hxxps://u[.]to/1qkfIQ

Analysis

max time kernel
1800s
max time network
1162s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2025 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/1qkfIQ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133804634951538562"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3196	chrome.exe
3196	chrome.exe
2756	chrome.exe
2756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe
Token: SeShutdownPrivilege	3196	chrome.exe
Token: SeCreatePagefilePrivilege	3196	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
3196	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 1628	3196	chrome.exe	85
PID 3196 wrote to memory of 1628	3196	chrome.exe	85
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 1376	3196	chrome.exe	86
PID 3196 wrote to memory of 4456	3196	chrome.exe	87
PID 3196 wrote to memory of 4456	3196	chrome.exe	87
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88
PID 3196 wrote to memory of 4544	3196	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://u.to/1qkfIQ
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb77bbcc40,0x7ffb77bbcc4c,0x7ffb77bbcc58
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1968,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1848,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4328,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4596 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4792,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3428,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4796,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5116,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4592,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4804,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4832,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4936,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5132,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5016,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5220,i,11139806316720174587,16820300760184770659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:352

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb77bbcc40,0x7ffb77bbcc4c,0x7ffb77bbcc58
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2272,i,11320557624943022462,8251158846817462494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,11320557624943022462,8251158846817462494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2532 /prefetch:3
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1988,i,11320557624943022462,8251158846817462494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,11320557624943022462,8251158846817462494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,11320557624943022462,8251158846817462494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3736,i,11320557624943022462,8251158846817462494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4720,i,11320557624943022462,8251158846817462494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3384,i,11320557624943022462,8251158846817462494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4068,i,11320557624943022462,8251158846817462494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3356,i,11320557624943022462,8251158846817462494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5144,i,11320557624943022462,8251158846817462494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5136,i,11320557624943022462,8251158846817462494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5104,i,11320557624943022462,8251158846817462494,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:2200

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
800547b40b40a6d57a70b74809b450fa

SHA1
310a064c7ba82120f80af50892dcbe61b53f9d70

SHA256
a562ff4b14badc73b0804883bf4ccfd9972e485123de5e5949981794f66ed936

SHA512
39630e3b5069d0c66ea44069358cf01f180bf25103968f77d483a27deb7e91e796a1718ce9af2f438bebe8207537e735cd402d649e2adfa2ca7748faae2db949

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9cc9a1395ae3450868b76bb27e716884

SHA1
017ad87df2c99016d3d998088f96e96752582632

SHA256
23cf4f0afeba4a6746c819e840944d76a2a66c8483f7d3d744a399a2057bcda5

SHA512
282b87b707edb800c5396cb77726c30ed51baeba0ef8e2fc7365ebe998cb0969412b4ad39c1e06f809d23430b0a8785ad4d641a98f5c98687400d48726430eca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
52894315801be5695a7a42cfc6df2cf7

SHA1
74d370b9ac23b14adba85dbf644c0754a07cb386

SHA256
ee58b5f36b1c267393a486f272aac78e51597520b273f4c7f8a558e4431cf1cd

SHA512
ab2380cea10049aa904780c8b632bc10f1a8f06d9d97ba44c829467e323a8daa23cc71cab28941626fca3a096e24cb210d7c2f0dab821dfb8bb5482fea80c612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
7cb640f838b1d35d6f05a57b7360fd97

SHA1
47362a339213b947c60de002b52f777611300d79

SHA256
62939c80e7444d00c61cc120372fb411984abff1cbf3f7078fdbc153d31be237

SHA512
5acc5276bdb960f4877cbc5895f9b0f09140db49a0e9796fd9ee361f323845ea774969b4c37442fdca5e131e453175d24c98647825fac21d1590d62ee8bad631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
1a5c5f21efdd1caf00984101a34d08c4

SHA1
8829ee060ea4fbed274adb22d1e4fd6bd94c0ca6

SHA256
de046925975284d6198a1905c7add75f60669e24cbeab2915a02c4a4f7508716

SHA512
6f8ebc8e22f0103e10aede39ec7408bbd20edab3efc2e20318b8a08d7b8d246d8d56ee6c5ae379586f950c4b70dba19b210cbfb81635e73cbc9663f2eb52f16d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
a93061ae5eef0a42b6055a3e1322674d

SHA1
cfca631934951b2cf9a2ea9a06d0effc0f5c9a0c

SHA256
7cf1226a2bb5f124c146ba89c09a0fdd78a4b7d22786be7da434eff7f9b30f62

SHA512
b86bada4e76740752eabc6b1f1ddd1e77222dbccf45e6fe4925658c155c11ea541e2b8cac5151d6f12cbafa8055baabb90597d01a35990e4a2a0ea63c319944e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
a3d8e800fdf593ee6589ee525ca75a5c

SHA1
63e28ffc71d175834bd7bc6d14f4383e36a381db

SHA256
341ee09a92c865f5d367753dc6e51d84f9fb03140cfeb6fbd49cd1b67bbc09e7

SHA512
df9597ec56c60ff5708a5986fe3d5948360a0cb4d968eadac3a963ddc4faf3c52ed88461d32faa6fb6b1825c55c49a1fe71b23b7c728109d1814aa3731c0500f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
a589b6aecc86da8a45df9f18b7f6e4b0

SHA1
f255ecbe0d325bc2cce9626672060164c0ce9fec

SHA256
587645ebafb56d895a9a241fb87a21ddc8f4c643e5132eb037ac0f487d4e5d27

SHA512
6a7592d4d01a68a31a6966ded7ce87805e6a09fd8602f6514737bdaaa1b9be32b2415b4f30435bed96f9befd447684783f5e57399184701642c240d342ffc421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
6178239623c99cf8149a77b76c69c977

SHA1
6c251ee883b9c8691d14d15a264e34ce4ff5dc02

SHA256
b383f0cf10e28a0d4e8e1c6f1ff0b8bdebfc9177accd39d4965ca1a48936e41e

SHA512
cf5a0dba85bf2a5c3694d976040cc4cabd7d85afb8f1d3f5d7ec09f33ccd495a7ae7ad4c36fcc961d721f96e7de9031a8653e27a81a8a13ed2b8b4f34f528b82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
588d0a0fd35eb4035b754fe41f285b0f

SHA1
08ad1b6d23b779e3e99ab4b654b0799fe586bc19

SHA256
2414040dcf31dbc771623c15ef5818bab6e54d2b462feed4ad88f7d4b88b7daf

SHA512
c46c38b41176f88668e35e619617f8ec378cb12738cddc97ed45ff8c318e5a1bfcba8e2e6ff1d72ca332f35dab7290e219f1777302f78d12b03ee5cb25185ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
4771e7b5d32555bf8a5e9af6f57e52a0

SHA1
38af78118d643100734d484bcc72d8160eed7625

SHA256
839fe154ef0ed3aa05fa0bc0b097b6208fdae9511071f43d195dc7b8fff020ca

SHA512
f56c002cbe4679356c1c9404a05e2900f53ffd001e93a269345aa81bb7716fe1ffab535e4d56f83da984fbfa4d02887849de01c4457fde242bcb150ab4adff9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
d6b0609c4b6edb45553ff9afbfc95e33

SHA1
2697657b75906d3653f48080ec1f3993c07bd8bf

SHA256
eb5cc165f4f69f7a3e72851b1b63e67efa9afb3c96bf8aefc962a5fdbdd6cc2e

SHA512
db4c837c9a8a30e65f0f634bcceecff3354d6b72b34536e584fafd02eb103cb4a6b01522d4463d8c54e6852d28a71d9ec8997e2f353e59ea8724aadbbc2a80ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
6ecc63ca3f5fbb95ccfe0dbe86ee43cb

SHA1
6cfda448785bc96cd320b1dbba03cb6e361d158d

SHA256
ff88dcbf8b3acb5d8bb8a579de0c5949770c216d79fe150767c0bf7e8dc928c1

SHA512
8084400fb47867972d57e4982f732f48c517587cdd91e70e25e1642c00d1e42640dfd985650cb41f24b75c64ffc74082771fdc53410b8220bac040c2587617bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal

Filesize
56KB

MD5
33501f8cd84a86bdd45912e78b9b2d4a

SHA1
8bdf0640b591284d145ec04c029af3122854fbee

SHA256
35181072300f52a1c972dce83efcfb33d11bf98d4fb82b4d90d8b4417412b7c8

SHA512
a29f7b6709c297e60f4a327a1b7da6bd23bd709a0262459b82b19ff2224de2540bc13d7c2d94c0c885f499c5e20798e91e7c3ac5b50f28c683df08b445e12896

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
8abca32e169443aa43e65803b6eadee0

SHA1
50028efcf35d5bcbfb2f90084846ca5fc77c402d

SHA256
1711e7398fe219aa8a525d3344b2b8be48d53964520d8a5f9467e1eda0a39db0

SHA512
f770bcab7b6d71f52d0d79811cb718e71af3ee121e2759431e0a0099d1c1b15e3d23abec1577dca2c14a88b2dc03303046766da1ee3b99ebb2ec0091ffdb12d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
437e17a81b80777f3ca8bfbccf02405b

SHA1
e82ec9d4ecdef958528d77ce772907432ba1aba6

SHA256
8c7dd4bd53b8e5292b36863aa3427b2759d3bd4083374b57e8e2f8affc147614

SHA512
7c4c1663506d0e684f8efd40503fe3acdd54e27ccb3ef2f1546eefb3c4da877e39395b86327e88a63a3b2f3293efd05ebfbfa2ee27ab6e90b612b7a41fc7f9aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bc0d8341e97711d3088420028fdfdf50

SHA1
210ecd78f1d6934252b4ef174375c6de9b368158

SHA256
573033b86a72b59d1702be7c2089a096b54ef1a6953344a024b265e5ca13a637

SHA512
ccfcc297af754b03e2701bc06b42bc0e7c80a366a2b62416f9cc88fec982717b26ea061a367f266e6e71af8ceb0c080d791ba1b764b50398bd271b0e8df968f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7d1706669f1cc7f782379050c78c8fa9

SHA1
587a52d3148cba468cae2266dd53e6901e8868a1

SHA256
2987ea2049f6f1f8e5f1a2e1d539ff2fb004da2a4d310b11d8b83ca53f55650d

SHA512
534bddccc2ce0728b6bddcfb0fd21e2a691c9060023106a7e83e1283bf1347085c3ddaa5ed3c8c437c3559f13ee98f85943c12afb270805a5aa3c8cf19abfbe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
757c528e5eb2fd26d17e4524596b2219

SHA1
b24acdfc12aa7fa12d0cb34511c8c01dc1aac64f

SHA256
240cb9ac38c957c2aa6215acee3aea60a2340c9ed2189f09a3821ed6072a8ab5

SHA512
032dba0722e0ce8105e0e32082e6f5ffbb6505418ddd154dc5d32970141048280272045a6ceeafdffb5cd4402a6ca643e330d7bcedc523c389abb5fc1b77ea7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8c50a952f63b359bc2de0a202769e1e2

SHA1
64d3670768f377f8c511dd6362899f21d508d8e1

SHA256
94a581d80e1fdeb62de1be223a6bc714234bac05f7324ddf6a05c2e2032d771d

SHA512
24ebf8736d75bb28790ec6737a7064adf14b5df2c027826a92ef12d68075ffae8aa9ca444de4c4cb65331ebb900a5506500e0caf2097bc335c4ae651d508ccb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
827a5027e611a9a95f53cbdc484dd478

SHA1
61f01f7b44a2ac90d1255013d5033b647ba130bf

SHA256
5db1aa0a08b8ecd7237be4804f81758b3b514a3a5593d6b2188be659bdafdafb

SHA512
f094c72ae31cff20fc6fb241505ea5af1e9ddac4de73ad98e189f0842a0701bc5f9107a4c31dd969471942f33680677b55eec70829c8b34cb8efdcbba82536dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bb2869ac2de671c94822b92ad8f5a0d

SHA1
4bb6588c7b52668bcab144c742324523542a07a2

SHA256
84d598faf193663cfa2e50354bf49492f154fd5ac73f7de7765bf5e2d291bfaa

SHA512
67a8f76cbd026edebad6832316d70836f13f52159ad5062d74b510876c7791f6c8ffa02dd44be59bc78ec09f7a97558a94bc588e595e439c99c6c3f668e88d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15052a15a5f25465e079d6f1d4de7ddc

SHA1
055a763388c85481f496be462242f67573c4a871

SHA256
8caa777591988f0c243d715fb55a02bdaf92f901f68800b9627b69803468ab29

SHA512
c6592c2b67cd3b7c7508f2613dadca568a2c04e5534a59863b56a4e99342ce04b53fed94557c63bc57323c6747336ddb0b016ad84925895f7dbd5e2d1da509c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
226d606ced9dd372d7dd0ee98a72bc56

SHA1
33578b2005b4125f25850c21dba543576212a7c7

SHA256
1c6ca07926aa6e829826565c044d664f03941bec74775e23dea1b7695fdbf9ee

SHA512
44a3afcb0f0f41a1f3c80b0f79c8c9855adef48a57f04f023e6c5e0ca593ebfbf1ef34fbeb2f914dbb4d80c787bdc2961484fc71fc743e096a96b9c32ee671f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
652c94748ef9949b8e865fafeb60dfa5

SHA1
ba6964e0758c1c7818e3b22899ef9ddd834fb3b3

SHA256
d6d8dd9e26900f23fdcc471b3491b54edb0eb8418d8f756acef4ef0958a6634d

SHA512
c1e66dcf330247eb9d57507ebb63d0e7ad740613678c00bd6998a5dfdeda6b8ee34d0ced016225ec9c0cff557f87b59a6ffbe730cac10b002bc9e98cd21baa94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
83ba2a2fbddbecc0a751fd503121bb38

SHA1
f025c2ce7d6e411fa0edcd26ac4669d0d7ab5fee

SHA256
2e8450e798afb842979793c761c3df38fb1bae1d8018dbf17de79e284ac6979e

SHA512
2979493aaf5e14b53519e8c34c9347c229416e5292e4750ccf67194bf718df90ae1c01d4c267caf73f3d0618c78c4a21e9149400835e66fd4e2d05c1816ebce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0e6555bfb8a41ab1717b4ca27158620

SHA1
ac0a5b3daa46f049662971cbf237e881aed0713a

SHA256
499a65f6653108c1d44297b34ee521e8f0de640bc2ddcddd70e11d0973630c8b

SHA512
39cc934814f3f50155e7d2eec469e847a598fbbae1cd26a582f341e42868bd61183512b5302259561dbf2a924db79cc98370d5f47364e680ea368e00dd7efe24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
42509cf4d64af3161a3f9016af5cf92d

SHA1
5c7a9ada22c7f8447e57ece0651b3810d5ae9e63

SHA256
08ada4f9e7e2fa560063fd3c094b100e6a7537483d9b0aec9a9f38b62819b897

SHA512
34bf34cbb1c0586b3063f78b5df0d0ec9fce3bd7b618f594cd4d512332ec5b0def3cbd6bfd057c26bfcaa0b11c4b58c4ee13771980cba22b7d89d3498578146a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5331eb38c62b94c631fb99bbfc6fdec2

SHA1
22c96d2ad72bcc27fdc6673a4ab8370e9215e2d1

SHA256
2bd4d9eb4b0d42f91294e4b00fedbd1b1e5a60a43dd1910cce32fc0d9575391a

SHA512
2d87fa71ff12f5cb4d31a17a46628056f3081d5453e984ed1ca021fb85fa7a2ef2f3deb6d09bfa1122b1888bef4e772f7bf62caaff8922cb4450ca1e85d214b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
37f49c6f49bdf2b9f9389831fe48b72e

SHA1
e2c02b1a8bc6edb0511c81e67635af92e6d9d391

SHA256
1691ab682fd7d703f74a2120c2f109486fbd1592786f2b06d592bf8046c31550

SHA512
1ed57674fee7805c5d5a9aabc5bd0226c265365a20262c7ac102dd3ed67f3adfe02d3f1241f73f1bb6fcf90bd8c3088ab42029faee2ab5086226fd3a86beda26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ffcf8c711315e2b82d3c75f5ad1fba6e

SHA1
af850dbff877c655938e0ebc4895b5bbe701e9a0

SHA256
a2c05dd3e7064cd25ddc8f6591d72c41cbe552651af55989bd79bb5d6b2bf1ba

SHA512
4f86293c706068a95dca46ba40972b903bbb97b78924ebf9c6b3858de75dfdd74b6b607ca2d60f70456de2c58f1c7b698d9b88a7689a9ed2ceaa8a38959c74cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
db4bd626ef0b26bd6fc4fb3e122f5a9b

SHA1
fdfe1076319a0cb3c83f962d2dacdd399fdcb9cf

SHA256
20124e8af7934626e80edc77ddaea02af8888b1f147a213a6f2c96283c5c0036

SHA512
d1b3e218c819d814b2170bdff83eec02cb0ea8185085a6f6cb71453a8942a1d58465c18bd93deb92881f54e24c4266077ef6a8d0bd7596bf707c78408dd9ef9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
3348a45c6d46934e67d817a4f9610cdf

SHA1
8555aa73cf51811993ed736bd43c279669d27cd8

SHA256
e50f39de920ec70881884beceae17f1b4d3ef6faa740e4fad4f44dbba8b3d404

SHA512
6d90df1d403990065bb3115c51fdb481e25504331799b96d24df9577b6a6b7e0f0cbf79c65c9e1f5798411e587881dff6cd0ada7d98ffcb3cb538b9fb1bdd3eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
327B

MD5
a66efaa590a0d16b1874a35836ba0a4b

SHA1
bb750c61e162420271f89a90f2b58f43587680e1

SHA256
b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654

SHA512
2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
36355b1ceca357e5c9f05748ba38dffb

SHA1
4a53072352471781179a8c6264eeaeace1ab5ac1

SHA256
031bb3ac8713df71056179fc3e32cbae5e6644c12e1638bcf384708b6297c027

SHA512
53460ad1aa208ad2e7d3505e251822db9b3fefb2339c41721724c690ffff055ef614383ed2683b0908b42629305d5ccb5f6013de3aac7ceba24a8225c2cfd73b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13380463492478700

Filesize
5KB

MD5
560872f037d87dbab5a85ac4776108e0

SHA1
3926c5d76d2b82a6a314bfb65ef45b44ca09865e

SHA256
d514e721708b52fa52e35f8e247afa415c6e82e85f2bb7ea7901df707a8eb0a0

SHA512
98ae09cd96e4c43f0cbedc881b1d1f0cbac54d8f3c87efe981ece09fd037ceefbb51c9942e8f8813c788c6a7431f589329424c12671781e97d91b3825f5e97ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13380463605460627

Filesize
3KB

MD5
f5396554917dd5e38f8de1c512a0232d

SHA1
53b16b201686c2c5f9251fdda0f8568a4bdf497b

SHA256
ec579b356e9df5b1f886adfea566c65b4beac8cbbb8e411fb1bb62255d7468e5

SHA512
745aa197d7f7f2d53882ee5386f973b4c1fcd2f127e2a9943131396855a8e7d80d7893f1bed32c1c1113afa9bbfb25f2f4a0763bfcdf3227a7044a8ecfdb65ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
a1156aa67670e8afe3fbd0be092f3d3e

SHA1
d02b78b91f6e5a50b1d865da35a8e691076611c8

SHA256
aebd55087c3b8cc9924ba9ec0764dfae987805f568314cd7a5da2fb41d7ba5ea

SHA512
347b6f5b5e5f730730119eab4932ce6eecf87847095570d7f395ae661be3a5757a3b042d848dae0fc641dfe03aa7eb33850e8c8e0412852f2c17d0d6a4557081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
bce177c58cd1fe37842f2cda08bf8b2b

SHA1
8f0ba59dc921c3d575333622a6dfaee6739b3717

SHA256
1d6f3aeab0986757f37281d18dcd28d57f28ddb1397667f6c44a5b716763c274

SHA512
4decf6d9a172e5c3e20e4213f6a99f080f2609fae1c9532b2a50229e0a8e6aadf297d6afdd69fa28601b1e5c350bfd97a8eba3d500ea03e3ffe0fa9cfcff8512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
750744a989098cb8a47b587ce9ffeb2b

SHA1
19a4e9cc5e2f417146e40c5298228cc7e1405ea9

SHA256
3ef997b7c9383fb471a7be0851e538d793fed56dc428fc1f634aa10396c693da

SHA512
b1dc599ca7ffc9ccc009d5ac7eb78057b3e04168675e799d3c254a650deef93d3b3609fa655d6ab9401a39f69eb2eece9c5d16644335fc55da31a52c0ee0fcb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
79c127b5e18d7648cea91fef5db7acdc

SHA1
512e92ed05fe0f3a8d61dd0d8adaa9d8f363b43e

SHA256
2845d4c75ef49ea0cd65b034cac8d10577dd0a2bbee526b48cd60f921751a67e

SHA512
5aaa348ed4176c5123ae14a7e92596d7502e4869bc736782a532548da0aa6a3ec74b85a2475f018432063b5249313614c6d17121a6311d089600bbf317f5d578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
e291757101fdeee733035327b23e435b

SHA1
74651eca485b6a241905742d5ce00143c159a664

SHA256
f89f79ea097a7116a2d703fcf16e10be82ee3287db2b775d9ca8007d476b9457

SHA512
f12d813d20930eddeb0bf10af7b5c177fb6c4c49c4a0c1897731174ac857c7ec6bfc09d3a2b5eb89cb0d90988794e21181176cd1ed117be701a040f006ce34eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
19KB

MD5
4279c0677e43efbf0abafa67667243ac

SHA1
0385f24b4aeccbab44d53e659d1b1ab19ec8c869

SHA256
c1ff6bc857edd7be49a50e46cffbe16199ba1c473731dd74bee22fe998380db1

SHA512
6ef7457527847b53f5a9a01aac367de24b7915a696e5cef08186826edf6479e4518cbbc76ccd18170262b49c845855897f5e7771c7464755a0e3fb24af11e262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
34e906c8a09808f28bfd556baf1f93d6

SHA1
d836348ec555dc5a64b256c526e7744e73be0579

SHA256
66e2d29f2fa7ef712183006742a8f4fe245c0f929692ac6fba7ab594f3c4d7c1

SHA512
157a200a7ee390768910369bf413ac9aead3874341acb733f53a5c569432b7ff71b1d39aa29755ef3ca2346b0d0a358cbc555b4ae34d3187d6598f1f5a59a1c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
5d4170fc4610647c9841057aa0e7102d

SHA1
517090b546695c52b79fa9af0c29d85c6dfebda8

SHA256
d005782c29b049ed6c52e95c70c873d491297e6ee36b2a269b162099f80f5e09

SHA512
9b83aca1983d2c329b9b894d3e5378fb1e674b2d8f1b97b25edc9c4fc993d1bb087434d9dd0522f05726d1c9d57024fe25391ddcbb5ae90cc7d735aeaf0ccd2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
3092fdbac365c72f7c2d018b1f1170fe

SHA1
b97acd6236bf76982ae507940cc18c412ae3c9d1

SHA256
49b2e784641ce6a1967fb04f0eca827b9cee16a9599314f2f747e83f83ca9029

SHA512
5c830a91e6628074b57c44478e0b292c7e010863fecab2a3107befe3be81c046d7e4ff83b65201aeb4f0b195250ea30ce05e750256bcad5a11522b0d52fe1bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
8d5d93c5a87ccbe666d3614f6e55ecaa

SHA1
027cae8ab0c8054f8558ef65f7abcc3b5bb2b734

SHA256
5dbe1f7a2929d474fc28fc92a9a31331d4cb59ba521367d3d2896805961e5adc

SHA512
17c228f60b51b4d2f25f7ddc3de284989621ba070e16bc364fc7c855d886add5203a7dad1269cef1d030dc65d0c1eb68e3e7913048badd0de8e78d33f402366f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
fc508366a045dc6d7159fb3d944e9db1

SHA1
f86b00d1c599a8c86ff6b80f9b7abd66893543fa

SHA256
d1bd359ab9888540bc168a53c7425a57ca3d8109e355cec9e1bb3ab0fbee945d

SHA512
4455d13906fa01169e3410eac797d8d42d109f79fbcd3f5f79c88534bec29b61e4ce4bc57828247e485541e1fdaf8513f8f50bfd941d86ffd609254641ea0c3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
acd821ca60bb61f65244fb291216edbd

SHA1
89db2fd1021ed7376d8456edb81bd37b8d205e94

SHA256
bff820ce3465e1fe7c4edec65427e831c8386f9578983001b83e4a883cb92398

SHA512
9512798f4f2ffa5accf7599b253014b96bb0b8e6cebb185ecb4cc7cea2c4a139a6274e7f7bdae82c13ca78790ae5c81bc81ff910dbecdfd678cb8c6e8fb12d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
75a2f4d9d50bc909d49d9e6cad9bd550

SHA1
51fd2f760ba2100f6bd254e30434383d8215ee46

SHA256
ae3a4a2098f2fd3d8a9c40fe22541f8b0e1feffaadb35b4b253f0b64479c8f14

SHA512
c74024c8ce9c1a634116ddee7e780731a30f32a29a297284fa726eb29b10024e1fa6a8ed424fbe05b4897bc07d345ffea6e2b4f49bb0e00ab724fa8f1d0682f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
7bfa0efc9f71913d8a4c66388749a367

SHA1
bda8d61742f7808a386b0204bbfa83acf39f16b4

SHA256
6d816844f240ff40c5d20f2e6a7ecda5853e5c5faf8038beb47d0ef61f65440c

SHA512
d1df5c53aad3b942aa3abc0983d5979cbe62d904ad9aaee45dc368b2904455d267948059989a76c1e6ce9eedef87a70d3307e22b3280026c576b3171ac3551aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
0ce8705bfb27958267c6117a345c342e

SHA1
cc12535ddeed302bbd72487f2c064a3feb171044

SHA256
10b043a5427ffce9193f2835f09966ae10bd42a56a8a26a717e72a62a5df0888

SHA512
c8ba9e5fe8c26de9dca4116ed4cf29b2a490952b7f811119fa7cf1b74d82ede1f1d11dfa7c2f9538081d81073d5d7ce5350586dd5cff78add6547c3aef12edd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
90fb3893228b0144ccd42b5ffcd92bac

SHA1
8679fec8d0abcbe70b6f26d52b7d56cee2cc94bf

SHA256
c627c348f83c5d46bd85a499f46e36979a7e121d6a5c31c2e11fdfc930601ab9

SHA512
6e0526f51cad413ae173a16c1019b7b70107afcb24dec1d4b94b8f7ac486ed7d47a965180503ae4cc44d97a584232c387d4ccc5e56afab54e78a8d3eb5368a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
23634a5368bf31f5880b33ca0212b507

SHA1
e772a5935e0646300021dc27b944db94af69349a

SHA256
f843f1fa55c3f54e84215137b6ed68cf2b5a72ff5624203375fdebc383b6529a

SHA512
cb8bffb909762b37df973cb8aff7efaf56e6a6832b477b410c93a002ed056be4e1c93e688b4e0e05431dcbfe4c29e9b4c6e31c7e591a2fa3c83c3aada5dd2221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
d4f4697982790507ef3b07d92035d8d2

SHA1
f6f9fc92c9f7dbe618b7ff0dc902fe6b0d02d168

SHA256
7d5575c875f2edb120483b4be7bcf14e44a50cc5a34dc1f7a477310f5d7ffd35

SHA512
3ef45e54627755371d47f65aedef93acad98196be5393c8c14836df579892253c46dfcc90932eeaefd3ffe760ddd7b50e19effd82dc18f0f9c6231d98c4b1975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
4141ce543506cb6ba34721e881fde117

SHA1
316627b8d8aec1bae95f869b69bbaeddc8b3ef0e

SHA256
0c2f6663c94802afa0600c5c4cb24cd63068966bf61b4aa4ad15fab7b430d432

SHA512
033002486538e987c067891a6871deff77e868993e46e8fdf40a6cb9f90eaef22b91c9567aea31cc3c74f50de1bb188141a54522ab903e6c90db05662edfc091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Temp\2ed79ade-ceca-4cf2-8230-00337d8cddf3.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2756_858059273\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2756_858059273\c6b0cad2-6272-402f-8c75-7649828ff61f.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit