c58608465fdd9e411142345837b5f73857bf6d2dfd6fe81c6f3205396084dde0

Analysis

max time kernel
150s
max time network
141s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18-01-2025 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

plugins/Chat.dll
Size

11KB
MD5

746b17952ce19d49a2bb64a46b072008
SHA1

640a2e215c0db020ab549351b8692d53a8dffce1
SHA256

242f9c49e653a3df10d66859c66ac543b0bd5f7446dcfc170da835a084d16aed
SHA512

056d2690ceea819beead5f21eb91075df2098691105c25a186a9af4778f76b9d9cd72ffec46b33b0ed42635bddd5520da48c598ce3be028ff1c2522da14f2ca9
SSDEEP

192:Et5SEw0NmpdxSE2sECoxmTNny9+E9rcya8VkXI:4EP0NmR+CoxmTNng+Emy1VkXI

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133816866240626215"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3496	chrome.exe
3496	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe
584	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe
Token: SeShutdownPrivilege	3496	chrome.exe
Token: SeCreatePagefilePrivilege	3496	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3496 wrote to memory of 2396	3496	chrome.exe	82
PID 3496 wrote to memory of 2396	3496	chrome.exe	82
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 932	3496	chrome.exe	83
PID 3496 wrote to memory of 728	3496	chrome.exe	84
PID 3496 wrote to memory of 728	3496	chrome.exe	84
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85
PID 3496 wrote to memory of 2044	3496	chrome.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\plugins\Chat.dll,#1
1⤵
PID:3108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0292cc40,0x7ffc0292cc4c,0x7ffc0292cc58
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3236,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3544,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4892,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5012,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5156,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5284,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5272 /prefetch:2
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5276,i,10104825342359595153,6948870040406724724,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:584

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1416

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4404

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2244

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\89ccd240-5db2-49bb-80ae-2c9c411d9b8e.tmp

Filesize
9KB

MD5
025328f49915eea28159caea529268cb

SHA1
425d41432556240027f6709667ff79a22e8b546c

SHA256
e922b989c5f8dc5b22532ca669a9f92e1354e64dc28c8e40cd4107b1e87c7704

SHA512
dd877e5e3a784ea0abb9fc4bda43a0d59697d320e42c1ccea001c7764b5012c8f4792fb503ea897c702eef79ba1a88a2fdfa1c1872f268e27e1615dddc0039a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1877d7c2f443b32f0dc3cf2ea74463ad

SHA1
71213e9ee5d5923dd853bad3386a7a005d4c6bb7

SHA256
9d38d1e7bdff1f84f0d662ddfecdf837ecff9188e57e5485ebfebfa44a7f45f0

SHA512
b609c74752de174afedf466998d55c39172e469b331378bf79d2d5723478ba8a75f4e2d4c64ef1d5b8337d8be2032e048b85f30957c3b6c3ada13a6c6aeadf7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a755eaccb793987587f94c833862e699

SHA1
4b5ee75abb037232a8382a0244038840f5108139

SHA256
6ebeb1e40ba831bafba3196dd177debf4a8868881018909bd0a3fb4b73c439ea

SHA512
4ebdecf33d3331d606d597f0ce97002deb882221aa3040ad472f3aaae52982edb563ccc2d9cdc7647b201078cb96cbc876e92cd479eb808446a3e95db33b80bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
eb7d29e20cf698d8ce5f20ee95346857

SHA1
a07d9ad06816282a1fcc9735c92404c411e3e0c0

SHA256
697c379583a8523ea5aa4fd1d0d294d8a62db2fc3dd1e660caf552440d9cbcf0

SHA512
b496ff1a6126a3d58614f202e243b21db22cbe99c360f4a407bf1e2aad6c35b91e47ff22d1c482338b1bf31ef46b9b5d2660539805513205bb5af6919f711945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c39c10f770d04ba4fd6cbd43948fcc6

SHA1
1396252c609c6a240b742884f73ba5f7023f82c9

SHA256
21d708e6b6ea968ff34e998829bd5ab678af47f118ac2e532a0d07d884ca91d5

SHA512
0cc2e063b94c0a9e356bab852167d0b2077929c899b56d3aab953c66fc5760b5d75a64c48430ef9ddc781c360814f3d453fb81178d2fcb7cb7c85e660db7c1cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2038e479628488ae4a7d1542b504e83c

SHA1
a90ca34be1d68bf3e71a1df5d89095f4d1efb377

SHA256
7d8ef50f4732c2ccad1206e7b49fa868f1c3ff40e95e590b6e62e1331a57169a

SHA512
2855fbaf9349699636e3d6e739bb6a16260033ef62f071ed985ad3625236b624cbf7d58bc7047b402e3ef77f0113c32fbcbccd26cc74107527b186a151edd198

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac735594f2e90d017a788c91059ac6c9

SHA1
bb35ec34bdbeef5a8fd96155d500239a545cc835

SHA256
e4050902f7a841835ca2df8542307822d0d3b0ed0c946396f0ff29a3c2d8bcb8

SHA512
691f2d95dc4e5a047191d84fb9ff6fbefb86b45315e5c06587cdc69e6b5c7fd78b33c76cee7c46f6b40f2f5320517d4fe30a180fbe9336ba12b49ec06099cfe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2efd97a73b0367383bda2fc6829feb62

SHA1
cef7a286182b4ae13c725c02be8b69c26fc37797

SHA256
1849c232f1a8e40b02c86928a7588fbf71d93073b73bbf54d50d2cd10a779df0

SHA512
d2515e9e13d0d0e2e61161c9aba4546d58acd4f1a787e501097f689b5fa57b07d8549a5939a50600cf373b5c6af14f8837be7097b837b0f32f6249ad9de037dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7fff7833a9a594228332fe716e17af72

SHA1
aee0383e9c6be6cb7dcb302a3280dae34ea6d3c7

SHA256
b36bb744d6346083ca58bb8a897ba43381ada1f8c557f5b0a107c0034161c906

SHA512
7cbf152c9cf473eba8b6101fdbc86efb85c1d5b2c030e4b73700f7b106c8afbb9f91481f3f90444fc710963635a01a025888fd0b342ba928b64a2a71a60b1909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dc1a1a3055d78acb84b314cde090f512

SHA1
883cf110a7fda879cfa4f6b29fad64a4124e10f5

SHA256
c2e1926471fdad50d8ebcac8ba19da7ea1ec25339ad27b0f9a8ca1ba84d3c31a

SHA512
e482ef69090a1f25c1a60631e85dbcf75c94c67407c2e13ee8605e939e52b2f9bdaf3cb1e40e10c37c05bb8b50a67fc6836b6f6449e85fb604f5cbbc057aed92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
408d0db7d5f1ec2157878e8cbe44952e

SHA1
35e8629265b4da5e660dbf6327de4618a2690b07

SHA256
0d3ba2874bf10316fdf8074e59024002840cca11c107bdaa0ae2ab68af8d01f4

SHA512
37e9926b5055772857a264cb3f8d9753278e086c629e6b6603a8fa96c12d7a289dd1623ee26c1f19daad0ec83076e14f87d4d83b6b2197352664d20f6afd4419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
fa1c61bd63bc2bb3aeb1f16c6e03bd7d

SHA1
3087cc7242e710a01077f81e43785e11099c922b

SHA256
ea3733a75d9b8881ed23d17fc3835d7e00f264b7c0578f51c14d27e8310daf12

SHA512
a437b8e331e7d40114c44e88fa98f44a3b0bac6e71f1e4ec2d73fe58399bded373b36615269a0d51b9e4692f29e2e4a6b53d71776997c149402fe0cc3b1cc299

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3496_135971268\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3496_135971268\e18db135-835e-41b5-a257-bae3a0c4def1.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit