xenorat | 0f6272e9838fd19e33cbe0eebb86f7c40d5f05a816714c7b6800f49815ddabd1

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2024 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ag.exe
Size

45KB
MD5

0a257417be0b566dc344d4f8cfd62ace
SHA1

3cbae1f578344bc133910e30f3ea0b5b6a3017e5
SHA256

0f6272e9838fd19e33cbe0eebb86f7c40d5f05a816714c7b6800f49815ddabd1
SHA512

703e8c9380866cab8c426755ef20801bad96ac200749240a67633a21321c7dddef3d608f384427a7d045de5642d122650ed2050557d00699da731c8a1008f73c
SSDEEP

768:tdhO/poiiUcjlJInUFzH9Xqk5nWEZ5SbTDa5WI7CPW5V:jw+jjgnQH9XqcnW85SbTQWId

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

release-adrian.gl.at.ply.gg

Mutex

Xeno_rat_nd8912d

Attributes

delay
5000
install_path
nothingset
port
42627
startup_name
nothingset

Signatures

Detect XenoRat Payload 3 IoCs

resource	yara_rule
behavioral1/memory/4416-1-0x0000000000090000-0x00000000000A2000-memory.dmp	family_xenorat
behavioral1/memory/4416-6-0x00000000052D0000-0x00000000052E2000-memory.dmp	family_xenorat
behavioral1/memory/4416-7-0x00000000054D0000-0x0000000005552000-memory.dmp	family_xenorat

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Xenorat family
xenorat

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	chrmstp.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	chrmstp.exe
File opened for modification	C:\Program Files\Crashpad\metadata	chrmstp.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	chrmstp.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ag.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133799570362667858"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrmstp.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2780	chrome.exe
2780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe
Token: SeShutdownPrivilege	2780	chrome.exe
Token: SeCreatePagefilePrivilege	2780	chrome.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2780	chrome.exe
2780	chrome.exe
5148	chrmstp.exe

Suspicious use of WriteProcessMemory 58 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 2780	4416	ag.exe	103
PID 4416 wrote to memory of 2780	4416	ag.exe	103
PID 2780 wrote to memory of 716	2780	chrome.exe	104
PID 2780 wrote to memory of 716	2780	chrome.exe	104
PID 2780 wrote to memory of 2724	2780	chrome.exe	105
PID 2780 wrote to memory of 2724	2780	chrome.exe	105
PID 2780 wrote to memory of 4996	2780	chrome.exe	106
PID 2780 wrote to memory of 4996	2780	chrome.exe	106
PID 2780 wrote to memory of 1824	2780	chrome.exe	107
PID 2780 wrote to memory of 1824	2780	chrome.exe	107
PID 2780 wrote to memory of 2572	2780	chrome.exe	108
PID 2780 wrote to memory of 2572	2780	chrome.exe	108
PID 2780 wrote to memory of 2316	2780	chrome.exe	109
PID 2780 wrote to memory of 2316	2780	chrome.exe	109
PID 2780 wrote to memory of 3408	2780	chrome.exe	110
PID 2780 wrote to memory of 3408	2780	chrome.exe	110
PID 2780 wrote to memory of 5116	2780	chrome.exe	113
PID 2780 wrote to memory of 5116	2780	chrome.exe	113
PID 2780 wrote to memory of 3256	2780	chrome.exe	114
PID 2780 wrote to memory of 3256	2780	chrome.exe	114
PID 2780 wrote to memory of 5076	2780	chrome.exe	115
PID 2780 wrote to memory of 5076	2780	chrome.exe	115
PID 2780 wrote to memory of 4728	2780	chrome.exe	116
PID 2780 wrote to memory of 4728	2780	chrome.exe	116
PID 2780 wrote to memory of 2064	2780	chrome.exe	117
PID 2780 wrote to memory of 2064	2780	chrome.exe	117
PID 2780 wrote to memory of 1932	2780	chrome.exe	118
PID 2780 wrote to memory of 1932	2780	chrome.exe	118
PID 2780 wrote to memory of 1640	2780	chrome.exe	119
PID 2780 wrote to memory of 1640	2780	chrome.exe	119
PID 1640 wrote to memory of 3324	1640	chrmstp.exe	120
PID 1640 wrote to memory of 3324	1640	chrmstp.exe	120
PID 1640 wrote to memory of 5148	1640	chrmstp.exe	121
PID 1640 wrote to memory of 5148	1640	chrmstp.exe	121
PID 5148 wrote to memory of 5192	5148	chrmstp.exe	122
PID 5148 wrote to memory of 5192	5148	chrmstp.exe	122
PID 2780 wrote to memory of 5700	2780	chrome.exe	125
PID 2780 wrote to memory of 5700	2780	chrome.exe	125
PID 2780 wrote to memory of 5708	2780	chrome.exe	126
PID 2780 wrote to memory of 5708	2780	chrome.exe	126
PID 2780 wrote to memory of 5712	2780	chrome.exe	127
PID 2780 wrote to memory of 5712	2780	chrome.exe	127
PID 2780 wrote to memory of 5448	2780	chrome.exe	128
PID 2780 wrote to memory of 5448	2780	chrome.exe	128
PID 2780 wrote to memory of 5468	2780	chrome.exe	129
PID 2780 wrote to memory of 5468	2780	chrome.exe	129
PID 2780 wrote to memory of 4196	2780	chrome.exe	130
PID 2780 wrote to memory of 4196	2780	chrome.exe	130
PID 2780 wrote to memory of 1604	2780	chrome.exe	131
PID 2780 wrote to memory of 1604	2780	chrome.exe	131
PID 2780 wrote to memory of 4424	2780	chrome.exe	132
PID 2780 wrote to memory of 4424	2780	chrome.exe	132
PID 2780 wrote to memory of 5164	2780	chrome.exe	133
PID 2780 wrote to memory of 5164	2780	chrome.exe	133
PID 2780 wrote to memory of 2752	2780	chrome.exe	134
PID 2780 wrote to memory of 2752	2780	chrome.exe	134
PID 2780 wrote to memory of 3128	2780	chrome.exe	135
PID 2780 wrote to memory of 3128	2780	chrome.exe	135

C:\Users\Admin\AppData\Local\Temp\ag.exe
"C:\Users\Admin\AppData\Local\Temp\ag.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-sandbox --allow-no-sandbox-job --disable-gpu --user-data-dir=C:\ChromeAutomationData
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\ChromeAutomationData /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ChromeAutomationData\Crashpad --metrics-dir=C:\ChromeAutomationData --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a450cc40,0x7ff9a450cc4c,0x7ff9a450cc58
    3⤵
    PID:716
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=1932,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=1928 /prefetch:2
    3⤵
    PID:2724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=1968,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=1992 /prefetch:3
    3⤵
    PID:4996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=2056,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:8
    3⤵
    PID:1824
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2828,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=2848 /prefetch:1
    3⤵
    PID:2572
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2852,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=2908 /prefetch:1
    3⤵
    PID:2316
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --extension-process --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3384,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:2
    3⤵
    PID:3408
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --extension-process --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3936,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=3872 /prefetch:2
    3⤵
    PID:5116
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3956,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=4016 /prefetch:1
    3⤵
    PID:3256
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=4080,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=4088 /prefetch:8
    3⤵
    PID:5076
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=4256,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:8
    3⤵
    PID:4728
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4104,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:1
    3⤵
    PID:2064
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4332,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:1
    3⤵
    PID:1932
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:1640
  - - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff7009b4698,0x7ff7009b46a4,0x7ff7009b46b0
      4⤵
      Drops file in Program Files directory
      PID:3324
  - - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\initial_preferences" --create-shortcuts=1 --install-level=0
      4⤵
      Drops file in Program Files directory
      Modifies registry class
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:5148
    - - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
        
        "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff7009b4698,0x7ff7009b46a4,0x7ff7009b46b0
        5⤵
        Drops file in Program Files directory
        
        PID:5192
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4488,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=4496 /prefetch:1
    3⤵
    PID:5700
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=5308,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:8
    3⤵
    PID:5708
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4404,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:1
    3⤵
    PID:5712
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5312,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:1
    3⤵
    PID:5448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=5408,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=4368 /prefetch:8
    3⤵
    PID:5468
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4560,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:1
    3⤵
    PID:4196
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=4360,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:8
    3⤵
    PID:1604
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4184,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:1
    3⤵
    PID:4424
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --field-trial-handle=4356,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
    3⤵
    PID:5164
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --extension-process --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4548,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:2
    3⤵
    PID:2752
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\ChromeAutomationData" --no-appcompat-clear --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5456,i,3667059073641133811,9329977264040376148,262144 --variations-seed-version --mojo-platform-channel-handle=3940 /prefetch:1
    3⤵
    PID:3128

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1984

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ChromeAutomationData\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\ChromeAutomationData\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fe591378b41f64475d83e2db799e3465

SHA1
b4c6e28887578d078909c2a5ebaa13163ab53425

SHA256
91ba02803111e0ab82f425788388cb51f6686c0ab12cc6add828ab8949f04733

SHA512
a5561b13c02ae1ef53236de71fda5042473d7453e7de88e6ef701c8726143e07d858d9a5b4b489cf9bc73fa3a73f73578d3f1a64cc1e650bafe50980e34fa6ef

Download Submit
C:\ChromeAutomationData\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
1462af65eef3bd556a990f15c4a38f93

SHA1
4809933bd80b9d078066e6beb0c46ba38623ebd1

SHA256
b136337d91fa91ab51d31874941a54f76f1855048c334840e85059d4bf070f5b

SHA512
d88ba4ce06a09a8a738879739233c28d0a4517008274675125dcbf397fdbcb458bf40a6994f460dbc0a063be6123f4c2c5c96e08d69dc8707af456673c9a3521

Download Submit
C:\ChromeAutomationData\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\ChromeAutomationData\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\ChromeAutomationData\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\ChromeAutomationData\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\ChromeAutomationData\Default\Network\Network Persistent State

Filesize
1KB

MD5
abb22ac0e2bcd669936900209046cf4f

SHA1
e822cda37829a05708d381bc9d8fffdd32d5b904

SHA256
0681de43c1d4d8fa84da28fefc9dfbed0286e0161943364d720e33b9721b4793

SHA512
614817072943869f25229420e67993557b7caa98071866067951e85fa99f2e50fbf5613a4c1efd8c124fcdf612fc33b5ec5783dc929373240f63f9b4d23dc1c1

Download Submit
C:\ChromeAutomationData\Default\Network\Network Persistent State~RFe598226.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ChromeAutomationData\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\ChromeAutomationData\Default\Network\TransportSecurity

Filesize
189B

MD5
53aec60642d4ba178ea907e1290000de

SHA1
deb2f00b67af589ecb8bcde7414839af091af14d

SHA256
e097c1f77c7d3df1062edb0476d9f808890ab32ba6260cdd3f429905df748f7e

SHA512
c88c68d34ca915d31f3b8072547c1ea774a844e27f71bfafd3d9f153d0de7c49e7d3726c234808f2bb4c5916e7c0486ced94a07a83a53311b8843d34c0ba8125

Download Submit
C:\ChromeAutomationData\Default\Network\TransportSecurity~RFe58e375.TMP

Filesize
189B

MD5
00ee93ec3035c7da24df778a63d113fa

SHA1
c059722f85782bbee4889f66a3f645d7ede4cee4

SHA256
9470cf0318fc4c4de2f5310a8b5c7a2fa3aa94df510b9826ee55602fa0986d2f

SHA512
d7b3e103b1c2543fb6de28c0e325088ff4461410101d2a4392e2c53d44fed8262de9c79b529b5a038aed2a89153d197ed2bae02d54d9448299422946360831b4

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
9KB

MD5
6433883788336feca56dc6df0c982e7a

SHA1
f799588e20bbc9fc7fcb2aca08ba0a1f6782e709

SHA256
a49dda20cf0b3ca05c767bf3dab4f99201fa2cf5722798d7fb6384a98ad31c63

SHA512
5ef3ea17fbbb9072face4f3b7f086250817eb8ca96ae0e91a779c2acf41462d9c86ecb59744702a5a0e916ee434edc82f3fcf6f382f16ac27430fac8126c3c01

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
8KB

MD5
aae07d6f66c346e7c3ddcdb5e27c3d77

SHA1
8bdc5061e0177907c2777c43c78e0506235b6414

SHA256
d7b11efed132c988f6111a403bf207f419f1a6e692ef47c31e176319d9874f21

SHA512
612363982b043afcab230b5ae983e63d17779ca261faca67d3ff172d21a9e2acd6d7c84b5ae3bbed7d67bccd2231c2f7175ecda5d0516779a95a9eee33e2bd54

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
9KB

MD5
510e88d2b1df5574a710bcb525b34da7

SHA1
b10e45dc6916b190494dc37c6112e9786d630f50

SHA256
5a88606f685ed0239fbd3e3872f3100399f116c5e112d04f7818926e6308e0b0

SHA512
ae31138bc328c9e639ed09b50d23b43daa67d94f1fcb7b4f518355c30ea6ec9710cea9cf99078e349c4333b98562c180768bd3c00673a39c586565e3630d31bd

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
9KB

MD5
07ea95a5b547e2c774345b99784b09da

SHA1
46457f3b291ac0314ee72dc4bd08af903df6dc47

SHA256
e88c3069a174c82699a070b78f0681d16b0cd8230009b25082722d69a913fb29

SHA512
eb617bc2349b701cc3e40ad79b947d4fe81b876efba0d3659cc8586c014eee94c338de5808b65adba12c8c67ec95260c0ce1f18753d0dafc04c7b030ae9ed196

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
9KB

MD5
e68fab6a59eb2ec74464e38422f66539

SHA1
41eb175656f3ee98452ff7e2d338ac1a74b040e4

SHA256
8ed6e738ad15a87ac854c6f9f3a9467e2ad116ffe48c747c3d8d914da3420fb2

SHA512
6fffccbe8b2da4877c854a95ea7926e3c68bee7c24668f58cd8e82456d60fd4e9d5ddf12d84ee4923e5a0e8c56a4018f647a0c93e838f806a7efabacec6794be

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
9KB

MD5
f67336b2ce7e204bc8fe416a3ecc0847

SHA1
2d36b1359386afdb92ea65d33d53647568c4bba0

SHA256
bb6f4fdffa7f556698d45d5700a4cf7bded95b56b55eddc35bf9ca2b7a762221

SHA512
2aca97d938f02207613f643ba41206203450dd7aabff3c9537136d5f9868173d4b9f221f8d583cf1b6bff82cf2683f92c8a22b9d90f4f8ebc56a7e69b39d2834

Download Submit
C:\ChromeAutomationData\Default\Preferences

Filesize
7KB

MD5
bd3cc15312d6492acb2402f61e245221

SHA1
29c537fa23005c80604e02b1b98350b830ecec3d

SHA256
02f0a3d7650f8a216f88b0239dec95deee496819d98c6c6ce80151047b7a526b

SHA512
38f24e2c6d66501c7127b4714e52743509490cefc42fceb080a5692c93e7b0eb03461b92d0ef761e7a3f1d6ef4f349d3caa8011df7f32ff89d4bdc042cc2dbea

Download Submit
C:\ChromeAutomationData\Default\Preferences~RFe58941d.TMP

Filesize
1KB

MD5
537a9e53b104bce731a71088b038c187

SHA1
3ee635e8355696f136c1aa7aa358b5a43c977dfa

SHA256
fac02b374327f114e2e82b642acfbc31f7814c6a3245275658dc73d9cf1883eb

SHA512
28c7c0b9863552ab3f24fe4137270951c737fa9802d0ea39d99cac241b4449e0fbdf4da52ee37db36c0175b81cad2bbe22a42b57bc2d743be3e87bbf265e36a3

Download Submit
C:\ChromeAutomationData\Default\Secure Preferences

Filesize
13KB

MD5
6ae689dca9e109ac2754c3ffd4672c63

SHA1
265e717125f6bd9257cf3ea1fa290478326096ef

SHA256
fbcc440b73a4666cb7393f60c02295d7b0256cda2c9d7362f05fc42fb139d379

SHA512
0fe6b7638105e85314fb7c66fbea55938b460b345ee2cca5682fddf89ccec1838ac8a54ef8e6a72fd6daf762767f1be57740c885a7f924195cd761b5e69df86b

Download Submit
C:\ChromeAutomationData\Default\Secure Preferences~RFe58bf44.TMP

Filesize
10KB

MD5
676dd8a28a98a583fc2b7f0225a79bfe

SHA1
64a42713537a0f41e218c834fecd462133a4fd91

SHA256
84aac2fd8b0cd918a37389ba0bd0f1eb5343d33099d70dd2e7afedcad0f941ec

SHA512
ff9e97ea6fe5d7fbc985a5175dec8edaf13d0138381fc7b804573058ee56fe3659b7ecf024d0d023d0552fd3a1d4bf1d304a4e6fab246194bb713ace894bcd11

Download Submit
C:\ChromeAutomationData\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6202357dbe7c0c806ddbe180a42ff1e2

SHA1
14a5bef692a568976302215328a118e3ca495955

SHA256
a24ca0e1af7f98c25413a114b2284b5d12948d78d1b3b8069ede7b11812669e5

SHA512
15619c7e165761cebfb032f6f97fd61240e1c11f33ce4800bca6fca7546282d31d0de39a9e36b47001ecd041d5418fff21ecf91cf2d7fb9026f3a80ccacbfd9c

Download Submit
C:\ChromeAutomationData\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e75d.TMP

Filesize
72B

MD5
dc5e0637efbe07bf66ce7a4a68ce1250

SHA1
93460182f9c18bb6cadb43dc487b796edfd9d713

SHA256
752e1d7762d9e11db38d6193ffcf2248ff6c93e41b58444a0022344c4fbc8183

SHA512
7998872429f12116179d8ee2000cf82e17e1ba0313fc1461c1245ce49ff4598160a0051f32e6b0facbf779b5022294ce6f1b272609482f98419604c70a6269c9

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\32.png

Filesize
1KB

MD5
40c4ea664da063cccf37a00d0dea5f88

SHA1
f524c4c8544d5e8b7d5a29ba74fbe865c0fa303b

SHA256
91289705a496311822aa52d067f2a029025293f1c22779f3a8bc483e211ce1d8

SHA512
bbe182958560fa196423bc1b50575b078e4a3b2b170427074442a42a3f21ae7d91d3115e75f38335c778070142d2d1bc929bfa22bf0fb2ae644c0478f6d58d51

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\48.png

Filesize
2KB

MD5
9e1a6c45e7a5b26e6dfcb060fe4ec411

SHA1
8895839baaf4a6ce1189fd8c5572c3c8298ddcc0

SHA256
102aeb88e02ce1cd5c91ce4ab3c5880be33b6a440ee7f24c9e38741e79b46273

SHA512
323180dbdb0ebed3f398d5e7233f681ec85bd0815ef463d8351e17e99ee6f9f47badc9bdd9ab197249fe85e2c0d2457760f7bb7550c9c55110f333d13bfbe8fb

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\64.png

Filesize
3KB

MD5
65e00211feede352e87ff869cd3d1b1e

SHA1
2ede8e165651f24a165f31bd2b4591d124d5fdde

SHA256
dc78a4be5b92c40c32dbbd4bcc3c65057105db062c088fadcf835a5e161095a1

SHA512
1fec808d0591868de3e27863e095ded619cfb825239eb05aab61f9ddb09bca28534e5a1a6f0d39a47affb7a3371d07cca9701b8dabcd297ff2fd116c9123fe61

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png

Filesize
1KB

MD5
44188def4e01c25516ca590c90499b2f

SHA1
0a9258ac71dbd02eb2e5a592365c9e8a3744d3c7

SHA256
be3a2fe70a27da2e9836e8b96a0dcfdd980702f69124f984f82de2b8699fe977

SHA512
f202686756dd603d4d98b36421e2613003279601328aae2214ffa3226a6a7c6102703808877818a989f2927677210dbb7bfa49ccd870771b399abdfa2431dca8

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\48.png

Filesize
2KB

MD5
b87bfabaff9e7370835ea8790c87409b

SHA1
d9641aa79839fa5067ee9054cd61e0eecccfc7ec

SHA256
d67823095d8a91a0d4638ba75216c2f4b467f4fca5a56c4e45e88091b17dfdc5

SHA512
d8e3e59056076919afc7b5640d4f5964abbaac8537bb547da68f7a91c314a72615059024fa6e517134da81a38d4701138f50e37bf99a37ac3353ca5d92ed162e

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\64.png

Filesize
3KB

MD5
72af0c1352184e984612088a6df54e53

SHA1
12faf6f7b28cc2d4be9d639a770e54d895d6fe58

SHA256
e036bcb9f333d3d7e12492247e02fc6d599e12c42cc008fcbbac37def93ca0da

SHA512
8dfed220c6391592aa1bc06000548f1f18ce1e6b47b6e3b47f11185cb0d0c48f961c82c6abb598ee1dcde7ed87c59026cd282ee56f5e0dd1f48ec89a207f4623

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\32.png

Filesize
1024B

MD5
ca6289a7d8f9ecc17f8de717faf1af27

SHA1
4ccf3c6a9291f0a8a3090c22aca6f1872c860073

SHA256
3d7283090cf1a87baae4032266e4d144f7ec2ea465e7b2bf02728aa394c678f0

SHA512
100fb108d3eb74eea016af82a5a6758f22173b3d9a60c5237e9a570aa14549397b224d9d4234661855ffec47930a33536d05c0eb56ac61c551184fa89b18697c

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\48.png

Filesize
1KB

MD5
06c47df56a44e6ec6ed68a0c1b13fcf1

SHA1
d081069ab4c69925e2c5a8e7bb9a683f620dadb2

SHA256
6e21221baad8ccd2b71542f9d3194dc5868c0f424fea640cd4915fbdb32f4804

SHA512
e23731119c43850604eaa83c7fc17cff43681890ba3e144cc0b97cc8b33dc3f90a5370c7ae599c5469e33fcffed6492308451a0f3699bca51df665a70329a569

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\fhihpiojkbmbpdjeoajapmgkhlnakfjf\Icons\64.png

Filesize
1KB

MD5
fa9b6bd6c167dc772018d4105b7f3afd

SHA1
5a8b1a8bec14f864d559667c79683735508a8036

SHA256
2a8f1a1cfac4fbe96a6cb69e9e621201875cc45b2e60bc75b08ea193c759e346

SHA512
db8b36ed049e357346a6c249dacf54a78bf7395ab8a3c8f8d2aa8d575193f59959cddfc7e1ec18b32a029aa1cfd42ffe30149d74de56d88baa0583a6c00d9a9f

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\32.png

Filesize
1KB

MD5
cfd1c4fa219ea739c219d4fb8c9ccf8d

SHA1
1bd9c4a0c08a594966efe48802af8cdd46aa724c

SHA256
36670568a87c7b3cd1a4448ffe5bde9b6fd3d65b58e6dca38cc4ea2e9e8c11b3

SHA512
59918179057447aa18668abbdaacd11ee3f5e83c25a93f916a050a559ea1457d6ab61abd3db9def22b5214a1767911e9cf9fa8e638852032cca3696424c6a903

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\48.png

Filesize
2KB

MD5
f484337ddad3b425b5788e5ce7082bc8

SHA1
79c7e4c0202a06ef3a287cc76ea498fcf26009c2

SHA256
fa58e3209e408e4f0d60a7ed330d6f62884ccf9b593e37cde03e7916c116dd1f

SHA512
518a8e3d53fe86dc714a59cc70f8f0c44396d7569d25837c1cfe6212a10204080e0c4d19c43729f1815093af9f075693decbb9496700a2f00bd57dd3ed0b0a3c

Download Submit
C:\ChromeAutomationData\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\64.png

Filesize
2KB

MD5
9ca95e4d4941acee74cd1bef23eaba35

SHA1
1717e5136bf97a89b5dca5178f4d4d320b21fb48

SHA256
80c1e2f4d89d5266f82dc0295f232eda894812820c5c625a036adf980536e5a8

SHA512
9fb11e36e626b0d9eb43548ba0e90cda27e70d027361c52437f01287e94f07d07da01a385ee2466963e305516f56e37020644ce03d1132322d7e796440c633b5

Download Submit
C:\ChromeAutomationData\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\ChromeAutomationData\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\ChromeAutomationData\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\ChromeAutomationData\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\ChromeAutomationData\Local State

Filesize
118KB

MD5
9efe8d9ca7e6c4395d79548eb22469c8

SHA1
ee489e03200bc10762be3a0c1f5002f9c6733b23

SHA256
0ba89a8fe04195ed0d2cfe9a29e77367f9b93a6f0b0b1067f9571b515251a73a

SHA512
16fba43c7c1f12aadc89ae8bf6b94916ac5e333e8ed2260179cb8457d3664ce81444e11332542dc2d604eb3f76e2bb2f30b534fcb7f6d6d1a29d0e0b02164656

Download Submit
C:\ChromeAutomationData\Local State

Filesize
118KB

MD5
cb86f6173032145b2b14279ac4a607f3

SHA1
f46aef818104d711a3a616222da088324b196d0d

SHA256
3d86cb73984ae25c0501164454cec05b125d71091ab741ad33ea0ac92a1a14c8

SHA512
63d3cb0bf51c08b2608663c793fd785870f9d23748a0c3f9263d9f8f436054cabda3b1e94145836f2c8bf966597689330bf5ea960bc81e58a9f477860fe95390

Download Submit
C:\ChromeAutomationData\Local State~RFe5893fe.TMP

Filesize
931B

MD5
6d099ae3c00cfb2136b272444dbb78c2

SHA1
2736a95f4b9f5c26a22c6c07809c998957835c8b

SHA256
f8c8f49b1b000b3cb2f28dc0ad23ebbd87ba9e3f3d96c4eaea70bdf0afcb827e

SHA512
f2685a12917eba2f519aba869cdf2bc3870d7ae71ccac1a1a40e1ae8c92181a0e6c298221357f40f0d30f9b85455a7a01b2b4dfd33264f991332f1d98e67f0e6

Download Submit
C:\Program Files\Crashpad\settings.dat

Filesize
40B

MD5
4a31e1dc23566f0758e7f416c3772bcd

SHA1
e0eb3d555098dec5025962b642064eb2fce73d8f

SHA256
d8f9d6e520fadfa51fc792ffb535f6eca0e9c01bab9346c621097ebd1a6cf2eb

SHA512
d0d98fea3e86923d36c219460a8858e68273abb8323af5a5c2f53a32ac413f03599324226ec70899ab12f9c1369babb7195845a15b97f731475053b701c4d094

Download Submit
C:\Program Files\Google\Chrome\Application\SetupMetrics\ac7e628a-b7fc-4e23-90ba-a6853fcd8798.tmp

Filesize
520B

MD5
d7bdecbddac6262e516e22a4d6f24f0b

SHA1
1a633ee43641fa78fbe959d13fa18654fd4a90be

SHA256
db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

SHA512
1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

Filesize
8KB

MD5
c9b59705e16633398fedbca33ddfc758

SHA1
4b21cfbf7039adbea8b92ba3aca04917cfcbb4bb

SHA256
f60dc49f75cb54a96ac6bdbbbf2559d43509765b27c042b922705ea2562fb508

SHA512
f28e0402ce14e3c0b01f295eebf45bc47fce655875d952ebe806ae761e3d3b5f0fb77cd631f42c2e9d25961daee40990ee29ad7bd458d2acd240e02f4caae8e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2780_1059227411\683f2a0b-c939-4372-8f1d-7d69bafd5416.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2780_1059227411\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/4416-0-0x00000000744DE000-0x00000000744DF000-memory.dmp

Filesize
4KB

Download
memory/4416-8-0x0000000005830000-0x00000000058C2000-memory.dmp

Filesize
584KB

Download
memory/4416-7-0x00000000054D0000-0x0000000005552000-memory.dmp

Filesize
520KB

Download
memory/4416-6-0x00000000052D0000-0x00000000052E2000-memory.dmp

Filesize
72KB

Download
memory/4416-5-0x00000000744D0000-0x0000000074C80000-memory.dmp

Filesize
7.7MB

Download
memory/4416-4-0x00000000744DE000-0x00000000744DF000-memory.dmp

Filesize
4KB

Download
memory/4416-3-0x0000000005320000-0x0000000005386000-memory.dmp

Filesize
408KB

Download
memory/4416-2-0x00000000744D0000-0x0000000074C80000-memory.dmp

Filesize
7.7MB

Download
memory/4416-1-0x0000000000090000-0x00000000000A2000-memory.dmp

Filesize
72KB

Download