Analysis

  • max time kernel
    125s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-12-2024 01:06

General

  • Target

    Sigma1231231.exe

  • Size

    78KB

  • MD5

    8883fa8d238242e1aa27ffa53978f471

  • SHA1

    e1b7cf625a7efeaef1267d7526ce0d8934cbd1d5

  • SHA256

    79b60dc0e09c34c25572e03fd159abc274611b764a114225b56ffd7493f3d194

  • SHA512

    767dc16b9f9815e39cf50b897e76ead19036c02ac56a874331c75e39ac0c6396bc749a876a155462dd9919521aac069a29f55fa8a0b4f61ac926b62fc481802a

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+sPIC:5Zv5PDwbjNrmAE+AIC

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMyMTgzMTIwOTA5MjkwNzAzMA.GSuLMP.Q2rECgIO-z6aoG3zAks69t5l-n64ffenYfOjCM

  • server_id

    1160586840504545422

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

  • Discordrat family
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Downloads MZ/PE file
  • Abuse Elevation Control Mechanism: Bypass User Account Control 1 TTPs 1 IoCs

    UAC Bypass Attempt via SilentCleanup Task.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 11 IoCs
  • Drops file in System32 directory 8 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 27 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:608
      • C:\Windows\system32\dwm.exe
        "dwm.exe"
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:60
      • C:\Windows\System32\dllhost.exe
        C:\Windows\System32\dllhost.exe /Processid:{5584d5c8-28d2-4b9f-a6d6-1684b12651d1}
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4984
    • C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsass.exe
      1⤵
        PID:672
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
        1⤵
          PID:956
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
          1⤵
            PID:744
          • C:\Windows\System32\svchost.exe
            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
            1⤵
              PID:924
            • C:\Windows\System32\svchost.exe
              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
              1⤵
                PID:1108
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                1⤵
                  PID:1116
                • C:\Windows\System32\svchost.exe
                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                  1⤵
                    PID:1144
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                    1⤵
                      PID:1228
                      • C:\Windows\system32\taskhostw.exe
                        taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
                        2⤵
                          PID:816
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                        1⤵
                          PID:1284
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                          1⤵
                            PID:1292
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                            1⤵
                              PID:1360
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                              1⤵
                                PID:1368
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                                1⤵
                                  PID:1448
                                  • C:\Windows\system32\sihost.exe
                                    sihost.exe
                                    2⤵
                                      PID:3016
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                    1⤵
                                      PID:1604
                                    • C:\Windows\System32\svchost.exe
                                      C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                      1⤵
                                        PID:1612
                                      • C:\Windows\System32\svchost.exe
                                        C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
                                        1⤵
                                          PID:1640
                                        • C:\Windows\system32\svchost.exe
                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                          1⤵
                                            PID:1724
                                          • C:\Windows\System32\svchost.exe
                                            C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
                                            1⤵
                                              PID:1776
                                            • C:\Windows\System32\svchost.exe
                                              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                              1⤵
                                                PID:1784
                                              • C:\Windows\System32\svchost.exe
                                                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                1⤵
                                                  PID:1880
                                                • C:\Windows\System32\svchost.exe
                                                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                  1⤵
                                                    PID:2024
                                                  • C:\Windows\system32\svchost.exe
                                                    C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
                                                    1⤵
                                                      PID:2032
                                                    • C:\Windows\system32\svchost.exe
                                                      C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
                                                      1⤵
                                                        PID:2044
                                                      • C:\Windows\System32\svchost.exe
                                                        C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
                                                        1⤵
                                                          PID:1772
                                                        • C:\Windows\system32\svchost.exe
                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
                                                          1⤵
                                                            PID:1820
                                                          • C:\Windows\System32\spoolsv.exe
                                                            C:\Windows\System32\spoolsv.exe
                                                            1⤵
                                                              PID:2116
                                                            • C:\Windows\System32\svchost.exe
                                                              C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
                                                              1⤵
                                                                PID:2224
                                                              • C:\Windows\System32\svchost.exe
                                                                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
                                                                1⤵
                                                                  PID:2408
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                                  1⤵
                                                                    PID:2532
                                                                  • C:\Windows\system32\svchost.exe
                                                                    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
                                                                    1⤵
                                                                      PID:2544
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
                                                                      1⤵
                                                                      • Drops file in System32 directory
                                                                      PID:2644
                                                                    • C:\Windows\sysmon.exe
                                                                      C:\Windows\sysmon.exe
                                                                      1⤵
                                                                        PID:2704
                                                                      • C:\Windows\system32\svchost.exe
                                                                        C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                                        1⤵
                                                                          PID:2712
                                                                        • C:\Windows\System32\svchost.exe
                                                                          C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
                                                                          1⤵
                                                                            PID:2752
                                                                          • C:\Windows\system32\svchost.exe
                                                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
                                                                            1⤵
                                                                              PID:2760
                                                                            • C:\Windows\system32\svchost.exe
                                                                              C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                              1⤵
                                                                                PID:2160
                                                                              • C:\Windows\system32\wbem\unsecapp.exe
                                                                                C:\Windows\system32\wbem\unsecapp.exe -Embedding
                                                                                1⤵
                                                                                  PID:2924
                                                                                • C:\Windows\system32\svchost.exe
                                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
                                                                                  1⤵
                                                                                    PID:3220
                                                                                  • C:\Windows\system32\svchost.exe
                                                                                    C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                    1⤵
                                                                                      PID:3368
                                                                                    • C:\Windows\Explorer.EXE
                                                                                      C:\Windows\Explorer.EXE
                                                                                      1⤵
                                                                                      • Modifies registry class
                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                      • Suspicious use of SendNotifyMessage
                                                                                      PID:3448
                                                                                      • C:\Users\Admin\AppData\Local\Temp\Sigma1231231.exe
                                                                                        "C:\Users\Admin\AppData\Local\Temp\Sigma1231231.exe"
                                                                                        2⤵
                                                                                        • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                                                        • Suspicious use of SetThreadContext
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        • Suspicious use of WriteProcessMemory
                                                                                        PID:5068
                                                                                        • C:\Windows\SYSTEM32\SCHTASKS.exe
                                                                                          "SCHTASKS.exe" /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I
                                                                                          3⤵
                                                                                          • Abuse Elevation Control Mechanism: Bypass User Account Control
                                                                                          PID:3620
                                                                                      • C:\Windows\system32\taskmgr.exe
                                                                                        "C:\Windows\system32\taskmgr.exe" /4
                                                                                        2⤵
                                                                                        • Checks SCSI registry key(s)
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        • Suspicious use of FindShellTrayWindow
                                                                                        • Suspicious use of SendNotifyMessage
                                                                                        PID:2492
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                        2⤵
                                                                                          PID:2512
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbd4c1cc40,0x7ffbd4c1cc4c,0x7ffbd4c1cc58
                                                                                            3⤵
                                                                                              PID:4928
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,17521789892794430762,11181645921835811650,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1888 /prefetch:2
                                                                                              3⤵
                                                                                                PID:4136
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,17521789892794430762,11181645921835811650,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2116 /prefetch:3
                                                                                                3⤵
                                                                                                  PID:1068
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,17521789892794430762,11181645921835811650,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:8
                                                                                                  3⤵
                                                                                                    PID:4816
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,17521789892794430762,11181645921835811650,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
                                                                                                    3⤵
                                                                                                      PID:4956
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,17521789892794430762,11181645921835811650,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1
                                                                                                      3⤵
                                                                                                        PID:968
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,17521789892794430762,11181645921835811650,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4564 /prefetch:1
                                                                                                        3⤵
                                                                                                          PID:3696
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,17521789892794430762,11181645921835811650,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
                                                                                                          3⤵
                                                                                                            PID:3324
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,17521789892794430762,11181645921835811650,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
                                                                                                            3⤵
                                                                                                              PID:2848
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5156,i,17521789892794430762,11181645921835811650,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:8
                                                                                                              3⤵
                                                                                                                PID:2012
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4488,i,17521789892794430762,11181645921835811650,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:8
                                                                                                                3⤵
                                                                                                                  PID:228
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5244,i,17521789892794430762,11181645921835811650,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
                                                                                                                  3⤵
                                                                                                                    PID:4820
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5152,i,17521789892794430762,11181645921835811650,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:8
                                                                                                                    3⤵
                                                                                                                      PID:3592
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5180,i,17521789892794430762,11181645921835811650,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:2
                                                                                                                      3⤵
                                                                                                                        PID:452
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                      2⤵
                                                                                                                        PID:1620
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbd4c1cc40,0x7ffbd4c1cc4c,0x7ffbd4c1cc58
                                                                                                                          3⤵
                                                                                                                            PID:2300
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,14804013960624471298,13709545727441097278,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=1752 /prefetch:2
                                                                                                                            3⤵
                                                                                                                              PID:4824
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,14804013960624471298,13709545727441097278,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2088 /prefetch:3
                                                                                                                              3⤵
                                                                                                                                PID:912
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,14804013960624471298,13709545727441097278,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2192 /prefetch:8
                                                                                                                                3⤵
                                                                                                                                  PID:2088
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,14804013960624471298,13709545727441097278,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3176 /prefetch:1
                                                                                                                                  3⤵
                                                                                                                                    PID:4272
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,14804013960624471298,13709545727441097278,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3332 /prefetch:1
                                                                                                                                    3⤵
                                                                                                                                      PID:2676
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4504,i,14804013960624471298,13709545727441097278,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4472 /prefetch:1
                                                                                                                                      3⤵
                                                                                                                                        PID:3644
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,14804013960624471298,13709545727441097278,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4764 /prefetch:8
                                                                                                                                        3⤵
                                                                                                                                          PID:1984
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4488,i,14804013960624471298,13709545727441097278,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4236 /prefetch:8
                                                                                                                                          3⤵
                                                                                                                                            PID:212
                                                                                                                                        • C:\Windows\system32\taskmgr.exe
                                                                                                                                          "C:\Windows\system32\taskmgr.exe" /4
                                                                                                                                          2⤵
                                                                                                                                            PID:4900
                                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                                          C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                                                                                          1⤵
                                                                                                                                            PID:3580
                                                                                                                                          • C:\Windows\system32\DllHost.exe
                                                                                                                                            C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                                                            1⤵
                                                                                                                                              PID:3756
                                                                                                                                            • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                                              C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                                              1⤵
                                                                                                                                                PID:3960
                                                                                                                                              • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                                                C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                                                1⤵
                                                                                                                                                • Suspicious use of UnmapMainImage
                                                                                                                                                PID:3872
                                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                1⤵
                                                                                                                                                  PID:1892
                                                                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                                                                  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                                  1⤵
                                                                                                                                                    PID:3824
                                                                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                                                                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
                                                                                                                                                    1⤵
                                                                                                                                                      PID:4708
                                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                                      C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
                                                                                                                                                      1⤵
                                                                                                                                                      • Modifies data under HKEY_USERS
                                                                                                                                                      PID:5108
                                                                                                                                                    • C:\Windows\system32\SppExtComObj.exe
                                                                                                                                                      C:\Windows\system32\SppExtComObj.exe -Embedding
                                                                                                                                                      1⤵
                                                                                                                                                        PID:1916
                                                                                                                                                      • C:\Windows\System32\svchost.exe
                                                                                                                                                        C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                                                                        1⤵
                                                                                                                                                          PID:1184
                                                                                                                                                        • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                                                                                                          "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                                                                                                          1⤵
                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                          • Modifies data under HKEY_USERS
                                                                                                                                                          PID:4496
                                                                                                                                                        • C:\Windows\system32\DllHost.exe
                                                                                                                                                          C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                                                                          1⤵
                                                                                                                                                            PID:4360
                                                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                                                            C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                                                                                                            1⤵
                                                                                                                                                              PID:1172
                                                                                                                                                            • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                                                              C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                                                              1⤵
                                                                                                                                                                PID:1468
                                                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
                                                                                                                                                                1⤵
                                                                                                                                                                  PID:2776
                                                                                                                                                                • C:\Windows\system32\wbem\wmiprvse.exe
                                                                                                                                                                  C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:2832
                                                                                                                                                                  • C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                                                                    C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:1484
                                                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:424
                                                                                                                                                                      • C:\Windows\System32\mousocoreworker.exe
                                                                                                                                                                        C:\Windows\System32\mousocoreworker.exe -Embedding
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:4244
                                                                                                                                                                        • C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
                                                                                                                                                                          C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:5008
                                                                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                                                                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
                                                                                                                                                                            1⤵
                                                                                                                                                                            • Modifies data under HKEY_USERS
                                                                                                                                                                            PID:1796
                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:2188
                                                                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                                                                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:4840
                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:3352
                                                                                                                                                                                • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:652

                                                                                                                                                                                  Network

                                                                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                                                                  Replay Monitor

                                                                                                                                                                                  Loading Replay Monitor...

                                                                                                                                                                                  Downloads

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    40B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    1fd21a5228803360e7498b21377bd349

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    c028d9a423b995bb2f9d9b56ef09e5a4f9535b38

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    920270c469d0fdd572881597d30bae6f24faec32c8a1e7e689186947ac7958d3

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    c2324e1b0a32c3d4abdac5ee1c2e663d1e49c24c17f0b5a5dac56cc867f67d2665f29148de2773f2e048292b189d136876b557ae9837517f612155633cbb09b2

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    649B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    ed1657d348f83d46de48b544f30a6d90

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    192c7d45f61602905e7f983f8f94049b6201f785

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    9fd2afdb04a176fa4c9d3a04925090ef18b7d3132c3756552eec39b92c168007

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    248c30e934a4cb89e272ae6e15ed7abbb9850f8d9a15ace7e9989aa8677ce5cab9385fd8f161fab2a6496fe8749ce6bc0b1ccac740e280b0588fcccc19b097df

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    44KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    c9fef0a3cd3f84bea787939c14d06f55

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    9c747c3a07c63968cf453637b996d18c1307da8a

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    6d42e9cda72c49ec780aa9229fb728b124b67c7629919b74b8f42c5fe460a39d

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    46e9fa4dd918d12cbb9002a3a0962a1188442894a0686d7f59ddce5c2e99ebc1af48ef062000f8bb176f452cb4afa165bcdf961903611ff0b8d9773c5c2b03c3

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    264KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    3f64f95821b2c9441525c60a2873c7db

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    fa7cf6ba11f366a1a2da3253757b67412a9421dc

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    13142d56deb2035fe49e3a719f1defbd6499edccb64a9274d53813dba6d1c13b

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    2a2439bba5857bedccd5fc515adf7185519d5ad45a5e95a14d131b815b568723906e831c5062a5c4dc068815fc6ac854ec3d322195ecc4101cbcb7c9a9151d7c

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    4.0MB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    b09ae16dfccda3fde39ddec550ac179d

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    cccb08691c229fc6b6acf7be3231a43995d0ef7b

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    0ccdac175e8aab0d1c128815b85ca064bd7cd4329451ccc7d32fd1fcb944b715

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    65cbe0a00857b3e006a47980f5d38730994c98d9c2cfa2635e1a6551fb3acee8fe3e3165970d56f5315706dc7022827048aba8568d37a1e5fa10689407740577

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    264KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    399B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    a15ac2782bb6b4407d11979316f678fd

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    b64eaf0810e180d99b83bba8e366b2e3416c5881

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    55f8fa21c3f0d42c973aedf538f1ade32563ae4a1e7107c939ab82b4a4d7859a

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    370b43c7e434c6cc9328d266c1c9db327621e2c95ad13d953c4d63457a141fbf2be0b35072de96becc29048224d3646535a149229fc2ba367c7903d3e3e79bdb

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    320B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    292f3c3ea789025aeba2c06a1b79ac28

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    4736aecb8662a260011687589ca14738ca103b21

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    3a861d7afdad2363e3a2db605982fdd0a6cc192053909b8e1003e03793403317

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    0b5c51e28a2780a0eed86f333a41666fbd08b28bb8f36547bac3dc316a8bb197c5b2920480cadabc720498f71cdd1e2c68fe02ed8f3005855e83d910b1437214

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    851B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    07ffbe5f24ca348723ff8c6c488abfb8

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    5KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    b60565bcc498024ac6b314bbde5fc51f

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    5a56ef1f2db4075458d28a8cbfa8c2016e132d12

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    2789f5c2c30836bcd23b16b56bd75e1adb34464d81a0985c7f4333d851d5d0b4

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    5089f9447e4f942109fa4f6d178269ac112bd404376561b13360e4fc2dff852b592e8880fe4e239f2cad83d718ce5aa079eba5c5bbc620fcb23c3217a048a847

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_metadata\verified_contents.json

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    11KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    0a68c9539a188b8bb4f9573f2f2321d6

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    e0f814fa4dcc04edc6a5d39cbc1038979e88f0e5

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    39e6c25d096afd156644f07586d85e37f1f7b3da9b636471e8d15ceb14db184f

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    13f133c173c6622b8e1b6f86a551cbc5b0b2446b3cf96e4ae8ca2646009b99e4a360c2db3168cb94a488faebd215003dfa60d10150b7a85b5f8919900bd01ccc

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    854B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    4ec1df2da46182103d2ffc3b92d20ca5

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    44KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    8899337b034b22a895cd794ea2d646ae

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    bf159a69e5ce329a16aba1e35c42a9fa35945263

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    848c7db154ecb36c0a7d77b1f56b3151b500b9d38954ad1ded5f1de94498a6a4

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    c21da10ae66bca1a2a2c29f5544887de0b8997692eac1ee8d43aa3710568162ccbb21d60e2c7fcb931f669de281d562e00cdee343d58ea298e6778b6b1da545b

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    264KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    0d7d5aeb98f592e30c011ce82d5ad131

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    ae45e38d3eeab2b47b1cbe095ee967bfaef1cb04

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    0add9c4d6c17aa785ab2af405c6db642be6f0d3ab89e9a8a00867d9e7d8cbd0b

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    6c18e480ba5a7808a76dd980722bf7a2dcc3d7e42957db0e4d15075e4154f9f5c2891b8aa7f4a43e59d00cc7fa8b1c99b3c83e01059280560eeed62b6c530831

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    1.0MB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    e1b16abf4fe264f7c3311e57952aa058

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    aee707f40614b80889939de7c3e4b663956b21b8

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    67ae8c2d2821a070ba4fca6a29c72b4d913bbcd752cc8cd2e623c743b6e132df

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    a8997f262d3075165d8784e23b0170a6ffcd630c83a45a9995272ebf769ae3d9ff0d401dbce57e51ca2ab52b2d4457307923687587f987586ee85bbfa4c93f75

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    4.0MB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    d6b0609c4b6edb45553ff9afbfc95e33

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    2697657b75906d3653f48080ec1f3993c07bd8bf

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    eb5cc165f4f69f7a3e72851b1b63e67efa9afb3c96bf8aefc962a5fdbdd6cc2e

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    db4c837c9a8a30e65f0f634bcceecff3354d6b72b34536e584fafd02eb103cb4a6b01522d4463d8c54e6852d28a71d9ec8997e2f353e59ea8724aadbbc2a80ca

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    329B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    754bee08f551f040b71cf4568549e877

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    86173217807c0d869270128d5b955d79552194cd

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    02feae18ae954b479873a24e17a55941c65ba209dbfab6b30cfe0aa03420501c

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    3251b861940b0cbf8b1cbc1427d2033c9fa1bfd020cef1e5cfcb5a4557730b067914e994aa03ad56ab867f11290ae3f4437dbcd66ee3368973535a36a6138a3a

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    20KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    692ccf8f57e0cf152184fa7d7e3629f3

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    9329069b77450ad6debdc49b1ebb4e8e60aa4793

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    9e8cb80e6e3a4e21c3ce875f3f61ed6adca26033c72f24c12b6573323616c022

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    98ea6a75db9274fb496d17da8a45cdc2ba02280af4c7102d19d5af3a2aeb6a886f725eb9520569d1a01316d6e68a5be3e2c273588a7f243fe420974aebafdbcd

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    1KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    508d94d438f8b090e40e525d156df2f7

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    7235e6ce7db72f23a734f8b6d8b6c749e0964939

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    8a90522e084dc1bc51aff6d1e7a4ba02b8015024904b0efbef30f25fe9b3a23a

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    cb7d30c3d917258910c39d1be164d407dfa9c422838af82924a27f29b5e5656cd4121d97585c7abcfabc01b6604d2c0fc6268db6264b2472d5a6a3ff8719755a

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    36KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    79cbb3bc8182b167716db7607608d274

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    b6cd66c616b55e6a15b9e238cf9290fcad6b1c59

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    c4f00225fef5d59e542cccf24343e10805e8b1da9d39a99e8e92743d92a9252c

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    591a71bf130bcdb0af2ea5cc5dec1213778eb8796912a18ccd18ffc166fef5d3e6a5744847d490494e48c9c60cafac9ce0a3ee027e0321447e32df5c8ac52f34

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    2B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    d751713988987e9331980363e24189ce

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    356B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    6c3060ee18c51c04e3f0fe35ffb78a7a

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    d7a1132c2048ac71046f4d047f5a438e332874d6

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    52c33de7d464e06ae18809aaca1e5b41587c0a588e2c339f5ebd18bc87e3826e

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    fb8b5df9a08669ebd07417bd3886dfe46a80987248119b1b839c1a521d14fb59c5f288549ffa20d199b7547f2015c77430cc8d88b24f964283e4321af5056930

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    356B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    6e28cee319f9e0505cf8f5efdb2bdad3

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    4c37af92363efc27cf0be20f073b2fec78ba0ae9

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    1fea4512c20a0dd27f6e2651bb045d8c6538ed432231d60b575cd31319fdbe8b

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    08e36e5cc87a06164c11033a50e219ca72eb029352b96846d18f18953aacda20eaa3c900a5f0d0b27bc931fdf1f50b1de563eedb6f1f49cbafbe07af0fd2afb6

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    16B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    46295cac801e5d4857d09837238a6394

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    291B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    129d029ef239cac57e7a13c0e5764c0d

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    7e6c75863694fa2f043a3bf8a646bdb17056ccfb

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    2b9694cb7a17856e6497fcee5bd33482498f9c338712f869ab096c8168c450d1

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    3f5064051425dda12bdeaeeaa4383662dd0c219afbc0d30a3b39cbb0ea23dac3a587f94aefd118c5be859bbd9b154d75b8f8b8037865d1d44a8b22b657afe7d7

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    41B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    9KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    d6390ae275818fa42187f4dd14e25851

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    bec35151a0dcc8c4ef3ae0e833a7226302221fd2

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    ff283bfb7a55003b0aafb5fc283aa195d10e7d172c455b1342012823e803122d

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    2df68de8700151223cc8c110163f7546bfdf798c79ff0b7c9b49afb15d29e773476f83df260a64172a96a172b40e5e4c44e6bd89e2a8dbb088b780a7134f70a0

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    9KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    83209ff66b821e26397802e8a80e449c

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    568bebbc2e46a7300e2fa88f264370bda37d8586

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    d346f0acf60ea753d09c83ff5024cedbd0bbe0dc1123ef75b479c3dc474d24c2

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    7a7ac03b763f7b7d5bed1c986a69935741c4c05e5c8930fcca1224b5542a0db34633a371f839b3c5fd3f0c7bafffca708f501455ff568eb17b0b763c34f1ac91

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    15KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    55b06b4957ec4107397a1074bbf62b8f

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    a6e5c4e5a659bc4c291452180c84b2d5934dce60

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    51382658af064dd01e4cb9a92656777e404f56a8605f57cf4d1d7b3710080f82

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    091e4cad7b4d0e3ccea3439ec3a3b571631a7c08dcdb4e327bc1ea49a9a0187d946ccbc54ada96a7765e035bfcd1f492faab9764f261c2b7474b945e50736373

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    3KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    de0cec180b3e4fb689dc6e51ed9f0acd

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    d80a38c130f9a2d50554f55860a6439fe8cfe917

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    5b802d08beac870c7dcfec63eac611c051a4461550f087ad0ba845baea0ef83b

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    00962197ab80aa14384be106566343b6fa5aa3567eddc53eb289470f113975397dc1c3946c2ab742d1bbb72fbfcfba4825cf0385d0dba70839d4fa385040cea3

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    336B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    6686e32b8fc10aac7b3d7250418e3218

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    c0dc86ddbbabe083b1d95bd1a607ee2d43f76a51

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    87f7b595817bc59323f5f1753139c828901b0250335a14133eee4cc19e49bfd5

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    b92655a23cc6859e70c75cabfd5296295ac5b6f1f26952bb0ea6b01f84892d2bf4e9d4f6510269f3e41ca50666eded2b62333b5e503aa27b74e04a1130c48f31

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    72B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    fb3c5ad07aee64fb348cf393a2c38170

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    9382f00b49d11ed79d5b4346835579d29c733bf1

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    31ce629d30bcbf1ca446b3b70752a27d271fa820a0ab04bfcce085e5a2c12a70

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    cc34ea30d00687a5e544cce0f83444464533f1d7ab4cc15ab5b2b9166c33d3cffa61750667165194ad73e1ab9f869e37775c67761b245936cbe67f758b027700

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    308B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    4e7982b86b3d7d916b7722aa3b3f0669

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    ce4e874903cb71d9012cc7654ca7a6ba5e4f7efd

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    cbee1100a2c9add47776b7e416b58a809f6feb9fe458bef8185b0c176b5db340

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    c4dda8b36e90a327061dab901730f47fc23cca129b02a157f1ed0c566a1d6dddf272a4e74d3acbf14eb3a7fac0820387a584db9e19ca299724ed7f3030f891bb

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    317B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    1fc7c26940a727b17f51d3b7bebf6667

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    08a32da8f27bd4e193014800ecdaf80adfcb8f2f

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    34527a18b6899e9fe82ba6f1871958d234f07aba004d047703dcf3430993a5ef

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    2f1832f256f2d244e50638dafc161bfe70075e8c9e5409dbf2b34bab27e2c36887baa3eac60990bb69db929f3a566a33dce36de47f25353c4a34b28fe77d70c7

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    345B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    1830bd3a3e3e24dad5d8336b143dda17

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    4f9b5873ccb9f55d2e16ebc7f20b7ab1cf8c3b47

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    329399e1a23fe1e50e190c2278e3d2891c6a145329afa962c7f2490f4e370cc3

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    35269b63e8808fc8caa6421b4be2183fd899ee3eb6ce72542c714982c1c00d17ebc9d4b8980d508ebfbaaee211ae62035a64dcf81583aa005f9792c7d9f46e76

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    321B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    e696004488aabbde7372c3c119e25b07

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    e45c3e9e85173bf43227ac57b196c69542fbd751

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    63a8655a332821540e48cc7c6b5c305dcf79c208e5767e4d6f9cf9a517a68eb2

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    3bc95c694958e9d0676c5fe673f7b410d40ce4abb92330fb76f67c08f92607d867c17429965bd295217236cf68b4e9d6a3a606f1a2d7c8153845b5cce6a39244

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    40KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    02c99950de0832f4974e75644c6736cb

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    41f8d938339003aef16c9d0b6bca05b16efa3bff

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    08cbd39b1ddd3aa42187be0f28d96be30c1504f0647f3f39e906cefa7903b75d

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    6b64c879c6a4adfa0e56a024f6c75f5850a1674ee76f4e9425c4b77f420251436f458a49b75f0996953b6486403863654f0843b1e911c765c2ab6ab82217e90d

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    8KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    3889bb8a94272de73db7434b1df3fb09

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    240393c1fc95f0a3392f9edb44eacee6588e36be

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    e88dcf33335eac1031fee13b82dcb56011e55dced32e0b645595bfb40a986b5b

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    3fd1b122d95220d044fc9ceab910a5c0dda391deead17fbd9f33977069803179a4f082bb76d4465b30e2310d742631a7e0f46c10ecb2c46c135eb65971663c7c

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e3833b87-939a-4ce2-93e8-4eeb568ded02.tmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    1B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    18KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    93f7bff68a339c89cf40200bc0640990

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    e2340fa8f134eb06c1537b5f0ecbe6e390234d89

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    98816298d7326d3fd1cb117d9eb43cd25ba509cb61f48dd74ef8e01a36d8961f

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    418c5bc7d8d1c875f5a303c09de78dea8b67d09c413093a83ef736046c6148223de58ac12cebb5324a484599f0720a42e8a4f20a46bd18dfec721408ecd5ea96

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    320B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    60e8b73b66f9fb1b01a865b23fc5abb2

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    6d3cf02b7aaed79cc985e10e3b47bd81c7539a51

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    f97fc5678a85c149b102dcf6a8d571da6c1e8c8f5afc65db9df4dd9974f0777f

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    41a3fa41bd1ed428d6a68ea5555c26793be1d64e2451ec80c0edc9be8495892cc2f58b182d1c94d150126f8bee07b70d78dcf5a55e2c99246d5ca1fee6f4182f

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    1KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    b929e77800ac39e2df35dc2812b851e3

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    c54cff1159b9137cc081c82a26ec7169f191cb63

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    9c592ee5b8a897b4fd0932a84b4bd0cf0336eaf3a83abfd541ca306051a32ac4

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    04d9d9afab3b928fc095e1ef9465e6245474e80cd2639130e53f895d4f7eb4dcd42e8001a589bd97bd5f2146aed36fe36fbf0e45af28c76df736d9f46ac31d02

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    338B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    badb5aeb8ac05b791078a5aaf92138cb

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    ea63e63fc00daf567f03bb7602acbd2e2b36f8f4

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    098df076ae422473a6532edeae43da89f033bfb28ceb7e73a3a55a6eb6f171f3

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    7af376f002aa2a0dd1cd1e011962ffcc544df1689de4c15fdaaa1d40eb228dc5359a6220a9a6a3e61b4f9e275f4b7a68e317bc166a101c60036b384a201fad1c

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    14B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    ef48733031b712ca7027624fff3ab208

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    da4f3812e6afc4b90d2185f4709dfbb6b47714fa

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    231KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    da085f0b85320e7a86cfef03105d7626

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    aa8282e16852ba33732581dcc3a606df44fc8150

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    d0f6ed8f81957729875b66599bc5c6446ec3a59f2252ed0fd7ce99a49e043586

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    8135e48d2e71d451adf1ce158fc1213774782c2566101d2356294d70a0a8e9633355d859c3f7871e21be30fd5be7f8a73af5bf89d1c56f87024cd9e4b33a1eb8

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    119KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    a1c5ba44f8e5e7701377357f2e215338

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    e0bc3ac6b59fd7a45f6a00956c42c9cd31f0b6f7

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    3cd42c2521b8f42de971b27c0b0dc568b021699be977d9b79cd089960195a51f

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    245f061a7795a1cb901129f5852fd2eaa1aa02fcff5acb62346ad57c5c02d41da833c045131b98ef456fbe33d8ce4773fca75d954a0c9abc79d45a811a66a383

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    86B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    961e3604f228b0d10541ebf921500c86

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\scoped_dir2512_539577900\77208e60-0c21-4da5-b4c6-c591c69a3e14.tmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    150KB

                                                                                                                                                                                    MD5

                                                                                                                                                                                    14937b985303ecce4196154a24fc369a

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    ecfe89e11a8d08ce0c8745ff5735d5edad683730

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\scoped_dir2512_539577900\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    711B

                                                                                                                                                                                    MD5

                                                                                                                                                                                    558659936250e03cc14b60ebf648aa09

                                                                                                                                                                                    SHA1

                                                                                                                                                                                    32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                                                                                                                    SHA256

                                                                                                                                                                                    2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                                                                                                                    SHA512

                                                                                                                                                                                    1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                                                                                                                  • memory/60-39-0x0000016C63CE0000-0x0000016C63D0A000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    168KB

                                                                                                                                                                                  • memory/60-40-0x00007FFB9BA90000-0x00007FFB9BAA0000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    64KB

                                                                                                                                                                                  • memory/608-30-0x000002441BC50000-0x000002441BC7A000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    168KB

                                                                                                                                                                                  • memory/608-31-0x00007FFB9BA90000-0x00007FFB9BAA0000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    64KB

                                                                                                                                                                                  • memory/608-29-0x000002441B860000-0x000002441B883000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    140KB

                                                                                                                                                                                  • memory/672-35-0x00007FFB9BA90000-0x00007FFB9BAA0000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    64KB

                                                                                                                                                                                  • memory/672-34-0x000001A96DA50000-0x000001A96DA7A000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    168KB

                                                                                                                                                                                  • memory/744-43-0x0000022550B40000-0x0000022550B6A000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    168KB

                                                                                                                                                                                  • memory/744-44-0x00007FFB9BA90000-0x00007FFB9BAA0000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    64KB

                                                                                                                                                                                  • memory/924-47-0x0000022B4DCD0000-0x0000022B4DCFA000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    168KB

                                                                                                                                                                                  • memory/924-48-0x00007FFB9BA90000-0x00007FFB9BAA0000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    64KB

                                                                                                                                                                                  • memory/956-70-0x000001FFE01D0000-0x000001FFE01FA000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    168KB

                                                                                                                                                                                  • memory/956-71-0x00007FFB9BA90000-0x00007FFB9BAA0000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    64KB

                                                                                                                                                                                  • memory/1108-55-0x000002048E360000-0x000002048E38A000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    168KB

                                                                                                                                                                                  • memory/1108-56-0x00007FFB9BA90000-0x00007FFB9BAA0000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    64KB

                                                                                                                                                                                  • memory/1116-59-0x00007FFB9BA90000-0x00007FFB9BAA0000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    64KB

                                                                                                                                                                                  • memory/1116-58-0x0000016CA0090000-0x0000016CA00BA000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    168KB

                                                                                                                                                                                  • memory/1144-62-0x00007FFB9BA90000-0x00007FFB9BAA0000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    64KB

                                                                                                                                                                                  • memory/1144-61-0x0000022547030000-0x000002254705A000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    168KB

                                                                                                                                                                                  • memory/1228-64-0x000001807B760000-0x000001807B78A000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    168KB

                                                                                                                                                                                  • memory/1228-65-0x00007FFB9BA90000-0x00007FFB9BAA0000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    64KB

                                                                                                                                                                                  • memory/1284-67-0x0000012ADA8E0000-0x0000012ADA90A000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    168KB

                                                                                                                                                                                  • memory/1284-68-0x00007FFB9BA90000-0x00007FFB9BAA0000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    64KB

                                                                                                                                                                                  • memory/2492-8-0x000001E331300000-0x000001E331301000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    4KB

                                                                                                                                                                                  • memory/2492-15-0x000001E331300000-0x000001E331301000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    4KB

                                                                                                                                                                                  • memory/2492-19-0x000001E331300000-0x000001E331301000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    4KB

                                                                                                                                                                                  • memory/2492-18-0x000001E331300000-0x000001E331301000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    4KB

                                                                                                                                                                                  • memory/2492-13-0x000001E331300000-0x000001E331301000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    4KB

                                                                                                                                                                                  • memory/2492-17-0x000001E331300000-0x000001E331301000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    4KB

                                                                                                                                                                                  • memory/2492-7-0x000001E331300000-0x000001E331301000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    4KB

                                                                                                                                                                                  • memory/2492-16-0x000001E331300000-0x000001E331301000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    4KB

                                                                                                                                                                                  • memory/2492-9-0x000001E331300000-0x000001E331301000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    4KB

                                                                                                                                                                                  • memory/2492-14-0x000001E331300000-0x000001E331301000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    4KB

                                                                                                                                                                                  • memory/4984-23-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    256KB

                                                                                                                                                                                  • memory/4984-27-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    256KB

                                                                                                                                                                                  • memory/4984-24-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    256KB

                                                                                                                                                                                  • memory/4984-25-0x00007FFBDBA10000-0x00007FFBDBC05000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    2.0MB

                                                                                                                                                                                  • memory/4984-26-0x00007FFBDA800000-0x00007FFBDA8BE000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    760KB

                                                                                                                                                                                  • memory/5068-21-0x00007FFBDBA10000-0x00007FFBDBC05000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    2.0MB

                                                                                                                                                                                  • memory/5068-20-0x00000139F65E0000-0x00000139F661E000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    248KB

                                                                                                                                                                                  • memory/5068-0-0x00007FFBBDA03000-0x00007FFBBDA05000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    8KB

                                                                                                                                                                                  • memory/5068-22-0x00007FFBDA800000-0x00007FFBDA8BE000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    760KB

                                                                                                                                                                                  • memory/5068-6-0x00007FFBBDA00000-0x00007FFBBE4C1000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    10.8MB

                                                                                                                                                                                  • memory/5068-5-0x00007FFBBDA03000-0x00007FFBBDA05000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    8KB

                                                                                                                                                                                  • memory/5068-4-0x00000139F6EA0000-0x00000139F73C8000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    5.2MB

                                                                                                                                                                                  • memory/5068-3-0x00007FFBBDA00000-0x00007FFBBE4C1000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    10.8MB

                                                                                                                                                                                  • memory/5068-2-0x00000139F6660000-0x00000139F6822000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    1.8MB

                                                                                                                                                                                  • memory/5068-1-0x00000139F4080000-0x00000139F4098000-memory.dmp

                                                                                                                                                                                    Filesize

                                                                                                                                                                                    96KB