5326cf4ca497b7cbec30820f95114ca74237406b

SHA256
3addf7e6d601b1393d5485b7bbbbe795095248c9482ad45df7d649c26b73127e

SHA512
6c4fbca0239142a1802d192734059023737119f1748cbbd724fd064c175d0342ef2dbf74206914ee0edf7f8a12910e4dfafe3995473f5e1dabaa0bae24fc8922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
84ee115289ad320a739047b04f6da871

SHA1
30155732a80bd33b6e5786f670c3f3eede781f3c

SHA256
9efbd552fd038a242404ea432368ef4d1c060a9f271bceb97183607591ccf4e8

SHA512
892b77da4852796fbad1d4c55062e3f64e0d13c2c357dd025d94f019430b3352e8952445e2704734a66f594bb9efaec399d101cbad52a9873794914f561035f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
3KB

MD5
51ac2156a8496f70ab01ecdb7ccfe09c

SHA1
281e3aa9abdf5e17ff1975a24e8f182d07168c58

SHA256
af57a86fccef568a2884d426dcd316e7fb0adb1e04bbc678f44637e7f6557220

SHA512
fea0d3f486ab8e99cc78b7e175b3d394827bb3239e1c00e6fd5cae853b569063e7fc497c989bad727b640ed1ec3d72b2bb17eb90d67fd7104c1a28a6a4656c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
e3f4e24bea936a4974082b27ff4ba5f4

SHA1
b00d51a0e38bc5f2e43b364767adeb4c7ec7207a

SHA256
0c5aceb186ae2a45d21c864e6830463e7ef2ac0000495f8fca4ab770ec07e68f

SHA512
624a02ebbf658e34dd848db6b74788689a79a777e136be5beaa6c64df26779f21f546c4188ed32148f1728f4f9236254de40a519750630cb76e031f2606d1240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c46bd649791569bb82e2c979c719e042

SHA1
a3edfa51b6658d7309fc69b8ae7e69cc514194d2

SHA256
4a1c7561e529ce45d2a89314c8dad02ea4ddad5dc004d3be3b4fcef0e4e095de

SHA512
5496915704f7d37ee0ed2236d4c603d9ad3da501776eb5d2b304d8738817f0e6e0630d866e64d50c8795b3f7b1662a23c3d66e50f90ef4062471a86aea459853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
74ec6e16b41d138139a4b6ba8129ae65

SHA1
274349897d0436698cfe3d33972a934da0c8f033

SHA256
506750b9d6b9d820f630bf91388618b3c982614d707efb1b3175d6c1210811c4

SHA512
1c2450ee8a94e3d9fd482b75a29e9e6f373b942e7f516adde4f63fab09f6500434b2e79dadbe701ba0cf471f0687198d5bf9661f441dcac49368776e6160a90f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
c4cd18b4a419bb338d95cd09a0e515d6

SHA1
0146fa37d9025c174a6f30eb458ac1f2289b1c4b

SHA256
e0d9c20fe9ad5f35a9f60cc91e767b27c91ed0561f82d69c9cfbdbfba7bd7d17

SHA512
0265dfc112923f48b3badc92dee4a837c4f2696cb3343dfd1c7ff7959af0850671567e3e58a18286052a30e00f82cf5ce33dde1e8aeede7f3b42b43db6cea75a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
92706e56c89e3d4a26618d9e0c0339c5

SHA1
b98e0a29dbc3aa615a4031a8cb724e87dae78bd3

SHA256
6deb273fdf157a3ac58731709d0c651d91939569b202aa11a86e227b5fe3073e

SHA512
8b88a2e44072afb07d4c841e788673b7e0b4fee3223beb3fff2ea782b1ba33f604fcf9b0b0abf7afb1ddcbc0bca489ac683650528933ddead52cf282b3d4708f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
114KB

MD5
958a1c90d1eb9901d77244f4b5c0ee2a

SHA1
6b425e25a598b29d6f06ffc193c6894bdeeeaf15

SHA256
9077444e77636bbfd50329b48673faebbaac9915117ef3dab1252c75bdf46f3f

SHA512
8dfe96b95c2eb22ee52bced82db2bf8eaff67098a499f5d592012e968710516679f6cb703f93b0e8f1bfbf40ecb1b3d60b585740b889bc06cc93ac2da76e7a4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\aaf5499d-1eb8-4e93-a9b1-157a35c3388e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
c657b091498ed4f7e41c3f2b0d0b0e8a

SHA1
a710c6d4d6ee5b5b3b5084ffda98f97678fc4c17

SHA256
cb8dafa5e38f1f35d0799cde9756637a5b4bfb3faed9b6a5223970987ad45863

SHA512
119d9c5c3a83b8ec20d806af93a5926c12150c013148ebc08b6e98657efab719ec853630cdf4a6399e70c3ac77207f3ad33f1062bfb5bef646b99b4e6b7d8cd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
cd1d1a161b7ead841c7002b949a1ebf1

SHA1
83a99349179161b31a2dd9c9ac97b80961236fb4

SHA256
c83f3ee163b84bcac4455df87a2357eb778504ff688587a2f0a74625bc7ee34e

SHA512
c669f86a57fa5e993d7fe57138125d831e25f2d74844cd347a5541de2588f274c9e9e47f2ea2b07dffc7b07958340ae06847e31909bc77746f0ba1045d86f99e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
1bfa2827ff16362ac7338f8ebb641d09

SHA1
6c8b839869bfe971d7bae71b662da3fec6a56758

SHA256
c6bf0f86ba2ae99a3be48873881207fb7adeeb543e85e19346d4c8f86893fc3e

SHA512
07575f7e827aef6003766257ee6b9f72458dc93b924142ab7b788a011b2545f4f136420bcc306c26bf13101632d379732731fe99d50f40893308726023093c8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
bd892e001b19228283330fa89b050172

SHA1
e457a904693179d382a2da801a054ad369d1b0b1

SHA256
2d4ad834091336f232ced2a410dea559722043cd36c5fb9569a89214a6dbafb3

SHA512
c0e8065981cebd108c82ee4846df0d31eca601ed662dcd2d916c757db114b42b9219aac72e7523fb8a437cc999c464b9d71717144cb00cc67366846051813dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
154d298d11d057e2ceb40949db845086

SHA1
7eb193e7bd2509fca933e154698a734003e573c8

SHA256
ee9ea8e06572915c342c71f252c48ccd4c0e77cc9a81edb23e3f0889aa377ca1

SHA512
c6ea867ae58a82b18942ace5ccf92f5f38fdeec7dea7f8bb8b8df89f863a7ba7c290c9d4ee0f31661ad02ac5da546a680c968a2cd4c47dff7b816a8af36890f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
1a186d7b468f323436340dd9b6ea07ef

SHA1
c97ee6ed8d0a667e0045954352a7070d0688e474

SHA256
c1cbf357313f8a444ccca8a237c9bb9a7ab94fc94f38d3a09f29506767e3f76b

SHA512
4a92d3583035309d604d992fa4e77e7a8aa18d84463bcc52391cccecfde11ba27834d1ae64d8eb970a9e4d3fd8a0be7887acb607c0e568e5ace32a5ec473d95b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b9b5145ccee539d4127e6600cee4ce93

SHA1
1074278780f1291197d140d4dbaf25042b45136f

SHA256
9f87c46169296eade69c99720b55321e718283c39bec5a78efa837a61c108af5

SHA512
42b979bef0e9cc8d3f13befdc993b261177781a0a6ee3bf07daad32da17d8332b90584f2b1119a3008ed51993b7c7fe0ebcb5964692bee8db595eae4c09aef11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
1963ae20fb11b40c7d6eabed39b67c13

SHA1
103e8d9bcf23bd66a0d5ee40fbd51e0c8637c31d

SHA256
d359fb13aaac52340a4c04222841478e06ba0bf1c09934a1e4b84190a321b36d

SHA512
5c732cb8a5e527ae4edabe60a9ab1a48aa896bc145a3d44f934f34cdb68c71eef72bb2d2aeeb92e7a565f5dcb26ea0fbd7f2b461ca41c4d102f0038291eee17b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4616_107984574\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4616_107984574\f405d9d8-c2b4-45b4-b286-ab6485a7128f.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
memory/3492-27-0x0000000003BE0000-0x0000000003DB6000-memory.dmp

Filesize
1.8MB

Download
memory/3492-455-0x0000000004100000-0x0000000004339000-memory.dmp

Filesize
2.2MB

Download
memory/3492-1-0x0000000003660000-0x00000000037D9000-memory.dmp

Filesize
1.5MB

Download
memory/3492-10-0x0000000003BE0000-0x0000000003DB6000-memory.dmp

Filesize
1.8MB

Download
memory/3492-7-0x0000000000DD0000-0x0000000000E32000-memory.dmp

Filesize
392KB

Download
memory/3492-6-0x0000000000DD0000-0x0000000000E32000-memory.dmp

Filesize
392KB

Download
memory/3492-4-0x0000000000DD0000-0x0000000000E32000-memory.dmp

Filesize
392KB

Download
memory/3492-5-0x0000000000DD0000-0x0000000000E32000-memory.dmp

Filesize
392KB

Download
memory/3492-454-0x0000000000E60000-0x000000000168D000-memory.dmp

Filesize
8.2MB

Download
memory/3492-2-0x0000000003BE0000-0x0000000003DB6000-memory.dmp

Filesize
1.8MB

Download
memory/3492-23-0x0000000004100000-0x0000000004339000-memory.dmp

Filesize
2.2MB

Download
memory/3492-3-0x0000000003BE0000-0x0000000003DB6000-memory.dmp

Filesize
1.8MB

Download
memory/3492-0-0x0000000000E60000-0x000000000168D000-memory.dmp

Filesize
8.2MB

Download
memory/3492-25-0x0000000004100000-0x0000000004339000-memory.dmp

Filesize
2.2MB

Download
memory/3492-8-0x0000000000DD0000-0x0000000000E32000-memory.dmp

Filesize
392KB

Download
memory/3492-21-0x0000000004100000-0x0000000004339000-memory.dmp

Filesize
2.2MB

Download
memory/3492-24-0x0000000004100000-0x0000000004339000-memory.dmp

Filesize
2.2MB

Download
memory/3492-22-0x0000000004100000-0x0000000004339000-memory.dmp

Filesize
2.2MB

Download
memory/3492-161-0x0000000004100000-0x0000000004339000-memory.dmp

Filesize
2.2MB

Download
memory/3492-160-0x0000000004100000-0x0000000004339000-memory.dmp

Filesize
2.2MB

Download
memory/3492-9-0x0000000000DD0000-0x0000000000E32000-memory.dmp

Filesize
392KB

Download
memory/3492-26-0x0000000004100000-0x0000000004339000-memory.dmp

Filesize
2.2MB

Download
memory/3492-28-0x0000000004100000-0x0000000004339000-memory.dmp

Filesize
2.2MB

Download